[OVAL DEVELOPER] regex_capture quantified subpattern behavior clarification
jlieskov at redhat.com
Mon Aug 8 06:14:21 EDT 2016
Hello OVAL Developers,
there's the following documentation section in RegexCaptureFunctionType
"Note that a quantified capturing sub-pattern does not produce multiple
substrings. Standard regular expression semantics are such that if a
capturing sub-pattern is required to match multiple times in order for
the overall regular expression to match, the capture produced is the
last substring to have matched the sub-pattern."
(from https://github.com/OVALProject/Language/blob/master/specifications/oval-language-specification.docx )
If I am reading the above section correctly, in the case there are multiple
"substrings" within the text, the regex_capture pattern could match against,
and pattern quantification is used, the last matched item should be collected
/ returned by the scanner.
But checking this behaviour in the OpenSCAP scanner, always the first matched
instance is returned (regardless if pattern quantification was used / specified
Suppose the attached example OVAL file.
Unless I have misunderstood something, the regex_capture()'s collected value
should be the "fs.suid_dumpable = 4" (IOW the last one), not the
"fs.suid_dumpable = 1", like it's done currently, right? IMHO last one should
be collected, since quantified sub-pattern was used in regex_capture specification.
Is this correct? Or I have overlooked something? If the latter, could you
hopefully provide an example of an pattern, when "regex_capture" would return
last substring that matched the sub-pattern, as specified in the specification?
Thank you && Regards, Jan
Jan iankko Lieskovsky / Red Hat Security Technologies Team
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3427 bytes
Desc: not available
More information about the OVAL_Developer