From 0512680707c4deb8561bad43818219e92893acc0 Mon Sep 17 00:00:00 2001
From: Samuel Wong <32050386+BinaryScary@users.noreply.github.com>
Date: Thu, 31 Aug 2023 19:37:40 -0400
Subject: [PATCH 1/3] Support ZLib compressed Flask Session signed cookies

update regex pattern to support ZLib compressed cookies which are created if Flask Session cookie is large enough
---
 badsecrets/modules/flask_signedcookies.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/badsecrets/modules/flask_signedcookies.py b/badsecrets/modules/flask_signedcookies.py
index 91f7eee..fca8f42 100644
--- a/badsecrets/modules/flask_signedcookies.py
+++ b/badsecrets/modules/flask_signedcookies.py
@@ -6,7 +6,7 @@
 
 
 class Flask_SignedCookies(BadsecretsBase):
-    identify_regex = re.compile(r"eyJ(?:[\w-]*\.)(?:[\w-]*\.)[\w-]*")
+    identify_regex = re.compile(r"\.?e[Jy](?:[\w-]*\.)(?:[\w-]*\.)[\w-]*")
     description = {"product": "Flask Signed Cookie", "secret": "Flask Password", "severity": "HIGH"}
 
     def check_secret(self, flask_cookie):

From 5da20f4d176f016cf088949b0f7b91ff33acd8c7 Mon Sep 17 00:00:00 2001
From: liquidsec <paul.mueller08@gmail.com>
Date: Thu, 12 Oct 2023 10:24:16 -0400
Subject: [PATCH 2/3] adding test for compressed flask cookies

---
 tests/flask_signedcookies_test.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/flask_signedcookies_test.py b/tests/flask_signedcookies_test.py
index 9ce7f48..1a37925 100644
--- a/tests/flask_signedcookies_test.py
+++ b/tests/flask_signedcookies_test.py
@@ -5,6 +5,7 @@
 tests = [
     ("CHANGEME", "eyJoZWxsbyI6IndvcmxkIn0.XDtqeQ.1qsBdjyRJLokwRzJdzXMVCSyRTA"),
     ("Attack at dawn!", "eyJsb2dnZWRfaW4iOnRydWV9.ZCONag.j2PHXgeT2B62qlYH72PKVuqjPvE"),
+    ("secret",".eJwNyTEOgzAMBdC7eO6QGNskXCZKrG8hgVqJdEPcvX3ru6n5vKJ9PwfetFHCiCqwtYopo4NLiPOo4jYMuhizpJLV8oicilQF_qOeF_a104taXJg7bdHPiecHfX8ccg.ZFCriA.99lOhq3pO8yBWM7XjBshaKjqPKU")
 ]
 
 

From 03fab6315f5faa0f4bc23ef24092c9e1afd3d9a1 Mon Sep 17 00:00:00 2001
From: liquidsec <paul.mueller08@gmail.com>
Date: Thu, 12 Oct 2023 10:27:02 -0400
Subject: [PATCH 3/3] black

---
 tests/flask_signedcookies_test.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/flask_signedcookies_test.py b/tests/flask_signedcookies_test.py
index 1a37925..59c98e2 100644
--- a/tests/flask_signedcookies_test.py
+++ b/tests/flask_signedcookies_test.py
@@ -5,7 +5,10 @@
 tests = [
     ("CHANGEME", "eyJoZWxsbyI6IndvcmxkIn0.XDtqeQ.1qsBdjyRJLokwRzJdzXMVCSyRTA"),
     ("Attack at dawn!", "eyJsb2dnZWRfaW4iOnRydWV9.ZCONag.j2PHXgeT2B62qlYH72PKVuqjPvE"),
-    ("secret",".eJwNyTEOgzAMBdC7eO6QGNskXCZKrG8hgVqJdEPcvX3ru6n5vKJ9PwfetFHCiCqwtYopo4NLiPOo4jYMuhizpJLV8oicilQF_qOeF_a104taXJg7bdHPiecHfX8ccg.ZFCriA.99lOhq3pO8yBWM7XjBshaKjqPKU")
+    (
+        "secret",
+        ".eJwNyTEOgzAMBdC7eO6QGNskXCZKrG8hgVqJdEPcvX3ru6n5vKJ9PwfetFHCiCqwtYopo4NLiPOo4jYMuhizpJLV8oicilQF_qOeF_a104taXJg7bdHPiecHfX8ccg.ZFCriA.99lOhq3pO8yBWM7XjBshaKjqPKU",
+    ),
 ]