From 9a179323ff42479a9d4409acf025e72158aaf749 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Wed, 28 Jun 2023 10:41:36 +0530
Subject: [PATCH] Update generic-path-traversal.yaml

---
 file/nodejs/generic-path-traversal.yaml | 26 ++++---------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

diff --git a/file/nodejs/generic-path-traversal.yaml b/file/nodejs/generic-path-traversal.yaml
index 348692ab43..87ba851bda 100644
--- a/file/nodejs/generic-path-traversal.yaml
+++ b/file/nodejs/generic-path-traversal.yaml
@@ -14,26 +14,8 @@ file:
     matchers:
       - type: regex
         regex:
-          - "function \\(\\$REQ, \\$RES, ...\\) {...}"
-          - "function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}"
-          - "\\$X = function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}"
-          - "var \\$X = function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...};"
-          - "\\$APP.\\$METHOD\\(..., function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}\\)"
-          - "\\$X\\.createReadStream\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
-          - "\\$X\\.createReadStream\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
-          - "\\$X\\.readFile\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
-          - "\\$X\\.readFile\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
-          - "\\$X\\.readFileSync\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
-          - "\\$X\\.readFileSync\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
-          - "\\$X\\.readFileAsync\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
-          - "\\$X\\.readFileAsync\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
-          - "\\$INP = <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>\\;"
-          - "\\$X\\.createReadStream\\(..., <... \\$INP ...>, ...\\)"
-          - "\\$INP = <... \\$REQ\\.\\$QUERY ...>\\;"
-          - "\\$X\\.readFile\\(..., <... \\$INP ...>, ...\\)"
-          - "\\$X\\.readFileSync\\(..., <... \\$INP ...>, ...\\)"
-          - "\\$Y = \\$REQ\\.\\$QUERY\\.\\$VAR\\;"
-          - "\\$INP = <... \\$Y ...>\\;"
-          - "\\$Y = \\$REQ\\.\\$QUERY\\;"
-          - "\\$X\\.readFileAsync\\(..., <... \\$INP ...>, ...\\)"
+          - "[^\\.]*\\.createReadStream\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
+          - "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
+          - "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
+          - "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
         condition: or