Closed Sjord closed 5 years ago
@augustd Could you take a look at this? Today I encountered a server with the following header:
Server: Boa/0.93.15
You can use the "i" flag to make "Boa" case insensitive:
((?i)Boa)/([\d.]+)
If we want to avoid a Base64 false positive we'd need to match on at least one number AND one dot. Unfortunately that is very difficult to do with a single expression because there is no AND operator in Java regex. I don't think you can rely on matching "rc" because not all versions will be release candidates, and "rc" itself could be a valid character sequence in Base64.
It seems like this Base64 false positive might be an issue with more than just this one detection pattern. How about this regex using lookaheads?
((?i)Boa)/((?=.*\d)(?=.*\.).*)
I'd be interested to know about the performance of this expression as well.
at least one number AND one dot
I would write this like this:
\d+\.[\d.rc]+
Match partial case insensitive. HTTP response headers often capitalize this as "Boa" instead of "BOA". E.g.
Also, I got a false positive in base64-encoded data, so make sure we have at least one number after "Boa/".