# coding=utf8
# the above tag defines encoding for this document and is for Python 2.x compatibility
import re
regex = r"not \(?\s*1 of \s*([\w\*]*)\s*\)?|not \(?\s*all of \s*([\w\*]*)\s*\)?|not \s*([^\d\(][^\(\s]*)|not \(\s*([^\d]+.*)\s?\)"
test_str = ("( passwordchanged and not passwordchanged_filter ) | near samrpipe\n"
"( selection_cammute and not filter_cammute ) or ( selection_chrome_frame and not filter_chrome_frame ) or ( selection_devemu and not filter_devemu ) or ( selection_gadget and not filter_gadget ) or ( selection_hcc and not filter_hcc ) or ( selection_hkcmd and not filter_hkcmd ) or ( selection_mc and not filter_mc ) or ( selection_msmpeng and not filter_msmpeng ) or ( selection_msseces and not filter_msseces ) or ( selection_oinfo and not filter_oinfo ) or ( selection_oleview and not filter_oleview ) or ( selection_rc and not filter_rc )\n"
"(exec_selection and not exec_exclusion) or (create_selection and create_keywords)\n"
"(selection1 and not filter1) or selection2 or selection3 or selection4\n"
"all of selection and not (1 of exclusion_*)\n"
"keywords and not 1 of filters\n"
"methregistry or ( methprocess and not filterprocess )\n"
"selection and not ( filter1 or filter2 )\n"
"selection and not ( filter1 or filter2 or filter3 )\n"
"selection and not (ini or intel)\n"
"selection and not 1 of falsepositive*\n"
"selection and not (1 of falsepositive*)\n"
"selection and not exclusion\n"
"selection and not falsepositive\n"
"selection and not falsepositives\n"
"selection and not filter\n"
"selection and not reduction\n"
"selection1 and not selection2\n"
"selection1 or ( selection2 and not filter2 )\n"
"selection_registry and not exclusion_images\n"
"selector | near dllload1 and dllload2 and not exclusion\n"
"selection and not (filter1)\n"
"selection and not all of falsepositive*\n"
"selection and not (all of falsepositive*)\n"
"selection and selection2\n"
"selection or (selection2 and selection3)\n"
"selection or 1 of selection*")
matches = re.finditer(regex, test_str, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
print ("Match {matchNum} was found at {start}-{end}: {match}".format(matchNum = matchNum, start = match.start(), end = match.end(), match = match.group()))
for groupNum in range(0, len(match.groups())):
groupNum = groupNum + 1
print ("Group {groupNum} found at {start}-{end}: {group}".format(groupNum = groupNum, start = match.start(groupNum), end = match.end(groupNum), group = match.group(groupNum)))
# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html