From 63db619a8662940888d40dbf5c15f51fb587b7b8 Mon Sep 17 00:00:00 2001
From: "andre.bolinhas" <andre.bolinhas@articatech.com>
Date: Thu, 2 Apr 2026 17:42:20 +0100
Subject: [PATCH] Update OWASP CRS rules to v4.25.0

Automated update via update-feed.sh
CRS version: v4.25.0
Rules extracted: 279
---
 rulesets.json | 142 +++++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 92 insertions(+), 50 deletions(-)

diff --git a/rulesets.json b/rulesets.json
index e92faf0..f5f4500 100644
--- a/rulesets.json
+++ b/rulesets.json
@@ -1,5 +1,5 @@
 {
-  "build_datetime": "2026-03-17T00:18:06Z",
+  "build_datetime": "2026-04-02T16:42:19Z",
   "owasp_top_10": {
     "version": "2025",
     "url": "https://owasp.org/Top10/2025/",
@@ -107,9 +107,9 @@
     {
       "id": "crs-protocol-enforcement",
       "name": "CRS Protocol Enforcement",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Protocol Enforcement (17 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Protocol Enforcement (18 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,
@@ -367,6 +367,27 @@
           "paranoia_level": 1
         },
         {
+          "id": "920540",
+          "name": "Possible Unicode character bypass detected",
+          "pattern": "(?i)\\x5cu[0-9a-f]{4}",
+          "targets": [
+            "all"
+          ],
+          "action": "block",
+          "score": 10,
+          "severity": "critical",
+          "category": "protocol",
+          "enabled": true,
+          "tags": [
+            "attack-protocol",
+            "paranoia-level/1",
+            "OWASP_CRS",
+            "OWASP_CRS/PROTOCOL-ENFORCEMENT",
+            "capec/1000/255/153/267/72"
+          ],
+          "paranoia_level": 1
+        },
+        {
           "id": "920230",
           "name": "Multiple URL Encoding Detected",
           "pattern": "%[0-9a-fA-F]{2}",
@@ -476,9 +497,9 @@
     {
       "id": "crs-protocol-attack",
       "name": "CRS Protocol Attack (HTTP Smuggling)",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Protocol Attack (HTTP Smuggling) (14 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Protocol Attack (HTTP Smuggling) (14 rules)",
       "author": "OWASP CRS Project",
       "priority": 5,
       "enabled": true,
@@ -782,9 +803,9 @@
     {
       "id": "crs-lfi",
       "name": "CRS Local File Inclusion (LFI)",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Local File Inclusion (LFI) (2 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Local File Inclusion (LFI) (2 rules)",
       "author": "OWASP CRS Project",
       "priority": 5,
       "enabled": true,
@@ -836,9 +857,9 @@
     {
       "id": "crs-rfi",
       "name": "CRS Remote File Inclusion (RFI)",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Remote File Inclusion (RFI) (4 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Remote File Inclusion (RFI) (4 rules)",
       "author": "OWASP CRS Project",
       "priority": 5,
       "enabled": true,
@@ -846,7 +867,7 @@
         {
           "id": "931100",
           "name": "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address",
-          "pattern": "(?i)^(file|ftps?|https?|ssh)://(?:\\[?[a-f0-9]+:[a-f0-9:]+\\]?|\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})",
+          "pattern": "(?i)^(f(?:ile|tps?)|https?|ssh)://(?:\\[?[0-9a-f]+:[0-:a-f]+\\]?|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})",
           "targets": [
             "body",
             "query"
@@ -868,7 +889,7 @@
         {
           "id": "931110",
           "name": "Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload",
-          "pattern": "(?i)(?:\\binclude\\s*\\([^)]*|mosConfig_absolute_path|_CONF\\[path\\]|_SERVER\\[DOCUMENT_ROOT\\]|GALLERY_BASEDIR|path\\[docroot\\]|appserv_root|config\\[root_dir\\])=(?:file|ftps?|https?)://",
+          "pattern": "(?i)(?:\\binclude[\\s\\x0b]*\\([^\\)]*|mosConfig_absolute_path|(?:_(?:CONF\\[path|SERVER\\[DOCUMENT_ROOT)|path\\[docroot|config\\[root_dir)\\]|GALLERY_BASEDIR|appserv_root)=(?:f(?:ile|tps?)|https?)://",
           "targets": [
             "body",
             "query"
@@ -934,9 +955,9 @@
     {
       "id": "crs-rce",
       "name": "CRS Remote Code Execution (RCE)",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Remote Code Execution (RCE) (37 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Remote Code Execution (RCE) (38 rules)",
       "author": "OWASP CRS Project",
       "priority": 3,
       "enabled": true,
@@ -965,7 +986,7 @@
         {
           "id": "932235",
           "name": "Remote Command Execution: Unix Command Injection (command without evasion)",
-          "pattern": "(?i)(?:b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\\s\\x0b&\\),<>\\|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|tobm|xel)[\\s\\x0b&\\),<>\\|]|nsible|p(?:parmor_[^\\s\\x0b]{1,10}\\b|t(?:-get|itude[\\s\\x0b&\\),<>\\|]))|r(?:ch[\\s\\x0b&\\),<>\\|]|ia2c|j(?:-register|disp))|s(?:cii(?:-xfr|85)|pell)|u(?:ditctl|repot|search))|b(?:a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|])|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more))|c(?:[89]9-gcc|a(?:ncel|psh)[\\s\\x0b&\\),<>\\|]|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|lang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|p(?:(?:an|io)[\\s\\x0b&\\),<>\\|]|ulimit)|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab))|s(?:cli[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:psfilter|rl[\\s\\x0b&\\),<>\\|]))|d(?:(?:ash|i(?:alog|ff)|vips)[\\s\\x0b&\\),<>\\|]|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:2fsck|asy_install|(?:cho|fax|grep|macs|sac|val)[\\s\\x0b&\\),<>\\|]|n(?:d(?:if|sw)[\\s\\x0b&\\),<>\\|]|v-update)|x(?:(?:ec|p(?:and|(?:ec|or)t|r))[\\s\\x0b&\\),<>\\|]|iftool))|f(?:acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|(?:etch|grep|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:le(?:[\\s\\x0b&\\),<>\\|]|test)|(?:n(?:d|ger)|sh)[\\s\\x0b&\\),<>\\|])|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|]|tp(?:stats|who))|g(?:(?:awk|core|i(?:mp|nsh)|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:cat|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:conv|nstall)[\\s\\x0b&\\),<>\\|]|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|p(?:6?tables|config|p(?:eveprinter|find|tool))|spell)|j(?:(?:ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:in[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|]|sshell)|l(?:a(?:st(?:comm[\\s\\x0b&\\),<>\\|]|log(?:in)?)|tex[\\s\\x0b&\\),<>\\|])|dconfig|ess(?:echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:cate|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\\s\\x0b&\\),<>\\|]|b_release)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|ynx[\\s\\x0b&\\),<>\\|]|z(?:4c(?:[\\s\\x0b&\\),<>\\|]|at)|c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore)))|m(?:(?:a(?:il[qx]?|ke|wk)|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:squitto|unt[\\s\\x0b&\\),<>\\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:no|sm|wk)|ice|map|o(?:de|hup)|ping|roff)[\\s\\x0b&\\),<>\\|]|c(?:\\.(?:openbsd|traditional)|at[\\s\\x0b&\\),<>\\|])|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:ctave[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:cman|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|(?:(?:ft|gre)p|opd|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:-cgi|[57][\\s\\x0b&\\),<>\\|])|i(?:(?:co|gz|ng6?)[\\s\\x0b&\\),<>\\|]|dstat)|k(?:exec|g_?info|ill[\\s\\x0b&\\),<>\\|])|rint(?:env|f[\\s\\x0b&\\),<>\\|])|s(?:(?:ed|ql)[\\s\\x0b&\\),<>\\|]|ftp)|tar(?:[\\s\\x0b&\\),<>\\|]|diff|grep)|y(?:3?versions|thon(?:[23]|[^\\s\\x0b]{1,10}\\b)))|r(?:(?:ak[eu]|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:a(?:delf|lpath)|(?:(?:boo|dcarpe)t|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|stic)|l(?:ogin|wrap)|m(?:dir[\\s\\x0b&\\),<>\\|]|t-(?:dump|tar)|user)|pm(?:db[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:arch|cap|env|facl[\\s\\x0b&\\),<>\\|]|sid))|h(?:\\.distrib|u(?:f|tdown)[\\s\\x0b&\\),<>\\|])|mbclient|o(?:(?:ca|r)t[\\s\\x0b&\\),<>\\|]|elim)|qlite3|sh(?:-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass)|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|udo(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:ilf?[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|elnet|(?:ftp|mux|ouch)[\\s\\x0b&\\),<>\\|]|ime(?:datectl|out[\\s\\x0b&\\),<>\\|])|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:limit[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|p(?:2date[\\s\\x0b&\\),<>\\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:(?:[ep]w|gr|rsh)[\\s\\x0b&\\),<>\\|]|mdiff|sudo(?:-rs)?)|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:all|get)[\\s\\x0b&\\),<>\\|]|h(?:iptail[\\s\\x0b&\\),<>\\|]|o(?:ami|is[\\s\\x0b&\\),<>\\|]))|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:args|pad|term)[\\s\\x0b&\\),<>\\|]|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|])|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more))|z(?:athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|s(?:oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|ypper))",
