Kubernetes Kustomization Disclosure
Search for the presence of Kubernetes Kustomization files (kustomization.yml) on the provided URLs.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the URLs to be tested. In this case, the filters include checking the response code to be between 200 and 299, and extracting the URL into a variable called "urlVar".
The execute section defines the type of request to be made and the modifications to be applied to the URL. In this template, a single request is made, and the URL is modified by appending "/kustomization.yml" to the extracted URL variable.
The validation section defines the criteria for validating the response received from the executed request. It checks that the response code is 200, the response payload contains at least one of the specified keywords (such as "apiVersion", "resources", etc.), and the response headers contain a value that matches one of the specified content types (e.g., "application/yaml").
Frequently asked questions
What is the purpose of the Kubernetes Kustomization Disclosure test
What impact does exposing Kubernetes Kustomization files have
What category and subcategory does this test fall under
What are the validation criteria for a successful test
What modifications are made to the URL before sending the request
Are there any references or external resources related to this test