Advanced Troubleshooting

Sometimes you need to really see what OliveTin is doing, especially when debugging entities. OliveTin has several built-in options for advanced troubleshooting, but enabling these output options can expose sensitive information, so they can be insecure.

OliveTin itself is not "insecure" by using these options, they would not let attackers execute different commands or anything like that. It’s just that using these options can expose data (like entity files) that maybe you don’t want an attacker to see.

Dump SOS Reports

InsecureAllowDumpSos: true - will allow dumping SOS Reports as plain text when visiting http://server:1337/api/sosreport

Dump Action Map

InsecureAllowDumpActionMap: true - will allow dumping all the actions (and those generated with entities) and their public IDs, eg: http://server:1337/api/DumpPublicActionMap

Dump Vars

InsecureAllowDumpVars: true - will allow dumping all the "string variables" from a map that is mainly used for entities, eg: http://server:1337/api/DumpVars

All these configuration options are false by default, and should be deleted from the config or reset back to false when you are not using them.