Skip to content

Information Disclosure: Alibaba Canal Leak¶

Identifier: alibaba_canal_leak

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Alibaba Canal configuration files exposing critical details like access and secret keys can allow attackers to access or manipulate data, compromise services, or move laterally within IT systems.

How we test: We scan for exposed Alibaba Canal configuration files and analyze responses to detect if sensitive configuration details, access keys, secret keys, or other credentials are accessible via web servers.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  alibaba_canal_leak:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.