Exposed Prometheus metrics
Exposed Prometheus metrics endpoint found.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the APIs to be tested. In this case, the filters include checking the response code to be between 200 and 299 and extracting the URL from the response.
The execute section defines the type of request to be executed. In this template, a single request is made to the modified URL obtained from the API selection filters. The request modifies the URL by appending "/metrics" to it.
The validation section specifies the expected response code and payload. In this template, the response code is expected to be 200, indicating a successful request. The response payload is validated to contain at least one of the specified metrics, such as "cpu_seconds_total" or "http_request_duration_seconds".
Frequently asked questions
What is the purpose of the "id" field in the array
How does the "response_code" filter work in the "api_selection_filters" section
What does the "modify_url" action do in the "execute" section
How does the "response_code" validation work in the "validate" section
What does the "contains_either" validation do in the "validate" section
How can the severity of the test be determined from the array