Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev-> Main #161

Merged
merged 23 commits into from
Feb 14, 2025
Merged

Dev-> Main #161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
48dc0f6
Bump poetry-dynamic-versioning from 1.4.1 to 1.5.0
dependabot[bot] Jan 6, 2025
03b5db2
Bump jinja2 from 3.1.4 to 3.1.5
dependabot[bot] Jan 8, 2025
9809197
Merge pull request #159 from blacklanternsecurity/dependabot/pip/dev/…
liquidsec Jan 9, 2025
13841df
Merge pull request #160 from blacklanternsecurity/dependabot/pip/jinj…
liquidsec Jan 9, 2025
65ca812
Bump poetry-dynamic-versioning from 1.5.0 to 1.5.2
dependabot[bot] Jan 10, 2025
885a3be
Merge pull request #162 from blacklanternsecurity/dependabot/pip/dev/…
liquidsec Jan 10, 2025
920547b
Bump django from 4.2.17 to 4.2.18
dependabot[bot] Jan 14, 2025
bb797c4
Bump poetry-dynamic-versioning from 1.5.2 to 1.7.0
dependabot[bot] Jan 16, 2025
ca8b753
Merge pull request #164 from blacklanternsecurity/dependabot/pip/dev/…
liquidsec Jan 20, 2025
d712428
Merge pull request #165 from blacklanternsecurity/dependabot/pip/dev/…
liquidsec Jan 21, 2025
38f131b
Bump poetry-dynamic-versioning from 1.7.0 to 1.7.1
dependabot[bot] Jan 23, 2025
aad0aab
Bump django from 4.2.18 to 4.2.19
dependabot[bot] Feb 5, 2025
12e5971
Merge pull request #167 from blacklanternsecurity/dependabot/pip/dev/…
liquidsec Feb 10, 2025
199006c
Merge pull request #168 from blacklanternsecurity/dependabot/pip/dev/…
liquidsec Feb 10, 2025
1031943
improving express regex
liquidsec Feb 14, 2025
21c1e47
updating poetry.lock
liquidsec Feb 14, 2025
186261e
Bump jinja2 from 3.1.4 to 3.1.5
dependabot[bot] Feb 14, 2025
cc9ad00
Merge pull request #171 from blacklanternsecurity/dependabot/pip/jinj…
liquidsec Feb 14, 2025
cc6a5da
update deps
liquidsec Feb 14, 2025
228a264
Merge pull request #170 from blacklanternsecurity/express-regex-tune
liquidsec Feb 14, 2025
d66922e
requirements.txt update
liquidsec Feb 14, 2025
0d34aae
bump version
liquidsec Feb 14, 2025
61894d5
bump version
liquidsec Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion badsecrets/modules/express_signedcookies_es.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ class ExpressSignedCookies_ES(BadsecretsBase):
}

def carve_regex(self):
return re.compile(r"(s%3[Aa][^\.]+\.(?!.*%20|.*%22)[a-zA-Z0-9%]{20,90})")
return re.compile(r"(?<!http)(s%3[Aa][^.]+\.(?![^ ]*%20|[^ ]*%22)[a-zA-Z0-9%]{20,90})")

def expressHMAC(self, payload, secret, hash_algorithm):
return no_padding_urlsafe_base64_encode_es(
Expand Down
Loading