darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update FileAnalysis.cs

Browse Source
This commit is contained in:
HackTricks 2024-03-23 13:02:56 +01:00 committed by GitHub
parent aee8acf60f
commit e32f496f12
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
View File

@ -157,20 +157,17 @@ namespace winPEAS.Checks
Regex rgx; Regex rgx;
bool is_re_match = false; bool is_re_match = false;
try try
{ {
// Escape backslashes in the regex string
string escapedRegex = regex_str.Trim().Replace(@"\", @"\\");
// Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches" // Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
if (caseinsensitive) if (caseinsensitive)
{ {
is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120)); is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
rgx = new Regex(escapedRegex, RegexOptions.IgnoreCase); rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
} }
else else
{ {
is_re_match = Regex.IsMatch(text, escapedRegex, RegexOptions.None, TimeSpan.FromSeconds(120)); is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120));
rgx = new Regex(escapedRegex); rgx = new Regex(regex_str.Trim());
} }
} }
catch (RegexMatchTimeoutException e) catch (RegexMatchTimeoutException e)