application.yaml detection

What is the "application.yaml detection?"

The "application.yaml detection" module is designed to detect misconfigurations in the YAML files used by applications. It focuses on finding Application YAML files that often contain sensitive information. The severity of this module is classified as informative. This module targets applications that use YAML files for configuration.

Impact

This module helps identify potential misconfigurations in application YAML files, which can lead to security vulnerabilities. By detecting these misconfigurations, it allows developers and administrators to take appropriate actions to secure their applications and protect sensitive information.

How does the module work?

The "application.yaml detection" module works by sending HTTP requests to specific paths commonly used for application YAML files, such as "/app.yaml", "/app.yml", "/application.yaml", and "/application.yml". It then applies matching conditions to identify misconfigurations. The matching conditions include:

- Checking for specific keywords in the YAML file, such as "runtime:", "spring:", "datasource:", "platform:", "server:", and "job:". - Verifying that the HTTP response status is 200. - Applying a DSL (Domain Specific Language) condition to ensure that the response body does not contain certain HTML or XML elements.

By combining these matching conditions, the module can effectively detect misconfigurations in application YAML files.

Example HTTP request:

GET /app.yaml

Note: The actual module definition is not shown here for simplicity. The provided example demonstrates the general concept of how the module works.