Skip to content

Commit

Permalink
Merge pull request #110 from blacklanternsecurity/express_cs-regex-fix
Browse files Browse the repository at this point in the history 
improving express (cs) regex
  • Loading branch information
@liquidsec
liquidsec authored Jan 11, 2024
2 parents a15bbb1 + c2decd2 commit 0c379d3
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions badsecrets/modules/express_signedcookies_cs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ class ExpressSignedCookies_CS(BadsecretsBase):
}

def carve_regex(self):
return re.compile(r"(\w{1,64}=[^;]{4,512})[^\.]+\.sig=([^;]{27,86})")
return re.compile(r"(\w{1,64})=([^;]{4,512});.*?\1\.sig=([^;]{27,86})")

def get_product_from_carve(self, regex_search):
return f"Data Cookie: [{regex_search.groups()[0]}] Signature Cookie: [{regex_search.groups()[1]}]"
return f"Data Cookie: [{regex_search.groups()[0]}={regex_search.groups()[1]}] Signature Cookie: [{regex_search.groups()[2]}]"

def carve_to_check_secret(self, s):
if len(s.groups()) == 2:
r = self.check_secret(s.groups()[0], s.groups()[1])
if len(s.groups()) == 3:
r = self.check_secret(f"{s.groups()[0]}={s.groups()[1]}", s.groups()[2])
return r

def expressHMAC(self, payload, secret, hash_algorithm):
Expand Down

0 comments on commit 0c379d3

Please sign in to comment.