Information Disclosure: Software Component Leak¶

Identifier: frontend_software_component_leak

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When a frontend application exposes details about JavaScript libraries or dependencies it uses, it gives attackers clues about potential vulnerabilities to exploit. This leak makes it easier for bad actors to identify outdated or weak components that might be exploited. Often, such leaks happen because developers include version information in JavaScript files or fail to properly obfuscate library references. If left unaddressed, this vulnerability can turn your frontend application into an easier target for attacks.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  frontend_software_component_leak:
    assets_allowed:
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.