Bazaar repository found
Description
A Bazaar version control system metadata directory (.bzr) has been detected on the web server. This directory contains version control metadata including file history, configuration details, and potentially sensitive source code information. The presence of this directory indicates that code was deployed using a working copy checkout rather than a clean export, exposing internal development artifacts to unauthorized access.
Remediation
Remove all Bazaar metadata directories from production web servers immediately. Follow these steps to remediate:
1. Remove existing .bzr directories:
find /var/www -type d -name '.bzr' -exec rm -rf {} +2. Configure web server access restrictions:For Apache, add the following to your configuration file or .htaccess:
<DirectoryMatch "/\.bzr">
Require all denied
</DirectoryMatch>For Nginx, add to your server block:location ~ /\.bzr {
deny all;
return 404;
}3. Update deployment process:Use
bzr export instead of bzr checkout when deploying to production servers to ensure only application files are transferred without version control metadata.4. Verify remediation:
Confirm the .bzr directory is no longer accessible by attempting to access
/.bzr/branch-format through a web browser.