How to write regex for Data Driven Nodes?
28 views
Skip to first unread message
Elle Driver
Oct 10, 2025, 4:15:11 AMOct 10
to ZAP User Group
Hello everyone!
Could you please explain what the parentheses in the regular expression for a data-driven node mean, and why there need to be two or three of them?
I can't understand the logic behind this.
Could you please explain what the parentheses in the regular expression for a data-driven node mean, and why there need to be two or three of them?
I can't understand the logic behind this.
Let's say I have an URL like https://example.com/api/v4/leads/pipelines/{pipeline_id}/statuses. What regular expression should I write for it? The documentation doesn't explain how to write regular expressions for data-driven nodes (I know what regular expressions are and how to write them, but I don't understand what the groups in zap mean). Could you please clarify this?
xeno...@gmail.com
Oct 10, 2025, 9:05:57 AMOct 10
to ZAP User Group
This is an educated guess, I think it’s an implementation thing. They want a capturing group as that is a way to guarantee you only snag the parameters you want. What happens if you only supply the capturing group for {pipeline_id} ? I’d be puzzled why it would force more than one group myself.
-- Matt Seil
Manager/Princ Application Security
Member ACM/OWASP
Let's say I have an URL like https://example.com/api/v4/leads/pipelines/{pipeline_id}/statuses. What regular expression should I write for it? The documentation doesn't explain how to write regular expressions for data-driven nodes (I know what regular expressions are and how to write them, but I don't understand what the groups in zap mean). Could you please clarify this?<Screenshot_20251009_171205.png>--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/5439a88a-840f-4fb2-b68d-6df563ab5535n%40googlegroups.com.
Simon Bennetts
Oct 14, 2025, 7:07:08 AMOct 14
to ZAP User Group
Hiya,
The Structural Modifiers (including Data Driven Nodes aka DDNs) were implemented some time ago, when we focussed more on the ZAP UI.
A quick way to use the ZAP Desktop to generate the right regex is:
- Request the URL in ZAP, e.g. https://example.com/api/v4/leads/pipelines/pipeline_id/statuses (it doesnt actually matter that this returns a 404;)
- Add the domain to a context e.g. the Default Context
- Right click on the relevant node and select: Flag as Context -> Default Context: Data Driven Node
- Select the new Structural Modifier and click on "Modify..."
- Copy the regex
In this case the regex is
ZAP needs to know which part of the path is to be treated as the DDN.
The 3 regex groups represent the prefix, the DDN and the postfix.
I can't remember offhand what 2 regex groups represent, maybe just the prefix and DDN, where it appears at the end?
Does that make sense?
Simon
Reply all
Reply to author
Forward
0 new messages