From 968e5509ad6bfb3ca5b2ddfdfaf751067f1da21c Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Sat, 12 Oct 2024 21:06:21 +0200
Subject: [PATCH] Fix F5 cookie in 10.x.x.x.  (3.0)

The F5 cookie decoder doesn't detect IPs in the 10.x.x.x space for non-encrypted cookies. This fixes the regex pattern, see also
https://github.com/drwetter/F5-BIGIP-Decoder/pull/4 and https://github.com/drwetter/testssl.sh/pull/2577
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index c0ca3e9..ac387b8 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3001,7 +3001,7 @@ sub_f5_bigip_check() {
           [[ -z "$cookievalue" ]] && break
           cookievalue=${cookievalue/;/}
           debugme echo $cookiename : $cookievalue
-          if grep -Eq '[0-9]{9,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then
+          if grep -Eq '[0-9]{8,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then
                ip="$(f5_ip_oldstyle "$cookievalue")"
                port="$(f5_port_decode $cookievalue)"
                out "${spaces}F5 cookie (default IPv4 pool member): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"