base/utils/patterns.zeek

GLOBAL

Functions for creating and working with patterns.

Namespace

GLOBAL

Summary

Types

PatternMatchResult: record

Functions

match_pattern: function

Matches the given pattern against the given string, returning a PatternMatchResult record.

set_to_regex: function

Given a pattern as a string with two tildes (~~) contained in it, it will return a pattern with string set’s elements OR’d together where the double-tilde was given.

Detailed Interface

Types

PatternMatchResult
Type

record

matched: bool

T if a match was found, F otherwise.

str: string

Portion of string that first matched.

off: count

1-based offset where match starts.

Functions

match_pattern
Type

function (s: string, p: pattern) : PatternMatchResult

Matches the given pattern against the given string, returning a PatternMatchResult record. For example: match_pattern("foobar", /o*[a-k]/) returns [matched=T, str=f, off=1], because the first match is for zero o’s followed by an [a-k], but match_pattern("foobar", /o+[a-k]/) returns [matched=T, str=oob, off=2].

Parameters
  • s – a string to match against.

  • p – a pattern to match.

Returns

a record indicating the match status.

set_to_regex
Type

function (ss: set [string], pat: string) : pattern

Given a pattern as a string with two tildes (~~) contained in it, it will return a pattern with string set’s elements OR’d together where the double-tilde was given. Examples:

global r1 = set_to_regex(set("a", "b", "c"), "~~");
# r1 = /^?(a|b|c)$?/
global r2 = set_to_regex(set("a.com", "b.com", "c.com"), "\\.(~~)");
# r2 = /^?(\.(a\.com|b\.com|c\.com))$?/
Parameters
  • ss – a set of strings to OR together.

  • pat – the pattern containing a “~~” in it. If a literal backslash is included, it needs to be escaped with another backslash due to Zeek’s string parsing reducing it to a single backslash upon rendering.

Returns

the input pattern with “~~” replaced by OR’d elements of input set.