Fix regex string for **Del and **DelVals

The regex string that updates the Registry.pol file wasn't properly matching instances where the reg_key was prepended with **Del or **DelVals due to the utf-16-le encoding of the Registry.pol file. This adds the null byte characters to the regex portion that searches for those values.
2025-04-17 10:10:20 +00:00 · 2020-02-04 14:38:53 -07:00 · 2020-02-04 14:38:53 -07:00 · 944b022f33
commit 944b022f33
parent 154257e2e9
1 changed files with 9 additions and 6 deletions
--- a/salt/modules/win_lgpo.py
+++ b/salt/modules/win_lgpo.py
@ -6777,13 +6777,16 @@ def _regexSearchKeyValueCombo(policy_data, policy_regpath, policy_regkey):
    for a policy_regpath and policy_regkey combo
    '''
    if policy_data:
-        specialValueRegex = salt.utils.stringutils.to_bytes(r'(\*\*Del\.|\*\*DelVals\.){0,1}')
+        regex_str = [r'(\*', r'\*', 'D', 'e', 'l', r'\.', r'|\*', r'\*', 'D',
+                     'e', 'l', 'V', 'a', 'l', 's', r'\.', '){0,1}']
+        specialValueRegex = '\x00'.join(regex_str)
+        specialValueRegex = salt.utils.stringutils.to_bytes(specialValueRegex)
        _thisSearch = b''.join([salt.utils.stringutils.to_bytes(r'\['),
-                               re.escape(policy_regpath),
-                               b'\00;',
-                               specialValueRegex,
-                               re.escape(policy_regkey),
-                               b'\00;'])
+                                re.escape(policy_regpath),
+                                b'\x00;\x00',
+                                specialValueRegex,
+                                re.escape(policy_regkey.lstrip(b'\x00')),
+                                b'\x00;'])
        match = re.search(_thisSearch, policy_data, re.IGNORECASE)
        if match:
            # add 2 so we get the ']' and the \00