mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-04 03:45:08 -07:00
f6f9a2bbf7
modules/recon/spring-application-config-exposure.yaml flags an exposed Spring application config, in either properties or yaml form, on a datasource marker paired with a credential field, then extracts the jdbc url. requiring the credential keeps a config that holds no secret from being reported. modules/recon/appsettings-exposure.yaml flags an exposed ASP.NET Core appsettings.json, the .NET Core counterpart to web.config, on a ConnectionStrings section paired with an inline password, then extracts the connection string. modules/recon/wp-config-backup-exposure.yaml flags an exposed wp-config backup, the leftover .bak or swap copy that serves raw php, on the DB_PASSWORD constant paired with another db define, then extracts the database password. internal/modules/app_config_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: a config with no credential, a password outside a connection strings section, a passwordless connection string, prose that names DB_PASSWORD, a config shown in an html page, a plain 200 body and a 404, none of which may match. verify: go test ./internal/modules, each matcher, marker, guard and extractor proven to bite (break -> red, restore -> green).