Home > Archive > PERL Beginners > November 2005 > regex issues
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Michael Gargiullo 2005-11-01, 6:56 pm |
| Hi all,
I'm in the process of writing a rather complex parser script to parse
nessus output, can be anything from:
results|192.168.1|192.168.1.131|https (443/tcp)|10330|Security Note|A
web server is running on this port through SSL\n
to
results|192.168.1|192.168.1.131|https (443/tcp)|10863|Security Note|Here
is the SSLv2 server certificate:\nCertificate:\n Data:\n
Version: 3 (0x2)\n Serial Number:\n
53:53:e0:b9:00:01:00:00:00:0f\n Signature Algorithm:
sha1WithRSAEncryption\n Issuer: DC=com, DC=reckson, CN=Reckson\n
Validity\n Not Before: Jun 3 16:35:02 2005 GMT\n
Not After : Jun 3 16:35:02 2007 GMT\n Subject: C=US, ST=xx,
L=West, O=xx.com, OU=Westchester, CN=exchange-wc\n Subject Public
Key Info:\n Public Key Algorithm: rsaEncryption\n
RSA Public Key: (1024 bit)\n Modulus (1024 bit):\n
00:c8:52:d9:ea:e5:56:a8:aa:0c:87:a9:0e:4
c:e0:\n
5f:34:73:5b:fd:72:63:e0:36:be:08:f0:a4:7
4:be:\n
1f:d3:32:d5:33:f9:f8:42:6a:59:f6:0b:36:5
2:cf:\n
f9:d8:a4:e3:0a:3e:ee:2e:a0:ab:6b:16:49:9
f:82:\n
3f:da:7d:3a:6e:f0:28:14:22:76:dc:db:91:2
7:d1:\n
f0:07:69:80:a0:11:4f:12:ca:7a:1f:8c:cd:9
f:9c:\n
f3:96:b2:22:98:d4:4e:7a:a1:ed:0b:8a:ec:f
0:32:\n
ac:b4:cb:6e:63:8c:24:cf:ba:57:f1:09:e9:6
3:a2:\n
2b:49:1a:d8:93:7a:75:64:bb\n Exponent: 65537 (0x10001)\n
X509v3 extensions:\n X509v3 Key Usage: \n
Digital Signature, Key Encipherment\n S/MIME Capabilities: \n
050...*.H..\r......0...*.H..\r......0...+....0\n..*.H..\r..\n
X509v3 Extended Key Usage: \n TLS Web Server
Authentication\n X509v3 Subject Key Identifier: \n
C8:0F:01:12:6F:42:4D:66:C1:DF:45:CC:B2:2
5:80:DD:13:67:B6:38\n
X509v3 Authority Key Identifier: \n
keyid:BA:3E:68:0D:89:15:36:32:80:F1:C1:8
9:07:ED:59:6C:79:04:4C:EF\n\n
X509v3 CRL Distribution Points: \n
URI:ldap:/// CN=xx(1),CN=ExchangeNJ,CN=CDP,CN=Public%
20Key%20Services,CN=
Services,CN=Configuration,DC=xx,DC=com?certificateRevocationList?base?ob
jectClass=cRLDistributionPoint\n
URI:http://exchangenj.xx.com/CertEnroll/Reckson(1).crl\n\n
Authority Information Access: \n CA Issuers -
URI:ldap:/// CN=xx,CN=AIA,CN=Public%20Key%20Services,
CN=Services,CN=Confi
guration,DC=xx,DC=com?cACertificate?base?objectClass=certificationAuthor
ity\n CA Issuers -
URI:http://exchangenj.xx.com/CertEnroll...ngeNJ.xx.com_xx(1).crt\n\n
1.3.6.1.4.1.311.20.2: \n ...W.e.b.S.e.r.v.e.r\n
