@@ -2645,36 +2645,39 @@ def _(value):
26452645 payload = getUnicode (urldecode (payload .replace (PAYLOAD_DELIMITER , '' )))
26462646 regex = _ (filterStringValue (payload , r'[A-Za-z0-9]' , REFLECTED_REPLACEMENT_REGEX .encode ("string-escape" )))
26472647
2648- if all (part .lower () in content .lower () for part in regex .split (REFLECTED_REPLACEMENT_REGEX )): # fast optimization check
2649- parts = regex .split (REFLECTED_REPLACEMENT_REGEX )
2650- if len (parts ) > REFLECTED_MAX_REGEX_PARTS : # preventing CPU hogs
2651- regex = _ ("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX .join (parts [:REFLECTED_MAX_REGEX_PARTS / 2 ]), REFLECTED_REPLACEMENT_REGEX , REFLECTED_REPLACEMENT_REGEX .join (parts [- REFLECTED_MAX_REGEX_PARTS / 2 :])))
2648+ if regex != payload :
2649+ regex = re .sub (r"\A([A-Za-z0-9]+)" , r"(\1)?" , regex )
26522650
2653- if regex . lstrip ( REFLECTED_REPLACEMENT_REGEX ) != regex :
2654- regex = r"%s%s" % ( REFLECTED_BORDER_REGEX , regex .lstrip (REFLECTED_REPLACEMENT_REGEX ) )
2655- else :
2656- regex = r"\b%s "% regex
2651+ if all ( part . lower () in content . lower () or part . endswith ( ')?' ) for part in regex . split ( REFLECTED_REPLACEMENT_REGEX )): # fast optimization check
2652+ parts = regex .split (REFLECTED_REPLACEMENT_REGEX )
2653+ if len ( parts ) > REFLECTED_MAX_REGEX_PARTS : # preventing CPU hogs
2654+ regex = _ ( "%s%s%s "% ( REFLECTED_REPLACEMENT_REGEX . join ( parts [: REFLECTED_MAX_REGEX_PARTS / 2 ]), REFLECTED_REPLACEMENT_REGEX , REFLECTED_REPLACEMENT_REGEX . join ( parts [ - REFLECTED_MAX_REGEX_PARTS / 2 :])))
26572655
2658- if regex .rstrip (REFLECTED_REPLACEMENT_REGEX ) != regex :
2659- regex = r"%s%s" % (regex .rstrip (REFLECTED_REPLACEMENT_REGEX ), REFLECTED_BORDER_REGEX )
2660- else :
2661- regex = r"%s\b " % regex
2656+ if regex .startswith (REFLECTED_REPLACEMENT_REGEX ):
2657+ regex = r"%s%s" % (REFLECTED_BORDER_REGEX , regex .lstrip (REFLECTED_REPLACEMENT_REGEX ))
2658+ else :
2659+ regex = r"\b%s " % regex
26622660
2663- retVal = re .sub (r"(?i)%s" % regex , REFLECTED_VALUE_MARKER , content )
2661+ if regex .endswith (REFLECTED_REPLACEMENT_REGEX ):
2662+ regex = r"%s%s" % (regex .rstrip (REFLECTED_REPLACEMENT_REGEX ), REFLECTED_BORDER_REGEX )
2663+ else :
2664+ regex = r"%s\b" % regex
26642665
2665- if retVal != content :
2666- kb .reflectiveCounters [REFLECTIVE_COUNTER .HIT ] += 1
2667- if not suppressWarning :
2668- warnMsg = "reflective value(s) found and filtering out"
2669- singleTimeWarnMessage (warnMsg )
2666+ retVal = re .sub (r"(?i)%s" % regex , REFLECTED_VALUE_MARKER , content )
26702667
2671- elif not kb .testMode and not kb .reflectiveCounters [REFLECTIVE_COUNTER .HIT ]:
2672- kb .reflectiveCounters [REFLECTIVE_COUNTER .MISS ] += 1
2673- if kb .reflectiveCounters [REFLECTIVE_COUNTER .MISS ] > REFLECTIVE_MISS_THRESHOLD :
2674- kb .reflectiveMechanism = False
2668+ if retVal != content :
2669+ kb .reflectiveCounters [REFLECTIVE_COUNTER .HIT ] += 1
26752670 if not suppressWarning :
2676- debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
2677- logger .debug (debugMsg )
2671+ warnMsg = "reflective value(s) found and filtering out"
2672+ singleTimeWarnMessage (warnMsg )
2673+
2674+ elif not kb .testMode and not kb .reflectiveCounters [REFLECTIVE_COUNTER .HIT ]:
2675+ kb .reflectiveCounters [REFLECTIVE_COUNTER .MISS ] += 1
2676+ if kb .reflectiveCounters [REFLECTIVE_COUNTER .MISS ] > REFLECTIVE_MISS_THRESHOLD :
2677+ kb .reflectiveMechanism = False
2678+ if not suppressWarning :
2679+ debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
2680+ logger .debug (debugMsg )
26782681
26792682 return retVal
26802683
0 commit comments