+          "pattern": "(?i)(?:b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\\s\\x0b&\\),<>\\|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|tobm|xel)[\\s\\x0b&\\),<>\\|]|nsible|p(?:parmor_[^\\s\\x0b]{1,10}\\b|t(?:-get|itude[\\s\\x0b&\\),<>\\|]))|r(?:ch[\\s\\x0b&\\),<>\\|]|ia2c|j(?:-register|disp))|s(?:cii(?:-xfr|85)|pell)|u(?:ditctl|repot|search))|b(?:a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|])|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more))|c(?:[89]9-gcc|a(?:(?:ncel|psh)[\\s\\x0b&\\),<>\\|]|rgo(?:[\\s\\x0b&\\),<>\\|]|-(?:audit|miri|watch)))|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|l(?:ang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|ippy-driver)|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|p(?:(?:an|io)[\\s\\x0b&\\),<>\\|]|ulimit)|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab))|s(?:cli[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:psfilter|rl[\\s\\x0b&\\),<>\\|]))|d(?:(?:ash|i(?:alog|ff)|vips)[\\s\\x0b&\\),<>\\|]|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:2fsck|asy_install|(?:cho|fax|grep|macs|sac|val)[\\s\\x0b&\\),<>\\|]|n(?:d(?:if|sw)[\\s\\x0b&\\),<>\\|]|v-update)|x(?:(?:ec|p(?:and|(?:ec|or)t|r))[\\s\\x0b&\\),<>\\|]|iftool))|f(?:acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|(?:etch|grep|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:le(?:[\\s\\x0b&\\),<>\\|]|test)|(?:n(?:d|ger)|sh)[\\s\\x0b&\\),<>\\|])|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|]|tp(?:stats|who))|g(?:(?:awk|core|i(?:mp|nsh)|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:cat|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:conv|nstall)[\\s\\x0b&\\),<>\\|]|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|p(?:6?tables|config|p(?:eveprinter|find|tool))|spell)|j(?:(?:ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:in[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|]|sshell)|l(?:a(?:st(?:comm[\\s\\x0b&\\),<>\\|]|log(?:in)?)|tex[\\s\\x0b&\\),<>\\|])|dconfig|ess(?:echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:cate|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\\s\\x0b&\\),<>\\|]|b_release)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|ynx[\\s\\x0b&\\),<>\\|]|z(?:4c(?:[\\s\\x0b&\\),<>\\|]|at)|c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore)))|m(?:(?:a(?:il[qx]?|ke|wk)|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:squitto|unt[\\s\\x0b&\\),<>\\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:no|sm|wk)|ice|map|o(?:de|hup)|ping|roff)[\\s\\x0b&\\),<>\\|]|c(?:\\.(?:openbsd|traditional)|at[\\s\\x0b&\\),<>\\|])|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:ctave[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:cman|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|i(?:co(?:nv|[\\s\\x0b&\\),<>\\|])|dstat|(?:gz|ng6?)[\\s\\x0b&\\),<>\\|])|(?:(?:ft|gre)p|opd|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:-cgi|[57][\\s\\x0b&\\),<>\\|])|k(?:exec|g_?info|ill[\\s\\x0b&\\),<>\\|])|rint(?:env|f[\\s\\x0b&\\),<>\\|])|s(?:(?:ed|ql)[\\s\\x0b&\\),<>\\|]|ftp)|tar(?:[\\s\\x0b&\\),<>\\|]|diff|grep)|y(?:3?versions|thon(?:[23]|[^\\s\\x0b]{1,10}\\b)))|r(?:(?:ak[eu]|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:a(?:delf|lpath)|(?:(?:boo|dcarpe)t|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|stic)|l(?:ogin|wrap)|m(?:dir[\\s\\x0b&\\),<>\\|]|t-(?:dump|tar)|user)|pm(?:db[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])|st(?:-(?:analyzer|(?:g|ll)db)|c[\\s\\x0b&\\),<>\\|]|doc|fmt|up)))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:arch|cap|env|facl[\\s\\x0b&\\),<>\\|]|sid))|h(?:\\.distrib|(?:red|u(?:f|tdown))[\\s\\x0b&\\),<>\\|])|mbclient|o(?:(?:ca|r)t[\\s\\x0b&\\),<>\\|]|elim)|qlite3|sh(?:-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass)|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|udo(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:ilf?[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|elnet|(?:ftp|mux|ouch)[\\s\\x0b&\\),<>\\|]|ime(?:datectl|out[\\s\\x0b&\\),<>\\|])|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:limit[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|conv|p(?:2date[\\s\\x0b&\\),<>\\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:(?:[ep]w|gr|rsh)[\\s\\x0b&\\),<>\\|]|mdiff|sudo(?:-rs)?)|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:all|get)[\\s\\x0b&\\),<>\\|]|h(?:iptail[\\s\\x0b&\\),<>\\|]|o(?:ami|is[\\s\\x0b&\\),<>\\|]))|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:args|pad|term)[\\s\\x0b&\\),<>\\|]|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|])|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more))|z(?:athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|s(?:oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|ypper))",
           "targets": [
             "all"
           ],
@@ -1112,7 +1133,7 @@
         {
           "id": "932260",
           "name": "Remote Command Execution: Direct Unix Command Execution",
-          "pattern": "(?i)(?:^|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:a(?:ddgroup|nsible|pparmor_[^\\s\\x0b]{1,10}\\b|rj(?:-register|disp)|tobm[\\s\\x0b&\\),<>\\|]|u(?:ditctl|repot|search))|b(?:ase(?:32|64|nc)|(?:lkid|rwap|yobu)[\\s\\x0b&\\),<>\\|]|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more))|c(?:[89]9-gcc|h(?:(?:attr|mod|o(?:om|wn)|sh)[\\s\\x0b&\\),<>\\|]|ef-|g(?:passwd|rp[\\s\\x0b&\\),<>\\|])|pass)|lang\\+\\+|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|mm[\\s\\x0b&\\),<>\\|]|proc)|(?:p(?:an|io)|scli)[\\s\\x0b&\\),<>\\|])|d(?:(?:iff|mesg|vips)[\\s\\x0b&\\),<>\\|]|o(?:as[\\s\\x0b&\\),<>\\|]|cker-)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:2fsck|(?:fax|grep|macs|nd(?:if|sw)|sac|xpr)[\\s\\x0b&\\),<>\\|])|f(?:d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|grep[\\s\\x0b&\\),<>\\|]|iletest|ping[\\s\\x0b&\\),6<>\\|]|tp(?:stats|who))|g(?:(?:core|insh|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|(?:etca|unzi)p|hc(?:-[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:cat|ep)[\\s\\x0b&\\),<>\\|]|oupmod))|(?:htop|jexec)[\\s\\x0b&\\),<>\\|]|i(?:(?:conv|ftop)[\\s\\x0b&\\),<>\\|]|pp(?:eveprinter|find|tool))|l(?:ast(?:comm[\\s\\x0b&\\),<>\\|]|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|osetup|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\\s\\x0b&\\),<>\\|]|b_release)|wp-download|z(?:4c(?:[\\s\\x0b&\\),<>\\|]|at)|c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore)))|m(?:a(?:ilq|wk)[\\s\\x0b&\\),<>\\|]|k(?:fifo|nod[\\s\\x0b&\\),<>\\|]|temp)|locate|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:sm|wk)|(?:ma|ohu)p|ping|roff|stat)[\\s\\x0b&\\),<>\\|]|c(?:\\.(?:openbsd|traditional)|at[\\s\\x0b&\\),<>\\|])|et(?:(?:c|st)at|kit-ftp|plan))|o(?:nintr|pkg[\\s\\x0b&\\),<>\\|])|p(?:d(?:b(?:2mb|3[\\s\\x0b&\\),\\.<>\\|])|ksh[\\s\\x0b&\\),<>\\|])|(?:er(?:f|l5?)|(?:ft|gre)p|i(?:gz|ng6)|(?:op|ush)d|s(?:ed|ql))[\\s\\x0b&\\),<>\\|]|hp(?:-cgi|[57][\\s\\x0b&\\),<>\\|])|k(?:exec|ill[\\s\\x0b&\\),<>\\|])|rint(?:env|f[\\s\\x0b&\\),<>\\|])|tar(?:[\\s\\x0b&\\),<>\\|]|diff|grep)|y(?:3?versions|thon[23]))|r(?:(?:aku|bash|nano|pmdb|unc|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:alpath|boot[\\s\\x0b&\\),<>\\|])|m(?:dir[\\s\\x0b&\\),<>\\|]|t-(?:dump|tar)|user)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|]))|s(?:(?:diff|ftp|lsh|ocat)[\\s\\x0b&\\),<>\\|]|e(?:ndmail[\\s\\x0b&\\),<>\\|]|t(?:cap|env|sid))|h(?:\\.distrib|uf[\\s\\x0b&\\),<>\\|])|sh-(?:a(?:dd|gent)|copy-id)|udo(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ysctl)|t(?:(?:ailf|ftp|imeout|mux)[\\s\\x0b&\\),<>\\|]|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:ing|traceroute))|elnet|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|]))|u(?:n(?:(?:ame|iq|rar|xz)[\\s\\x0b&\\),<>\\|]|lz(?:4[\\s\\x0b&\\),<>\\|]|ma)|pigz|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:(?:gr|pw|rsh)[\\s\\x0b&\\),<>\\|]|sudo(?:-rs)?)|w(?:get[\\s\\x0b&\\),<>\\|]|ho(?:ami|is[\\s\\x0b&\\),<>\\|]))|x(?:(?:args|etex|more|pad|term)[\\s\\x0b&\\),<>\\|]|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more))|z(?:(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|std(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less)))",
