import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "##\\s(.)*?\\\\n";
final String string = "## Overview\\nAffected versions of [deep-extend](https://www.npmjs.com/package/deep-extend) are vulnerable to Prototype Pollution. Utilities function in all the listed modules can be tricked into modifying the prototype of \\\"Object\\\" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object.\\n\\n## PoC by HoLyVieR\\n```js\\nvar merge = require('deep-extend');\\nvar malicious_payload = '{\\\"__proto__\\\":{\\\"oops\\\":\\\"It works !\\\"}}';\\n\\nvar a = {};\\nconsole.log(\\\"Before : \\\" + a.oops);\\nmerge({}, JSON.parse(malicious_payload));\\nconsole.log(\\\"After : \\\" + a.oops);\\n```\\n\\n## Remediation\\nUpgrade `deep-extend` to version 0.5.1 or higher.\\n\\n## References\\n- [HackerOne Report](https://hackerone.com/reports/311333)\\n- [GitHub Commit](https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f)\\n- [GitHub PR](https://github.com/unclechu/node-deep-extend/pull/40)\\n- [GitHub Issue](https://github.com/unclechu/node-deep-extend/issues/39)";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html