From 64513e078612e31642806fbca09d41c685ebc0b9 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Thu, 29 Sep 2022 20:42:11 +0700
Subject: [PATCH] fix: false negative sophos-fw-version-detect

- Added stop-at-first-match
- Fix matcher by replace regex matcher with words matcher and added status matcher
- Fix extractor regex
---
 exposed-panels/sophos-fw-version-detect.yaml | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/exposed-panels/sophos-fw-version-detect.yaml b/exposed-panels/sophos-fw-version-detect.yaml
index 6ac0642b6b..0ebf84815f 100644
--- a/exposed-panels/sophos-fw-version-detect.yaml
+++ b/exposed-panels/sophos-fw-version-detect.yaml
@@ -2,7 +2,7 @@ id: sophos-fw-version-detect
 
 info:
   name: Sophos Firewall version detection
-  author: organiccrap
+  author: organiccrap,daffainfo
   severity: info
   tags: panel,sophos
 
@@ -11,17 +11,23 @@ requests:
     path:
       - "{{BaseURL}}/webconsole/webpages/login.jsp"
       - "{{BaseURL}}/userportal/webpages/myaccount/login.jsp"
+
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
+      - type: status
+        status:
+          - 200
+
       - type: word
-        words:
-          - "<title>Sophos</title>"
-      - type: regex
         part: body
-        regex:
-          - "(\\d{2}.\\d{1,2}.\\d{1,2}.\\d{2,3})"
+        words:
+          - '<title>Sophos</title>'
+          - 'uiLangToHTMLLangAttributeValueMapping'
+        condition: or
+
     extractors:
       - type: regex
         part: body
         regex:
-          - "(\\d{2}.\\d{1,2}.\\d{1,2}.\\d{2,3})"
+          - "(?m)<link href=\"\/themes\/lite1\/css\/typography\.css\?version=([0-9.]+)\""