Understanding and Creating Inclusive Exclusions

When a site contains many pages that are essentially redundant, it makes sense to scan only a selection of such pages and exclude the rest. To accomplish this, we need to specify what to include by excluding everything else. Such exclusions are called "inclusive exclusions."

You can create regular expressions that exclude everything including the sessions you want to scan, and then add the inclusion regular expression within the negative look ahead construct.

Understanding Inclusive Exclusion Regular Expressions

Suppose you have the following URLs:

http://site.tld/sub/sub1
http://site.tld/sub/sub2
http://site.tld/sub/sub3
http://site.tld/sub/sub4
http://site.tld/sub/sub5
...
http://site.tld/sub/sub9999

And you want to include sub1 in the scan but not sub2 through sub9999.

A regular expression to match and exclude everything is:

\/sub/sub[0-9]+

Adding the negative look ahead to include sub1 results in this regular expression:

\/sub/sub(?!1)[0-9]+

This regular expression matches and excludes everything in the previous list of URLs that does not include sub1.

Important! If the regular expression includes the host name, then it must also include the port as shown here:

site\.tld:80/sub/sub[0-9]+

site\.tld:80/sub/sub(?!1)[0-9]+

The following paragraphs provide additional examples of various inclusive exclusions.

Example One

Suppose you want to scan only the contents of folders where the folder name starts with the combination "N13" and omit the others in the following list:

http://10.0.6.124:22000/cssbundle/1666793387/bundles/service.css 
http://10.0.6.124:22000/cssbundle/N1375383199/bundles/service.css 
http://10.0.6.124:22000/jsbundle/1337374041/bundles/catalogs.js 
http://10.0.6.124:22000/jsbundle/1337374041/bundles/general.js 
http://10.0.6.124:22000/jsbundle/335652056/bundles/search.js 
http://10.0.6.124:22000/jsbundle/N1222120407/bundles/ 
http://10.0.6.124:22000/jsbundle/N1408948977/bundles/ 
http://10.0.6.124:22000/jsbundle/N1982198842/bundles/
http://10.0.6.124:22000/jsbundle/N273479010/bundles/

A regular expression to match and exclude all folder names that begin with letter "N" is:

\/N[\d]+\/

Adding the negative look ahead to include (?!13) results in this regular expression:

\/N(?!13)[\d]+\/

Using this regular expression as a session exclusion causes Fortify WebInspect to omit all of the paths except for those where the folder name starts with the combination "N13":

http://10.0.6.124:22000/cssbundle/N1375383199/bundles/service.css

Note: The number "13" is arbitrary. You could easily replace the "13" character set in the regular expression with your desired character set.

Example Two

Suppose you want to omit most of My Awesome Store's catalog while still permitting URLs that include keywords "awesome" or "core" in the following list:

http://my.awesome.store.com/dotcom/14k-gold-plated-ring/cat.jump 
http://my.awesome.store.com/dotcom/2-panel-jewelry-box/prod.jump 
http://my.awesome.store.com/dotcom/core-short-sleeve-top/prod.jump 
http://my.awesome.store.com/dotcom/core-graphic-tee/prod.jump 
http://my.awesome.store.com/dotcom/core-pro-striped-shorts/prod.jump 
http://my.awesome.store.com/dotcom/awesome-brand-pro-striped-shorts/prod.jump 
http://my.awesome.store.com/dotcom/core-pro-striped-shorts/prod.jump 
http://my.awesome.store.com/dotcom/shoes/sandals-flip-flops/low-mid-heel/cat.jump 
http://my.awesome.store.com/dotcom/shoes/sandals-flip-flops/wedge-sandals/cat.jump
http://my.awesome.store.com/dotcom/shoes/sandals-flip-flops/flat-sandals/cat.jump 
http://my.awesome.store.com/dotcom/shows/all-mens-shoes/slippers/cat.jump 
http://my.awesome.store.com/dotcom/men/shorts/bermuda-core-beige/prod.jump 
http://my.awesome.store.com/dotcom/men/shorts/pleated-core-beige/prod.jump 
http://my.awesome.store.com/dotcom/men/shorts/bermuda-awesome-brand-beige/prod.jump 
http://my.awesome.store.com/dotcom/core-proportioned-pants/prod.jump 
http://my.awesome.store.com/dotcom/awesome-brand-slender-jean---plus/prod.jump 
http://my.awesome.store.com/dotcom/awesome-brand/half-zip-jacket/prod.jump 
http://my.awesome.store.com/dotcom/toys/categories/costumes-dress-up/boys/cat.jump 
http://my.awesome.store.com/dotcom/shoes/kids-shoes/boys-shoes/cat.jump 
http://my.awesome.store.com/dotcom/toys/gender/boys/cat.jump 
http://my.awesome.store.com/dotcom/shoes/boots/ankle-boots-booties/cat.jump 
http://my.awesome.store.com/dotcom/shoes/all-womens-shoes/view-all/cat.jump 
http://my.awesome.store.com/dotcom/women/awesome-brand/tops-sweaters/cat.jump 
http://my.awesome.store.com/dotcom/men/wallets-accessories/backpacks-bags/cat.jump 
http://my.awesome.store.com/dotcom/women/wear-to-work/skirts/cat.jump

A regular expression to include "awesome" or "core" keywords is:

\/dotcom\/((?!awesome|core)[\w-%\/])+(?:cat|prod)\.jump