From 4bc5211fabab528c2a51b5fa93ecc8237b64e4c4 Mon Sep 17 00:00:00 2001
From: _ <36057926+LabMC@users.noreply.github.com>
Date: Mon, 11 Nov 2024 12:45:08 -0600
Subject: [PATCH] Update Password in JavaScript Logger.bcheck

Fix to regex.
---
 other/Password in JavaScript Logger.bcheck | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/other/Password in JavaScript Logger.bcheck b/other/Password in JavaScript Logger.bcheck
index f72680f..1b1ac3b 100644
--- a/other/Password in JavaScript Logger.bcheck	
+++ b/other/Password in JavaScript Logger.bcheck	
@@ -25,7 +25,7 @@ define:
 
 given response then
     # This check looks through HTTP responses' bodies for keywords that indicate usage of both JS loggers & password variables on a shared code line.
-    if {latest.response.body} matches "(?i)^(?=.*\b(?:log|info|warn|error|debug|table|group|trace|push|captureMessage)\s*\()(?=.*\b(?:password|pw|pass|passwrd|passwd|pswrd|pswd|psword|pword|client_secret|client-secret|clientsecret|secret|api_key|api-key|apikey)\b).*" then
+    if {latest.response.body} matches "(?i)^(?=.*\b(?:log|info|warn|error|debug|table|group|trace|push|captureMessage)\s*\()(?=.*[^\w]*?(?:password|pw|pass|passwrd|passwd|pswrd|pswd|psword|pword|client_secret|client-secret|clientsecret|secret|api_key|api-key|apikey)[^\w]*?).*" then
         report issue:
             severity: high
             confidence: firm