Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(docs): Expose tooling for rule developers #73

Open
lifeforms opened this issue Nov 1, 2022 · 2 comments
Open

feat(docs): Expose tooling for rule developers #73

lifeforms opened this issue Nov 1, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@lifeforms
Copy link
Member

lifeforms commented Nov 1, 2022
edited
Loading

Motivation

We need more input from new contributors. Currently, we are relying more and more on a lot of internal and external tools to write our rules. Not everybody may know them, while they are so helpful to create better rules.

I think we should have something like a "Great tools for rule writers" page to bring the rule writing practices from the 2000s to the 2020s.

And maybe even end with a full-fledged "rule writing walkthrough" that strings all the tools together to create a sample rule (could be moved to a separate issue if we want to do that).

Proposed solution

At least, we could make a list of useful tools and links to them.

For example:

At best we could have the list, and also create a 'walkthrough' for creating a rule that goes from:

  • a payload
  • to one of the online IDEs above to play with payload variances and backend behavior with regards to spacing, comments, etc.
  • to thinking of a regexp
  • to making and testing it in regex101
  • when to modify an existing rule and when to create a new rule (which should be somewhat discouraged unless it's really a new attack technique.)
  • then to create a regexp-assemble data file
  • generate the rule with crs-toolchain
  • testing the rule (link to our own upcoming documentation on go-ftw)

Alternatives

Karel always just does a web search for 'execute postgres online'. But there's a bigger chance that people might give up.

Additional context

N/A
@fzipi
Copy link
Member

fzipi commented Nov 11, 2022

Shall we move this one to https://github.com/coreruleset/documentation ?

@dune73
Copy link
Member

dune73 commented Nov 13, 2022

It's a great proposal btw.

@fzipi fzipi transferred this issue from coreruleset/coreruleset Nov 20, 2022
@fzipi fzipi added the enhancement New feature or request label Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dune73 @fzipi @lifeforms