#!/usr/bin/perl
# Author: bmc@sourcefire.com
# 
# some code that converted this ugly sscanf format string to a regexp that
# matches it looking for overflows, given that each of the strings had a max
# given size ($maxstring)

my %regexps = (
    '%x' => '(0x)?[0-9a-f]+',                           # (?:0x)?[0-9a-f]+
    '%i' => '(0x[0-9a-f]+)|(0[0-8]+)|([1-9]\d*)',    # (?:(?:0x[0-9a-f]+)|(?:0[0-8]+)|(?:[1-9]\d*))
    '%s' => '\S+',                                      # \S+
    '%o' => '[0-8]+',
    '%f' => '\d+\.\d+',
);

my $format = '%x %s %i %x %s %i %x %s %i %x %s %i';
# my $format = '%o %s %s %s';
my $maxstring = 64;
my @formats = split(/ /,$format);

my @re;
for (my $i = 0; $i <= $#formats; $i++) {
    if ($formats[$i] eq '%s') {
        my @tmp;
        for (my $j = 0; $j < $i; $j++) {
            if ($regexps{$formats[$j]}) {
                push (@tmp, $regexps{$formats[$j]});
            } else {
                die "Ack, can't handle format $formats[$j]\n";
            }
        }
        push (@tmp, '\S{' . ($maxstring + 1) . '}');
        push(@re, join('\s+',@tmp));
#        print "/" . join('\s+', @tmp) . "/i\n";
    }
#    print "/" . join("|", @re) . "/i\n";
}

print "/" . join("|", @re) . "/i\n";