Merge pull request #104 from blacklanternsecurity/express_signature

improving express_es identify regex
blacklanternsecurity · Dec 21, 2023 · 9aff72d · 9aff72d
2 parents 0fd0e03 + ad77c36
commit 9aff72d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/badsecrets/modules/express_signedcookies_es.py b/badsecrets/modules/express_signedcookies_es.py
@@ -16,15 +16,15 @@ def no_padding_urlsafe_base64_encode_es(enc):
 
 
 class ExpressSignedCookies_ES(BadsecretsBase):
-    identify_regex = re.compile(r"^s%3[Aa][^\.]+\.[a-zA-Z0-9%]{20,90}$")
+    identify_regex = re.compile(r"^s%3[Aa][^\.]+\.(?!.*%20|.*%22)[a-zA-Z0-9%]{20,90}$")
     description = {
         "product": "Express.js Signed Cookie (express-session)",
         "secret": "Express.js SESSION_SECRET (express-session)",
         "severity": "LOW",
     }
 
     def carve_regex(self):
-        return re.compile(r"(s%3[Aa][^\.]+\.[a-zA-Z0-9%]{20,90})")
+        return re.compile(r"(s%3[Aa][^\.]+\.(?!.*%20|.*%22)[a-zA-Z0-9%]{20,90})")
 
     def expressHMAC(self, payload, secret, hash_algorithm):
         return no_padding_urlsafe_base64_encode_es(