OWASP ZAP – Source Code Disclosure

Details
Alert Id	10099
Alert Type	Passive
Status	alpha
Risk
CWE
WASC
Technologies Targeted	All
Tags	OWASP_2017_A06 OWASP_2021_A05

Summary

Application Source Code was disclosed by the web server

Solution

Ensure that application Source Code is not available with alternative extensions, and ensure that source code is not present within other files or data deployed to the web server, or served by the web server.

References

http://blogs.wsj.com/cio/2013/10/08/adobe-source-code-leak-is-bad-news-for-u-s-government/

Code

org/zaproxy/zap/extension/pscanrulesAlpha/SourceCodeDisclosureScanRule.java