|
13 | 13 | 'pgp_private': re.compile(r'BEGIN PGP PRIVATE', re.I), |
14 | 14 | 'ssh_private': re.compile(r'BEGIN RSA PRIVATE', re.I), |
15 | 15 | 'db_keywords': [ |
16 | | - re.compile( |
17 | | - r'((customers?|email|users?|members?|acc(?:oun)?ts?)([-_|/\s]?(address|name|id[^")a-zA-Z0-9_]|[-_:|/\\])))', re.I), |
18 | | - re.compile( |
19 | | - r'((\W?pass(wor)?d|hash)[\s|:])', re.I), |
20 | | - re.compile( |
21 | | - r'((\btarget|\bsite)\s*?:?\s*?(([a-z][\w-]+:/{1,3})?([-\w\s_/]+\.)*[\w=/?%]+))', re.I), # very basic URL check - may be improved later |
22 | | - re.compile( |
23 | | - r'(my\s?sql[^i_\.]|sql\s*server)', re.I), |
24 | | - re.compile( |
25 | | - r'((host|target)[-_\s]+ip:)', re.I), |
26 | | - re.compile( |
27 | | - r'(data[-_\s]*base|\Wdb)', re.I), # added the non-word char before db.. we'll see if that helps |
| 16 | + re.compile(r'((customers?|email|users?|members?|acc(?:oun)?ts?)([-_|/\s]?(address|name|id[^")a-zA-Z0-9_]|[-_:|/\\])))', re.I), |
| 17 | + re.compile(r'((\W?pass(wor)?d|hash)[\s|:])', re.I), |
| 18 | + re.compile(r'((\btarget|\bsite)\s*?:?\s*?(([a-z][\w-]+:/{1,3})?([-\w\s_/]+\.)*[\w=/?%]+))', re.I), # very basic URL check - may be improved later |
| 19 | + re.compile(r'(my\s?sql[^i_\.]|sql\s*server)', re.I), |
| 20 | + re.compile(r'((host|target)[-_\s]+ip:)', re.I), |
| 21 | + re.compile(r'(data[-_\s]*base|\Wdb)', re.I), # added the non-word char before db.. we'll see if that helps |
28 | 22 | re.compile(r'(table\s*?:)', re.I), |
29 | | - re.compile( |
30 | | - r'((available|current)\s*(databases?|dbs?)\W)', re.I), |
| 23 | + re.compile(r'((available|current)\s*(databases?|dbs?)\W)', re.I), |
31 | 24 | re.compile(r'(hacked\s*by)', re.I) |
32 | 25 | ], |
33 | | - 'blacklist': [ # I was hoping to not have to make a blacklist, but it looks like I don't really have a choice |
34 | | - re.compile( |
35 | | - r'(select\s+.*?from|join|declare\s+.*?\s+as\s+|update.*?set|insert.*?into)', re.I), # SQL |
36 | | - re.compile( |
37 | | - r'(define\(.*?\)|require_once\(.*?\))', re.I), # PHP |
38 | | - re.compile( |
39 | | - r'(function.*?\(.*?\))', re.I), |
40 | | - re.compile( |
41 | | - r'(Configuration(\.Factory|\s*file))', re.I), |
42 | | - re.compile( |
43 | | - r'((border|background)-color)', re.I), # Basic CSS (Will need to be improved) |
44 | | - re.compile( |
45 | | - r'(Traceback \(most recent call last\))', re.I), |
46 | | - re.compile( |
47 | | - r'(java\.(util|lang|io))', re.I), |
| 26 | + # I was hoping to not have to make a blacklist, but it looks like I don't really have a choice |
| 27 | + 'blacklist': [ |
| 28 | + re.compile(r'(select\s+.*?from|join|declare\s+.*?\s+as\s+|update.*?set|insert.*?into)', re.I), # SQL |
| 29 | + re.compile(r'(define\(.*?\)|require_once\(.*?\))', re.I), # PHP |
| 30 | + re.compile(r'(function.*?\(.*?\))', re.I), |
| 31 | + re.compile(r'(Configuration(\.Factory|\s*file))', re.I), |
| 32 | + re.compile(r'((border|background)-color)', re.I), # Basic CSS (Will need to be improved) |
| 33 | + re.compile(r'(Traceback \(most recent call last\))', re.I), |
| 34 | + re.compile(r'(java\.(util|lang|io))', re.I), |
48 | 35 | re.compile(r'(sqlserver\.jdbc)', re.I) |
49 | 36 | ], |
50 | 37 | # The banlist is the list of regexes that are found in crash reports |
|
0 commit comments