Below are selected solutions for the Chapter 3 workshop questions from Cybersecurity Ops with bash.
Question 1
Write a regular expression that matches a floating-point number (a number with a decimal point) such as 3.14. There can be digits on either side of the decimal point, but there need not be any on one side or the other. Allow the regex to match just a decimal point by itself, too.
Answer
Note that this is just one of many possible solutions:
Here is how the regular expression is broken down:
[0-9]* Matches the digits 0 through 9 zero or more times
\. The backslash is an escape character so the literal period character is matched
[0-9]* Matches the digits 0 through 9 zero or more times
Question 2
Use a back reference in a regular expression to match a number that appears on both sides of an equals sign. For example, it should match “314 is = to 314” but not “6 = 7.”
Answer
Note that this is just one of many possible solutions:
Here is how the regular expression is broken down:
([0-9]+) The digits 0 through 9 one or more times, the ( ) are used so the matching pattern can
be used by a back reference
.* Any number of any character
= The literal equal sign character
.* Any number of any character
\1 A back reference to the pattern matched by the expression in the first set of ( )
Question 4
Write a regular expression that uses grouping to match on the following two IP addresses: 10.0.0.25 and 10.0.0.134.
Answer
Note that this is just one of many possible solutions:
Here is how the regular expression is broken down:
10\.0\.0\. The pattern 10.0.0. - the \ is used to escape the special meaning of the period
(25|134) A group where the only accepted patterns are 25 or 134
for Question5:
egrep '(\b[0-9a-fA-F].*\b).*\1.*\1'
What I got for Question 3.
egrep '^[0-9].*[0-9]$'
What I got for Question 4.
egrep '10.0.0.(25|1134)'
How come I was able to match the first part without escaping the periods? Shouldn't the periods represent a single wildcard character so that there must be a character in between the zeros in order to match? What am I misunderstanding?
What I got for Question 5.
egrep '([[:xdigit:]]x[[:xdigit:]][[:xdigit:]]) \1 \1'
What I got for Question 3.
egrep '^[0-9].*[0-9]$'
Chapter3 Question2 and its solution are ambiguous.
With solution ([0-9]+).*=.*\1 For Example
1- “314 is = to 314” results in a match; but at the same time “314 is = to 312” would also result in a match, and so would “11 = 12”
2- “6 = 7.” results in a No Match. But at the same time “2 = 2” also results in a No Match.
The solution provided only checks that there is a number at both sides of = sign. It doesn't really ensure that they are the same number.