Description
Motivation
We need more input from new contributors. Currently, we are relying more and more on a lot of internal and external tools to write our rules. Not everybody may know them, while they are so helpful to create better rules.
I think we should have something like a "Great tools for rule writers" page to bring the rule writing practices from the 2000s to the 2020s.
And maybe even end with a full-fledged "rule writing walkthrough" that strings all the tools together to create a sample rule (could be moved to a separate issue if we want to do that).
Proposed solution
At least, we could make a list of useful tools and links to them.
For example:
- CRS-toolchain (would link to our own upcoming documentation page about the new regexp assembler)
- go-ftw (link to our own upcoming documentation)
- https://regex101.com - This is essential
- https://onecompiler.com/mysql - live running MySQL commands (great site btw)
- https://onecompiler.com/mongodb - live running MongoDB commands
- https://sqliteonline.com - live running SQLite commands
- https://onecompiler.com/redis - live running Redis commands
- ...anything else that you love?
At best we could have the list, and also create a 'walkthrough' for creating a rule that goes from:
- a payload
- to one of the online IDEs above to play with payload variances and backend behavior with regards to spacing, comments, etc.
- to thinking of a regexp
- to making and testing it in regex101
- when to modify an existing rule and when to create a new rule (which should be somewhat discouraged unless it's really a new attack technique.)
- then to create a regexp-assemble data file
- generate the rule with crs-toolchain
- testing the rule (link to our own upcoming documentation on go-ftw)
Alternatives
Karel always just does a web search for 'execute postgres online'. But there's a bigger chance that people might give up.
Additional context
N/A