1. Field of the Invention
The present invention generally relates to computer systems and more particularly to "wild card" characters which are used to specify computer objects, such as files or directories, having names which match a pattern that uses the wild card characters.
2. Description of the Prior Art
Conventional computer-operating systems have various architectures for handling software objects, like files, directories and symbolic links. These filing systems allow for the naming of objects according to certain rules. For example, in the popular DOS operating system used with personal computers, a name can be up to eight characters, optionally followed by a period (".") and an extension of up to three more characters, except that certain characters are not allowed including, among others, the forward slash ("/"), backslash (".backslash."), colon (":"), asterisk ("*") and question mark ("?"). These latter two characters are particularly reserved for use as "wild cards" (dummy or substitute characters) in specifying or selecting files from a group of files. The asterisk symbol can represent any character, including none, while the question mark represents exactly one character. For example, the expression "123*.*" presents a wild card pattern that would include the files or directories named "123," "1234," "123X," 123.BAT," etc., and the expression "123?" would include "1234" and "123X," but not "123" or "123.BAT." Other operating systems (VM, UNIX, etc.) have similar wild card enablement. Naming conventions are used for other computer objects or resources besides files, such as hardware (peripheral) devices.
Sometimes it is necessary to compare two wild card patterns, such as a user-specified pattern against a pre-defined pattern. This comparison can be performed by security-type software, e.g., for a network to restrict access to or manipulation of computer objects residing on the network, or for a single workstation which supports multiple users with different access rights to data stored locally. For example, a system administrator often will want to prevent certain files from being deleted or modified by any users, and can use conventional security software to construct a table having a list of files to which access rights are to be restricted. Conversely, a table can be constructed with a list of files or devices which are to be considered completely accessible. These tables can include wild card patterns, like "*.exe" to prevent users from manipulating any object which has an extension indicating that it is an executable file. Then, if a user executes a command such as "delete login.exe," the security software easily recognizes that the specified file is off limits to the user and disables the command before it is passed to the operating system. Instead of specifying an exact file name, the user might specify a wild card expression as well, such as "delete log*.*". Conventional security software will check this wild card pattern against the authorized command pattern(s), and initially determine whether the action is clearly forbidden, clearly allowable, or neither. If neither, then additional monitoring or analysis is required to ensure that files are properly safeguarded. If the action is clearly allowable, however, then the security system passes the command onto the operating system without further involvement.
The comparison between wild card patterns is performed on a literal basis only. In other words, the security program perceives the user-specified wild card pattern as a static object and considers any wild card characters used in the user-specified pattern to be literal values. Because of this approach, a security program can sometimes produce incorrect results. For example, the pattern "?BC" might appear in a security table as a wild card expression for a group of protected files; if a user entered the command "delete *BC" the security program would immediately conclude that the command is completely prohibited since it would interpret the "*" character literally as satisfying the "?" in the pre-defined pattern. This interpretation is incorrect since the command could result in deletion of the file "BC" which would not be a protected file (based on the "?BC" pattern). Conversely, if the pattern "?BC" were defined for a group of files to which access was to be unrestricted, then the command "delete *BC" would be interpreted as clearly allowable, but this might be incorrect since the command could again result in deletion of the file "BC" which might be a protected file. It would, therefore, be desirable and advantageous to devise a method of comparing wild card patterns which treats both strings as active wild card operators and not as literal values.