darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update FileAnalysis.cs

Browse Source 
escape backslashes in regex
This commit is contained in:
md347 2024-02-13 21:54:08 +00:00 committed by GitHub
parent b4b8afa169
commit 41d6a03db3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
View File

@ -158,16 +158,19 @@ namespace winPEAS.Checks
bool is_re_match = false;
try
{
// Escape backslashes in the regex string
string escapedRegex = regex_str.Trim().Replace(@"\", @"\\");
// Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
if (caseinsensitive)
{
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
rgx = new Regex(escapedRegex, RegexOptions.IgnoreCase);
}
else
{
is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120));
rgx = new Regex(regex_str.Trim());
is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.None, TimeSpan.FromSeconds(120));
rgx = new Regex(escapedRegex);
}
}
catch (RegexMatchTimeoutException e)