Getting None type error from a valid regex query

Question

I'm trying to extract the value of os (Linux 3.11 and newer) from a program's output. I came up with this:

import re

p0f = '''
--- p0f 3.08b by Michal Zalewski <lcamtuf@coredump.cx> ---

[+] Closed 3 file descriptors.
[+] Loaded 324 signatures from '/etc/p0f/p0f.fp'.
[+] Will read pcap data from file 'temp.pcap'.
[+] Default packet filtering configured [+VLAN].
[+] Processing capture data.

.-[ 10.0.7.20/37462 -> 216.58.209.229/443 (syn) ]-
|
| client   = 10.0.7.20/37462
| os       = Linux 3.11 and newer
| dist     = 0
| params   = none
| raw_sig  = 4:64+0:0:1460:mss*20,7:mss,sok,ts,nop,ws:df,id+:0
|
`----

.-[ 10.0.7.20/37462 -> 216.58.209.229/443 (mtu) ]-
|
| client   = 10.0.7.20/37462
| link     = Ethernet or modem
| raw_mtu  = 1500
|
`----


All done. Processed 1 packets.
'''


print p0f
os = re.match(r"os\\s*= (.*)", p0f).group(1)
print os

According to this Regex101, my regex should be spot on. But I'm getting an error NoneType has no 'group'.

Answer 1

If you are using r, don't escape the \. This works:

re.search(r"os\s*= (.*)", p0f).group(1)

Answer 2

You have two problems:

• You are using re.match() where you should be using re.search(). re.match() only matches against the start of the string. See search() vs. match() in the module documentation.
• You doubled the \\ backslash on the \s metacharacter, but are using a r'..' raw string literal.

This works:

re.search(r"os\s*= (.*)", p0f)

Demo:

>>> import re
>>> re.search(r"os\s*= (.*)", p0f).group(1)
'Linux 3.11 and newer'