Find matching string and replace it in new column

Question

I have tried different methods to get SQL Injection replaced by A00-SQL Injection. Any ideas.

match.data<-data.frame(Category=c("Cross-Site Request Forgery","SQL Injection","XML External Entity Injection","Password Management: Password in Configuration File", 
                         "Open Redirect","Path Manipulation","Often Misused: Authentication","ClassLoader Manipulation: Struts 1","Password Management: Hardcoded Password",
                         "Dynamic Code Evaluation: Code Injection","Cross-Site Scripting: DOM","Dynamic Code Evaluation: JNDI Reference Injection","Dynamic Code Evaluation: Unsafe Deserialization",
                         "Command Injection","XPath Injection","Access Specifier Manipulation","XSLT Injection","Often Misused: File Upload","XML Entity Expansion Injection",
                         "Header Manipulation: Cookies","Cross-Site Scripting: Persistent","Key Management: Hardcoded Encryption Key",
                         "Axis 2 Service Requester Misconfiguration: WS-Security Not Enabled","Axis 2 Misconfiguration: Insecure Message Security",
                         "Axis 2 Misconfiguration: Debug Information","Axis 2 Misconfiguration: Insecure Transport Sender",
                         "Acegi Misconfiguration: Insecure Channel Mixing","Axis 2 Misconfiguration: Insecure Transport Receiver","Header Manipulation","Unreleased Resource: Database",
                         "Key Management: Empty Encryption Key","Log Forging","Unchecked Return Value","System Information Leak: Internal","Poor Error Handling: Overly Broad Catch",
                         "System Information Leak: External","Poor Error Handling: Overly Broad Throws","System Information Leak","Poor Error Handling: Empty Catch Block",
                         "Password Management: Password in Comment","Poor Logging Practice: Use of a System Output Stream","Privacy Violation","Setting Manipulation",
                         "Poor Error Handling: Program Catches NullPointerException","Insecure Randomness","Resource Injection","Unsafe Reflection","Privacy Violation: Heap Inspection",
                         "LDAP Injection","J2EE Bad Practices: Leftover Debug Code","Weak Cryptographic Hash","LDAP Manipulation","Log Forging (debug)","Weak Encryption",
                         "Weak Cryptographic Hash: Insecure PBE Iteration Count","Cross-Site Scripting: Poor Validation","HTTP Verb Tampering","Access Control: Weak Security Constraint",
                         "Header Manipulation: SMTP","Buffer Overflow: Format String","Often Misused: Spring Remote Service","Buffer Overflow","Cross-Site Scripting: Reflected",
                         "Buffer Overflow: Signed Comparison","OGNL Expression Injection: Struts 2","OGNL Expression Injection: Dynamic Method Invocation","Password Management: Password in HTML Form",
                         "OGNL Expression Injection: Double Evaluation","Session Fixation","Password Management: Insecure Submission","Unreleased Resource","Buffer Overflow: Off-by-One",
                         "Password Management: Empty Password","Dynamic Code Evaluation: XMLDecoder Injection","XML Injection","Axis 2 Service Provider Misconfiguration: WS-Security Not Enabled",
                         "File Disclosure: J2EE","Weak SecurityManager Check: Overridable Method","Weak Encryption: Insecure Initialization Vector",
                         "Axis 2 Service Provider Misconfiguration: Outbound WS-Security Not Enabled","Axis 2 Service Provider Misconfiguration: Inbound WS-Security Not Enabled",
                         "Dynamic Code Evaluation: Script Injection","Insecure Transport: Weak SSL Protocol","SQL Injection: iBatis Data Map","Mass Assignment: Sensitive Field Exposure",
                         "Mass Assignment: Insecure Binder Configuration","Dynamic Code Evaluation: Unsafe XStream Deserialization","SQL Injection: Hibernate","File Disclosure: Struts",
                         "Missing XML Validation","J2EE Misconfiguration: Missing Error Handling","J2EE Misconfiguration: Excessive Session Timeout","Weak Encryption: Insecure Mode of Operation",
                         "Poor Error Handling: Return Inside Finally","WCF Misconfiguration: Weak Token","ASP.NET Misconfiguration: Debug Information","Integer Overflow","Insecure Randomness: Weak Entropy Source",
                         "Format String","Out-of-Bounds Read: Off-by-One","Out-of-Bounds Read","Heap Inspection","Often Misused: Privilege Management","Format String: Argument Number Mismatch","Access Control: Database",
                         "Password Management","Format String: Argument Type Mismatch","Weak Encryption: Insufficient Key Size","System Information Leak: HTML Comment in JSP","Trust Boundary Violation",
                         "System Information Leak: Incomplete Servlet Error Handling","Insecure Randomness: User-Controlled Seed","Race Condition: Singleton Member Field",
                         "J2EE Bad Practices: Non-Serializable Object Stored in Session","Password Management: Null Password","JSON Injection","Cookie Security: Overly Broad Path","SQL Injection: Persistence"))



