Merge pull request #86 from blacklanternsecurity/regex_tuning

fixing catastrophically awful regex
blacklanternsecurity · Jul 16, 2023 · 318c16f · 318c16f
2 parents 11c6ae7 + 7cff88f
commit 318c16f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/badsecrets/modules/express_signedcookies_cs.py b/badsecrets/modules/express_signedcookies_cs.py
@@ -26,7 +26,7 @@ class ExpressSignedCookies_CS(BadsecretsBase):
     }
 
     def carve_regex(self):
-        return re.compile(r"(\w+=[^;]{4,512}).+\w+.sig=([^;]{27,86})")
+        return re.compile(r"(\w{1,64}=[^;]{4,512})[^\.]+\.sig=([^;]{27,86})")
 
     def get_product_from_carve(self, regex_search):
         return f"Data Cookie: [{regex_search.groups()[0]}] Signature Cookie: [{regex_search.groups()[1]}]"