[Proposal] Add XML/YAML support to signature files.

[Maikuolan]

I propose adding XML support to the signature files, to allow some degree of extensibility to the signature files by way of allowing certain variables to be defined whenever relevant signatures are triggered.

My thinking was that, by leveraging the inbuilt PHP SimpleXMLElement class, CIDRAM could look for some predefined XML boundaries in the signature files following immediately after a triggered signature and then parse the data contained within any XML boundaries found to give CIDRAM a degree of extensibility based upon the relevant signatures being triggered.

So, say for example, if we had a signature section like this:

Signatures for Foo Bar.
1.2.3.4/32 Deny Generic

We could change it to this:

Signatures for Foo Bar.
1.2.3.4/32 Deny Generic
<section>
 <tag>Foo Bar</tag>
</section>

Using the aforementioned inbuilt PHP class, we could then define "tag" (or other similar variables), which could be optionally used by CIDRAM for whatever purposes (I was thinking, in particular, this could be used to offer extended information about signatures originating from certain signature sections, and could help with the suggestion mentioned by dev-101 in #3 regarding adding a better "Why Reason" to the "Access Denied" page).

As another example:

Signatures for Foo Bar.
1.2.3.4/32 Deny Generic
<section>
 <config>
  <general>
   <emailaddr>foo@bar.com</emailaddr>
  </general>
 </config>
</section>

..Could be used to define a custom email address to be used for support tickets for in the event of any potential false positives originating from a specific signature section (for if, perhaps, the CIDRAM user doesn't want to define an email address directly in their configuration file, because they only want to offer an email to IPs from certain ISPs, etc), and we could use a similar logic to change configuration elsewhere based on triggering specific signatures (although this should be used very minimally by default, if at all, because we shouldn't be overriding defined configuration unless we absolutely must, but it could be useful for custom signatures, if the user wants to override their own configuration for specific signatures).

Would like to know what you think about this idea.

@DanielRuf @dev-101

Compatibility notes:

• The logic currently employed and described in the signature files whereby anything not recognised as a signature is interpreted as a comment (or, in other words, ignored, and thus, not interpreted at all), would no longer be entirely true, and so, this described information would likely need to be reworded; However, as I doubt many users are likely to dump XML in their signature files with the intentions of it being a comment, the proposed change could be argued as being backwards-compatible.
• Implementing this proposal shouldn't affect the format or structure of the signature files otherwise.

[DanielRuf]

Personally I like YAML more than XML as XML needs more bytes and the file could be quite big with the closing tags.

The general idea for these config values is very helpful to further customize the behavior depending on the section / signature.

http://stackoverflow.com/questions/294355/php-yaml-parsers

At least we should not make it too complicated for endusers who may not know XML or YAML.

[Maikuolan]

True, true.

YAML definitely looks like a nice option.

May end up rolling something specific for CIDRAM to support YAML, I think (at least by approximation, anyhow; the specification is rather sizable and looks a little complex to be worth the time and effort of rolling something specifically for CIDRAM that conforms to the specification perfectly, but building something to approximate the bare basics shouldn't be too hard; functionality could be extended whenever required, perhaps); spyc looks like the best option of those mentioned, but it'd be nice to be able to build something using the closure oriented coding style that CIDRAM uses (and I don't think there's anything like this in existence at the moment as far as I'm aware), and I notice that spyc hasn't been updated in a while; The other options mentioned require PECL extensions, which seems to be having a few problems at the moment with PHP => 7.

A little more work, but YAML does look like a nicer and friendlier format to work with (and seems like it would probably have less margin for error with first-time users).

[Maikuolan]

I've committed some changes just now that should allow for some very simple YAML-like things to be included in signature files (although it's not a true, proper implementation; just something basic and minimal that can be used for doing some simple per section configuration customisations).

# Example signature file excerpt.

0.0.0.0/1 Deny Generic
Tag: FOOBAR
---
general:
 logfile: TestFoo.{hh}.txt
 logfileApache: TestFoo.Apache.{hh}.txt
 logfileSerialized: TestFoo.Serial.{hh}.txt
 silent_mode: http://www.google.com.au/
 emailaddr: username@domain.tld
template_data:
 css_url: http://example.tld/assets/css

# EoF

Everything that seems to actually work correctly at the moment (as far as I can tell) is included in the above example; The various other configuration directives aren't affected by these customisations yet.