Skip to content

Information Disclosure: Appveyor Config Exposure

Identifier: appveyor_config_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

This vulnerability happens when a project's AppVeyor configuration file is made publicly accessible, accidentally exposing settings and secrets like tokens, keys, or other sensitive data. When these configuration files are not properly secured, attackers can gain insight into the infrastructure and potentially misuse the exposed information, leading to unauthorized access or system compromise. Developers often make mistakes by not properly restricting file access or by embedding sensitive data directly in these files, which increases the risk of accidental leaks and cyberattacks.

Configuration

Example

Example configuration:

---
security_tests:
  appveyor_config_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.