mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-10 22:21:44 -07:00
db862992b5
modules/recon/joomla-config-exposure.yaml flags an exposed configuration.php backup through the JConfig class paired with the password property, so a generic php class is not reported, then extracts the database password. modules/recon/drupal-config-exposure.yaml flags an exposed settings.php backup through the databases array paired with a literal password value, so an array that lacks the marker or resolves the password from the environment is not reported, then extracts the password. modules/recon/magento-config-exposure.yaml flags an exposed app/etc/env.php backup through the crypt or mode marker paired with a literal key or password value, so a generic return array or a cloud placeholder is not reported, then extracts the crypt key. internal/modules/cms_config_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: a config missing its password, a generic php class, an array without the databases marker, a databases array with no password, an env indirection password, a return array without a magento marker, a magento config with no credential, a cloud placeholder key, an html tutorial for each file, a plain 200 and a 404. verify: go test ./internal/modules, each matcher and extractor proven to bite (break -> red, restore -> green).