regcmp
Prototype: regcmp(regex, string)
Return type: class
Description: Returns whether the regular expression regex matches the
string.
Arguments:
regex: Regular expression, in the range.*string: Match string, in the range.*
The regular expression is anchored, meaning it must match the complete content.
Example:
bundle agent subtest(user)
{
classes:
"invalid" not => regcmp("[a-z]{4}","$(user)");
reports:
!invalid::
"User name $(user) is valid at exactly 4 letters";
invalid::
"User name $(user) is invalid";
}
If the string contains multiple lines, then it is necessary to code these
explicitly, as regular expressions do not normally match the end of line
as a regular character (they only match end of string). You can do this
using either standard regular expression syntax or using the additional
features of PCRE (where (?ms) changes the way that ., ^ and $ behave), e.g.
bundle agent example
{
vars:
"x" string = "
NAME: apache2 - Apache 2.2 web server
CATEGORY: application
ARCH: all
VERSION: 2.2.3,REV=2006.09.01
BASEDIR: /
VENDOR: http://httpd.apache.org/ packaged for CSW by Cory Omand
PSTAMP: comand@thor-20060901022929
INSTDATE: Dec 14 2006 16:05
HOTLINE: http://www.blastwave.org/bugtrack/
EMAIL: comand@blastwave.org
STATUS: completely installed
";
classes:
"pkg_installed" expression = regcmp("(.*\n)*STATUS:\s+completely installed\n(.*\n)*",$(x));
"base_is_root" expression = regcmp("(?ms).*^BASEDIR:\s+/$.*", $(x));
reports:
pkg_installed::
"installed";
base_is_root::
"in root";
}