RCG-22: Replace Recog flags w/ inline flags (#191)

rapid7 · Nov 2, 2018 · b4fec07 · b4fec07
1 parent b38bd85
commit b4fec07
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 81 deletions.
diff --git a/xml/hp_pjl_id.xml b/xml/hp_pjl_id.xml
@@ -12,7 +12,7 @@
    LaserJet and Designjet are registered trademarks of HP. Therefore matching for the keywords
    is sufficient for asserting all relevant information
    -->
-  <fingerprint pattern="laserjet (.*)(?: series)?" flags="REG_ICASE">
+  <fingerprint pattern="(?i)laserjet (.*)(?: series)?">
     <description>HP JetDirect Printer</description>
     <example>HP LaserJet 4100 Series</example>
     <example>HP LaserJet 2200</example>
@@ -27,7 +27,7 @@
     <param pos="0" name="os.family" value="LaserJet"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="(designjet \S+)" flags="REG_ICASE">
+  <fingerprint pattern="(?i)(designjet \S+)">
     <description>HP Designjet printer</description>
     <example>hp designjet 110plus</example>
     <example>DESIGNJET 1050C</example>
@@ -156,15 +156,15 @@
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^Oce (fx[^\s:]+):.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Oce (fx[^\s:]+):.*$">
     <description>Oce FX series multifunction device</description>
     <example os.product="fx3000">Oce fx3000:8C5-B29:Ver.D:U0707161719:B0601271355</example>
     <param pos="0" name="os.vendor" value="Oce"/>
     <param pos="0" name="os.family" value="FX Series"/>
     <param pos="0" name="os.device" value="Multifunction Device"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^Oce (VL\S+):.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Oce (VL\S+):.*$">
     <description>Oce VarioLink multifunction device</description>
     <example>Oce VL3200:8C5-D92:Ver.B</example>
     <param pos="0" name="os.vendor" value="Oce"/>
@@ -174,15 +174,15 @@
   </fingerprint>
   <!-- IGI is Imagistics International, which was acquired by Oce.
         I can't find MX-MBX3 or any variant online. -->
-  <fingerprint pattern="^OceIGI MX-\S+" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^OceIGI MX-\S+">
     <description>Oce-acquired IGI printer</description>
     <example>OceIGI MX-NBX3 02-Jul-07 14:47</example>
     <param pos="0" name="os.vendor" value="Oce"/>
     <param pos="0" name="os.device" value="Printer"/>
   </fingerprint>
   <!-- im3510/4510 is actually a range of model numbers, but asserting a range
         of models as a product is preferableto asserting nothing. -->
-  <fingerprint pattern="^Imagistics (im\S+) (.+)" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Imagistics (im\S+) (.+)">
     <description>Oce IM series multifunction device</description>
     <example>Imagistics im3510/4510 02-Aug-04 10:56</example>
     <param pos="0" name="os.vendor" value="Oce"/>
@@ -209,7 +209,7 @@
     <param pos="0" name="os.device" value="Multifunction Device"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^RICOH ((?:Aficio|MP|SP) .*)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^RICOH ((?:Aficio|MP|SP) .*)$">
     <description>Ricoh Aficio Printer</description>
