Using regex to match identical numbers separated by an equals

Question

Whilst looking over server logs for SQL injection attacks it's fairly obvious what your looking for (ie. single quotes, 1=1, etc.) but it got me wondering about how 2=2 etc. is just the same to SQL.

So is there a way of checking for identical numbers separated by an equals sign?

ie. 1=1, 2=2, 3=3 all match but 1=2 wouldn't match.

score 1 · Answer 1 · answered Dec 09 '15 at 13:39

1

You could use back referencing depending on the regex flavor and tool

([0-9])=\1

Here we capture a number in a group using ([0-9]) and then use the back reference \1 to reference the value captured in our first group

answered Dec 09 '15 at 13:39

swestner

1,881
15
19

score 0 · Answer 2 · answered Dec 09 '15 at 13:14

0

No you can not with regex only excepting if you enumerate all possibilities 1=1 2=2 3=3 (or if so I would like to see that too!)

You need a regex to match and a script to process, awk will do this in one line (assuming you are using Bash to view your logs)

echo "aaa 12=11 aaa
bbb13=13 bbb
ccc 678=6789 ccc
ddd 9999=9999ddd" | awk '{ match($0, /([0-9]+)=([0-9]+)/, arr); if(arr[1] == arr[2]) print arr[0] }'

will output

13=13
9999=9999

answered Dec 09 '15 at 13:14

Patrick Portal

192
7

To apply to a whole file use ```awk '{ match($0, /([0-9]+)=([0-9]+)/, arr); if(arr[1] == arr[2]) print arr[0] }' myfile.log``` – Patrick Portal Dec 09 '15 at 13:18

Using regex to match identical numbers separated by an equals

2 Answers2