mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
23f04835c6
These functions are now deprecated in favor of alternative versions that return a vector of strings rather than a table of strings. Deprecated functions: - split: use split_string instead. - split1: use split_string1 instead. - split_all: use split_string_all instead. - split_n: use split_string_n instead. - cat_string_array: see join_string_vec instead. - cat_string_array_n: see join_string_vec instead. - join_string_array: see join_string_vec instead. - sort_string_array: use sort instead instead. - find_ip_addresses: use extract_ip_addresses instead. Changed functions: - has_valid_octets: uses a string_vec parameter instead of string_array. Addresses BIT-924, BIT-757.
60 lines
1.9 KiB
Text
60 lines
1.9 KiB
Text
##! Functions for creating and working with patterns.
|
|
|
|
module GLOBAL;
|
|
|
|
## Given a pattern as a string with two tildes (~~) contained in it, it will
|
|
## return a pattern with string set's elements OR'd together where the
|
|
## double-tilde was given (this function only works at or before init time).
|
|
##
|
|
## ss: a set of strings to OR together.
|
|
##
|
|
## pat: the pattern containing a "~~" in it. If a literal backslash is
|
|
## included, it needs to be escaped with another backslash due to Bro's
|
|
## string parsing reducing it to a single backslash upon rendering.
|
|
##
|
|
## Returns: the input pattern with "~~" replaced by OR'd elements of input set.
|
|
function set_to_regex(ss: set[string], pat: string): pattern
|
|
{
|
|
local i: count = 0;
|
|
local return_pat = "";
|
|
for ( s in ss )
|
|
{
|
|
local tmp_pattern = convert_for_pattern(s);
|
|
return_pat = ( i == 0 ) ?
|
|
tmp_pattern : cat(tmp_pattern, "|", return_pat);
|
|
++i;
|
|
}
|
|
return string_to_pattern(sub(pat, /~~/, return_pat), F);
|
|
}
|
|
|
|
type PatternMatchResult: record {
|
|
## T if a match was found, F otherwise.
|
|
matched: bool;
|
|
## Portion of string that first matched.
|
|
str: string;
|
|
## 1-based offset where match starts.
|
|
off: count;
|
|
};
|
|
|
|
## Matches the given pattern against the given string, returning
|
|
## a :bro:type:`PatternMatchResult` record.
|
|
## For example: ``match_pattern("foobar", /o*[a-k]/)`` returns
|
|
## ``[matched=T, str=f, off=1]``, because the *first* match is for
|
|
## zero o's followed by an [a-k], but ``match_pattern("foobar", /o+[a-k]/)``
|
|
## returns ``[matched=T, str=oob, off=2]``.
|
|
##
|
|
## s: a string to match against.
|
|
##
|
|
## p: a pattern to match.
|
|
##
|
|
## Returns: a record indicating the match status.
|
|
function match_pattern(s: string, p: pattern): PatternMatchResult
|
|
{
|
|
local a = split_string_n(s, p, T, 1);
|
|
|
|
if ( |a| == 1 )
|
|
# no match
|
|
return [$matched = F, $str = "", $off = 0];
|
|
else
|
|
return [$matched = T, $str = a[1], $off = |a[0]| + 1];
|
|
}
|