From 4bc5211fabab528c2a51b5fa93ecc8237b64e4c4 Mon Sep 17 00:00:00 2001 From: _ <36057926+LabMC@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:45:08 -0600 Subject: [PATCH] Update Password in JavaScript Logger.bcheck Fix to regex. --- other/Password in JavaScript Logger.bcheck | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/other/Password in JavaScript Logger.bcheck b/other/Password in JavaScript Logger.bcheck index f72680f..1b1ac3b 100644 --- a/other/Password in JavaScript Logger.bcheck +++ b/other/Password in JavaScript Logger.bcheck @@ -25,7 +25,7 @@ define: given response then # This check looks through HTTP responses' bodies for keywords that indicate usage of both JS loggers & password variables on a shared code line. - if {latest.response.body} matches "(?i)^(?=.*\b(?:log|info|warn|error|debug|table|group|trace|push|captureMessage)\s*\()(?=.*\b(?:password|pw|pass|passwrd|passwd|pswrd|pswd|psword|pword|client_secret|client-secret|clientsecret|secret|api_key|api-key|apikey)\b).*" then + if {latest.response.body} matches "(?i)^(?=.*\b(?:log|info|warn|error|debug|table|group|trace|push|captureMessage)\s*\()(?=.*[^\w]*?(?:password|pw|pass|passwrd|passwd|pswrd|pswd|psword|pword|client_secret|client-secret|clientsecret|secret|api_key|api-key|apikey)[^\w]*?).*" then report issue: severity: high confidence: firm