From f5609a2d1315d2988470e179ab3e064422bb01fc Mon Sep 17 00:00:00 2001
From: Tapio Vuorinen <delic@imordnilap.net>
Date: Mon, 23 Dec 2019 11:29:24 +0000
Subject: [PATCH] fuzzing input in result, resolves #76 (#124)

* regexp filter had a copy-paste error talking about size filter, fixed

* implement -mr/-fr FUZZ, detecting if fuzzed input is present in response. resolves #76

* quote regexp control characters to obtain exact matches (according to joohoi's comment)

* allow keywords as part of regexp matching/filtering

* updated changelog

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
---
 README.md           |  1 +
 pkg/filter/regex.go | 13 +++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2059b29..0045d54 100644
--- a/README.md
+++ b/README.md
@@ -194,6 +194,7 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
   - New
   - Changed
     - Limit the use of `-e` (extensions) to a single keyword: FUZZ
+    - Regexp matching and filtering (-mr/-fr) allow using keywords in patterns
     - Take 429 responses into account when -sa (stop on all error cases) is used
 
 - v0.12
diff --git a/pkg/filter/regex.go b/pkg/filter/regex.go
index 9e72ca2..f4c56ba 100644
--- a/pkg/filter/regex.go
+++ b/pkg/filter/regex.go
@@ -3,6 +3,7 @@ package filter
 import (
 	"fmt"
 	"regexp"
+	"strings"
 
 	"github.com/ffuf/ffuf/pkg/ffuf"
 )
@@ -15,7 +16,7 @@ type RegexpFilter struct {
 func NewRegexpFilter(value string) (ffuf.FilterProvider, error) {
 	re, err := regexp.Compile(value)
 	if err != nil {
-		return &RegexpFilter{}, fmt.Errorf("Size filter or matcher (-fs / -ms): invalid value: %s", value)
+		return &RegexpFilter{}, fmt.Errorf("Regexp filter or matcher (-fr / -mr): invalid value: %s", value)
 	}
 	return &RegexpFilter{Value: re, valueRaw: value}, nil
 }
@@ -29,7 +30,15 @@ func (f *RegexpFilter) Filter(response *ffuf.Response) (bool, error) {
 	}
 	matchdata := []byte(matchheaders)
 	matchdata = append(matchdata, response.Data...)
-	return f.Value.Match(matchdata), nil
+	pattern := f.valueRaw
+	for keyword, inputitem := range response.Request.Input {
+		pattern = strings.Replace(pattern, keyword, regexp.QuoteMeta(string(inputitem)), -1)
+	}
+	matched, err := regexp.Match(pattern, matchdata)
+	if err != nil {
+		return false, nil
+	}
+	return matched, nil
 }
 
 func (f *RegexpFilter) Repr() string {