Remove Obfuscated Code [20081221b]

[z12]

Seems that this:

Code:

([a-f]|[0-9])

could be simplified to this:

Code:

[a-f0-9]

which could then reduce to to this:

Code:

((%|\\x)\0[a-f0-9]+{2})+{15}$SET(1=\066\06F\06F\062\061\072\000)

(((%|\\)u)\0[a-f0-9]+{4})+{15}$SET(1=\00066\0006F\0006F\00062\00061\00072)

But I'm not sure about the speed.

If this is the octal match, strictly speaking, it doesn't limit matching to octal:

Code:

(\\[#000:255])+{3}

as it will match 8 & 9, which are not valid for octal.
But for matching exploit code, maybe it doesn't matter, as there shouldn't be any 8 or 9 present.

For the heck of it, here's an octal character only match:

Code:

(\\([0-7][0-7]+&&[#000:377]))+{3}

But for this filter, maybe the inner numeric match should be limited to 3 numbers though.

Code:

[0-7]+{1,3}

foobar !!!

z12