Understanding and Creating Inclusive Exclusions
When a site contains many pages that are essentially redundant, it makes sense to scan only a selection of such pages and exclude the rest. To accomplish this, we need to specify what to include by excluding everything else. Such exclusions are called "inclusive exclusions."
You can create regular expressions that exclude everything including the sessions you want to scan, and then add the inclusion regular expression within the negative look ahead construct.
Understanding Inclusive Exclusion Regular Expressions
Suppose you have the following URLs:
http://site.tld/sub/sub1 http://site.tld/sub/sub2 http://site.tld/sub/sub3 http://site.tld/sub/sub4 http://site.tld/sub/sub5 ... http://site.tld/sub/sub9999
And you want to include sub1
in the scan but not sub2
through sub9999
.
A regular expression to match and exclude everything is:
\/sub/sub[0-9]+
Adding the negative look ahead to include sub1
results in this regular expression:
\/sub/sub(?!1)[0-9]+
This regular expression matches and excludes everything in the previous list of URLs that does not include sub1
.
Important! If the regular expression includes the host name, then it must also include the port as shown here:
site\.tld:80/sub/sub[0-9]+
site\.tld:80/sub/sub(?!1)[0-9]+
The following paragraphs provide additional examples of various inclusive exclusions.
Example One
Suppose you want to scan only the contents of folders where the folder name starts with the combination "N13" and omit the others in the following list:
http://10.0.6.124:22000/cssbundle/1666793387/bundles/service.css http://10.0.6.124:22000/cssbundle/N1375383199/bundles/service.css http://10.0.6.124:22000/jsbundle/1337374041/bundles/catalogs.js http://10.0.6.124:22000/jsbundle/1337374041/bundles/general.js http://10.0.6.124:22000/jsbundle/335652056/bundles/search.js http://10.0.6.124:22000/jsbundle/N1222120407/bundles/ http://10.0.6.124:22000/jsbundle/N1408948977/bundles/ http://10.0.6.124:22000/jsbundle/N1982198842/bundles/ http://10.0.6.124:22000/jsbundle/N273479010/bundles/
A regular expression to match and exclude all folder names that begin with letter "N" is:
\/N[\d]+\/
Adding the negative look ahead to include (?!13)
results in this regular expression:
\/N(?!13)[\d]+\/
Using this regular expression as a session exclusion causes Fortify WebInspect to omit all of the paths except for those where the folder name starts with the combination "N13":
http://10.0.6.124:22000/cssbundle/N1375383199/bundles/service.css
Note: The number "13" is arbitrary. You could easily replace the "13" character set in the regular expression with your desired character set.
Example Two
Suppose you want to omit most of My Awesome Store's catalog while still permitting URLs that include keywords "awesome" or "core" in the following list:
http://my.awesome.store.com/dotcom/14k-gold-plated-ring/cat.jump http://my.awesome.store.com/dotcom/2-panel-jewelry-box/prod.jump http://my.awesome.store.com/dotcom/core-short-sleeve-top/prod.jump http://my.awesome.store.com/dotcom/core-graphic-tee/prod.jump http://my.awesome.store.com/dotcom/core-pro-striped-shorts/prod.jump http://my.awesome.store.com/dotcom/awesome-brand-pro-striped-shorts/prod.jump http://my.awesome.store.com/dotcom/core-pro-striped-shorts/prod.jump http://my.awesome.store.com/dotcom/shoes/sandals-flip-flops/low-mid-heel/cat.jump http://my.awesome.store.com/dotcom/shoes/sandals-flip-flops/wedge-sandals/cat.jump http://my.awesome.store.com/dotcom/shoes/sandals-flip-flops/flat-sandals/cat.jump http://my.awesome.store.com/dotcom/shows/all-mens-shoes/slippers/cat.jump http://my.awesome.store.com/dotcom/men/shorts/bermuda-core-beige/prod.jump http://my.awesome.store.com/dotcom/men/shorts/pleated-core-beige/prod.jump http://my.awesome.store.com/dotcom/men/shorts/bermuda-awesome-brand-beige/prod.jump http://my.awesome.store.com/dotcom/core-proportioned-pants/prod.jump http://my.awesome.store.com/dotcom/awesome-brand-slender-jean---plus/prod.jump http://my.awesome.store.com/dotcom/awesome-brand/half-zip-jacket/prod.jump http://my.awesome.store.com/dotcom/toys/categories/costumes-dress-up/boys/cat.jump http://my.awesome.store.com/dotcom/shoes/kids-shoes/boys-shoes/cat.jump http://my.awesome.store.com/dotcom/toys/gender/boys/cat.jump http://my.awesome.store.com/dotcom/shoes/boots/ankle-boots-booties/cat.jump http://my.awesome.store.com/dotcom/shoes/all-womens-shoes/view-all/cat.jump http://my.awesome.store.com/dotcom/women/awesome-brand/tops-sweaters/cat.jump http://my.awesome.store.com/dotcom/men/wallets-accessories/backpacks-bags/cat.jump http://my.awesome.store.com/dotcom/women/wear-to-work/skirts/cat.jump
A regular expression to include "awesome" or "core" keywords is:
\/dotcom\/((?!awesome|core)[\w-%\/])+(?:cat|prod)\.jump