Merge pull request #1829 from SolitudePy/regexscan

ikelos · web-flow · commit 308a4668b7b7 · 2025-06-22T23:10:38.000+01:00
Regexscan fixes
diff --git a/volatility3/framework/plugins/regexscan.py b/volatility3/framework/plugins/regexscan.py
@@ -46,38 +46,52 @@ def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]
             ),
         ]
 
-    def _generator(self, regex_pattern):
-        regex_pattern = bytes(regex_pattern, "UTF-8")
-        vollog.debug(f"RegEx Pattern: {regex_pattern}")
+    def _generator(self, context, layer_name, pattern, maxsize):
+        layer = self.context.layers[layer_name]
+        vollog.debug(f"RegEx Pattern: {pattern}")
+
+        # Convert string pattern to bytes for RegExScanner
+        pattern_bytes = pattern.encode("utf-8")
+
+        # Compile the pattern here to ensure consistency
+        try:
+            compiled_pattern = re.compile(pattern_bytes)
+        except re.error as e:
+            vollog.error(f"Invalid regex pattern: {e}")
+            raise ValueError(f"Invalid regex pattern: {e}")
 
-        layer = self.context.layers[self.config["primary"]]
         for offset in layer.scan(
-            context=self.context, scanner=scanners.RegExScanner(regex_pattern)
+            context=context, scanner=scanners.RegExScanner(pattern_bytes)
         ):
-            result_data = layer.read(offset, self.MAXSIZE_DEFAULT, pad=True)
+            result_data = layer.read(offset, maxsize, pad=True)
 
             # reapply the regex in order to extract just the match
-            regex_result = re.match(regex_pattern, result_data)
+            regex_result = compiled_pattern.search(result_data)
 
             if regex_result:
-                # the match is within the results_data (e.g. it fits within MAXSIZE_DEFAULT)
+                # the match is within the results_data (e.g. it fits within maxsize)
                 # extract just the match itself
                 regex_match = regex_result.group(0)
                 text_result = str(regex_match, encoding="UTF-8", errors="replace")
                 bytes_result = regex_match
             else:
-                # the match is not with the results_data (e.g. it doesn't fit within MAXSIZE_DEFAULT)
+                # the match is not with the results_data (e.g. it doesn't fit within maxsize)
                 text_result = str(result_data, encoding="UTF-8", errors="replace")
                 bytes_result = result_data
 
             yield 0, (format_hints.Hex(offset), text_result, bytes_result)
 
     def run(self):
+        pattern = self.config.get("pattern")
+        maxsize = self.config.get("maxsize", self.MAXSIZE_DEFAULT)
+        layer_name = self.config["primary"]
+        context = self.context
+
         return renderers.TreeGrid(
             [
                 ("Offset", format_hints.Hex),
                 ("Text", str),
                 ("Hex", bytes),
             ],
-            self._generator(self.config.get("pattern")),
+            self._generator(context, layer_name, pattern, maxsize),
         )
