False positive in some GWT apps

augustd / burp-suite-error-message-checks

Burp Suite extension to passively scan for applications revealing server error messages

64 stars 23 forks source link

False positive in some GWT apps #41

Closed dnet closed 6 years ago

dnet commented 6 years ago

Line 7 contains the following definition:

at ([a-zA-Z0-9_]*\.)*([a-zA-Z0-9_]+)\([a-zA-Z0-9, \[\]\&\;]*\)  0   ASP.Net Low Certain 3

However, this falsely matches normal output of some GWT apps probably because of this file, which include this part: (carets in the line below indicate the part that matched)

ensure that initWidget() has been called.
         ^^^^^^^^^^^^^^^

How can the above regular expression be modified to avoid such false positives?

augustd commented 6 years ago

Thanks @dnet! The expression was matching on the "at" in "that". I changed it to require a word boundary and the false positive is fixed.

Be sure to reload your match rules to pickup the latest version.