Python substring search not working as intended

Question

I want the code to look for a string (IP Address) from another list and if there is a match do something:

for IP in map(str, container_data):
    IP=IP.strip()
    if IP in networkObjectHost:
        phantom.debug(IP)
        phantom.debug("is present in")
        phantom.debug(networkObjectHost)
    else:
        phantom.debug(IP)
        phantom.debug("is NOT present in")
        phantom.debug(networkObjectHost)

When I debug my code I can see the search is not working as desired as the IP Address 99.88.77.66 is not being matched. I have tried a couple things to try and work around but I think I am missing something fundamental here.

Fri Dec 20 2019 11:17:49 GMT-0500 (Eastern Standard Time): ['6.7.8.9']
Fri Dec 20 2019 11:17:49 GMT-0500 (Eastern Standard Time): is NOT present in
Fri Dec 20 2019 11:17:49 GMT-0500 (Eastern Standard Time): 
[
"network-object host 10.10.2.39",
"network-object host 99.88.77.66",
"network-object host 143.88.17.12",
"network-object host 48.48.56.76"
]
Fri Dec 20 2019 11:17:49 GMT-0500 (Eastern Standard Time): ['99.88.77.66']
Fri Dec 20 2019 11:17:49 GMT-0500 (Eastern Standard Time): is NOT present in
Fri Dec 20 2019 11:17:49 GMT-0500 (Eastern Standard Time): 
[
    "network-object host 10.10.2.39",
    "network-object host 99.88.77.66",
    "network-object host 143.88.17.12",
    "network-object host 48.48.56.76"

Implemented @Kuro's suggestion as follows, think I am still missing something as I don't see "IP Match Detected" message.

hosts = [elem.split()[-1] for elem in networkObjectHost] 

for IP in map(str, container_data):
    IP=IP.strip()
    phantom.debug("Debugging...") 
    phantom.debug(IP)
    phantom.debug(hosts)
    if IP in hosts:
        phantom.debug("IP Match Detected")

Output:

Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): Debugging...
Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): ['6.7.8.9']
Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): 
[
    "10.10.2.39",
    "99.88.77.66",
    "143.88.17.12",
    "48.48.56.76"
]
Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): Debugging...
Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): 
['99.88.77.66']
Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): 
[
    "10.10.2.39",
    "99.88.77.66",
    "143.88.17.12",
    "48.48.56.76"
]
Fri Dec 20 2019 12:48:57 GMT-0500 (Eastern Standard Time): No actions were executed
Fri Dec 20 2019 12:48:58 GMT-0500 (Eastern Standard Time):

kuro · Accepted Answer

What I can see is that IP is a list and networkObjectHost is a list of strings. You want to check whether the only element of IP (i.e IP[0] ) is present in any string of networkObjectHost. As the ip address (99.88.77.66 in this case) is not equal to any of the string, the check fails. What you have to do is to split the networkObjectHost and fetch only the IP addresses from it. Like -

hosts = [elem.split()[-1] for elem in networkObjectHost]

The you can check on it.

if IP[0] in hosts:
   ....

If the logging framework you are using, shows string as list then you don't need IP[0] and have to use IP. I think that is the case as IP.strip() returns a string and not a list. In that case IP[0] will just be a single character (e.g in case of 6.7.8.9, IP[0] will be only 6)

Note that using any(IP[0] in i for i in networkObjectHost) will not work if your IP[0] is say 1.2.3.4 and networkObjectHost contains a string like network-object host 51.2.3.4. That is because 1.2.3.4 is present in that string but the ip address is not exactly same.

Python substring search not working as intended

Answers (2)

Related Questions