Merge pull request #133 from PortSwigger/backup-file-template

Add backup file template BCheck

.github/workflows/pr_bcheck_checker.yml

@@ -16,4 +16,4 @@ jobs:
           distribution: 'oracle'
 
       - name: Validate BChecks
-        run: java -jar BCheckChecker-1.3.jar
+        run: java -jar BCheckChecker-1.5.jar

examples/README.md

@@ -4,6 +4,10 @@
 
 Uses collaborator dynamically to detect server side request forgery.
 
+## Exposed backup file
+
+Identifies if backup files are exposed.
+
 ## Exposed git directory
 
 Identifies if a git directory is present under the web root.

examples/exposed-backup-file.bcheck

@@ -0,0 +1,31 @@
+metadata:
+    language: v2-beta
+    name: "Path-level"
+    description: "Tests for exposed backup files"
+    author: "Carlos Montoya"
+
+run for each:
+    # you could add more values to this list to make the check repeat
+    extension =
+        ".bak",
+        ".back",
+        ".backup",
+        ".old"
+
+given path then
+    if not ({base.response.status_code} is "404") then
+        send request called check:
+            replacing path: {regex_replace ({base.response.url.path}, "(.)/?$", `$1{extension}`)}
+
+        if {check.response.status_code} is {base.response.status_code} then
+            send request called garbage:
+                replacing path: {regex_replace ({base.response.url.path}, "(.)/?$", `$1.{random_str(10)}`)}
+            if {garbage} differs from {check} then
+                report issue and continue:
+                    severity: info
+                    confidence: firm
+                    detail: `Backup file found at {check.request.url}`
+                    remediation: "Ensure your backup files are not exposed."
+            end if
+        end if
+    end if