Add ModSecurity secrule language

[fzipi]

ModSecurity Rules language is a DSL for creating security policies. https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Rules-Language-Porting-Specification. Released under the Apache2 License.

Signed-off-by: Felipe Zipitria felipe.zipitria@owasp.org

Description

Adding ModSecurity Rules DSL language.

Checklist:

• I am associating a language with a new file extension.

  • The new extension is used in hundreds of repositories on GitHub.com
    • Search results for each extension:
      • https://github.com/search?utf8=%E2%9C%93&type=Code&ref=searchresults&q=extension%3AFOOBAR+KEYWORDS+NOT+nothack
  • I have included a real-world usage sample for all extensions added in this PR:
    • Sample source(s):
      • [URL to each sample source, if applicable]
    • Sample license(s):
  • I have included a change to the heuristics to distinguish my language from others using the same extension.

• I am adding a new language.

  • The extension of the new language is used in hundreds of repositories on GitHub.com.
    • Search results for each extension:
      • https://github.com/search?q=extension%3Aconf+SecRule+SecAction&type=Repositories&ref=advsearch&l=&l=
  • I have included a real-world usage sample for all extensions added in this PR:
    • Sample source(s):
      • https://github.com/coreruleset/coreruleset/tree/v3.4/dev/rules
    • Sample license(s): Apache2
  • I have included a syntax highlighting grammar: https://github.com/irvinlim/vscode-language-modsecurity
  • I have updated the heuristics to distinguish my language from others using the same extension.

• I am fixing a misclassified language

  • I have included a new sample for the misclassified language:
    • Sample source(s):
      • [URL to each sample source, if applicable]
    • Sample license(s):
  • I have included a change to the heuristics to distinguish my language from others using the same extension.

• I am changing the source of a syntax highlighting grammar

  • Old: [URL to grammar repo]
  • New: [URL to grammar repo]

• I am updating a grammar submodule

• I am adding new or changing current functionality

  • I have added or updated the tests for the new or changed functionality.

• I am changing the color associated with a language

  • I have obtained agreement from the wider language community on this color change.
    • [URL to public discussion]
    • [Optional: URL to official branding guidelines for the language]

[fzipi]

Hi @lildude! Can you help me test the Bayesian classifier for this language?

[lildude]

Holy smokes!!! We don't need that many samples. especially when most of the content of each is commented out.

Please reduce the number of samples to the 2-4 most representative of the langauge; the lighter on comments, the better.

Hi @lildude! Can you help me test the Bayesian classifier for this language?

Ensure you keep at least two of the most representative samples and the classifier test will do a good job of assessing the classifier.

That said, this isn't going to be of any use as this is the first addition of .conf to Linguist which means every .conf on the whole of GitHub which isn't already covered by an explicit filename will be classified as this langauge.

To get around this, you'll need to add .conf to the generic.yml file and add a heuristic that will only match these files.

[lildude]

Usage is a little low for inclusion right now from your search results, even when considering our temporarily relaxed rules.

[lildude]

Oh yes, and you appear to have forgotten to commit the cached license file which would have been generated for the grammar when you ran script/add-grammar. Please add this to the PR too.

[fzipi]

So, better to close this one and try again when popularity increases?

[lildude]

So, better to close this one and try again when popularity increases?

Its up to you. We've got quite a few PRs open pending popularity. If you anticipate this increasing in the not too distant future (currently at 1480 files), then we can keep it open. I'll keep checking everytime I make a new release.

If you don't anticipate popularity to increase soon, then you can close it now and re-open it later when you've found the popularity has increased.

[fzipi]

Well, this language is at least 10 years old. So I don't think it will suddenly increase popularity that much 😄 . Closing for better times in the future.