mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-07 21:07:05 -07:00
761e570d59
modules/recon/sql-dump-exposure.yaml flags an exposed SQL dump on its mysqldump and pg_dump idioms paired against a guard that drops SQL shown inside an html page, then extracts the dumped table name. modules/recon/sqlite-database-exposure.yaml flags an exposed SQLite file on the 16 byte format magic anchored to the start of the body, then extracts a schema table name. anchoring the magic keeps a page that merely embeds the header from being reported. modules/recon/redis-dump-exposure.yaml flags an exposed Redis RDB snapshot on the RDB magic anchored to the start of the body, then extracts the format version. internal/modules/database_file_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: a SQL tutorial page, a bare select, prose that names the sqlite or redis format, a header embedded mid body, a plain 200 body and a 404, none of which may match. verify: go test ./internal/modules, each matcher, magic anchor, guard and extractor proven to bite (break -> red, restore -> green).