Reputation: 1
YARA Rule - Regex - String with at least one digit
I'm new to YARA rules and I wanted to build something really simple, a regex to match a hostname naming convention in my company.
Something like:
/AX[BCD][EFG](?=.*\d)[A-Z0-9]{5}/
where the last five characters HAVE TO have at least one digit.
Is there a way to "translate" this to YARA? Keeping in mind that only basic constructs are supported:
- Alternation (|)
- Concatenation
- Repetition (, ?, +, +?, ?, ??, {digit,digit}, {digit*,digit*}?, {digit+})
- Boundaries (\b, \B, ^, $)
- Grouping ((, ))
- Character classes (., \w, \W, \s, \S, \d, \D, [...], [^...])
- Hex escapes (\xHH)
- Normal escapes (\ + any special character)
- Anything else is a literal or illegal
Thanks!
Upvotes: 0
Views: 361
Answers (2)
Reputation: 163577
You can write the pattern with a grouping and alternation matching 5 characters checking for a digit on every position.
AX[BCD][EFG](\d[A-Z\d]{4}|[A-Z\d]\d[A-Z\d]{3}|[A-Z\d]{2}\d[A-Z\d]{2}|[A-Z\d]{3}\d[A-Z\d]|[A-Z\d]{4}\d)
If you don't want a partial match but match 9 characters in total, you can append anchors around the pattern:
^AX[BCD][EFG](\d[A-Z\d]{4}|[A-Z\d]\d[A-Z\d]{3}|[A-Z\d]{2}\d[A-Z\d]{2}|[A-Z\d]{3}\d[A-Z\d]|[A-Z\d]{4}\d)$
Upvotes: 1
Reputation: 425278
If length is known to be correct (that is the regex doesn't need to assert length):
/AX[BCD][EFG][A-Z\d]*\d[A-Z\d]*
Upvotes: 0
Related Questions
- Check if string contains at least one digit
- String contains at least one digit
- Regex for alphanumeric string including at least one digit
- 1-2 digit number, but not 0 (i.e. any number 1-99)
- Yara Rule - Regex - Matching Wildcard
- regex to match one and only one digit
- Regex for matching up to a total of x digits where of those x digits, at most y can be after the decimal
- how to make a regular expressions to accept only digits not started with zero or zero only?
- Regex pattern to filter only 2 or more digits
- Regex that expresses "at least one non-digit"