Information Disclosure: Exposed Source Map¶

Identifier: exposed_sourcemap

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Exposed source maps can turn a helpful debugging tool into a security risk. They act like shine-a-light guides that map your neat, minified production code back to the messy, original version. This means if they're left accessible, attackers can use them to see all the inner workings of your app, often revealing hidden logic and vulnerabilities you'd rather keep secret. The common mistake is forgetting to remove or secure these files after development, leaving an open door for potential exploitation.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  exposed_sourcemap:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.