Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Rubocop Configuration - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#files#config#ruby
Description

What is the "Rubocop Configuration - Detect" module?

The "Rubocop Configuration - Detect" module is designed to detect misconfigurations in Rubocop, a static code analysis tool for Ruby. It targets the Rubocop configuration file, ".rubocop.yml", and checks for specific settings related to code style and best practices.

This module has an informative severity level, meaning it provides information about potential issues but does not pose an immediate security risk.

Author: DhiyaneshDk

Impact

This module does not have a direct impact on the application's security. However, it can help identify potential code quality issues and adherence to coding standards.

How does the module work?

The "Rubocop Configuration - Detect" module sends an HTTP GET request to the ".rubocop.yml" file. It then applies matching conditions to determine if specific keywords, such as "AllCops", "Include", and "Exclude", are present in the file's content. Additionally, it checks if the HTTP response status is 200 (OK).

Example HTTP request:

GET /.rubocop.yml

Matching conditions:

- The module checks if the keywords "AllCops", "Include", and "Exclude" are present in the response body. - It also verifies that the HTTP response status is 200 (OK).

If all matching conditions are met, the module reports the detection of Rubocop configuration information.

Reference:

- https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt - https://github.com/

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.rubocop.yml
Matching conditions
word: AllCops:, Include:, Exclude:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability