id: environment-rb

info:
  name: Environment Ruby File Disclosure
  author: DhiyaneshDK
  severity: medium
  description: Ruby environment file is exposed.
  metadata:
    verified: true
    max-request: 3
    google-query: intitle:"index of" "environment.rb"
  tags: ruby,devops,exposure,files

http:
  - method: GET
    path:
      - "{{BaseURL}}/environment.rb"
      - "{{BaseURL}}/config/environment.rb"
      - "{{BaseURL}}/redmine/config/environment.rb"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '# Load the Rails application.'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207cc2acc21d477a6069fc922566e9791eca9bea02ae2dc0519287252901cb4300022100f6f07d90bb3fee86cb451f6c9839a25af3fa7d9c6881e3a3aa76c5d813159326:922c64590222798bb761d5b6d8e72950