search

nearform / udaru

Open source Access Manager for node.js
https://nearform.github.io/udaru
MIT License
125 stars 19 forks source link

Fix security issues detected by Api scan (PENTEST) of OWASP ZED Attack Proxy #546

Open mrister opened 6 years ago

mrister commented 6 years ago

The issues are:

HIGH: Source Code Disclosure - SVN Medium: Backup File Disclosure Low: X-Content-Type-Options Header Missing

See attached report for more infomation

mcollina commented 6 years ago

As a generic topic, posting security vulnerabilities in a public issue tracker is not a good practice.

mihaidma commented 6 years ago

Looking at the high ones, they look like false positives. It has the impression that it can access the SVN hidden files, but we use Git... It was tricked by the authorization response false on the svn resources

mrister commented 6 years ago

Yeah, I think there is not much to it, the scan needs to be adjusted for this warning.

mrister commented 6 years ago

I have updated the PR to exclude the SVN test as it is not really applicable. https://github.com/nearform/udaru/pull/544