Update Password in JavaScript Logger.bcheck

Fix to regex.
PortSwigger · Nov 11, 2024 · 4bc5211 · 4bc5211
1 parent 8b71ed7
commit 4bc5211
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/other/Password in JavaScript Logger.bcheck b/other/Password in JavaScript Logger.bcheck
@@ -25,7 +25,7 @@ define:
 
 given response then
     # This check looks through HTTP responses' bodies for keywords that indicate usage of both JS loggers & password variables on a shared code line.
-    if {latest.response.body} matches "(?i)^(?=.*\b(?:log|info|warn|error|debug|table|group|trace|push|captureMessage)\s*\()(?=.*\b(?:password|pw|pass|passwrd|passwd|pswrd|pswd|psword|pword|client_secret|client-secret|clientsecret|secret|api_key|api-key|apikey)\b).*" then
+    if {latest.response.body} matches "(?i)^(?=.*\b(?:log|info|warn|error|debug|table|group|trace|push|captureMessage)\s*\()(?=.*[^\w]*?(?:password|pw|pass|passwrd|passwd|pswrd|pswd|psword|pword|client_secret|client-secret|clientsecret|secret|api_key|api-key|apikey)[^\w]*?).*" then
         report issue:
             severity: high
             confidence: firm