id: springboot-env

info:
  name: Springboot Env Actuator - Detect
  author: that_juan_,dwisiswant0,wdahlenb,philippedelteil,stupidfish
  severity: low
  description: Sensitive environment variables may not be masked
  metadata:
    max-request: 4
  tags: misconfig,springboot,env,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/env"
      - "{{BaseURL}}/actuator/env"
      - "{{BaseURL}}/actuator;/env;"
      - "{{BaseURL}}/message-api/actuator/env"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "applicationConfig"
          - "activeProfiles"
        condition: or

      - type: word
        part: body
        words:
          - "server.port"
          - "local.server.port"
        condition: or

      - type: word
        part: header
        words:
          - "application/json"
          - "application/vnd.spring-boot.actuator"
          - "application/vnd.spring-boot.actuator.v1+json"
          - "application/vnd.spring-boot.actuator.v2+json"
          - "application/vnd.spring-boot.actuator.v3+json"
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a0047304502201e0a892da991b3ebca33c9bd730d88eec3ba5cbeb6120a055af6a4304b5114fd022100c0bc9988b450825666a5000c7da1074a940c8ab6eadf6eef4ad03f526037723b:922c64590222798bb761d5b6d8e72950