darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update FileAnalysis.cs

Browse Source
This commit is contained in:
Carlos Polop 2022-11-02 18:26:18 +00:00 committed by GitHub
parent 7a19b0968f
commit a70b9773db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
View File

@ -154,15 +154,33 @@ namespace winPEAS.Checks
try try
{ {
Regex rgx; Regex rgx;
try
{
// Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
if (caseinsensitive) if (caseinsensitive)
{
_ = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromMilliseconds(5000));
rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase); rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
}
else else
{
_ = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromMilliseconds(5000));
rgx = new Regex(regex_str.Trim()); rgx = new Regex(regex_str.Trim());
}
}
catch (RegexMatchTimeoutException e)
{
if (Checks.IsDebug)
{
Beaprint.GrayPrint($"The regex {regex_str} had a timeout (ReDoS avoided but regex unchecked in a file)");
}
return foundMatches;
}
int cont = 0; int cont = 0;
foreach (Match match in rgx.Matches(text)) foreach (Match match in rgx.Matches(text))
{ {
if (cont > 4) break; if (cont > 10) break;
if (match.Value.Length < 400 && match.Value.Trim().Length > 2) if (match.Value.Length < 400 && match.Value.Trim().Length > 2)
foundMatches.Add(match.Value); foundMatches.Add(match.Value);