Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 915
  • Last Modified:

Regular expression to find exact matches

http://forums.asp.net/t/1254125.aspx

I am trying to enhance this tool a little with some other way of handling the string match, I want to use regular expressions where I can find the exact match for a word in the blacklist, right now this routine finds any match. As in you have a the word "created" it will find a match on "create" as being part of the word and flag it as an error.

I using vb.net, but I just need to find a regular expression to do it.

This is what I ahve so far

/\screate|\sfetch|\sdeclare

but for whatever reason it finds no match.
0
JDEE8297
Asked:
JDEE8297
1 Solution
 
RedKelvinCommented:
Hi there,
Try this little tool, it is great for building regular expressions, so easy.
http://www.ultrapico.com/Expresso.htm
0
 
planoczCommented:
I made a sample project for you to look at...
create a new vs2005 form an copy code into it.
Imports System.Text.RegularExpressions
Public Class frmBlackList
    Dim test_input_string As String
    Private Sub frmBlackList_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        test_input_string = "You can screen all incoming query-string, "
        test_input_string &= "begin form and cookie values by running code during the BeginRequest event. "
        test_input_string &= "This type of code can run on every request when implemented in an HttpModule. "
        test_input_string &= "The sample code below defines an HttpModule;--in the App_Code directory, and "
        test_input_string &= "then registers the module in web.config so that it runs on every request. "
        test_input_string &= "The sample code will check incoming data and automatically redirect to a "
        test_input_string &= "page called 'Error.aspx' if suspicious nchar character@ @@ sequences are found."
 
        Matching(test_input_string)
 
    End Sub
    Private Sub Matching(ByVal m_inputText As String)
 
        Const OPT As String = "|"
        Dim patternAll As String = ""
        Dim patternList As String = "alter|begin|c(ast|har|reate|ursur)|de(clare|lete)|drop|end|ex(ec|ecute)"
        Dim patternList2 As String = "fetch|insert|kill|n(char|varchar)|open|select|sys(columns|objects)|table|update|varchar\@|\;(\--)|--|\*/|\/*"
 
        Try
            patternAll = patternList & OPT
            patternAll += patternList2
 
            Dim regexParser As Regex = New Regex(patternAll, RegexOptions.Multiline)
 
            For Each matchCurrent As Match In regexParser.Matches(m_inputText)
                Dim valueString As String = matchCurrent.Value.ToString
                If valueString.Length > 0 Then
                    MessageBox.Show(valueString)
                End If
            Next matchCurrent
        Catch ex As Exception
            MessageBox.Show(ex.ToString)
        End Try
 
    End Sub
End Class

Open in new window

0
 
JDEE8297Author Commented:
thank you.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now