Closed hsluoyz closed 3 years ago
zimmerle
commented
4 years ago Hi @hsluoyz,
That is a very interesting question. Assuming that you want to inspect some traffic using golang, why not use a binding of the library. The library can do the heavy work of deal with the parser or even inspect some content, yet, inside golang. Is this an option?
hsluoyz
commented
4 years ago @zimmerle thanks for answering it. But it seems that I didn't find an available Go binding: https://github.com/SpiderLabs/ModSecurity#bindings
Writting a binding seems to be a tough work.. Is there any easier way to tackle this?
Update:
Go back to my original question, is the lex & yacc not working for the current ModSec 3.x branch? If it works, it should be a pretty good way to do it.
zimmerle
commented
4 years ago Hi @hsluoyz,
The lex && yacc are working fine here. They are used by ModSecurity to load the rules.
Usually, the reason to create a binding are:
It is no different for libModSecurity. Apart for parsing the rules, there is the logic applied to the rules and implementation for operators and transformations.
hsluoyz
commented
4 years ago Hi @zimmerle
Our parser code needs to run on Windows. So I guess the binding option doesn't work because it still depends on the libModSecurity lib, which is only available on Linux now. And moreover, there's no a Go binding right now. Writing an entire binding for ModSec in Go seems more difficult than writing a parser in Go from scratch.
And it seems I'm also wrong with lex && yacc, which seems only working for C/C++ ecosystem. They are not cross-language. So other langs like Go, or Java cannot generate a parser of that language from the lex && yacc sources.
airween
commented
4 years ago Hi @hsluoyz,
it's not clear what do you want to do with parsed rules :), so if you need only the AST, you can check a similar project in python3: msc_pyparser.
May be this helps you.
zimmerle
commented
3 years ago @hsluoyz write the binding should not be hard. As the the Python bindings already exists, and it is using pybind11, you can use that as a base. Check it here - https://github.com/pymodsecurity/pymodsecurity
As of the windows compilation, should be straight forward. We can try to help you to build.
I would avoid to re-write parsers or implementation. The bindings will give you all the fixies and changes of the mainstream transparently.
jcchavezs
commented
2 years ago If you are still interested, you can check http://github.com/corazawaf/coraza
We want to write a scanner & parser in Go to parse the CRS rules so we can process these rules in Go (this is our goal). I noticed there are lex and yacc files:
seclang-scanner.llandseclang-parser.yyin: https://github.com/SpiderLabs/ModSecurity/tree/v3/master/src/parserI also found the lex & yacc tools in Go:
Go lex: https://github.com/kivikakk/golex Go yacc: https://godoc.org/golang.org/x/tools/cmd/goyacc
Is this a good way to solve our problem by generating a Go scanner & parser and using these scanner & parser to parse CRS rules? Thanks.