Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Pyproject Disclosure" module is a test case designed to detect potential misconfigurations or vulnerabilities in the pyproject.toml file of a software project. It focuses on identifying specific sections such as [build-system] and [tool.poetry] within the file. This module has an informative severity level and was authored by dhiyaneshDk.
This module aims to identify any exposed or sensitive information present in the pyproject.toml file. By detecting misconfigurations or vulnerabilities, it helps prevent potential security risks and unauthorized access to sensitive data.
The "Pyproject Disclosure" module sends an HTTP GET request to the pyproject.toml file. It then applies matching conditions to determine if the file contains the expected sections, such as [build-system] and [tool.poetry]. The module checks if the response status is 200, indicating a successful request. If all conditions are met, the module reports a vulnerability.
Example HTTP request:
GET /pyproject.toml
Matching conditions:
- The response body must contain the words [build-system] and [tool.poetry]. - The response status must be 200.For more information, you can refer to the module's GitHub repository.