pattern <- c("SQL injection","injection","Dynamic Code Evaluation","Authentication",
          "Session Fixation","Cross-Site Scripting","Parameter Pollution","persisted bjects",
          "Configuration","Exposure","Access","File Inclusion","Cross-Site Request Forgery",
          "not defined","Open Redirect")

replace <- c("A00-SQL Injection","A01-Injection","A01-Injection",
             "A02-Broken Auth & Session Management","A02-Broken Auth & Session Management",
             "A03-Cross-Site Scripting","A04-Insecure Direct ObjRefs","A04-Insecure Direct ObjRefs",
             "A05-Security Misconfig","A06-Sensitive Data Exposure","A07-Missing Funct Lvl Access Control",
             "A07-Missing Funct Lvl Access Control","A08-CSRF","A09-Using Components w/ Known Vulns",
             "A10-Unvalidated Redirects/Fwds")

for(x in 1:length(pattern)){
  match.data[grepl(pattern[x], match.data$Category, ignore.case = TRUE),"OwaspTop10"] <- replace[x]
}

Expected output is anything with pattern SQL Injections must create new column with value A00-SQL Injection. Everything else with pattern Injection must create new column with value A01-Injection.

Output I get if you run code that is pasted

Thanks in advance

Issue is with SQL Injection. OwaspTop10 column should have A00-SQL Injection

Just trie something else. If I add the mapping at the end for SQL Injection to A00-SQL Injection at the end of the array. I get correct output

NOTE: Row 2 has correct mapping

Answer 1

match.data$Swap = NA #Create New Column
for (i in 1:nrow(match.data)){ 
    key = gsub(" ","",match.data$Category[i]) #Remove all spaces in the string of original column to check for match
    for (j in 1:length(pattern)){ 
        pat = gsub(" ","",pattern[j]) #Remove all spaces from patterns too
        if (grepl(pat, key, ignore.case = TRUE)){ #Check if there is a match
            match.data$Swap[i] = replace2[j] #Find replacement and add it to the column
            break #Break if a replacement has been found
        }
    }
}

EDIT

Following also seems to work (Based on this). I wonder if it will be faster though.

match.data$c2 = tolower(gsub(" ","",match.data$Category))
p2 = tolower(gsub(" ", "",pattern))
replace.data = data.frame(p2,replace)

x <- sapply(p2, function(x) grepl(x, match.data$c2))
match.data$p2 <- apply(x, 1, function(i) paste0(names(i)[i], collapse = ","))
match.data$p2 = gsub("(.*),.*", "\\1", match.data$p2)
library(qdapTools)
match.data$replace = lookup(match.data$p2,replace.data)

Answer 2

You could run something like this:

match.data = sapply(match.data, FUN= function(x){
   for(i in 1:length(pattern)){
       x = gsub(pattern[i],replace[i],x)
   }
   return(x)
})