Skip to content

changed regex to fix false posistives #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CaduRoriz wants to merge 1 commit into
base: master
Choose a base branch
from
Open

changed regex to fix false posistives #26

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 28 additions & 31 deletions testing/regex_testing/regex_test_script.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,22 +43,19 @@
### ! MUST USE GNU GREP, BSD GREP WILL GIVE ERRONEOUS RESULTS ! ###
### ! SEDATED USES GNU GREP, BSD GREP DOES NOT HAVE A -P FLAG ! ###

function PRINT_SEDATED() {
echo " ___ ___ ___ _ _____ ___ ___ "
echo " / __| __| \ / \_ _| __| \ (R)"
unction PRINT_SEDATED() {
echo " _ _ _ _ __ __ _ "
echo " / _| _| \ / \_ | _| \ (R)"
echo " \__ \ _|| |) / A \| | | _|| |) |"
echo " |___/___|___/_/ \_\_| |___|___/ "
echo " |_/_|_// \\| |_|__/ "
echo " https://github.com/owasp/sedated"
echo ""
}

filename="$1"
regexes=../../config/regexes.json
# regex_string matches the EXACT way pre-recieve.sh pulls in the regexes from config/regexes.json
regex_string=$( cat "${regexes}" | grep -Po ':[[:space:]]*\"[[:space:]]*\K(.*)' | sed 's/[[:space:]]*"[[:space:]]*}[[:space:]]*,/|/' | tr -d '\n' | sed 's/\\\\/\\/g' | sed '$s/"}$//' )
regex_string=$( cat "${regexes}" | grep -Po ':[[:space:]]\"[[:space:]]\K(.)' | sed 's/[[:space:]]"[[:space:]]}[[:space:]],/|/' | tr -d '\n' | sed 's/\\\\/\\/g' | sed '$s/"}$//' )

# Allows a filename other than test_cases.txt to be passed as an argument and run the regexes against
# The other file would need to be in the same format as test_cases.txt to work
if [[ -z "$filename" ]]; then
filename="test_cases.txt"
fi
Expand All @@ -67,34 +64,34 @@ echo "##################################################################"

while read line; do
((counter+=1))
KEY=${line%>>*} # captures everything on the line prior to the ">>" characters
VAL=${line#*>>} # captures everything on the line after to the ">>" characters i.e. pass/fail
KEY=${line%>>*}
VAL=${line#*>>}

echo "### $KEY ----> $VAL." # KEY = test_cases line; VAL = supposed to be caught (fail) OR not supposed to be caught (pass)
echo "### $KEY ----> $VAL."

regex_check=$( echo "$KEY" | grep -P "${regex_string}" ) # gnu grep for lines that match regexes
if [[ "$regex_check" ]]; then # returns TRUE if the regexes can catch/match the line
if [[ "$VAL" == "fail" ]]; then # it was supposed to be caught by the regexes
((fail_counter+=1))
echo "-------------- TRUE REJECT: VERIFIED -----------------------------"
else # supposed to be caught by the regexes, but was not
echo "+++++++++++++++ ERROR:EXPECTED SUCCESS, GOT FAIL +++++++++++++++++"
error_array+=("### FALSE POSITIVE =====> $KEY")
fi
else
if [[ "$VAL" == "pass" ]]; then # it was not supposed to be caught by the regexes
((pass_counter+=1))
echo "-------------- TRUE ACCEPT: VERIFIED -----------------------------"
else # not supposed to be caught by the regexes, but was
echo "+++++++++++++++ ERROR:EXPECTED FAIL, GOT SUCCESS +++++++++++++++++"
error_array+=("### FALSE NEGATIVE =====> $KEY")
fi
fi
regex_check=$( echo "$KEY" | grep -P "${regex_string}" )
if [[ "$regex_check" ]]; then
if [[ "$VAL" == "pass" ]]; then
((pass_counter+=1))
echo "-------------- TRUE ACCEPT: VERIFIED -----------------------------"
else
echo "+++++++++++++++ ERROR: UNEXPECTED SUCCESS, EXPECTED FAIL +++++++++++++"
error_array+=("### FALSE POSITIVE =====> $KEY")
fi
else
if [[ "$VAL" == "fail" ]]; then
((fail_counter+=1))
echo "-------------- TRUE REJECT: VERIFIED -----------------------------"
else
echo "+++++++++++++++ ERROR: UNEXPECTED FAIL, EXPECTED SUCCESS +++++++++++++"
error_array+=("### FALSE NEGATIVE =====> $KEY")
fi
fi
done < "$filename"

echo "##################################################################"

if [[ "${#error_array[*]}" -eq 0 ]]; then # regexes catching and not catching everything as expected
if [[ "${#error_array[*]}" -eq 0 ]]; then
echo "########################## ALL GOOD!! ############################"
echo "### $counter REGEX TEST CASES CHECKED"
echo "### $fail_counter LINES BEING FLAGGED, AS EXPECTED (>>fail cases)"
Expand All @@ -103,7 +100,7 @@ if [[ "${#error_array[*]}" -eq 0 ]]; then # regexes catching and not catching ev
echo "##################################################################"
PRINT_SEDATED
exit 0
else # Output results of lines that failed due to the regexes catching or not catching lines in an unexpected way
else
echo "########################### UH OH!! ##############################"
echo "### ${#error_array[*]} OF $counter TEST CASES NOT ACCOUNTED FOR"
for err in "${error_array[@]}"; do
Expand Down