Signature Algorithm: sha1WithRSAEncryption\n
25:15:50:ee:21:68:c0:21:32:e4:0b:f0:f2:3
f:86:88:86:9b:\n
61:0c:ad:c9:d0:5f:e3:00:b5:d5:98:0e:24:c
3:d0:69:ec:de:\n
49:5c:ee:03:11:55:35:ed:b6:61:72:2c:f2:4
7:bd:e5:d1:60:\n
ce:56:9b:b4:a8:c8:8c:11:44:9a:06:c1:e0:6
b:2f:41:59:a3:\n
6b:62:2a:a8:9c:0a:dc:10:6e:05:fb:73:83:1
f:46:56:f7:c1:\n
6c:78:ae:6b:cc:13:09:1a:4f:3c:4b:a6:3a:7
6:fa:ff:7d:cb:\n
3e:56:bc:c5:a2:ea:89:09:fa:ec:56:73:0e:d
9:f6:cb:27:06:\n
e5:bf:49:8e:41:ab:39:e6:8a:e8:7d:5c:57:d
a:ea:4f:32:b0:\n
ee:1f:7c:ca:0f:a0:b3:03:a5:4d:d6:5d:24:4
e:f7:3b:be:76:\n
7b:59:50:9c:bf:35:80:6f:1e:cb:47:bf:e7:f
a:28:0c:4f:35:\n
67:d9:bf:e7:ff:55:3e:74:0d:a7:1e:9e:01:9
e:22:6b:69:ae:\n
9e:fd:a6:cd:4a:1e:5e:80:48:8c:25:cb:29:7
8:6c:60:43:86:\n
32:6a:cd:87:10:28:18:f9:c0:76:b0:ff:11:c
b:70:16:60:86:\n
6b:b1:66:66:c6:97:c9:5d:45:b3:79:27:fb:f
9:13:81:b0:a8:\n
30:34:84:6d\nHere is the list of available SSLv2
ciphers:\nRC4-MD5\nEXP-RC4-MD5\nRC2-CBC-MD5\nEXP-RC2-CBC-MD5\nDES-CBC-MD
5\nDES-CBC3-MD5\nThe SSLv2 server offers 4 strong ciphers, but also\n0
medium strength and 2 weak "export class" ciphers.\nThe weak/medium
ciphers may be chosen by an export-grade\nor badly configured client
software. They only offer a \nlimited protection against a brute force
attack\n\nSolution: disable those ciphers and upgrade your
client\nsoftware if necessary.\nSee
http://support.microsoft.com/defaul...n-us;216482\nor
http://httpd.apache.org/docs-2.0/mo...phersuite\nThis
SSLv2 server also accepts SSLv3 connections.\nThis SSLv2 server also
accepts TLSv1 connections.\n\n
To make a long story short (to late), I have a mysql table with two
columns; start and end dynamic content. "Start" marks the beginning of
data specific to this host, and "end", it's opposite.
The script looks like so.
my $sth=$dbh->prepare('select startdyn,enddyn,dyndata from
vulncode where dyndata=1 and ppsid=?');
$sth->execute($ppsid);
@dynparsparts=$sth->fetchrow_array();
$sth->finish;
That grabs the start and end markers for a particular problem.
# Split dyndata out if applicable
my $dyndatasnip;
if($dynparsparts[2] == 1){
my $splito=$dynparsparts[0];
my $splitt=$dynparsparts[1];
In the example above $splito="certificate:" and $splitt="Solution"
my @parts=split(/$splito/,$problem);
The line above fails halfway through with the following error:
Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE
seems* to be / at ./import-nessus-scan.pl line 116.
