2

I have the follwing Python code

import re

regex = r"SRC=(?P<src_ip>[\d\.]*).*?PROTO=(?P<proto>\w*).*?(SPT=(?P<src_port>\d*).*?DPT=(?P<dst_port>\d*)|TYPE=(?P<icmp_type>\d*).*?CODE=(?P<icmp_code>\d*))"
input = "<4>Nov 25 12:00:13 ubuntu kernel: [  574.036758] iptableslogIN=enp0s3 OUT= MAC=44:85:00:ec:eb:2b:00:21:55:ef:8c:7f:08:00 SRC=10.24.136.232 DST=10.23.85.76 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=5250 PROTO=TCP SPT=56325 DPT=55 WINDOW=1024 RES=0x00 SYN URGP=0"
m = re.match(regex, input)
print(m.groupdict())

which fails with a 

Traceback (most recent call last):
  File "C:/scratches/scratch.py", line 6, in <module>
    print(m.groupdict())
AttributeError: 'NoneType' object has no attribute 'groupdict'

because input was not matched.

The exact same regex and input is successful on regex101. Why?

WoJ
  • 27,165
  • 48
  • 180
  • 345
  • 1
    Your regex *may* be hard to debug :/ – linusg Nov 25 '16 at 12:28
  • 2
    Replace `re.match` with `re.search`. See https://ideone.com/bjl4MQ – Wiktor Stribiżew Nov 25 '16 at 12:28
  • @WiktorStribiżew - Wow, nice! – linusg Nov 25 '16 at 12:29
  • @WiktorStribiżew: Thanks a lot - this is it. I did not know about `search()` vs `match()` – WoJ Nov 25 '16 at 12:30
  • You are welcome. Some people do not know http://regex101.com exists. :) – Wiktor Stribiżew Nov 25 '16 at 12:31
  • @WiktorStribiżew: regex101 is fantastic for people like me who use regex three times a year. It is also suggested on SO when asking a regex question (I guess if the title includes the word 'regex'). Thanks again. – WoJ Nov 25 '16 at 12:32
  • Then a hint: when testing at regex101.com, pay attention to the modifiers you use and whether replacing is needed. After the fiddle works as expected, just go to *code generator* and select *Python* option. You will get some code that *might* work in Python. Always test the regexes in the target environment as you did, since even regex101.com has bugs. – Wiktor Stribiżew Nov 25 '16 at 12:34

0 Answers0