gRPC Service

gRPC Reflection Enabled

The public gRPC server enables reflection in production, so any caller can list services, methods, and message shapes.

CWE-200CWE-306
Back to hub Reload scenario
Reflection probe 

  


      

    


    

      

        
Expected Findings

        
    
          
  • Reflection service is registered alongside business services.
  • `grpcurl -plaintext host list` enumerates internal methods.
  • Schemas reveal admin-only RPCs and field shapes.
    • 
        

      


      

      

        
Signals

        
        

          
Server

          
reflection.Register(grpcServer)  // shipped to prod

        

        
      

    


    

    

      Developed by vibe-eval.com for validation and testing purposes only.