IBM Support

Why does my regular expression don't seem to work even though it's OK in the test?

Question & Answer


Question

Why does my regular expression (regex) don't seem to work even though it's OK in the regex test? For example I got a ^((?!MATERIALIZED VIEW).)*$ regex in the policy real time alert. I've tested the regex in the test, and it's working, but the policy rule is not working

Answer

You use special characters ?! which is negative look-ahead assertion. It's not as of yet supported.

The regex checker in the rule definition and the sniffer*) uses different libraries to do the matching. The checker support extended special characters like ?!, so the pattern is valid in the checker. On the other hand the sniffer doesn't support ?!, so the pattern will be regarded as invalid when sniffer is trying to match it, which causes the regular expression to be ignored.

This inconsistency is a known issue and planned to be addressed in v11.

For now, you can find a drop down "select element" in the checker window, if you make sure you just use the characters in the drop down list, it will work ok.

*) The sniffer is the part of the Guardium appliance software that compute the policy.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0;10.0.1;10.1;10.1.2;8.2;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21998570

Page Feedback