+          "pattern": "(?i)(?:^|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:a(?:ddgroup|nsible|pparmor_[^\\s\\x0b]{1,10}\\b|rj(?:-register|disp)|tobm[\\s\\x0b&\\),<>\\|]|u(?:ditctl|repot|search))|b(?:ase(?:32|64|nc)|(?:lkid|rwap|yobu)[\\s\\x0b&\\),<>\\|]|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more))|c(?:[89]9-gcc|argo-(?:audit|miri|watch)|h(?:(?:attr|mod|o(?:om|wn)|sh)[\\s\\x0b&\\),<>\\|]|ef-|g(?:passwd|rp[\\s\\x0b&\\),<>\\|])|pass)|l(?:ang\\+\\+|ippy-driver)|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|mm[\\s\\x0b&\\),<>\\|]|proc)|(?:p(?:an|io)|scli)[\\s\\x0b&\\),<>\\|])|d(?:(?:iff|mesg|vips)[\\s\\x0b&\\),<>\\|]|o(?:as[\\s\\x0b&\\),<>\\|]|cker-)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:2fsck|(?:fax|grep|macs|nd(?:if|sw)|sac|xpr)[\\s\\x0b&\\),<>\\|])|f(?:d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|grep[\\s\\x0b&\\),<>\\|]|iletest|ping[\\s\\x0b&\\),6<>\\|]|tp(?:stats|who))|g(?:(?:core|insh|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|(?:etca|unzi)p|hc(?:-[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:cat|ep)[\\s\\x0b&\\),<>\\|]|oupmod))|(?:htop|jexec)[\\s\\x0b&\\),<>\\|]|i(?:(?:conv|ftop)[\\s\\x0b&\\),<>\\|]|pp(?:eveprinter|find|tool))|l(?:ast(?:comm[\\s\\x0b&\\),<>\\|]|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|osetup|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\\s\\x0b&\\),<>\\|]|b_release)|wp-download|z(?:4c(?:[\\s\\x0b&\\),<>\\|]|at)|c(?:at|mp)[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore)))|m(?:a(?:ilq|wk)[\\s\\x0b&\\),<>\\|]|k(?:fifo|nod[\\s\\x0b&\\),<>\\|]|temp)|locate|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:sm|wk)|(?:ma|ohu)p|ping|roff|stat)[\\s\\x0b&\\),<>\\|]|c(?:\\.(?:openbsd|traditional)|at[\\s\\x0b&\\),<>\\|])|et(?:(?:c|st)at|kit-ftp|plan))|o(?:nintr|pkg[\\s\\x0b&\\),<>\\|])|p(?:d(?:b(?:2mb|3[\\s\\x0b&\\),\\.<>\\|])|ksh[\\s\\x0b&\\),<>\\|])|(?:er(?:f|l5?)|(?:ft|gre)p|(?:op|ush)d|s(?:ed|ql))[\\s\\x0b&\\),<>\\|]|i(?:conv|(?:gz|ng6)[\\s\\x0b&\\),<>\\|])|hp(?:-cgi|[57][\\s\\x0b&\\),<>\\|])|k(?:exec|ill[\\s\\x0b&\\),<>\\|])|rint(?:env|f[\\s\\x0b&\\),<>\\|])|tar(?:[\\s\\x0b&\\),<>\\|]|diff|grep)|y(?:3?versions|thon[23]))|r(?:(?:aku|bash|nano|pmdb|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:alpath|boot[\\s\\x0b&\\),<>\\|])|m(?:dir[\\s\\x0b&\\),<>\\|]|t-(?:dump|tar)|user)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:nc[\\s\\x0b&\\),<>\\|]|st(?:-(?:analyzer|(?:g|ll)db)|c[\\s\\x0b&\\),<>\\|]|doc|fmt|up)))|s(?:(?:diff|ftp|lsh|ocat)[\\s\\x0b&\\),<>\\|]|e(?:ndmail[\\s\\x0b&\\),<>\\|]|t(?:cap|env|sid))|h(?:\\.distrib|uf[\\s\\x0b&\\),<>\\|])|sh-(?:a(?:dd|gent)|copy-id)|udo(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ysctl)|t(?:(?:ailf|ftp|imeout|mux)[\\s\\x0b&\\),<>\\|]|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:ing|traceroute))|elnet|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|]))|u(?:n(?:(?:ame|iq|rar|xz)[\\s\\x0b&\\),<>\\|]|lz(?:4[\\s\\x0b&\\),<>\\|]|ma)|pigz|zstd)|conv|ser(?:(?:ad|mo)d|del))|vi(?:(?:gr|pw|rsh)[\\s\\x0b&\\),<>\\|]|sudo(?:-rs)?)|w(?:get[\\s\\x0b&\\),<>\\|]|ho(?:ami|is[\\s\\x0b&\\),<>\\|]))|x(?:(?:args|etex|more|pad|term)[\\s\\x0b&\\),<>\\|]|z(?:c(?:at|mp)[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more))|z(?:(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|std(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less)))",
           "targets": [
             "all"
           ],
@@ -1344,7 +1365,7 @@
         {
           "id": "932220",
           "name": "Remote Command Execution: Unix Command Injection with pipe",
-          "pattern": "(?i).\\|(?:[\\s\\x0b]*|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:7[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[arx][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|(?:G[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?E[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?T|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z|c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[89][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?9|[au][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|c|(?:m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?p|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)|d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[dfu]|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[gr])|f[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[cgi]|m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p)|h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:d|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p)|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[dp]|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b)|j[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:j[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s|q)|k[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h|m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r|v)|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[cl]|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|(?:p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?m)|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[cr]|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[ex]|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p)|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:3[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m|c)|x[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:x[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|z)|y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m)|z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h))[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:[bdx]|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|q[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)|l[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|(?:[nps]|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:4[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[dv]|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[dt]|[ghu]|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?))[\\s\\x0b&\\),<>\\|].*|a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?-[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[&\\),<>\\|]{1,10}|(?:[\\-\\.0-9A-Z_a-z][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?){1,10}[\\s\\x0b&\\),<>\\|\\}]{1,10})|(?:(?:b|(?:p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?t|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[ks])[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[jp][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)[\\s\\x0b&\\),<>\\|].*)|g[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[&\\),<>\\|]{1,10}|(?:[\\-\\.0-9A-Z_a-z][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?){1,10}[\\s\\x0b&\\),<>\\|\\}]{1,10})|(?:d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m|[hr][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|o|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?g)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*)|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:(?:[at][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b|f|(?:k[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?g|h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|x[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)[\\s\\x0b&\\),<>\\|].*|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|[&\\),<>\\|]{1,10}|(?:[\\-\\.0-9A-Z_a-z][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?){1,10}[\\s\\x0b&\\),<>\\|\\}]{1,10}))))",
+          "pattern": "(?i).\\|(?:[\\s\\x0b]*|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:7[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[arx][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|(?:G[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?E[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?T|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z|c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[89][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?9|[au][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|c|(?:m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?p|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)|d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[dfu]|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[gr])|f[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[cgi]|m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p)|h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:d|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p)|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[dp]|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b)|j[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:j[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s|q)|k[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h|m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r|v)|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[cl]|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|(?:p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?m)|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[cr]|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[ex]|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p)|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:3[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m|c)|x[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:x[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|z)|y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m)|z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h))[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:[bdx]|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|q[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)|l[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:(?:u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?a|[lnps])[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|z[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:4[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)?|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[dv]|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[dt]|[ghu]|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?))[\\s\\x0b&\\),<>\\|].*|a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?-[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[&\\),<>\\|]{1,10}|(?:[\\-\\.0-9A-Z_a-z][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?){1,10}[\\s\\x0b&\\),<>\\|\\}]{1,10})|(?:(?:b|(?:p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?t|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[ks])[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[jp][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?|s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)[\\s\\x0b&\\),<>\\|].*)|g[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[&\\),<>\\|]{1,10}|(?:[\\-\\.0-9A-Z_a-z][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?){1,10}[\\s\\x0b&\\),<>\\|\\}]{1,10})|(?:d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m|[hr][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t|o|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?g)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*)|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:(?:(?:[at][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b|f|(?:k[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?g|h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|x[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?z)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?|r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?)?)[\\s\\x0b&\\),<>\\|].*|i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|[&\\),<>\\|]{1,10}|(?:[\\-\\.0-9A-Z_a-z][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?){1,10}[\\s\\x0b&\\),<>\\|\\}]{1,10}))))",
           "targets": [
             "all"
           ],
@@ -1491,7 +1512,7 @@
         {
           "id": "932236",
           "name": "Remote Command Execution: Unix Command Injection (command without evasion)",
-          "pattern": "(?i)(?:^|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\\s\\x0b&\\),<>\\|]|a(?:a-[^\\s\\x0b]{1,10}\\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\\s\\x0b&\\),<>\\|]|p(?:t(?:[\\s\\x0b&\\),<>\\|]|-get)|parmor_[^\\s\\x0b]{1,10}\\b)|r(?:(?:p|ch)?[\\s\\x0b&\\),<>\\|]|j(?:[\\s\\x0b&\\),<>\\|]|-register|disp)|ia2c)|s(?:h[\\s\\x0b&\\),<>\\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|]))|c(?:[89]9(?:[\\s\\x0b&\\),<>\\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\\s\\x0b&\\),<>\\|]|p(?:(?:an|io)?[\\s\\x0b&\\),<>\\|]|ulimit)|s(?:(?:h|cli)[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:(?:t|rl)[\\s\\x0b&\\),<>\\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|lang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\\s\\x0b&\\),<>\\|]|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\\s\\x0b&\\),<>\\|]|n(?:v(?:[\\s\\x0b&\\),<>\\|]|-update)|d(?:if|sw)[\\s\\x0b&\\),<>\\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\\s\\x0b&\\),<>\\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:(?:n(?:d|ger)|sh)?[\\s\\x0b&\\),<>\\|]|le(?:[\\s\\x0b&\\),<>\\|]|test))|tp(?:[\\s\\x0b&\\),<>\\|]|stats|who)|acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|])|g(?:c(?:c[^\\s\\x0b]{1,10}\\b|ore[\\s\\x0b&\\),<>\\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:m[\\s\\x0b&\\),<>\\|]|ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-?[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:c(?:at)?|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:(?:bs|in)[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:s(?:h[\\s\\x0b&\\),<>\\|]|shell)|ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|])|l(?:d(?:d?[\\s\\x0b&\\),<>\\|]|config)|(?:[np]|inks|ynx)[\\s\\x0b&\\),<>\\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\\s\\x0b&\\),<>\\|]|b_release)|ua(?:[\\s\\x0b&\\),<>\\|]|(?:la)?tex)|z(?:4(?:[\\s\\x0b&\\),<>\\|]|c(?:[\\s\\x0b&\\),<>\\|]|at))|(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\\s\\x0b&\\),<>\\|]|log(?:in)?)|tex[\\s\\x0b&\\),<>\\|])|ess(?:[\\s\\x0b&\\),<>\\|]|echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:ca(?:l|te)|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:squitto|unt[\\s\\x0b&\\),<>\\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\\s\\x0b&\\),<>\\|]|\\.(?:openbsd|traditional))|e(?:t(?:[\\s\\x0b&\\),<>\\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\\s\\x0b&\\),<>\\|]|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:(?:d|ctave)[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:x|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:[\\s\\x0b&\\),<>\\|]|2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:[57]?[\\s\\x0b&\\),<>\\|]|-cgi)|i(?:(?:co?|gz|ng6?)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|[^\\s\\x0b]{1,10}\\b)|dstat)|k(?:g(?:[\\s\\x0b&\\),<>\\|]|_?info)|exec|ill[\\s\\x0b&\\),<>\\|])|r(?:y?[\\s\\x0b&\\),<>\\|]|int(?:env|f[\\s\\x0b&\\),<>\\|]))|t(?:x[\\s\\x0b&\\),<>\\|]|ar(?:[\\s\\x0b&\\),<>\\|]|diff|grep))|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|s(?:(?:ed|ql)[\\s\\x0b&\\),<>\\|]|ftp)|y(?:3?versions|thon(?:[23]|[^\\s\\x0b]{1,10}\\b)))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\\s\\x0b&\\),<>\\|]|t(?:[\\s\\x0b&\\),<>\\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:d|ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:(?:facl)?[\\s\\x0b&\\),<>\\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\\s\\x0b&\\),<>\\|]|\\.distrib)|s(?:[\\s\\x0b&\\),<>\\|]|h(?:[\\s\\x0b&\\),<>\\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\\s\\x0b&\\),<>\\|]|do(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay))|vn(?:[\\s\\x0b&\\),<>\\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\\s\\x0b&\\),<>\\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\\s\\x0b&\\),<>\\|]|e(?:[ex][\\s\\x0b&\\),<>\\|]|lnet)|i(?:c[\\s\\x0b&\\),<>\\|]|me(?:datectl|out[\\s\\x0b&\\),<>\\|]))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:l(?:imit)?[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\\s\\x0b&\\),<>\\|]|diff)|(?:[ep]w|gr|rsh)[\\s\\x0b&\\),<>\\|]|sudo(?:-rs)?)|algrind|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:3m|c|a(?:ll|tch)|get)[\\s\\x0b&\\),<>\\|]|h(?:iptail[\\s\\x0b&\\),<>\\|]|o(?:ami|is[\\s\\x0b&\\),<>\\|]))|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:(?:x|pa)d|args|term)[\\s\\x0b&\\),<>\\|]|z(?:(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|]))|z(?:ip(?:[\\s\\x0b&\\),<>\\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\\s\\x0b&\\),<>\\|]|oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|ypper))",
+          "pattern": "(?i)(?:^|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\\s\\x0b&\\),<>\\|]|a(?:a-[^\\s\\x0b]{1,10}\\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\\s\\x0b&\\),<>\\|]|p(?:t(?:[\\s\\x0b&\\),<>\\|]|-get)|parmor_[^\\s\\x0b]{1,10}\\b)|r(?:(?:p|ch)?[\\s\\x0b&\\),<>\\|]|j(?:[\\s\\x0b&\\),<>\\|]|-register|disp)|ia2c)|s(?:h[\\s\\x0b&\\),<>\\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|]))|c(?:[89]9(?:[\\s\\x0b&\\),<>\\|]|-gcc)|a(?:(?:t|ncel|psh)[\\s\\x0b&\\),<>\\|]|rgo(?:[\\s\\x0b&\\),<>\\|]|-(?:audit|miri|watch)))|(?:c|mp)[\\s\\x0b&\\),<>\\|]|p(?:(?:an|io)?[\\s\\x0b&\\),<>\\|]|ulimit)|s(?:(?:h|cli)[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:(?:t|rl)[\\s\\x0b&\\),<>\\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|l(?:ang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|ippy-driver)|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\\s\\x0b&\\),<>\\|]|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\\s\\x0b&\\),<>\\|]|n(?:v(?:[\\s\\x0b&\\),<>\\|]|-update)|d(?:if|sw)[\\s\\x0b&\\),<>\\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\\s\\x0b&\\),<>\\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:(?:n(?:d|ger)|sh)?[\\s\\x0b&\\),<>\\|]|le(?:[\\s\\x0b&\\),<>\\|]|test))|tp(?:[\\s\\x0b&\\),<>\\|]|stats|who)|acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|])|g(?:c(?:c[^\\s\\x0b]{1,10}\\b|ore[\\s\\x0b&\\),<>\\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:m[\\s\\x0b&\\),<>\\|]|ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-?[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:c(?:at)?|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:(?:bs|in)[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:s(?:h[\\s\\x0b&\\),<>\\|]|shell)|ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|])|l(?:(?:[lnp]|inks|ynx)?[\\s\\x0b&\\),<>\\|]|a(?:(?:tex)?[\\s\\x0b&\\),<>\\|]|st(?:(?:comm)?[\\s\\x0b&\\),<>\\|]|log(?:in)?))|d(?:d?[\\s\\x0b&\\),<>\\|]|config)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\\s\\x0b&\\),<>\\|]|b_release)|ua(?:[\\s\\x0b&\\),<>\\|]|(?:la)?tex)|z(?:4(?:[\\s\\x0b&\\),<>\\|]|c(?:[\\s\\x0b&\\),<>\\|]|at))|(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore))|ess(?:[\\s\\x0b&\\),<>\\|]|echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:ca(?:l|te)|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:squitto|unt[\\s\\x0b&\\),<>\\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\\s\\x0b&\\),<>\\|]|\\.(?:openbsd|traditional))|e(?:t(?:[\\s\\x0b&\\),<>\\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\\s\\x0b&\\),<>\\|]|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:(?:d|ctave)[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:x|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:[\\s\\x0b&\\),<>\\|]|2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:[57]?[\\s\\x0b&\\),<>\\|]|-cgi)|i(?:c(?:[\\s\\x0b&\\),<>\\|]|o(?:nv|[\\s\\x0b&\\),<>\\|]))|p(?:[\\s\\x0b&\\),<>\\|]|[^\\s\\x0b]{1,10}\\b)|dstat|(?:gz|ng6?)[\\s\\x0b&\\),<>\\|])|k(?:g(?:[\\s\\x0b&\\),<>\\|]|_?info)|exec|ill[\\s\\x0b&\\),<>\\|])|r(?:y?[\\s\\x0b&\\),<>\\|]|int(?:env|f[\\s\\x0b&\\),<>\\|]))|t(?:x[\\s\\x0b&\\),<>\\|]|ar(?:[\\s\\x0b&\\),<>\\|]|diff|grep))|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|s(?:(?:ed|ql)[\\s\\x0b&\\),<>\\|]|ftp)|y(?:3?versions|thon(?:[23]|[^\\s\\x0b]{1,10}\\b)))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\\s\\x0b&\\),<>\\|]|t(?:[\\s\\x0b&\\),<>\\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])|st(?:-(?:analyzer|(?:g|ll)db)|c[\\s\\x0b&\\),<>\\|]|doc|fmt|up)))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:d|ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:(?:facl)?[\\s\\x0b&\\),<>\\|]|arch|cap|env|sid))|h(?:(?:red|u(?:f|tdown))?[\\s\\x0b&\\),<>\\|]|\\.distrib)|s(?:[\\s\\x0b&\\),<>\\|]|h(?:[\\s\\x0b&\\),<>\\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\\s\\x0b&\\),<>\\|]|do(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay))|vn(?:[\\s\\x0b&\\),<>\\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\\s\\x0b&\\),<>\\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\\s\\x0b&\\),<>\\|]|e(?:[ex][\\s\\x0b&\\),<>\\|]|lnet)|i(?:c[\\s\\x0b&\\),<>\\|]|me(?:datectl|out[\\s\\x0b&\\),<>\\|]))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:l(?:imit)?[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|conv|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\\s\\x0b&\\),<>\\|]|diff)|(?:[ep]w|gr|rsh)[\\s\\x0b&\\),<>\\|]|sudo(?:-rs)?)|algrind|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:3m|c|a(?:ll|tch)|get)[\\s\\x0b&\\),<>\\|]|h(?:iptail[\\s\\x0b&\\),<>\\|]|o(?:ami|is[\\s\\x0b&\\),<>\\|]))|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:(?:x|pa)d|args|term)[\\s\\x0b&\\),<>\\|]|z(?:(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|]))|z(?:ip(?:[\\s\\x0b&\\),<>\\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\\s\\x0b&\\),<>\\|]|oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|ypper))",
           "targets": [
             "all"
           ],
@@ -1512,7 +1533,7 @@
         {
           "id": "932239",
           "name": "Remote Command Execution: Unix Command Injection found in user-agent or referer header",
-          "pattern": "(?i)(?:^|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\\s\\x0b&\\),<>\\|]|a(?:a-[^\\s\\x0b]{1,10}\\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\\s\\x0b&\\),<>\\|]|p(?:t(?:[\\s\\x0b&\\),<>\\|]|-get)|parmor_[^\\s\\x0b]{1,10}\\b)|r(?:(?:p|ch)?[\\s\\x0b&\\),<>\\|]|j(?:[\\s\\x0b&\\),<>\\|]|-register|disp)|ia2c)|s(?:h[\\s\\x0b&\\),<>\\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|]))|c(?:[89]9(?:[\\s\\x0b&\\),<>\\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\\s\\x0b&\\),<>\\|]|p(?:(?:an|io)?[\\s\\x0b&\\),<>\\|]|ulimit)|s(?:(?:h|cli)[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:t[\\s\\x0b&\\),<>\\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|lang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\\s\\x0b&\\),<>\\|]|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\\s\\x0b&\\),<>\\|]|n(?:v(?:[\\s\\x0b&\\),<>\\|]|-update)|d(?:if|sw)[\\s\\x0b&\\),<>\\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\\s\\x0b&\\),<>\\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:(?:n(?:d|ger)|sh)?[\\s\\x0b&\\),<>\\|]|le(?:[\\s\\x0b&\\),<>\\|]|test))|tp(?:[\\s\\x0b&\\),<>\\|]|stats|who)|acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|])|g(?:c(?:c[^\\s\\x0b]{1,10}\\b|ore[\\s\\x0b&\\),<>\\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:m[\\s\\x0b&\\),<>\\|]|ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-?[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:c(?:at)?|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:(?:bs|in)[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:s(?:h[\\s\\x0b&\\),<>\\|]|shell)|ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|])|l(?:d(?:d?[\\s\\x0b&\\),<>\\|]|config)|(?:[np]|ynx)[\\s\\x0b&\\),<>\\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\\s\\x0b&\\),<>\\|]|b_release)|ua(?:[\\s\\x0b&\\),<>\\|]|(?:la)?tex)|z(?:4(?:[\\s\\x0b&\\),<>\\|]|c(?:[\\s\\x0b&\\),<>\\|]|at))|(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\\s\\x0b&\\),<>\\|]|log(?:in)?)|tex[\\s\\x0b&\\),<>\\|])|ess(?:[\\s\\x0b&\\),<>\\|]|echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:ca(?:l|te)|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:squitto|unt[\\s\\x0b&\\),<>\\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\\s\\x0b&\\),<>\\|]|\\.(?:openbsd|traditional))|e(?:t(?:[\\s\\x0b&\\),<>\\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\\s\\x0b&\\),<>\\|]|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:(?:d|ctave)[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:x|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:[\\s\\x0b&\\),<>\\|]|2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:[57]?[\\s\\x0b&\\),<>\\|]|-cgi)|i(?:(?:co?|gz|ng6?)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|[^\\s\\x0b]{1,10}\\b)|dstat)|k(?:g(?:[\\s\\x0b&\\),<>\\|]|_?info)|exec|ill[\\s\\x0b&\\),<>\\|])|r(?:y?[\\s\\x0b&\\),<>\\|]|int(?:env|f[\\s\\x0b&\\),<>\\|]))|t(?:x[\\s\\x0b&\\),<>\\|]|ar(?:[\\s\\x0b&\\),<>\\|]|diff|grep))|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|s(?:(?:ed|ql)[\\s\\x0b&\\),<>\\|]|ftp)|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\\s\\x0b&\\),<>\\|]|t(?:[\\s\\x0b&\\),<>\\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:d|ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:(?:facl)?[\\s\\x0b&\\),<>\\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\\s\\x0b&\\),<>\\|]|\\.distrib)|s(?:[\\s\\x0b&\\),<>\\|]|h(?:[\\s\\x0b&\\),<>\\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\\s\\x0b&\\),<>\\|]|do(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay))|vn(?:[\\s\\x0b&\\),<>\\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\\s\\x0b&\\),<>\\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\\s\\x0b&\\),<>\\|]|e(?:[ex][\\s\\x0b&\\),<>\\|]|lnet)|i(?:c[\\s\\x0b&\\),<>\\|]|me(?:datectl|out[\\s\\x0b&\\),<>\\|]))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:l(?:imit)?[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\\s\\x0b&\\),<>\\|]|diff)|(?:[ep]w|gr|rsh)[\\s\\x0b&\\),<>\\|]|sudo(?:-rs)?)|algrind|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:c|a(?:ll|tch))[\\s\\x0b&\\),<>\\|]|h(?:iptail[\\s\\x0b&\\),<>\\|]|o(?:ami|is[\\s\\x0b&\\),<>\\|]))|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:(?:x|pa)d|args|term)[\\s\\x0b&\\),<>\\|]|z(?:(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|]))|z(?:ip(?:[\\s\\x0b&\\),<>\\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\\s\\x0b&\\),<>\\|]|oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|ypper))",
