Files
sif/modules
Tigah d7d669e300 feat(modules): add spring boot actuator exposure module (#144)
probe /actuator and the env, health and metrics endpoints for an
exposed actuator, which leaks environment variables, config and
runtime internals. sif already fingerprints spring boot as a framework
but never checks whether its actuator endpoints are left open.

the matchers key on structural shapes rather than bare tokens: the env
propertySources array, a hal index whose links resolve under /actuator,
detailed health components, and jvm metric names. a bare {"status":"UP"}
health check, a generic hateoas api and prose mentions do not match.

a custom management base-path (actuator moved off /actuator) and spring
boot 1.x root endpoints are not covered.
2026-06-22 18:23:48 -07:00
..