Fixed pattern issue#1057
Open
ckbaker10 wants to merge 1 commit intogoss-org:masterfrom
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist
make test-all(UNIX) passes. CI will also test thisDescription of change
have-patternsmatcher silently ignored the/i(case-insensitive) flag — and any other trailing flags — on/pattern/flagsstyle patterns, causing those patterns to always fail when the output contained mixed-case text.Root cause:
sliceToPatternsclassified a string as a regex only when it ended with a bare/(strings.HasSuffix(s, "/")). A pattern like/loglevel (verbose|info)/iends with/i, so it fell through to thestringPatternbranch and was evaluated with astrings.Containscheck. The regex and the/iflag were both completely ignored. Additionally,newRegexPatternstripped only the literal trailing/character, so even patterns that did reach the regex path would have had any flags silently included in the compiled expression (causing a compile error or incorrect behaviour depending on the flag string).Fix:
strings.HasSuffix(s, "/")check insliceToPatternswith a newisRegexPatternhelper that correctly recognises/pattern/,/pattern/i,/pattern/ms, etc. (allowing only valid Go RE2 inline flag charactersi,m,safter the closing delimiter).newRegexPatternto split at the last/, extract any trailing flags, and prepend them as a Go inline flag group ((?flags)) before compiling — e.g./loglevel (verbose|info)/iis compiled as(?i)loglevel (verbose|info)./pattern/patterns and literal string patterns is preserved.Tests added (
matchers/have_patterns_test.go):TestSliceToPatterns_FlaggedRegex— verifies that patterns with trailing flags are classified as regex patterns, not string-contains patterns.TestNewRegexPattern_CaseInsensitiveFlag— unit-testsnewRegexPatternwith the exactsshd -Toutput lines from the failing CIS audit controls (5.1.6, 5.1.12, 5.1.14, 5.1.15).TestHavePatternsMatcher_CaseInsensitiveFlag— end-to-end tests through the fullHavePatternsMatcher, covering all four SSH-related CIS control failures where/ipatterns failed against mixed-case output such asloglevel INFO.