Bitwarden picks wrong credentials with a unique regex? #375

New Issue

Closed

opened 2026-02-04 20:05:05 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 20:05:05 +03:00

Owner

Copy Link

Originally created by @testeron7 on GitHub (Aug 13, 2019).

Regulair Expression:
^https://\b(\wtest1\w)\b.demo.com/wp-login.php

Tested on:https://regex101.com

https://test.demo.com/wp-login.php (no match)
https://test1.demo.com/wp-login.php (match)
https://test2.demo.com/wp-login.php (no match

I would expect that it fills the unique URI https://test1.demo.com/wp-login.php
and not the credentials from https://test.demo.com/wp-login.php?

Any thoughts why?

Originally created by @testeron7 on GitHub (Aug 13, 2019). Regulair Expression: ^https:\/\/\b(\w*test1\w*)\b\.demo\.com\/wp-login.php Tested on:https://regex101.com https://test.demo.com/wp-login.php (no match) https://test1.demo.com/wp-login.php (match) https://test2.demo.com/wp-login.php (no match I would expect that it fills the unique URI https://test1.demo.com/wp-login.php and not the credentials from https://test.demo.com/wp-login.php? Any thoughts why?

OVERLORD closed this issue 2026-02-04 20:05:13 +03:00

OVERLORD commented 2026-02-04 20:05:15 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub (Aug 14, 2019):

I'm not entirely sure what you want to achieve. If you want to match the test1 URL, you probably need to write the regexp like this:

^https://\b(test1)\b.demo.com/wp-login.php

(Note the missing \w)

Although I'm not sure what you're trying to achieve here. Most of the complexity of the regexp is completely unnecessary, you don't need \b (word boudary) as you're matching explicit character sequence anyways. You don't need to use the brackets as you're not going to use the capturing group. If you want to match any testN site but not the "plain" test.demo.com you could just use something like:

^https://test[0-9]+.demo.com/wp-login.php

This will match test1.demo.com, test2.demo.com or even test34.demo.com but not test.demo.com. ([0-9]+ stands for one or more numbers)

@mprasil commented on GitHub (Aug 14, 2019): I'm not entirely sure what you want to achieve. If you want to match the test1 URL, you probably need to write the regexp like this: ``` ^https://\b(test1)\b.demo.com/wp-login.php ``` (Note the missing `\w`) Although I'm not sure what you're trying to achieve here. Most of the complexity of the regexp is completely unnecessary, you don't need `\b` (word boudary) as you're matching explicit character sequence anyways. You don't need to use the brackets as you're not going to use the capturing group. If you want to match any `testN` site but not the "plain" `test.demo.com` you could just use something like: ``` ^https://test[0-9]+.demo.com/wp-login.php ``` This will match `test1.demo.com`, `test2.demo.com` or even `test34.demo.com` but not `test.demo.com`. (`[0-9]+` stands for one or more numbers)

OVERLORD commented 2026-02-04 20:05:33 +03:00

Author

Owner

Copy Link

@testeron7 commented on GitHub (Aug 14, 2019):

mprasil thanks fro the reply,

I was on the wrong foot because default bitwarden is not set to exact match so tryed to solve it with a regex. Default on exact matching is for new users a better option in my opinion.
Oh and your regex is better then mine, thanks for the explanation.

I run bitwarden_rs (self-compiled) and it works great this far.

@testeron7 commented on GitHub (Aug 14, 2019): mprasil thanks fro the reply, I was on the wrong foot because default bitwarden is not set to exact match so tryed to solve it with a regex. Default on exact matching is for new users a better option in my opinion. Oh and your regex is better then mine, thanks for the explanation. I run bitwarden_rs (self-compiled) and it works great this far.

OVERLORD commented 2026-02-04 20:05:49 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub (Aug 15, 2019):

Great to hear the exact match works for you. I think the default is what it is as this was the only option way back when. Going to close this now.

@mprasil commented on GitHub (Aug 15, 2019): Great to hear the exact match works for you. I think the default is what it is as this was the only option way back when. Going to close this now.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#375