Sjord
commented
5 years ago @augustd Could you take a look at this? Today I encountered a server with the following header:
Server: Boa/0.93.15Closed Sjord closed 5 years ago
Sjord
commented
5 years ago @augustd Could you take a look at this? Today I encountered a server with the following header:
Server: Boa/0.93.15
augustd
commented
5 years ago You can use the "i" flag to make "Boa" case insensitive:
((?i)Boa)/([\d.]+)
If we want to avoid a Base64 false positive we'd need to match on at least one number AND one dot. Unfortunately that is very difficult to do with a single expression because there is no AND operator in Java regex. I don't think you can rely on matching "rc" because not all versions will be release candidates, and "rc" itself could be a valid character sequence in Base64.
augustd
commented
5 years ago It seems like this Base64 false positive might be an issue with more than just this one detection pattern. How about this regex using lookaheads?
((?i)Boa)/((?=.*\d)(?=.*\.).*)
I'd be interested to know about the performance of this expression as well.
Sjord
commented
5 years ago at least one number AND one dot
I would write this like this:
\d+\.[\d.rc]+
Match partial case insensitive. HTTP response headers often capitalize this as "Boa" instead of "BOA". E.g.
Also, I got a false positive in base64-encoded data, so make sure we have at least one number after "Boa/".