Information Disclosure: Exposed Source Map¶

Identifier: exposed_sourcemap

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Exposed source maps can reveal the inner workings of applications, often exposing hidden logic and vulnerabilities that attackers can exploit.

How we test: We analyze frontend JavaScript bundles and responses to detect if source map files (.map) are accessible. We check if source maps are referenced in JavaScript files and if they can be accessed without proper authorization, potentially revealing application structure and sensitive information.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  exposed_sourcemap:
    issues_count_limit: 7
    skip: false

Reference¶

`issues_count_limit`¶

Type : integer

The maximum number of issues to report. No more than this number of issues will be reported. Use 0 to report all issues.

`skip`¶

Type : boolean

Skip the test if true.