Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

How to write a regular expression correctly in python

byMR
January 10, 2023

i have the following piece of text where i need to find the threat id from the log

C:\\Users\\Administrator\\Downloads\\CallbackHell.exe}\r\nThreatID                       : 2147725414\r\nThreatStatusErrorCode          : 0\r\nThreatStatusID                 : 3\r\nPSComputerName                 : \r\n\r\nActionSuccess                  : True\r\nAdditionalActionsBitMask       : 0\r\nAMProductVersion               : 4.18.2211.5\r\nCleaningActionID               : 2\r\nCurrentThreatExecutionStatusID : 1\r\nDetectionID                    : {F9B830AE-D82E-4248-9D9D-723F2FB3AF95}\r\nDetectionSourceTypeID          : 3\r\nDomainUser                     : WIN-LIVFRVQFMKO\\Administrator\r\nInitialDetectionTime           : 1/9/2023 6:43:30 PM\r\nLastThreatStatusChangeTime     : 1/9/2023 6:43:59 PM\r\nProcessName                    : C:\\Windows\\explorer.exe\r\nRemediationTime                : 1/9/2023 6:43:59 PM\r\nResources                      : {file:_C:\\Users\\Administrator\\Desktop\\CallbackHell.exe:3\r\nPSComputerName                 : \r\n\r\nActionSuccess                  : True\r\nAdditionalActionsBitMask       : 0\r\nAMProductVersion               : 4.18.2211.5\r\nCleaningActionID               : 2\r\nCurrentThreatExecutionStatusID : 1\r\nDetectionID                    : {F9B830AE-D82E-4248-9D9D-723F2FB3AF95}\r\nDetectionSourceTypeID          : 3\r\nDomainUser                     : WIN-LIVFRVQFMKO\\Administrator\r\nInitialDetectionTime           : 1/9/2023 6:43:30 PM\r\nLastThreatStatusChangeTime     : 1/9/2023 6:43:59 PM\r\nProcessName                    : C:\\Windows\\explorer.exe\r\nRemediationTime                : 1/9/2023 6:43:59 PM\r\nResources                      : {file:_C:\\Users\\Administrator\\Desktop\\CallbackHell.exe}\r\nThreatID                       : 2147725414\r\nThreatStatusErrorCode          : 0\r\nThreatStatusID                 : 3,

I write the expression as follows

ThreatStatusID                 : (.*)\\r\\nPSComputerName

but for some reason it doesn’t work

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

enter image description here

I see an error here

what’s my mistake?

my code is

    try:
        re_filename_pattern = re.compile(r'\{file:_(.*)}')
        mo = re_filename_pattern.search(str(output))
        re_filename_pattern2 = re.compile(r'ThreatStatusID                 : (.*)\\r\\nPS')
        mo2 = re_filename_pattern2.search(str(output))
        if mo2 is not None and mo is not None:
            log += (mo.group(1)) + ":" + (mo2.group(1)) + ", "
    except:
        print('cant get filename')

>Solution :

You’ve probably overlooked the fact that .* is greedy: * will match all characters until it can’t match no more. As a result, it only stops matches at the last \r\nPS, not the first \r\nPS
(as .* also matches all the other \r\nPSs).

You can try and use .*? to use the non-greedy counterpart of *. See also the documentation (search for ?).

E.g.

re_filename_pattern2 = re.compile(r'ThreatStatusID\s+: (.*?)\\r\\nPS')

(\s+ sprinkled in, because all those spaces make the pattern hard (too long) to read.)

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading