Strings functions
Functions in the strings module
concat
concatstrings.concat(sub: string, ...) -> string
concat combines multiple strings together in order. This could be be used later by other string comparisons or list lookups.
Examples
strings.concat("no-reply", "@sublimesecurity.com") -> "[email protected]"
strings.concat(null, "@sublimesecurity.com") -> null
strings.concat(sender.email.local_part, "@different_domain.com") -> "[email protected]"
// Escaped email in a URL (@ escapes to %40)
strings.concat(sender.email.local_part, "%40", sender.email.domain)
contains / icontains
contains / icontainsstrings.contains(source: string, substring: string) -> bool
strings.icontains(source: string, substring: string) -> bool
contains is used to check if one string contains a specific substring. contains performs a case-sensitive substring search, but icontains is case-insensitive. These strings can be literal strings, fields, or values from functions.
If either string is null, then contains and icontains will return null.
Examples
strings.contains("[email protected]", "@sublimesecurity.com") -> true
strings.contains("[email protected]", "@sublime") -> true
strings.contains("[email protected]", "@SuBLiMe") -> false
strings.icontains("[email protected]", "@SuBLiMe") -> true
strings.icontains("[email protected]", null) -> null
count / icount
count / icountstrings.count(source: string, substring: string) -> bool
strings.icount(source: string, substring: string) -> bool
count is used to count the number of occurrences of a substring within another string. count only counts case-senstive occurrences but icount counts all case-insensitive occurences. These strings can be literal strings, fields, or values from functions.
If either string is null, then count and icount will return null.
Examples
strings.count("An example string to search", " ") -> 4
strings.count("Banana nana nana", "na") -> 6
strings.icount("BaNaNa NaNa NaNa", "NANA") -> 6
ends_with / iends_with
ends_with / iends_withstrings.ends_with(source: string, suffix: string) -> bool
strings.iends_with(source: string, suffix: string) -> bool
ends_with is used to check if one string has a specific suffix. ends_with performs a case-sensitive suffix check, but iends_with is case-insensitive. These strings can be literal strings, fields, or values from functions.
If either string is null, then contains and icontains will return null.
Examples
strings.ends_with("[email protected]", "@sublimesecurity.com") -> true
strings.ends_with("[email protected]", "@sublime") -> false
strings.ends_with("[email protected]", "@SublimeSecurity.com") -> false
strings.iends_with("[email protected]", "@SublimeSecurity.com") -> true
strings.iends_with("[email protected]", null) -> null
like / ilike
like / ilikestrings.like(input: string, pattern: string, ...) -> bool
strings.ilike(input: string, pattern: string, ...) -> bool
like is used to match a string against a list of predefined wildcard patterns. like performs a case-sensitive match against the entire string, but ilike is case-insensitive. Use wildcard characters to represent unknown substrings:
*is a placeholder for a string of any length, including empty strings?is a placeholder for a single character within the string
Remember that like and ilike are evaluated against the entire string. To look for a substring, wrap it in *, such as strings.ilike(body.plain.raw, "*password*"), or use strings.icontains(body.plain.raw, "password").
If input is null, then like and ilike will always return null.
Examples
strings.like("[email protected]", "*@sublimesecurity.com") -> true
# use ilike for case-insensitive matches
strings.like("[email protected]", "*@sublimesecurity.com") -> false
strings.ilike("[email protected]", "*@sublimesecurity.com") -> true
# if multiple wildcard patterns are specified, only one needs to match
strings.like("[email protected]", "*@*.org", "*@*.com", "*@*.gov") -> true
# use ? to match exactly 1 unknown character
strings.like("[email protected]", "[email protected]") -> true
strings.like("[email protected]", "[email protected]") -> false
levenshtein / ilevenshtein
levenshtein / ilevenshteinlevenshtein(a: string, b: string) -> integer
ilevenshtein(a: string, b: string) -> integer
levenshtein is used to calculate the Levenshtein edit distance between two strings. The returned value is equal to the minimum number of character operations (deletion, insertion, substitution) required to transform one string into the other. levenshtein finds the case-sensitive distance between the two strings, but ilevenshtein is case-insensitive.
strings.levenshtein('Bat', 'bot') -> 2
strings.ilevenshtein('Bat', 'bot') -> 1
starts_with / istarts_with
starts_with / istarts_withstrings.starts_with(source: string, prefix: string) -> bool
strings.istarts_with(source: string, prefix: string) -> bool
starts_with is used to check if one string has a specific prefix. istarts_with performs a case-sensitive prefix check, but iends_with is case-insensitive. These strings can be literal strings, fields, or values from functions.
If either string is null, then contains and icontains will return null.
Examples
strings.starts_with("[email protected]", "no-reply") -> true
strings.starts_with("[email protected]", "@sublime") -> false
strings.starts_with("[email protected]", "No-Reply") -> false
strings.istarts_with("[email protected]", "No-Reply") -> true
strings.istarts_with("[email protected]", null) -> null
Updated 5 months ago