     <example>RICOH Aficio 2075</example>
     <example>RICOH Aficio AP610N</example>
@@ -222,7 +222,7 @@
   </fingerprint>
   <!-- NRG was acquired by Ricoh; classify NRG printers as such.
          Be consistent with snmp_sysdescr.xml. -->
-  <fingerprint pattern="^NRG ([MS]P \S+)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^NRG ([MS]P \S+)$">
     <description>Ricoh NRG printer</description>
     <example>NRG MP 171</example>
     <example>NRG MP 3350</example>
@@ -238,52 +238,52 @@
   </fingerprint>
   <!-- Gestetner == NRG, and was acquired by Ricoh.
          Assert the range of products as os.product. -->
-  <fingerprint pattern="^Gestetner (MP\S+/DSc\S+)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Gestetner (MP\S+/DSc\S+)$">
     <description>Ricoh Gestetner multifunction device</description>
     <example>Gestetner MPC2500/DSc525</example>
     <param pos="0" name="os.vendor" value="Ricoh"/>
     <param pos="0" name="os.device" value="Multifunction Device"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^HYDRA$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^HYDRA$">
     <description>RSI Hydra printer</description>
     <example>HYDRA</example>
     <param pos="0" name="os.vendor" value="RSI"/>
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="0" name="os.product" value="Hydra"/>
   </fingerprint>
-  <fingerprint pattern="^Savin (\S+)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Savin (\S+)$">
     <description>Savin Printer</description>
     <example>SAVIN 4075</example>
     <param pos="0" name="os.vendor" value="Savin"/>
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^Samsung ((?:SCX|CLX)-\S+) Series$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Samsung ((?:SCX|CLX)-\S+) Series$">
     <description>Samsung multifunction device</description>
     <example>Samsung SCX-5835_5935 Series</example>
     <example>Samsung CLX-4195 Series</example>
     <param pos="0" name="os.vendor" value="Samsung"/>
     <param pos="0" name="os.device" value="Multifunction Device"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^Samsung ((?:ML|CLP)-\S+) Series$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Samsung ((?:ML|CLP)-\S+) Series$">
     <description>Samsung printer</description>
     <example>Samsung CLP-680 Series</example>
     <example>Samsung ML-5012_5512 Series</example>
     <param pos="0" name="os.vendor" value="Samsung"/>
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^SHARP (\S+-\S+) .*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^SHARP (\S+-\S+) .*$">
     <description>Sharp Printer</description>
     <example>Sharp MX-NBX3 18-Mar-08 10:22</example>
     <example>Sharp AR-P17 24-Mar-04 19:55</example>
     <param pos="0" name="os.vendor" value="Sharp"/>
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^Source Technologies (\S+)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Source Technologies (\S+)$">
     <description>Source Technologies Printer</description>
     <example>Source Technologies ST-9620</example>
     <param pos="0" name="os.vendor" value="Source Technologies"/>

