Add support for multiline match
Rackme opened this issue · 3 comments
I have the following JSP code where I want to match any param coming from request.getParameter
and output without filtering (as with${codeParam}
) :
String codeParam = request.getParameter("codeParam");
if (auth.size() <= 0)
{
tempList = AuthPerf.getPerf(context, context.getUser(),"","");
}
${codeParam}
I tried multiple patterns to match this case, however without success :
'String :[[var]] = request.getParameter(...);...${:[[var]]}'
'String :[[var]] = request.getParameter(...);:[~.+]${:[[var]]}'
'String :[[var]] = request.getParameter(...);:[~[.\n]+]${:[[var]]}'
I suppose it is actually not possible to perform multiline match ?
Your first pattern works in the live environment: https://bit.ly/3A2zz39, I think you need to add the flag -match-newline-at-toplevel
. The regex patterns there won't work because they will keep matching any char before ever matching ${...
docs
It works like a charm, thanks, it's awesome ;)
Sorry to ask again for support, but I tried so many things, is there a way to use Comby to match any block ?
I tried with submatching, but could not use variable in it, I tried with multiple groups, without success.
Is there any way to check if variable is printed (<%=:[[var]]%>
) after being defined dangerously from the request parameters ? (String :[[var]] = request.getParameter(...)
)
String :[[var]] = request.getParameter(...);...<%=:[[var]]%>
String :[[var]] = request.getParameter(...);......<%=:[[var]]%>
<%
try
{
String strDirection = request.getParameter("direction");
if (strRowId == null)
{
%>
<script language="javascript" type="text/javaScript">
alert("FindResults.AlertMsg1");
</script>
<%
}
else
{
%>
<script language="javascript" type="text/javaScript">
var formElement2 = eval("PushForm."+ "<%=strDirection%>");
</script>
<%
}
} catch (Exception e)
{
session.putValue("error.message", "" + e);
}// End of main Try-catck block
%>
Comby live : https://bit.ly/3y3TcWt