Skip to content

feat(docs): Expose tooling for rule developers #73

Open
@lifeforms

Description

@lifeforms

Motivation

We need more input from new contributors. Currently, we are relying more and more on a lot of internal and external tools to write our rules. Not everybody may know them, while they are so helpful to create better rules.

I think we should have something like a "Great tools for rule writers" page to bring the rule writing practices from the 2000s to the 2020s.

And maybe even end with a full-fledged "rule writing walkthrough" that strings all the tools together to create a sample rule (could be moved to a separate issue if we want to do that).

Proposed solution

At least, we could make a list of useful tools and links to them.

For example:

At best we could have the list, and also create a 'walkthrough' for creating a rule that goes from:

  • a payload
  • to one of the online IDEs above to play with payload variances and backend behavior with regards to spacing, comments, etc.
  • to thinking of a regexp
  • to making and testing it in regex101
  • when to modify an existing rule and when to create a new rule (which should be somewhat discouraged unless it's really a new attack technique.)
  • then to create a regexp-assemble data file
  • generate the rule with crs-toolchain
  • testing the rule (link to our own upcoming documentation on go-ftw)

Alternatives

Karel always just does a web search for 'execute postgres online'. But there's a bigger chance that people might give up.

Additional context

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions