Silent failure in http_cors.yaml due to unvalidated regex logic

[jess-tech-lab]

Summary

There is a "silent failure" where the http_cors.yaml module fails to detect vulnerabilities due to an incorrect regex pattern with a trailing space. Currently, the test suite (tests/test_yaml_regexes.py) only checks if a regex is syntactically valid, not if it actually matches the expected data.

As a result, http_cors.yaml passes all tests despite being logically broken for real-world scanning.

Description

In nettacker/modules/vuln/http_cors.yaml, the regex (http|https):\\/\\/evil.com contains a trailing space.

Nettacker/nettacker/modules/vuln/http_cors.yaml

Lines 336 to 337 in 2310a83

	Access-Control-Allow-Origin:
	regex: "(http|https):\\/\\/evil.com "

• Expected behavior: Match https://evil.com
• Actual behavior: Fails to match because servers do not append a space to the Access-Control-Allow-Origin header.

Testing gap: The current tests/test_yaml_regexes.py sees this as a valid regex string and passes it, even though it will never trigger a "Detected" status in a real scan.

[Shirshaw64p]

Addressed in 90a9345

[jess-tech-lab]

Hi @Shirshaw64p, thanks for the link! However, I actually have a PR submitted for this already (#1375).

My approach avoids hardcoding specific strings like evil.com and instead enhances the core test_yaml_regexes.py to dynamically validate reflected headers. This fixes the 'silent failure' that allowed the typo to pass originally, which should help prevent similar bugs across all the other modules.

I'd love to get your feedback on the value-matching logic I added to the test suite!