Skip to content

Commit

Permalink
Merge pull request #99 from blacklanternsecurity/dev
Browse files Browse the repository at this point in the history 
Improved Flask Module Regex
  • Loading branch information
@liquidsec
liquidsec authored Oct 12, 2023
2 parents 6d56304 + 03fab63 commit af868d0
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 1 addition & 1 deletion badsecrets/modules/flask_signedcookies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@


class Flask_SignedCookies(BadsecretsBase):
identify_regex = re.compile(r"eyJ(?:[\w-]*\.)(?:[\w-]*\.)[\w-]*")
identify_regex = re.compile(r"\.?e[Jy](?:[\w-]*\.)(?:[\w-]*\.)[\w-]*")
description = {"product": "Flask Signed Cookie", "secret": "Flask Password", "severity": "HIGH"}

def check_secret(self, flask_cookie):
Expand Down
4 changes: 4 additions & 0 deletions tests/flask_signedcookies_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
tests = [
("CHANGEME", "eyJoZWxsbyI6IndvcmxkIn0.XDtqeQ.1qsBdjyRJLokwRzJdzXMVCSyRTA"),
("Attack at dawn!", "eyJsb2dnZWRfaW4iOnRydWV9.ZCONag.j2PHXgeT2B62qlYH72PKVuqjPvE"),
(
"secret",
".eJwNyTEOgzAMBdC7eO6QGNskXCZKrG8hgVqJdEPcvX3ru6n5vKJ9PwfetFHCiCqwtYopo4NLiPOo4jYMuhizpJLV8oicilQF_qOeF_a104taXJg7bdHPiecHfX8ccg.ZFCriA.99lOhq3pO8yBWM7XjBshaKjqPKU",
),
]


Expand Down

0 comments on commit af868d0

Please sign in to comment.