Scary Spookvember: Regex!

This is the first blog post in a new series of blog posts that involves me learning and blogging about things that scare developers. I came up with this idea basically right after Halloween ended, so unfortunately this has to be the Scary Spookvember series now instead of Spooktober, which would've made more sense 🤦.

This first article is about Regex. Many developers think of it as like a template that can match strings, but actually, Regex is a simple programming language! To show this, let's take a look at a simple Regex that matches a simple lowercase UUID, such as e81dd3ba-44bb-11ec-81d3-0242ac130003. The Regex that I found on stack overflow is: 
\b([0-9a-f]){8}-([0-9a-f]){4}-([0-9a-f]){4}-([0-9a-f]){4}-([0-9a-f]){12}\b
At first glance, this looks quite confusing and scary, but once we reformat it a bit, things begin to start taking shape: 
\b		# match the beginning or end of a word
(
  [0-9a-f]	# match any character from 0-9 or a-f 
) {8}		# loop 8 times
-		# match the - character
(
  [0-9a-f]	# match any character from 0-9 or a-f 
) {4}		# loop 4 times
-		# match the - character
(
  [0-9a-f]	# match any character from 0-9 or a-f 
) {4}		# loop 4 times
-		# match the - character
(
  [0-9a-f]	# match any character from 0-9 or a-f 
) {4}		# loop 4 times
-		# match the - character
(
  [0-9a-f]	# match any character from 0-9 or a-f 
) {12}		# loop 12 times
\b		# match the beginning or end of a word
Now, the regex is trivial to understand! We can even use this type of reasoning to build much more complicated Regex patterns. For example, I was signing up for an Epic Games account a few months back to get some of their free games, and when setting a password, they gave me the following requirements:
How can we build a way to validate Epic Games passwords? Let's start by abstracting away some details into "functions". 
has_number()
has_letter()
has_greater_than_or_equal_to_seven_characters()
not has_whitespace()
Now, we can think about solving each one of these functions on its own. Let's try has_number first: 
.		# match any character
  *?		# loop 0 times and try the rest of the regex, loop 1 times and try the rest of the regex, etc.
[0-9]		# match any digit
Then, let's do has_letter which is pretty similar to has_number: 
.		# match any character
  *?		# loop 0 times and try the rest of the regex, loop 1 times and try the rest of the regex, etc. until match
[a-zA-Z]	# match any letter
Then, let's do has_greater_than_or_equal_to_seven_characters: 
.		# match any character
  {7,}		# loop at least 7 times and try the rest of the regex
Another way to do this is something like: 
.		# match any character
  {6}		# loop 6 times
.		# match any character
And finally, let's do has_whitespace 
.		# match any character
  *?		# loop 0 times and try the rest of the regex, loop 1 times and try the rest of the regex, etc. until match
\s		# match a whitespace character
Now, we can combine these to form a full pattern validator. To do this, we will use positive and negative lookaheads. A lookahead basically attaches some conditions to a match. Let's say I were to write code to match the "x" character at position p, I might write "x" == word[p]. If I attached a lookahead to this "x" character match, that would look something like this in Regex x(?=some_function) for positive lookahead and x(?!some_function) for negative lookahead, and the pseudocode would be like "x" == word[p] and some_function(word[p+1:]) for positive lookahead and "x" == word[p] and !some_function(word[p+1:]) for negative lookahead. With this extra bit of knowledge, we can now get to the Regex for our password validator: 
^		# match the start of the line
  (?=		# positive lookahead for has_number function
    .
      *?
    [0-9]
  )
  (?=		# positive lookahead for has_letter function
    .
      *?
    [a-zA-Z]
  )
  (?=		# positive lookahead for has_greater_than_or_equal_to_seven_characters function
    .
      {7,}
  )
  (?!		# negative lookahead for has_whitespace function
    .
      *?
    \s
  )
.		# match any character
  *		# loop to the end
$		# match the end of the line
All in all, this Regex looks like: ^(?=.*?[0-9])(?=.*?[a-zA-Z])(?=.{7,})(?!.*?\s).*$ and it works!

That's all for this post about Regex. For more information, check out this great conference talk: Understanding and Using Regular Expressions and for some extra practice, try implementing a Regex display name validator for Epic Games!


Comments

Post a Comment

Popular posts from this blog

First-Principles Derivation of A Bank

What is a Bank? A bank borrows money from people with money but low-risk appetite, and lends money to people who need money to take potentially rewarding risks. Say we live in a toy society with $10 in circulation and 2 people (a farmer and a cook). In this society, the farmer grows vegetables and the cook processes vegetables for food – both activities essential for survival. Assume that both parties start with $5 each. The farmer sells vegetables for $1 per serving and can produce 2 servings per day. The cook prepares food for $2 per serving and also has the capacity to produce 2 servings per day. Every day, the farmer sells 2 servings of vegetables to the cook for a total of $2 . Then, the cook prepares 2 servings of food and sells 1 serving to the farmer for $2 . In this perfectly balanced society, everybody eats, and money never needs to “rest.” Let's break the above equilibrium by adding a time component. In this society, vegetables take thr...
Read more

A Play-by-play of the Mirai botnet source code - Part 1 (scanner.c)

Today I've decided to start learning something very new and unfamiliar to me, as someone who mostly works with very high-level languages like Python and Kotlin, and attempt to understand the source code behind the Mirai botnet that managed to control over 380,000 IoT devices at one point in its life. I'll likely get a lot of things wrong the first time around, and this may take quite a few blog posts to complete, but my goal is to document everything I figure out, so that in the future, someone else in a similar position will be able to use this blog as a resource to understand the C and Go that ran this ground-breaking botnet. To begin, I'll start by reading  scanner.c , which is the code that is in charge of the scanning for and infecting new IoT devices. I'll be taking my time with it, so this might take a few blog posts. scanner.c  has most of its logic in a function called  scanner_init , which is triggered either from  main.c  (which seems like how it is t...
Read more

You can control individual packets using WinDivert!

Image
WinDivert is one of the most interesting packages I've recently come across. What WinDivert allows you to do is apply a filter to grab some subset of packets that pass through your Windows computer, and then apply some logic to the packet to maybe modify, and then drop or re-inject the packet. Here's a great diagram from this website that sums it up: Using PyDivert , a WinDivert Python binding, we can specify the PROGRAM portion in the above diagram, which means that we can now capture whatever packets we want, change them however we want, and then either drop them or re-inject them to be sent out whenever we want. The big sell here is that WinDivert allows you to play with packets on Windows without writing code that modifies the core operating system components that run in the kernel! The drawback is of course speed and efficiency, but for a lot of blog-post-worthy applications, we don't need that much speed and efficiency. Stay tuned for more stuff if this piqued your ...
Read more