Skip to content

Sensitive Data: Secret Token Ruby - File Disclosure

Identifier: secret_token_rb

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Ruby secret tokens exposed in configuration files can allow attackers to bypass security mechanisms and potentially obtain sensitive configuration information.

How we test: We test for exposed Ruby secret tokens by attempting to access configuration files and analyzing responses to detect if secret tokens or other sensitive configuration information are exposed.

Configuration

Example

Example configuration:

---
security_tests:
  secret_token_rb:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.