Insufficient regex in gb_jquery_detect.nasl causing missing detection of JQuery

ouaibe · April 3, 2020, 5:53pm

In gb_jquery_detct.nasl on line 101 the following regex:

pattern = 'src=["\']([^ ]*)(jquery[-.]?([0-9.]+)?(\\.(min|slim|slim\\.min)?)\\.js)';

Will not match anything that does not included min/slim and does not terminate with “…js” because of a missing ? after the next-to-last closing parenthesis making the captured dot mandatory.

Ex, this will not match:
src=“hXXp://example.com/jquery.js”
or
src=“hXXps://code.jquery.com/jquery-1.12.4.js”

You can see the regex expanded here:
https://regexper.com/#src%3D%5B%22%5C’%5D%28%5B%5E%20%5D*%29%28jquery%5B-.%5D%3F%28%5B0-9.%5D%2B%29%3F%28%5C.%28min%7Cslim%7Cslim%5C.min%29%3F%29%5C.js%29

It should probably be modified as such (addition of a question mark at the end):

pattern = 'src=["\']([^ ]*)(jquery[-.]?([0-9.]+)?(\\.(min|slim|slim\\.min)?)?\\.js)';

This makes the captured “.” optional, especially if you don’t have min/slim/etc in the target URL:

Expanded regex visible here:

https://regexper.com/#src%3D%5B%22%5C’%5D%28%5B%5E%20%5D*%29%28jquery%5B-.%5D%3F%28%5B0-9.%5D%2B%29%3F%28%5C.%28min%7Cslim%7Cslim%5C.min%29%3F%29%3F%5C.js%29

_ad · April 14, 2020, 1:12pm

Hi there and welcome to the community,

thanks for bringing this to our attention. I’ve applied your suggested changes (only thing I changed was to remove the outer parenthesis and move the dot into to the inner parenthesis), so now the pattern reads the following (only the crucial bit):
from (\\.(min|slim|slim\\.min)?)
to (\\.min|\\.slim|\\.slim\\.min)?

Cheers

cfi · January 6, 2021, 1:00pm

A post was split to a new topic: Possible missing detection of jQuery