diff --git a/xml/http_cookies.xml b/xml/http_cookies.xml
@@ -397,20 +397,20 @@
         a similar cookie name, you must ensure that it is located prior to
         these and this is enforced by rspec.
     -->
-  <fingerprint pattern="^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
     <description>Ignore simple JSESSIONID and related cookies</description>
     <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
     <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
     <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
   </fingerprint>
-  <fingerprint pattern="^_?SESSION_?ID\s*=\s*[^;]+;.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
     <description>Ignore simple SESSIONID and related cookies</description>
     <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
     <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
     <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
     <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
   </fingerprint>
-  <fingerprint pattern="^sid=[^;]+;.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
     <description>Ignore simple SID and related cookies</description>
     <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
   </fingerprint>

diff --git a/xml/http_servers.xml b/xml/http_servers.xml
@@ -22,7 +22,7 @@
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
   </fingerprint>
-  <fingerprint pattern="^Apache/\d$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Apache/\d$">
     <description>Apache returning only its major version number</description>
     <example>Apache/1</example>
     <example>Apache/2</example>
@@ -31,7 +31,7 @@
     <param pos="0" name="service.family" value="Apache"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^Apache$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Apache$">
     <description>Apache returning no version information</description>
     <example>Apache</example>
     <example>apache</example>
@@ -40,7 +40,7 @@
     <param pos="0" name="service.family" value="Apache"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$">
     <description>Apache</description>
     <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
     <example>Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.12.92mdk) mod_perl/1.99_09 Perl/v5.8.1 mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2</example>
@@ -517,7 +517,7 @@
     <param pos="0" name="service.family" value="SMH"/>
     <param pos="0" name="service.product" value="SMH"/>
   </fingerprint>
-  <fingerprint pattern="^eHTTP[/ ]v?(\d+\.\d+)" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^eHTTP[/ ]v?(\d+\.\d+)">
     <description>HTTP Server present on seemingly only HP ProCurve network devices</description>
     <example service.version="1.1">EHTTP/1.1</example>
     <example service.version="2.0">eHTTP v2.0</example>
@@ -832,7 +832,7 @@
     <param pos="0" name="apache.variant" value="IBM"/>
     <param pos="1" name="apache.variant.version"/>
   </fingerprint>
-  <fingerprint pattern="^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$">
     <description>IBM HTTP Server with hardly useful version info</description>
     <example>IBM-HTTP-Server/1.0</example>
     <example>IBM_HTTP_Server/7.0.0.9 (Unix)</example>
@@ -843,7 +843,7 @@
     <param pos="0" name="apache.variant" value="IBM"/>
     <param pos="1" name="apache.variant.version"/>
   </fingerprint>
-  <fingerprint pattern="^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
     <description>IBM HTTP Server with no version info</description>
     <example>IBM_HTTP_SERVER</example>
     <example>IBM_HTTP_Server</example>
@@ -1748,7 +1748,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:cherrypy:cherrypy:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^TornadoServer/((?:\d+\.)*\d+)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^TornadoServer/((?:\d+\.)*\d+)$">
     <description>Tornado Python web framework and asynchronous networking library.</description>
     <example>TornadoServer/4.0.2</example>
     <param pos="0" name="service.vendor" value="TornadoWeb"/>
@@ -1757,7 +1757,7 @@
     <param pos="0" name="service.family" value="Tornado"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
     <description>SimpleHTTPRequestHandler Python class is a simple HTTP request handler.</description>
     <example>SimpleHTTP/0.6 Python/2.7.6</example>
     <example>SimpleHTTP/0.6 Python/3.4.0</example>

diff --git a/xml/http_wwwauth.xml b/xml/http_wwwauth.xml
@@ -171,7 +171,7 @@
     <param pos="0" name="os.device" value="WAP"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;.*$">
     <description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
     <example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
     <param pos="0" name="service.vendor" value="Broadcom"/>
@@ -207,15 +207,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
   </fingerprint>
   <!-- HP ProCurve -->
-  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?:HP|ProCurve) (J[3]\d{3}A)&quot;$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;(?:HP|ProCurve) (J[3]\d{3}A)&quot;$">
     <description>HP ProCurve Hubs</description>
     <example os.product="J3295A">Basic realm="HP J3295A"</example>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.family" value="ProCurve"/>
     <param pos="0" name="os.device" value="Hub"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?:HP|ProCurve) (J[489]\d{3}A)&quot;$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;(?:HP|ProCurve) (J[489]\d{3}A)&quot;$">
     <description>HP ProCurve Switches</description>
     <example os.product="J4110A">Basic realm="HP J4110A"</example>
     <example os.product="J8164A">Basic realm="ProCurve J8164A"</example>
@@ -234,7 +234,7 @@
     <param pos="0" name="service.family" value="Oracle"/>
   </fingerprint>
   <!-- a variety of headers we currently just ignore -->
-  <fingerprint pattern="^NTLM$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^NTLM$">
     <description>Ignore NTLM-only</description>
     <example>NTLM</example>
     <example>Ntlm</example>

diff --git a/xml/pop_banners.xml b/xml/pop_banners.xml
@@ -67,7 +67,7 @@
     <param pos="2" name="service.component.version"/>
     <param pos="3" name="host.domain"/>
   </fingerprint>
-  <fingerprint pattern="^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$" flags="REG_ICASE">
+  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
     <description>Qpopper missing version info</description>
     <example>Qpopper (version 4.0.16) at foo.example.com</example>
     <example>QPOP (version 2.53) at domain starting.  &lt;xxx@domain&gt;</example>