The remainder of the script is below
if(defined($splitt) and $splitt ne ""){
my @st=split(/$splitt/,$parts[1]);
$dyndatasnip=$st[0];
}else{
$dyndatasnip=$parts[1];
}
}
Meat of the question:
How to I effectively split a large string using a variable that may be a
phrase
$largetext=" results|192.168.1|192.168.1.131|https
(443/tcp)|10863|Security Note|Here is the SSLv2 server
certificate:\nCertificate:\n Data:\n Version: 3 (0x2)\n
Serial Number:\n 53:53:e0:b9:00:01:00:00:00:0f\n
Signature Algorithm: sha1WithRSAEncryption\n Issuer: DC=com,
DC=reckson, CN=Reckson\n Validity\n Not Before: Jun 3
16:35:02 2005 GMT\n Not After : Jun 3 16:35:02 2007 GMT\n
Subject: C=US, ST=xx, L=West, O=xx.com, OU=Westchester, CN=exchange-wc\n
Subject Public Key Info:\n Public Key Algorithm:
rsaEncryption\n RSA Public Key: (1024 bit)\n
Modulus (1024 bit):\n
00:c8:52:d9:ea:e5:56:a8:aa:0c:87:a9:0e:4
c:e0:\n
5f:34:73:5b:fd:72:63:e0:36:be:08:f0:a4:7
4:be:\n
1f:d3:32:d5:33:f9:f8:42:6a:59:f6:0b:36:5
2:cf:\n
f9:d8:a4:e3:0a:3e:ee:2e:a0:ab:6b:16:49:9
f:82:\n
3f:da:7d:3a:6e:f0:28:14:22:76:dc:db:91:2
7:d1:\n
f0:07:69:80:a0:11:4f:12:ca:7a:1f:8c:cd:9
f:9c:\n
f3:96:b2:22:98:d4:4e:7a:a1:ed:0b:8a:ec:f
0:32:\n
ac:b4:cb:6e:63:8c:24:cf:ba:57:f1:09:e9:6
3:a2:\n
2b:49:1a:d8:93:7a:75:64:bb\n Exponent: 65537 (0x10001)\n
X509v3 extensions:\n X509v3 Key Usage: \n
Digital Signature, Key Encipherment\n S/MIME Capabilities: \n
050...*.H..\r......0...*.H..\r......0...+....0\n..*.H..\r..\n
X509v3 Extended Key Usage: \n TLS Web Server
Authentication\n X509v3 Subject Key Identifier: \n
C8:0F:01:12:6F:42:4D:66:C1:DF:45:CC:B2:2
5:80:DD:13:67:B6:38\n
X509v3 Authority Key Identifier: \n
keyid:BA:3E:68:0D:89:15:36:32:80:F1:C1:8
9:07:ED:59:6C:79:04:4C:EF\n\n
X509v3 CRL Distribution Points: \n
URI:ldap:/// CN=xx(1),CN=ExchangeNJ,CN=CDP,CN=Public%
20Key%20Services,CN=
Services,CN=Configuration,DC=xx,DC=com?certificateRevocationList?base?ob
jectClass=cRLDistributionPoint\n
URI:http://exchangenj.xx.com/CertEnroll/Reckson(1).crl\n\n
Authority Information Access: \n CA Issuers -
URI:ldap:/// CN=xx,CN=AIA,CN=Public%20Key%20Services,
CN=Services,CN=Confi
guration,DC=xx,DC=com?cACertificate?base?objectClass=certificationAuthor
ity\n CA Issuers -
URI:http://exchangenj.xx.com/CertEnroll...ngeNJ.xx.com_xx(1).crt\n\n
1.3.6.1.4.1.311.20.2: \n ...W.e.b.S.e.r.v.e.r\n
Signature Algorithm: sha1WithRSAEncryption\n
25:15:50:ee:21:68:c0:21:32:e4:0b:f0:f2:3
f:86:88:86:9b:\n
61:0c:ad:c9:d0:5f:e3:00:b5:d5:98:0e:24:c
3:d0:69:ec:de:\n
49:5c:ee:03:11:55:35:ed:b6:61:72:2c:f2:4
7:bd:e5:d1:60:\n
ce:56:9b:b4:a8:c8:8c:11:44:9a:06:c1:e0:6
b:2f:41:59:a3:\n
6b:62:2a:a8:9c:0a:dc:10:6e:05:fb:73:83:1
f:46:56:f7:c1:\n
6c:78:ae:6b:cc:13:09:1a:4f:3c:4b:a6:3a:7
6:fa:ff:7d:cb:\n
3e:56:bc:c5:a2:ea:89:09:fa:ec:56:73:0e:d
9:f6:cb:27:06:\n
e5:bf:49:8e:41:ab:39:e6:8a:e8:7d:5c:57:d
a:ea:4f:32:b0:\n
ee:1f:7c:ca:0f:a0:b3:03:a5:4d:d6:5d:24:4
e:f7:3b:be:76:\n
7b:59:50:9c:bf:35:80:6f:1e:cb:47:bf:e7:f
a:28:0c:4f:35:\n
67:d9:bf:e7:ff:55:3e:74:0d:a7:1e:9e:01:9
e:22:6b:69:ae:\n
9e:fd:a6:cd:4a:1e:5e:80:48:8c:25:cb:29:7
8:6c:60:43:86:\n
32:6a:cd:87:10:28:18:f9:c0:76:b0:ff:11:c
b:70:16:60:86:\n
6b:b1:66:66:c6:97:c9:5d:45:b3:79:27:fb:f
9:13:81:b0:a8:\n
30:34:84:6d\nHere is the list of available SSLv2
ciphers:\nRC4-MD5\nEXP-RC4-MD5\nRC2-CBC-MD5\nEXP-RC2-CBC-MD5\nDES-CBC-MD
5\nDES-CBC3-MD5\nThe SSLv2 server offers 4 strong ciphers, but also\n0
medium strength and 2 weak "export class" ciphers.\nThe weak/medium
ciphers may be chosen by an export-grade\nor badly configured client
software. They only offer a \nlimited protection against a brute force
attack\n\nSolution: disable those ciphers and upgrade your
client\nsoftware if necessary.\nSee
http://support.microsoft.com/defaul...n-us;216482\nor
http://httpd.apache.org/docs-2.0/mo...phersuite\nThis
SSLv2 server also accepts SSLv3 connections.\nThis SSLv2 server also
accepts TLSv1 connections.\n\n";
$regphrase="server certificate:";
@parts=split(/$regphrase/, $largetext);
-Mike
| |
| Paul Lalli 2005-11-01, 6:56 pm |
| Michael Gargiullo wrote:
> I'm in the process of writing a rather complex parser script to parse
> nessus output,
<snip>
> my @parts=split(/$splito/,$problem);
>
> The line above fails halfway through with the following error:
>
> Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE
> seems* to be / at ./import-nessus-scan.pl line 116.
I'm not sure if this is your only problem, but it's definately one of
them. In that regexp, $splito is being interpreted as a double-quoted
string *first*, and its interpolated value is *then* passed to the
regexp engine. Meaning that any Regexp-special-characters that happen
to exist in $splito will be taken by the regexp engine to be special
characters. You need to escape any and all of them:
my @parts = split /\Q$splito\E/, $problem;
For more information:
perldoc -f quotemeta
Paul Lalli
| |
| Jeff 'japhy' Pinyan 2005-11-01, 6:56 pm |
| On Nov 1, Michael Gargiullo said:
> I'm in the process of writing a rather complex parser script to parse
> nessus output, can be anything from:
>
> results|192.168.1|192.168.1.131|https (443/tcp)|10330|Security Note|A
> web server is running on this port through SSL\n
>
> to
>
> results|192.168.1|192.168.1.131|https (443/tcp)|10863|Security Note|Here
[snip]
> accepts TLSv1 connections.\n\n
>
> To make a long story short (to late), I have a mysql table with two
> columns; start and end dynamic content. "Start" marks the beginning of
> data specific to this host, and "end", it's opposite.
> my $splito=$dynparsparts[0];
> my $splitt=$dynparsparts[1];
> my @parts=split(/$splito/,$problem);
>
> The line above fails halfway through with the following error:
>
> Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE
> seems* to be / at ./import-nessus-scan.pl line 116.
This means $splito (the string you're using as a regex) is a malformed
pattern. If you don't want $splito to be interpreted AS a regex, you need
to quotemeta() it:
my $splito = quotemeta($dynparsparts[0]);
...
my @parts = split /$splito/, $problem;
or to keep $splito normal, you can just use \Q...\E in the regex:
my $splito = $dynparsparts[0];
...
my @parts = split /\Q$splito\E/, $problem;
--
Jeff "japhy" Pinyan % How can we ever be the sold short or
RPI Acacia Brother #734 % the cheated, we who for every service
http://www.perlmonks.org/ % have long ago been overpaid?
http://princeton.pm.org/ % -- Meister Eckhart
|
|
|
|
|