You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the title states, there is an edge case for the regex that covers [name]=[value] in which it doesn't hit a final query param in a JSON formatted request/response body. I believe this issue occurs because the given delimiters, (&|\\\\",|",|"\\s|"}}|;){1}, don't cover this case.
For an example, I've selected X-Amz-Signature to be sanitized.
Seen here, the X-Amz-Signature is located within the response content and it was not properly sanitized.
A possible solution I've come up with to fix this issue is to change the [name]=[value] regex to (?=&|\\\\",|",|"\\s|"}}|;|\\\\"){1}. Two things have been added: a positive lookahead to prevent accidental consuming of the & character and an additional delimiter \\\\" which will allow the sanitizer to be properly bounded.
The text was updated successfully, but these errors were encountered:
As the title states, there is an edge case for the regex that covers [name]=[value] in which it doesn't hit a final query param in a JSON formatted request/response body. I believe this issue occurs because the given delimiters,
(&|\\\\",|",|"\\s|"}}|;){1}, don't cover this case.For an example, I've selected X-Amz-Signature to be sanitized.
Seen here, the X-Amz-Signature is located within the response content and it was not properly sanitized.
A possible solution I've come up with to fix this issue is to change the [name]=[value] regex to
(?=&|\\\\",|",|"\\s|"}}|;|\\\\"){1}. Two things have been added: a positive lookahead to prevent accidental consuming of the&character and an additional delimiter\\\\"which will allow the sanitizer to be properly bounded.The text was updated successfully, but these errors were encountered: