mustangV / yara-project

Automatically exported from code.google.com/p/yara-project
Apache License 2.0
0 stars 0 forks source link

RegEx no longer greedy in v1.7 #80

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Let's assume a simple RegEx-based rule and data file:

$ cat rule.yara 
rule test
{
    strings:
        $re = /[a-zA-Z ]+/
    condition:
        $re
}

$ cat data.txt 
This is a test

What is the expected output? What do you see instead?

In YARA v1.6 the RegEx is greedy:
$ yara -v
yara 1.6 (rev:129)
$ yara -s rule.yara data.txt 
test data.txt
0x0:$re: This is a test

In YARA v1.7 the RegEx is no longer greedy:
$ yara -v
yara 1.7 (rev:167)
$ yara -s rule.yara data.txt 
test data.txt
0x0:$re: This is a test
0x1:$re: his is a test
0x2:$re: is is a test
0x3:$re: s is a test
0x4:$re:  is a test
0x5:$re: is a test
0x6:$re: s a test
0x7:$re:  a test
0x8:$re: a test
0x9:$re:  test
0xa:$re: test
0xb:$re: est
0xc:$re: st

What version of the product are you using? On what operating system?

YARA, versions 1.6 and 1.7, with pcre, on OS X 10.7.x

What behaviour can we expect to see in the future? (greedy or not greedy RegEx)

Original issue reported on code.google.com by andreas....@gmail.com on 5 Apr 2013 at 3:44

GoogleCodeExporter commented 8 years ago
The expected behavior is that of version 1.7, and is what you should expect in 
any future version.

Original comment by plus...@gmail.com on 4 Nov 2013 at 12:58