+          "pattern": "(?i)(?:^|b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\\s\\x0b&\\),<>\\|]|a(?:a-[^\\s\\x0b]{1,10}\\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\\s\\x0b&\\),<>\\|]|p(?:t(?:[\\s\\x0b&\\),<>\\|]|-get)|parmor_[^\\s\\x0b]{1,10}\\b)|r(?:(?:p|ch)?[\\s\\x0b&\\),<>\\|]|j(?:[\\s\\x0b&\\),<>\\|]|-register|disp)|ia2c)|s(?:h[\\s\\x0b&\\),<>\\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|]))|c(?:[89]9(?:[\\s\\x0b&\\),<>\\|]|-gcc)|a(?:(?:t|ncel|psh)[\\s\\x0b&\\),<>\\|]|rgo(?:[\\s\\x0b&\\),<>\\|]|-(?:audit|miri|watch)))|(?:c|mp)[\\s\\x0b&\\),<>\\|]|p(?:(?:an|io)?[\\s\\x0b&\\),<>\\|]|ulimit)|s(?:(?:h|cli)[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:t[\\s\\x0b&\\),<>\\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|l(?:ang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|ippy-driver)|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\\s\\x0b&\\),<>\\|]|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\\s\\x0b&\\),<>\\|]|n(?:v(?:[\\s\\x0b&\\),<>\\|]|-update)|d(?:if|sw)[\\s\\x0b&\\),<>\\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\\s\\x0b&\\),<>\\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:(?:n(?:d|ger)|sh)?[\\s\\x0b&\\),<>\\|]|le(?:[\\s\\x0b&\\),<>\\|]|test))|tp(?:[\\s\\x0b&\\),<>\\|]|stats|who)|acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|])|g(?:c(?:c[^\\s\\x0b]{1,10}\\b|ore[\\s\\x0b&\\),<>\\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:m[\\s\\x0b&\\),<>\\|]|ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-?[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:c(?:at)?|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:(?:bs|in)[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:s(?:h[\\s\\x0b&\\),<>\\|]|shell)|ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|])|l(?:(?:[lnp]|ynx)?[\\s\\x0b&\\),<>\\|]|a(?:(?:tex)?[\\s\\x0b&\\),<>\\|]|st(?:(?:comm)?[\\s\\x0b&\\),<>\\|]|log(?:in)?))|d(?:d?[\\s\\x0b&\\),<>\\|]|config)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\\s\\x0b&\\),<>\\|]|b_release)|ua(?:[\\s\\x0b&\\),<>\\|]|(?:la)?tex)|z(?:4(?:[\\s\\x0b&\\),<>\\|]|c(?:[\\s\\x0b&\\),<>\\|]|at))|(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore))|ess(?:[\\s\\x0b&\\),<>\\|]|echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:ca(?:l|te)|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:squitto|unt[\\s\\x0b&\\),<>\\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\\s\\x0b&\\),<>\\|]|\\.(?:openbsd|traditional))|e(?:t(?:[\\s\\x0b&\\),<>\\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\\s\\x0b&\\),<>\\|]|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:(?:d|ctave)[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:x|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:[\\s\\x0b&\\),<>\\|]|2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:[57]?[\\s\\x0b&\\),<>\\|]|-cgi)|i(?:c(?:[\\s\\x0b&\\),<>\\|]|o(?:nv|[\\s\\x0b&\\),<>\\|]))|p(?:[\\s\\x0b&\\),<>\\|]|[^\\s\\x0b]{1,10}\\b)|dstat|(?:gz|ng6?)[\\s\\x0b&\\),<>\\|])|k(?:g(?:[\\s\\x0b&\\),<>\\|]|_?info)|exec|ill[\\s\\x0b&\\),<>\\|])|r(?:y?[\\s\\x0b&\\),<>\\|]|int(?:env|f[\\s\\x0b&\\),<>\\|]))|t(?:x[\\s\\x0b&\\),<>\\|]|ar(?:[\\s\\x0b&\\),<>\\|]|diff|grep))|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|s(?:(?:ed|ql)[\\s\\x0b&\\),<>\\|]|ftp)|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\\s\\x0b&\\),<>\\|]|t(?:[\\s\\x0b&\\),<>\\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])|st(?:-(?:analyzer|(?:g|ll)db)|c[\\s\\x0b&\\),<>\\|]|doc|fmt|up)))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:d|ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:(?:facl)?[\\s\\x0b&\\),<>\\|]|arch|cap|env|sid))|h(?:(?:red|u(?:f|tdown))?[\\s\\x0b&\\),<>\\|]|\\.distrib)|s(?:[\\s\\x0b&\\),<>\\|]|h(?:[\\s\\x0b&\\),<>\\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\\s\\x0b&\\),<>\\|]|do(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay))|vn(?:[\\s\\x0b&\\),<>\\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\\s\\x0b&\\),<>\\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\\s\\x0b&\\),<>\\|]|e(?:[ex][\\s\\x0b&\\),<>\\|]|lnet)|i(?:c[\\s\\x0b&\\),<>\\|]|me(?:datectl|out[\\s\\x0b&\\),<>\\|]))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:l(?:imit)?[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|conv|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\\s\\x0b&\\),<>\\|]|diff)|(?:[ep]w|gr|rsh)[\\s\\x0b&\\),<>\\|]|sudo(?:-rs)?)|algrind|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:c|a(?:ll|tch))[\\s\\x0b&\\),<>\\|]|h(?:iptail[\\s\\x0b&\\),<>\\|]|o(?:ami|is[\\s\\x0b&\\),<>\\|]))|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:(?:x|pa)d|args|term)[\\s\\x0b&\\),<>\\|]|z(?:(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|]))|z(?:ip(?:[\\s\\x0b&\\),<>\\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\\s\\x0b&\\),<>\\|]|oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|ypper))",
           "targets": [
             "headers"
           ],
@@ -1531,6 +1552,27 @@
           "paranoia_level": 2
         },
         {
+          "id": "932390",
+          "name": "Remote Command Execution: Shell Fork Bomb",
+          "pattern": "[\\.0-:A-Z_a-z]+[\\s\\x0b]*\\([\\s\\x0b]*\\)[\\s\\x0b]*\\{[^\\}]+[&\\|][^\\}]+\\}",
+          "targets": [
+            "all"
+          ],
+          "action": "score",
+          "score": 10,
+          "severity": "critical",
+          "category": "rce",
+          "enabled": true,
+          "tags": [
+            "attack-rce",
+            "paranoia-level/2",
+            "OWASP_CRS",
+            "OWASP_CRS/ATTACK-RCE",
+            "capec/1000/152/248/88"
+          ],
+          "paranoia_level": 2
+        },
+        {
           "id": "932232",
           "name": "Remote Command Execution: Unix Command Injection",
           "pattern": "(?:b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?s[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?y[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?b[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?x|(?:c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?v|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?l)|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|[ls][\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?r[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p|t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:[\\s\\x0b&\\),<>\\|].*|o[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)|[\\n\\r;=`\\{]|\\|\\|?|&&?|\\$(?:\\(\\(?|[\\[\\{])|<(?:\\(|<<)|>\\(|\\([\\s\\x0b]*\\))[\\s\\x0b]*(?:[\\$\\{]|(?:[\\s\\x0b]*\\(|!)[\\s\\x0b]*|[0-9A-Z_a-z]+=(?:[^\\s\\x0b]*|\\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\\s\\x0b]+)*[\\s\\x0b]*[\"']*(?:[\"'-\\+\\--9\\?A-\\]_a-z\\|]+/)?[\"'\\x5c]*(?:(?:(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d|u[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?2[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?t)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?e|p[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?c[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?m[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?a[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n|s)|v[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?i)[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?[\\s\\x0b&\\),<>\\|].*|d[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?n[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?f|w[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?(?:h[\"'\\)\\[\\x5c]*(?:(?:(?:\\|\\||&&)[\\s\\x0b]*)?\\$[!#\\(\\*\\-0-9\\?@_a-\\{]*)?\\x5c?o|[\\s\\x0b&\\),<>\\|].*))\\b",
@@ -1554,7 +1596,7 @@
         {
           "id": "932237",
           "name": "Remote Command Execution: Unix Shell Code Found in REQUEST_HEADERS",
-          "pattern": "(?i)\\b(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\\s\\x0b&\\),<>\\|]|a(?:a-[^\\s\\x0b]{1,10}\\b|(?:b|t(?:obm)?|w[ks]|l(?:ias|pine)|xel)[\\s\\x0b&\\),<>\\|]|p(?:t(?:(?:itude)?[\\s\\x0b&\\),<>\\|]|-get)|parmor_[^\\s\\x0b]{1,10}\\b)|r(?:(?:p|ch)?[\\s\\x0b&\\),<>\\|]|j(?:[\\s\\x0b&\\),<>\\|]|-register|disp)|ia2c)|s(?:h?[\\s\\x0b&\\),<>\\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|]))|c(?:[89]9(?:[\\s\\x0b&\\),<>\\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\\s\\x0b&\\),<>\\|]|p(?:(?:an|io)?[\\s\\x0b&\\),<>\\|]|ulimit)|s(?:(?:h|cli)[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:t[\\s\\x0b&\\),<>\\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|lang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\\s\\x0b&\\),<>\\|]|nf[\\s\\x0b&\\),<>\\|]?|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\\s\\x0b&\\),<>\\|]|n(?:v(?:[\\s\\x0b&\\),<>\\|]|-update)|d(?:if|sw)[\\s\\x0b&\\),<>\\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\\s\\x0b&\\),<>\\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:(?:n(?:d|ger)|sh)?[\\s\\x0b&\\),<>\\|]|le(?:[\\s\\x0b&\\),<>\\|]|test))|tp(?:[\\s\\x0b&\\),<>\\|]|stats|who)|acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|])|g(?:c(?:c[^\\s\\x0b]{1,10}\\b|ore[\\s\\x0b&\\),<>\\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:m[\\s\\x0b&\\),<>\\|]|ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-?