GLOB Patterns - Case Insensitivity and More
"GLOB patterns" or "globs" are the wildcards used in a process of matching strings. GLOB patterns are similar to regular expressions (a.k.a regex), but much simpler and limited in scope. The following table summarizes the most commonly supported basic globbing features:
Character | Description |
* | Matches any character zero or more times, except for /. |
** | Matches any character zero or more times, including /. |
? | Matches any character one time |
[abc] | Matches any of the specified characters (in this case, a, b or c). Example, [JKL]ava matches to Java |
[a-z] | Matches one character from the range given in the bracket. Example, jsr[303-305] matches to jsr303, jsr304, jsr305 |
Mend uses GLOB patterns to create In-House, Whitelisting, and Policy rules.
Important things to remember about globbing:
It is case sensitive. Example, [JKL]ava* matches to 'JavaEWAH-0.7.9.jar' but doesn't match to 'javax.inject-1.jar' or 'javassist-3.21.0-GA.jar
There are some special characters that won't be picked up unless explicitly enabled by the user. Such as a plus sign, for example, 'common-core+gwt.jar'
How to create case insensitive GLOB patterns?
Since globbing is case sensitive it makes it problematic for libraries like TZ-Brick-Breaker-v0.5 to be picked up by the rules as the artifact can be spelled out like TZ-Brick-Breaker-v0.5 or tz-brick-breaker-v0.5 or TZ-brick-breaker-v0.5, etc. In this case, you need to ensure that you convert upper case to lower case in your GLOB pattern: (?i)string(?-i)*, or (?i)string*
Example: 'TZ-Brick-Breaker-v0.5'
GLOB pattern by Name (?i)tz-brick-breaker(?-i)*
How to search for special characters using GLOB patterns?
Let's say you have two libraries: 'common-core+gwt.jar' and 'common-core-gwt.jar', but you want only the library with the '+' to be picked up. In this case, the special character has to be preceded by '\'.
Example: 'common-core+gwt.jar'
GLOB pattern by Name *\+gwt.jar
How to achieve OR operator in GLOB patterns?
Let's say you have 4 libraries that contain the word "whitespace", but sometimes it is spelled as one word "whitespace" and sometimes it is spelled with a dash "white-space". You need both cases to be picked up, but you don't want to create two rules for it. In this case, '|' (OR operator) will be helpful.
For example, postcss-normalize-whitespace-4.0.1.tgz, postcss-normalize-whitespace-4.0.2.tgz, collapse-white-space-1.0.5.tgz and is-whitespace-character-1.0.3.tgz
GLOB pattern by Name *(whitespace|white-space)*.tgz