Skip to content

Information Disclosure: Appveyor Config Exposure

Identifier: appveyor_config_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

AppVeyor configuration files made publicly accessible can expose settings and secrets like tokens, keys, or other sensitive data, potentially allowing attackers to gain insight into infrastructure and misuse exposed information.

How we test: We scan for exposed AppVeyor configuration files and analyze responses to detect if sensitive settings, tokens, keys, or other configuration details are accessible via web servers.

Configuration

Example

Example configuration:

---
security_tests:
  appveyor_config_exposure:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.