darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #413 from md347/master

Browse Source 
Update FileAnalysis.cs
This commit is contained in:
Carlos Polop 2024-02-23 15:10:27 +01:00 committed by GitHub
commit 0cc314fe04
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
View File

@ -158,16 +158,19 @@ namespace winPEAS.Checks
bool is_re_match = false; bool is_re_match = false;
try try
{ {
// Escape backslashes in the regex string
string escapedRegex = regex_str.Trim().Replace(@"\", @"\\");
// Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches" // Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
if (caseinsensitive) if (caseinsensitive)
{ {
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120)); is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase); rgx = new Regex(escapedRegex, RegexOptions.IgnoreCase);
} }
else else
{ {
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120)); is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.None, TimeSpan.FromSeconds(120));
rgx = new Regex(regex_str.Trim()); rgx = new Regex(escapedRegex);
} }
} }
catch (RegexMatchTimeoutException e) catch (RegexMatchTimeoutException e)