I have a regex rule and an action that returns a file from a local cache. The rule captures what I want it to, but the problem is $2 in the action is not handled, so Fiddler tries to return D:\path\$2 (and fails). What could be wrong?
Rule:
regex:(?insx).*(host1.com|host2.com)/folder1/folder2/(.*)\?rev=.*
Action:
D:\path\$2
Any help would be appreciated.
P.S. I'm using Fiddler v2.4.8.0
After loosing an interesting amount of hair with this, I achieve it 'naming' the group replacement, like this:
Rule:
regex:(?insx).*(host1.com|host2.com)/folder1/folder2/(?'mygroup'.*)\?rev=.*
Action:
D:\path\${mygroup}
When you're using group replacements like this, it's important to put ^ at the front of the Rule expression and $ at the end.
Related
I'm trying to mark the last word in the document as a Annotation to be used by other rules.
This is what I've tried so far:
DocumentAnnotation{LAST(W) -> MARK(Unit2)};
Document{LAST(W) -> MARK(Unit2)};
Neither of these rules seem to work.
Is it even possible to mark the last word of the document by these means?
The Problem is that we try to find the last word/period of the Document so that a previously marked Annotation can be shifted to the last word.
Any help would be greatly appreciated.
You cant use LAST Condition for this scenario. Rather you can use MARKLAST action.
DECLARE LastWord;
Document{->MARKLAST(LastWord)};
Nevermind, I'm an oaf,
it's done with
Document{->MARKLAST(Unit2)}
I'm attempting to create a Suricata rule that will match a packet if and only if all content is found and in a specific order.
The problem with my current rule is that it will match even if the packet content is test2 test1.
Is there a way to achieve this functionality without using pcre?
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"Test Rule"; flow:established,to_server; content:"test1"; fast_pattern; content:"test2"; distance:0; classtype:web-application-activity; sid:5182976; rev:2;)
I figured out that the method I was using to test the Suricata signatures was duplicating the tested data at some point causing for the signature to always fire.
As to answer my own question, content order can be enforced by adding a distance modifier after the first content match.
As seen in:
content:"one"; content:"two"; distance:0; content:"three"; distance:0; . . .
As far as I can tell, the fast_pattern keyword can be omitted.
and thanks for looking!
I have an instance of YouTrack with several custom fields, some of which are String-type. I'm implementing a module to create a new issue via the YouTrack REST API's PUT request, and then updating its fields with user-submitted values by applying commands. This works great---most of the time.
I know that I can apply multiple commands to an issue at the same time by concatenating them into the query string, like so:
Type Bug Priority Critical add Fix versions 5.1 tag regression
will result in
Type: Bug
Priority: Critical
Fix versions: 5.1
in their respective fields (as well as adding the regression tag). But, if I try to do the same thing with multiple String-type custom fields, then:
Foo something Example Something else Bar P0001
results in
Foo: something Example Something else Bar P0001
Example:
Bar:
The command only applies to the first field, and the rest of the query string is treated like its String value. I can apply the command individually for each field, but is there an easier way to combine these requests?
Thanks again!
This is an expected result because all string after foo is considered a value of this field, and spaces are also valid symbols for string custom fields.
If you try to apply this command via command window in the UI, you will actually see the same result.
Such a good question.
I encountered the same issue and have spent an unhealthy amount of time in frustration.
Using the command window from the YouTrack UI I noticed it leaves trailing quotations and I was unable to find anything in the documentation which discussed finalizing or identifying the end of a string value. I was also unable to find any mention of setting string field values in the command reference, grammer documentation or examples.
For my solution I am using Python with the requests and urllib modules. - Though I expect you could turn the solution to any language.
The rest API will accept explicit strings in the POST
import requests
import urllib
from collections import OrderedDict
URL = 'http://youtrack.your.address:8000/rest/issue/{issue}/execute?'.format(issue='TEST-1234')
params = OrderedDict({
'State': 'New',
'Priority': 'Critical',
'String Field': '"Message to submit"',
'Other Details': '"Fold the toilet paper to a point when you are finished."'
})
str_cmd = ' '.join(' '.join([k, v]) for k, v in params.items())
command_url = URL + urllib.urlencode({'command':str_cmd})
result = requests.post(command_url)
# The command result:
# http://youtrack.your.address:8000/rest/issue/TEST-1234/execute?command=Priority+Critical+State+New+String+Field+%22Message+to+submit%22+Other+Details+%22Fold+the+toilet+paper+to+a+point+when+you+are+finished.%22
I'm sad to see this one go unanswered for so long. - Hope this helps!
edit:
After continuing my work, I have concluded that sending all the field
updates as a single POST is marginally better for the YouTrack
server, but requires more effort than it's worth to:
1) know all fields in the Issues which are string values
2) pre-process all the string values into string literals
3) If you were to send all your field updates as a single request and just one of them was missing, failed to set, or was an unexpected value, then the entire request will fail and you potentially lose all the other information.
I wish the YouTrack documentation had some mention or discussion of
these considerations.
Programming Gatling performance test I need to check, if the HTML returned from server contains a predefined string. It it does, break the test with an error.
I did not find out how to do it. It must be something like this:
val scn = scenario("CheckAccess")
.exec(http("request_0")
.get("/")
.headers(headers_0)
.check(css("h1").contains("Access denied")).breakOnFailure()
)
I called the wished features "contains" and "breakOnFailure". Does Gatling something similar?
Better solutions:
with one single CSS selector:
.check(css("h1:contains('Access denied')").notExists)
with substring:
.check(substring("Access denied").notExists)
Note: if what you're looking for only occurs at one place in your response payload, substring is sure more efficient, as it doesn't have to parse it into a DOM.
Here ist the solution
.check(css("h1").transform((s: String) => s.indexOf("Access denied"))
.greaterThan(-1)).exitHereIfFailed
You can write it very simple like:
.check(css("h1", "Access denied").notExists)
If you are not sure about H1 you can use:
.check(substring("Access denied").notExists)
IMO server should respond with proper status, thus:
.check(status.not(403))
Enjoy and see http://gatling.io/docs/2.1.7/http/http_check.html for details
EDIT:
My usage of CSS selector is wrong see Stephane Landelle solution with CSS.
I'm using substring way most of the time :)
I just start to use fiddler in my project for debug purpose, but haven't figure out how to handle following case with autoresponder :(
I need replace the timestamp in the request url then point to the my personal path, like
from http://www.test.com/static/20140828/js/test.js
to http://www.test.com/static/mycode/js/test.js,
while the timestamp "20140828" changing frequently so I hope can have a rule can match and handle this kind replacement automatically, without update the timestamp every time.
I tried the regex but not found the solution for this case. Any suggestions would be appreciated. Thanks.
You're right that you need to use a regular expression; you haven't said what expression you tried.
You'll probably want to use something like:
MatchText REGEX:^.*test\.com/static/\d+/(.*)$
ActionText http://www.test.com/static/mycode/$1