[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:c(?:at)?|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:(?:bs|in)[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:s(?:h[\\s\\x0b&\\),<>\\|]|shell)|ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|])|l(?:d(?:d?[\\s\\x0b&\\),<>\\|]|config)|(?:[np]|ynx)[\\s\\x0b&\\),<>\\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\\s\\x0b&\\),<>\\|]|b_release)|ua(?:[\\s\\x0b&\\),<>\\|]|(?:la)?tex)|z(?:4(?:[\\s\\x0b&\\),<>\\|]|c(?:[\\s\\x0b&\\),<>\\|]|at))|(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\\s\\x0b&\\),<>\\|]|log(?:in)?)|tex[\\s\\x0b&\\),<>\\|])|ess(?:[\\s\\x0b&\\),<>\\|]|echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:ca(?:l|te)|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:(?:re|unt)[\\s\\x0b&\\),<>\\|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\\s\\x0b&\\),<>\\|]|\\.(?:openbsd|traditional))|e(?:t(?:[\\s\\x0b&\\),<>\\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\\s\\x0b&\\),<>\\|]|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:(?:d|ctave)[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:x|cman|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:[\\s\\x0b&\\),<>\\|]|2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:[57]?[\\s\\x0b&\\),<>\\|]|-cgi)|i(?:(?:co?|gz|ng6?)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|[^\\s\\x0b]{1,10}\\b)|dstat)|k(?:g(?:[\\s\\x0b&\\),<>\\|]|_?info)|exec|ill[\\s\\x0b&\\),<>\\|])|r(?:y?[\\s\\x0b&\\),<>\\|]|int(?:env|f[\\s\\x0b&\\),<>\\|]))|s(?:(?:ed|ql)?[\\s\\x0b&\\),<>\\|]|ftp)|t(?:x[\\s\\x0b&\\),<>\\|]|ar(?:[\\s\\x0b&\\),<>\\|]|diff|grep))|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\\s\\x0b&\\),<>\\|]|t(?:[\\s\\x0b&\\),<>\\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:d|ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:(?:facl)?[\\s\\x0b&\\),<>\\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\\s\\x0b&\\),<>\\|]|\\.distrib)|s(?:[\\s\\x0b&\\),<>\\|]|h(?:[\\s\\x0b&\\),<>\\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\\s\\x0b&\\),<>\\|]|do(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay))|vn(?:[\\s\\x0b&\\),<>\\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\\s\\x0b&\\),<>\\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\\s\\x0b&\\),<>\\|]|e(?:[ex][\\s\\x0b&\\),<>\\|]|lnet)|i(?:c[\\s\\x0b&\\),<>\\|]|me(?:(?:out)?[\\s\\x0b&\\),<>\\|]|datectl))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:l(?:imit)?[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|p(?:2date[\\s\\x0b&\\),<>\\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:[ep]w|gr|rsh)?[\\s\\x0b&\\),<>\\|]|m(?:[\\s\\x0b&\\),<>\\|]|diff)|sudo(?:-rs)?)|algrind|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:c|a(?:ll|tch))?[\\s\\x0b&\\),<>\\|]|h(?:o(?:(?:is)?[\\s\\x0b&\\),<>\\|]|ami)?|iptail[\\s\\x0b&\\),<>\\|])|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:(?:x|pa)d|args|term)[\\s\\x0b&\\),<>\\|]|z(?:(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|]))|z(?:ip(?:[\\s\\x0b&\\),<>\\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\\s\\x0b&\\),<>\\|]|oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|ypper))(?:\\b|[^0-9A-Z_a-z])",
+          "pattern": "(?i)\\b(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\\s\\x0b&\\),<>\\|]|a(?:a-[^\\s\\x0b]{1,10}\\b|(?:b|t(?:obm)?|w[ks]|l(?:ias|pine)|xel)[\\s\\x0b&\\),<>\\|]|p(?:t(?:(?:itude)?[\\s\\x0b&\\),<>\\|]|-get)|parmor_[^\\s\\x0b]{1,10}\\b)|r(?:(?:p|ch)?[\\s\\x0b&\\),<>\\|]|j(?:[\\s\\x0b&\\),<>\\|]|-register|disp)|ia2c)|s(?:h?[\\s\\x0b&\\),<>\\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\\s\\x0b&\\),<>\\|]|diff|e(?:grep|xe[\\s\\x0b&\\),<>\\|])|f?grep|ip2(?:[\\s\\x0b&\\),<>\\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\\s\\x0b&\\),<>\\|]|c))|h[\\s\\x0b&\\),<>\\|])|tch[\\s\\x0b&\\),<>\\|])|lkid[\\s\\x0b&\\),<>\\|]|pftrace|r(?:eaksw|(?:idge|wap)[\\s\\x0b&\\),<>\\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\\s\\x0b&\\),<>\\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\\s\\x0b&\\),<>\\|]))|c(?:[89]9(?:[\\s\\x0b&\\),<>\\|]|-gcc)|a(?:(?:t|ncel|psh)[\\s\\x0b&\\),<>\\|]|rgo(?:[\\s\\x0b&\\),<>\\|]|-(?:audit|miri|watch)))|(?:c|mp)[\\s\\x0b&\\),<>\\|]|p(?:(?:an|io)?[\\s\\x0b&\\),<>\\|]|ulimit)|s(?:(?:h|cli)[\\s\\x0b&\\),<>\\|]|plit|vtool)|u(?:t[\\s\\x0b&\\),<>\\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\\s\\x0b&\\),<>\\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\\s\\x0b&\\),\\-<>\\|])|(?:flag|pas)s|g(?:passwd|rp[\\s\\x0b&\\),<>\\|]))|l(?:ang(?:\\+\\+|[\\s\\x0b&\\),<>\\|])|ippy-driver)|o(?:bc(?:[\\s\\x0b&\\),<>\\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\\s\\x0b&\\),<>\\|]|proc|w(?:say|think))|r(?:ash[\\s\\x0b&\\),<>\\|]|on(?:[\\s\\x0b&\\),<>\\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\\s\\x0b&\\),<>\\|]|nf[\\s\\x0b&\\),<>\\|]?|hclient|m(?:esg[\\s\\x0b&\\),<>\\|]|idecode|setup)|o(?:(?:as|ne)[\\s\\x0b&\\),<>\\|]|cker[\\s\\x0b&\\),\\-<>\\|]|sbox)|pkg[\\s\\x0b&\\),\\-<>\\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\\s\\x0b&\\),<>\\|]|n(?:v(?:[\\s\\x0b&\\),<>\\|]|-update)|d(?:if|sw)[\\s\\x0b&\\),<>\\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\\s\\x0b&\\),<>\\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\\s\\x0b&\\),<>\\|]|i(?:(?:n(?:d|ger)|sh)?[\\s\\x0b&\\),<>\\|]|le(?:[\\s\\x0b&\\),<>\\|]|test))|tp(?:[\\s\\x0b&\\),<>\\|]|stats|who)|acter|d(?:(?:find|isk)[\\s\\x0b&\\),<>\\|]|u?mount)|o(?:ld[\\s\\x0b&\\),<>\\|]|reach)|ping[\\s\\x0b&\\),6<>\\|])|g(?:c(?:c[^\\s\\x0b]{1,10}\\b|ore[\\s\\x0b&\\),<>\\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\\s\\x0b&\\),<>\\|]|e(?:m[\\s\\x0b&\\),<>\\|]|ni(?:e[\\s\\x0b&\\),<>\\|]|soimage)|t(?:cap|facl[\\s\\x0b&\\),<>\\|]))|hc(?:-?[\\s\\x0b&\\),<>\\|]|i[\\s\\x0b&\\),\\-<>\\|])|r(?:(?:c(?:at)?|ep)[\\s\\x0b&\\),<>\\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\\s\\x0b&\\),<>\\|]|e(?:ad[\\s\\x0b&\\),<>\\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\\s\\x0b&\\),<>\\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\\s\\x0b&\\),<>\\|]|p(?:[\\s\\x0b&\\),<>\\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\\s\\x0b&\\),<>\\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\\s\\x0b&\\),<>\\|]|o(?:(?:bs|in)[\\s\\x0b&\\),<>\\|]|urnalctl)|runscript)|k(?:s(?:h[\\s\\x0b&\\),<>\\|]|shell)|ill(?:[\\s\\x0b&\\),<>\\|]|all)|nife[\\s\\x0b&\\),<>\\|])|l(?:(?:[lnp]|ynx)?[\\s\\x0b&\\),<>\\|]|a(?:(?:tex)?[\\s\\x0b&\\),<>\\|]|st(?:(?:comm)?[\\s\\x0b&\\),<>\\|]|log(?:in)?))|d(?:d?[\\s\\x0b&\\),<>\\|]|config)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\\s\\x0b&\\),<>\\|]|b_release)|ua(?:[\\s\\x0b&\\),<>\\|]|(?:la)?tex)|z(?:4(?:[\\s\\x0b&\\),<>\\|]|c(?:[\\s\\x0b&\\),<>\\|]|at))|(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|diff|[ef]?grep|less|m(?:a(?:[\\s\\x0b&\\),<>\\|]|dec|info)|ore))|ess(?:[\\s\\x0b&\\),<>\\|]|echo|(?:fil|pip)e)|ftp(?:[\\s\\x0b&\\),<>\\|]|get)|o(?:(?:ca(?:l|te)|ok)[\\s\\x0b&\\),<>\\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\\s\\x0b&\\),<>\\|]|k(?:(?:dir|nod)[\\s\\x0b&\\),<>\\|]|fifo|temp)|locate|o(?:(?:re|unt)[\\s\\x0b&\\),<>\\|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\\s\\x0b&\\),<>\\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\\s\\x0b&\\),<>\\|]|\\.(?:openbsd|traditional))|e(?:t(?:[\\s\\x0b&\\),<>\\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\\s\\x0b&\\),<>\\|]|s(?:enter|lookup|tat[\\s\\x0b&\\),<>\\|]))|o(?:(?:d|ctave)[\\s\\x0b&\\),<>\\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\\s\\x0b&\\),<>\\|]))|p(?:a(?:(?:x|cman|rted|tch)[\\s\\x0b&\\),<>\\|]|s(?:swd|te[\\s\\x0b&\\),<>\\|]))|d(?:b(?:[\\s\\x0b&\\),<>\\|]|2mb|3[\\s\\x0b&\\),\\.<>\\|])|f(?:la)?tex|ksh[\\s\\x0b&\\),<>\\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\\s\\x0b&\\),<>\\|]|hp(?:[57]?[\\s\\x0b&\\),<>\\|]|-cgi)|i(?:c(?:[\\s\\x0b&\\),<>\\|]|o(?:nv|[\\s\\x0b&\\),<>\\|]))|p(?:[\\s\\x0b&\\),<>\\|]|[^\\s\\x0b]{1,10}\\b)|dstat|(?:gz|ng6?)[\\s\\x0b&\\),<>\\|])|k(?:g(?:[\\s\\x0b&\\),<>\\|]|_?info)|exec|ill[\\s\\x0b&\\),<>\\|])|r(?:y?[\\s\\x0b&\\),<>\\|]|int(?:env|f[\\s\\x0b&\\),<>\\|]))|s(?:(?:ed|ql)?[\\s\\x0b&\\),<>\\|]|ftp)|t(?:x[\\s\\x0b&\\),<>\\|]|ar(?:[\\s\\x0b&\\),<>\\|]|diff|grep))|er(?:(?:f|ms)[\\s\\x0b&\\),<>\\|]|l(?:5?[\\s\\x0b&\\),<>\\|]|sh))|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\\s\\x0b&\\),<>\\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\\s\\x0b&\\),<>\\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\\s\\x0b&\\),<>\\|]|t(?:[\\s\\x0b&\\),<>\\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\\s\\x0b&\\),<>\\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\\s\\x0b&\\),<>\\|])|u(?:by[^\\s\\x0b]{1,10}\\b|n(?:-(?:mailcap|parts)|c[\\s\\x0b&\\),<>\\|])|st(?:-(?:analyzer|(?:g|ll)db)|c[\\s\\x0b&\\),<>\\|]|doc|fmt|up)))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\\s\\x0b&\\),<>\\|]|e(?:(?:d|ndmail|rvice)[\\s\\x0b&\\),<>\\|]|t(?:(?:facl)?[\\s\\x0b&\\),<>\\|]|arch|cap|env|sid))|h(?:(?:red|u(?:f|tdown))?[\\s\\x0b&\\),<>\\|]|\\.distrib)|s(?:[\\s\\x0b&\\),<>\\|]|h(?:[\\s\\x0b&\\),<>\\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\\s\\x0b&\\),<>\\|]|do(?:-rs|[\\s\\x0b&\\),<>_\\|]|edit|replay))|vn(?:[\\s\\x0b&\\),<>\\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\\s\\x0b&\\),<>\\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\\s\\x0b&\\),<>\\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\\s\\x0b&\\),<>\\|]|sk(?:[\\s\\x0b&\\),<>\\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\\s\\x0b&\\),<>\\|]|e(?:[ex][\\s\\x0b&\\),<>\\|]|lnet)|i(?:c[\\s\\x0b&\\),<>\\|]|me(?:(?:out)?[\\s\\x0b&\\),<>\\|]|datectl))|c(?:l?sh[\\s\\x0b&\\),<>\\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\\s\\x0b&\\),<>\\|])|off[\\s\\x0b&\\),<>\\|])|shark)|u(?:l(?:imit)?[\\s\\x0b&\\),<>\\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\\s\\x0b&\\),<>\\|]|expand|l(?:ink[\\s\\x0b&\\),<>\\|]|z(?:4[\\s\\x0b&\\),<>\\|]|ma))|pigz|z(?:ip[\\s\\x0b&\\),<>\\|]|std))|conv|p(?:2date[\\s\\x0b&\\),<>\\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:[ep]w|gr|rsh)?[\\s\\x0b&\\),<>\\|]|m(?:[\\s\\x0b&\\),<>\\|]|diff)|sudo(?:-rs)?)|algrind|olatility[\\s\\x0b&\\),<>\\|])|w(?:(?:c|a(?:ll|tch))?[\\s\\x0b&\\),<>\\|]|h(?:o(?:(?:is)?[\\s\\x0b&\\),<>\\|]|ami)?|iptail[\\s\\x0b&\\),<>\\|])|i(?:reshark|sh[\\s\\x0b&\\),<>\\|]))|x(?:(?:(?:x|pa)d|args|term)[\\s\\x0b&\\),<>\\|]|z(?:(?:c(?:at|mp))?[\\s\\x0b&\\),<>\\|]|d(?:ec[\\s\\x0b&\\),<>\\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\\s\\x0b&\\),<>\\|])|mo(?:dmap|re[\\s\\x0b&\\),<>\\|]))|z(?:ip(?:[\\s\\x0b&\\),<>\\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\\s\\x0b&\\),<>\\|]|oelim|td(?:[\\s\\x0b&\\),<>\\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\\s\\x0b&\\),<>\\|]|[ef]grep|mo(?:dload|re[\\s\\x0b&\\),<>\\|])|ypper))(?:\\b|[^0-9A-Z_a-z])",
           "targets": [
             "headers"
           ],
@@ -1724,9 +1766,9 @@
     {
       "id": "crs-php",
       "name": "CRS PHP Injection",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS PHP Injection (18 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS PHP Injection (18 rules)",
       "author": "OWASP CRS Project",
       "priority": 5,
       "enabled": true,
@@ -1818,7 +1860,7 @@
         {
           "id": "933140",
           "name": "PHP Injection Attack: I/O Stream Found",
-          "pattern": "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
+          "pattern": "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|f(?:d|ilter)|memory|temp)",
           "targets": [
             "all"
           ],
@@ -1902,7 +1944,7 @@
         {
           "id": "933180",
           "name": "PHP Injection Attack: Variable Function Call Found",
-          "pattern": "\\$+(?:[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*|\\s*\\{.+})(?:\\s|\\[.+\\]|\\{.+}|/\\*.*\\*/|//.*|#.*)*\\(.*\\)",
+          "pattern": "\\$+(?:[A-Z_a-z\\x7f-\\x{ff}][0-9A-Z_a-z\\x7f-\\x{ff}]*|[\\s\\x0b]*\\{.+\\})(?:[\\s\\x0b]|\\[.+\\]|\\{.+\\}|/(?:\\*.*\\*/|/.*)|#.*)*\\(.*\\)",
           "targets": [
             "all"
           ],
@@ -2114,9 +2156,9 @@
     {
       "id": "crs-generic-attack",
       "name": "CRS Generic Application Attack",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Generic Application Attack (9 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Generic Application Attack (9 rules)",
       "author": "OWASP CRS Project",
       "priority": 5,
       "enabled": true,
@@ -2322,9 +2364,9 @@
     {
       "id": "crs-xss",
       "name": "CRS Cross-Site Scripting (XSS)",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Cross-Site Scripting (XSS) (30 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Cross-Site Scripting (XSS) (30 rules)",
       "author": "OWASP CRS Project",
       "priority": 5,
       "enabled": true,
@@ -2374,7 +2416,7 @@
         {
           "id": "941120",
           "name": "XSS Filter - Category 2: Event Handler Vector",
-          "pattern": "(?i)[\\s\"'`;/0-9=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]on[a-zA-Z]{3,50}[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
+          "pattern": "(?i)[\\t-\\r \"'\\(,/-9;=`]on[a-z]{3,50}[\\t-\\r \\(,;]*?=[^=]",
           "targets": [
             "all"
           ],
@@ -2605,7 +2647,7 @@
         {
           "id": "941250",
           "name": "IE XSS Filters - Attack Detected",
-          "pattern": "(?i:<META[\\s/+].*?http-equiv[\\s/+]*=[\\s/+]*[\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))",
+          "pattern": "(?i)<META[\\s\\x0b\\+/].*?http-equiv[\\s\\x0b\\+/]*=[\\s\\x0b\\+/]*[\"'`]?(?:[crs]|&#x?0*(?:6[37]|43|99|[578][23]|11[45]);?)",
           "targets": [
             "all"
           ],
@@ -2965,9 +3007,9 @@
     {
       "id": "crs-sqli",
       "name": "CRS SQL Injection (SQLi)",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS SQL Injection (SQLi) (56 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS SQL Injection (SQLi) (56 rules)",
       "author": "OWASP CRS Project",
       "priority": 3,
       "enabled": true,
@@ -3101,7 +3143,7 @@
         {
           "id": "942220",
           "name": "Looking for integer overflow attacks, these are taken from skipfish, except 2.2.2250738585072011e-308 is the \\\"magic number\\\" crash",
-          "pattern": "^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$",
+          "pattern": "(?i)^(?:429496729[56]|2(?:14748364[78]|.22507385850720(?:07|11)e-308)|-(?:214748364[89]|0000023456)|00000(?:12345|23456)|1e309)$",
           "targets": [
             "all"
           ],
@@ -4157,9 +4199,9 @@
     {
       "id": "crs-session-fixation",
       "name": "CRS Session Fixation",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Session Fixation (1 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Session Fixation (1 rules)",
       "author": "OWASP CRS Project",
       "priority": 10,
       "enabled": true,
@@ -4190,9 +4232,9 @@
     {
       "id": "crs-java-attack",
       "name": "CRS Java / Deserialization Attack",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Java / Deserialization Attack (11 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Java / Deserialization Attack (11 rules)",
       "author": "OWASP CRS Project",
       "priority": 3,
       "enabled": true,
@@ -4433,9 +4475,9 @@
     {
       "id": "crs-data-leakage",
       "name": "CRS Data Leakage Detection",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Data Leakage Detection (3 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Data Leakage Detection (3 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,
@@ -4508,9 +4550,9 @@
     {
       "id": "crs-data-leakage-sql",
       "name": "CRS SQL Data Leakage",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS SQL Data Leakage (16 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS SQL Data Leakage (16 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,
@@ -4856,9 +4898,9 @@
     {
       "id": "crs-data-leakage-java",
       "name": "CRS Java Data Leakage",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Java Data Leakage (1 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Java Data Leakage (1 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,
@@ -4889,9 +4931,9 @@
     {
       "id": "crs-data-leakage-php",
       "name": "CRS PHP Data Leakage",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS PHP Data Leakage (3 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS PHP Data Leakage (3 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,
@@ -4964,9 +5006,9 @@
     {
       "id": "crs-data-leakage-iis",
       "name": "CRS IIS Data Leakage",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS IIS Data Leakage (3 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS IIS Data Leakage (3 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,
@@ -5039,9 +5081,9 @@
     {
       "id": "crs-web-shells",
       "name": "CRS Web Shell Detection",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Web Shell Detection (23 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Web Shell Detection (23 rules)",
       "author": "OWASP CRS Project",
       "priority": 3,
       "enabled": true,
@@ -5534,9 +5576,9 @@
     {
       "id": "crs-data-leakage-ruby",
       "name": "CRS Ruby Data Leakage",
-      "version": "4.24.1",
+      "version": "4.25.0",
       "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.1 — CRS Ruby Data Leakage (1 rules)",
+      "description": "OWASP CRS v4.25.0 — CRS Ruby Data Leakage (1 rules)",
       "author": "OWASP CRS Project",
       "priority": 15,
       "enabled": true,