-
-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Proposal] Add XML/YAML support to signature files. #6
Comments
Personally I like YAML more than XML as XML needs more bytes and the file could be quite big with the closing tags. The general idea for these config values is very helpful to further customize the behavior depending on the section / signature. http://stackoverflow.com/questions/294355/php-yaml-parsers At least we should not make it too complicated for endusers who may not know XML or YAML. |
True, true. YAML definitely looks like a nice option. May end up rolling something specific for CIDRAM to support YAML, I think (at least by approximation, anyhow; the specification is rather sizable and looks a little complex to be worth the time and effort of rolling something specifically for CIDRAM that conforms to the specification perfectly, but building something to approximate the bare basics shouldn't be too hard; functionality could be extended whenever required, perhaps); spyc looks like the best option of those mentioned, but it'd be nice to be able to build something using the closure oriented coding style that CIDRAM uses (and I don't think there's anything like this in existence at the moment as far as I'm aware), and I notice that spyc hasn't been updated in a while; The other options mentioned require PECL extensions, which seems to be having a few problems at the moment with PHP => 7. A little more work, but YAML does look like a nicer and friendlier format to work with (and seems like it would probably have less margin for error with first-time users). |
[2016.07.26; NEW FEATURE; Maikuolan]: Added some basic support for YAML-like data (note: not a true YAML implementation) to be read from signature files, which can used to specify per signature section custom configuration values. #6
I've committed some changes just now that should allow for some very simple YAML-like things to be included in signature files (although it's not a true, proper implementation; just something basic and minimal that can be used for doing some simple per section configuration customisations).
Everything that seems to actually work correctly at the moment (as far as I can tell) is included in the above example; The various other configuration directives aren't affected by these customisations yet. |
I propose adding XML support to the signature files, to allow some degree of extensibility to the signature files by way of allowing certain variables to be defined whenever relevant signatures are triggered.
My thinking was that, by leveraging the inbuilt PHP SimpleXMLElement class, CIDRAM could look for some predefined XML boundaries in the signature files following immediately after a triggered signature and then parse the data contained within any XML boundaries found to give CIDRAM a degree of extensibility based upon the relevant signatures being triggered.
So, say for example, if we had a signature section like this:
We could change it to this:
Using the aforementioned inbuilt PHP class, we could then define "tag" (or other similar variables), which could be optionally used by CIDRAM for whatever purposes (I was thinking, in particular, this could be used to offer extended information about signatures originating from certain signature sections, and could help with the suggestion mentioned by dev-101 in #3 regarding adding a better "Why Reason" to the "Access Denied" page).
As another example:
..Could be used to define a custom email address to be used for support tickets for in the event of any potential false positives originating from a specific signature section (for if, perhaps, the CIDRAM user doesn't want to define an email address directly in their configuration file, because they only want to offer an email to IPs from certain ISPs, etc), and we could use a similar logic to change configuration elsewhere based on triggering specific signatures (although this should be used very minimally by default, if at all, because we shouldn't be overriding defined configuration unless we absolutely must, but it could be useful for custom signatures, if the user wants to override their own configuration for specific signatures).
Would like to know what you think about this idea.
@DanielRuf @dev-101
Compatibility notes:
The text was updated successfully, but these errors were encountered: