Skip to content

Information Disclosure: File disclosure

Identifier: file_disclosure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

File disclosure vulnerabilities occur when a web server unintentionally reveals files that contain sensitive details like configuration settings, credentials, or internal processes. This typically happens because of insecure coding practicessuch as not sanitizing user input properly or misconfiguring file access permissionswhich allows attackers to manipulate file paths and access files outside the intended directory. If left unaddressed, malicious actors could use this information to better understand your system's weaknesses and plan more targeted exploits, potentially leading to more serious breaches. Developers can often fall into this trap by assuming default configurations are secure or by not fully validating the input that directs file access.

Configuration

Example

Example configuration:

---
security_tests:
  file_disclosure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.