Skip to content

Information Disclosure: Alibaba Canal Leak

Identifier: alibaba_canal_leak

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

This vulnerability happens when critical configuration details, like access and secret keys, are accidentally exposed in environments where they're not protected. When these keys get into the wrong hands, attackers might use them to access or manipulate data, compromise services, or move laterally within IT systems. Developers often fall into the trap of not securing configuration files properly and forgetting to scrub sensitive credentials before deployment, which can lead to these leaks. The risk is that an exposed key can give attackers full control over parts of your system, putting both your data and your users at significant risk if you're not careful about securing them.

Configuration

Example

Example configuration:

---
security_tests:
  alibaba_canal_leak:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.