Changeset 776

Timestamp:

07/04/2012 10:05:19 AM (12 months ago)

Author:

deity

Message:

Fix for #246. Stupid perl design fault.

File:

• trunk/plugins/nikto_cookies.plugin (modified) (1 diff)

trunk/plugins/nikto_cookies.plugin

@@ -55 +55 @@
 
     foreach my $c (@{ $result->{'whisker'}->{'cookies'} }) {
-        $c =~ /(?:\b|[^0-9])([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(?:\b|[^0-9])/;
-        my $ip = $1;
-        my ($valid, $internal, $loopback) = is_ip($ip);
-        if ($valid && !$loopback) { 
+                # This is due to the way that reg exps are scoped in perl: the results of match
+                # are valid as the first successful match, until the end of the block
+                # so we have to manually terminate the block to stop the results carrying on and
+                # getting a false positive.
+                my $ip;
+                {
+                        $c =~ /(?:\b|[^0-9])([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(?:\b|[^0-9])/;
+                        $ip = $1;
+                }
+                my ($valid, $internal, $loopback) = is_ip($ip);
+                if ($valid && !$loopback) { 
             if ($ip ne $mark->{'ip'}) {
                 my $msg   = "";