Query params not properly sanitized from urls located within request/response bodies.

[dashiell-verkada]

As the title states, there is an edge case for the regex that covers [name]=[value] in which it doesn't hit a final query param in a JSON formatted request/response body. I believe this issue occurs because the given delimiters, (&|\\\\",|",|"\\s|"}}|;){1}, don't cover this case.

For an example, I've selected X-Amz-Signature to be sanitized.

Seen here, the X-Amz-Signature is located within the response content and it was not properly sanitized.

A possible solution I've come up with to fix this issue is to change the [name]=[value] regex to (?=&|\\\\",|",|"\\s|"}}|;|\\\\"){1}. Two things have been added: a positive lookahead to prevent accidental consuming of the & character and an additional delimiter \\\\" which will allow the sanitizer to be properly bounded.