Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cloud Metadata Potentially Exposed false positive
See original GitHub issueDescribe the bug The Cloud Metadata Potentially Exposed active rule generates false-positives for all 200 pages that instead do errorhandling/redirect using JavaScript.
To Reproduce Example (reduced) response body that triggers an alert:
HTTP /1.1 200 OK
connection : close
content-length: 375
content-type: text/html
<html>
<body>
<script>
window.location = "https://www."+window.location.hostname.split('.')[window.location.hostname.split('.').length -2]+'.'+window.location.hostname.split('.')[window.location.hostname.split('.').length -1];
</script>
</body>
</html>
Expected behavior The active rule detects the redirect and does not trigger an alert.
Software versions
- ZAP: v2.11.1 In Docker
- Add-on: CloudMetadataScanRule in ascanrulesBeta v39.0.0
- OS: In Docker
- Java: In Docker
- Browser: In Docker
Would you like to help fix this issue? Of course, but Java is not my best.
Issue Analytics
- State:
- Created 2 years ago
- Comments:12 (8 by maintainers)
Top Results From Across the Web
Cloud Metadata Potentially Exposed - OWASP ZAP
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers...
Read more >How to Reduce False Positives in Data Leak Detection
In the context of data leaks, a false positive is a false detection that triggers a fraudulent alert of exposed sensitive data.
Read more >Revisiting the Idea of the “False Positive” - Gigamon Blog
Colloquially, a false positive security event is when a given detection or alert fires, but the corresponding event is not malicious. For ...
Read more >APM 10.7 & 10.8 Security Vulnerabilities that are False Positive
This page lists security vulnerabilities reported by Black Duck/Code Insight/TechStack and other tools against APM 10.7 and 10.8 that are ...
Read more >Security Vulnerability of the Week 09/05/22 - Appsec Phoenix
Trend Micro antivirus has fixed a false positive affecting its Apex ... repositories and the attacker leveraging the exposed credentials.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Awesome, thanks a lot!
If the check of the header status code was replaced with
isSuccess(HttpMessage)then this would be covered by Custom Pages and Analyser with fallback to status code.