-
-
Notifications
You must be signed in to change notification settings - Fork 389
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move utility programs out of the main coreruleset repository #3853
Comments
Do we want to keep the names? Eg. is the |
Question 1: How many of the utilities in /util are no longer useful and can simply be sunset at this time? (I couldn't see all of them listed, hence asking this question.) Question 2: How many of the utilities that we want to keep will break if they no longer live in /util? E.g. hard coded paths and similar? (E.g. it might be easier to simply sunset rather than try and rewrite/fix some of them if moving them will cause them to break?) |
In our CI workflow we use crs-check-rules script. I don't know about other tools which is used. |
I think we use is as our main linter, so I'll call this one |
Answer 1: Updated the list to cover all files and directories. Proposed removal, move and we need to know what to do with the unknowns. Answer 2: probably not much, as we call them from our ci/cd or we provide it for people to use as standalone scripts. So we can remove without looking back. |
My take where I do not agree with original proposal.
|
I'll add this to the above decision then. |
About the Moving it to a new repository would allow us to write proper python tests, and eliminate the undesired behavior that we have now that is sending a patch when something changes, and "just reading the code" to see if it works. |
You wrote above:
I think this is not a good idea. Consider someone wants to add new tag(s) into rule(s). Until now it was enough to add the new tag(s) to I vote to keep this file inside of |
Makes sense. Also, the script might not need to know which tags are approved. |
That's why there is the |
Since ages ago, probably when there was only one repo assigned in the OWASP organization, we pushed all the utilities related to CRS in the same repository as the rules.
This has lead to having lots of different tools and scripts in the same place, making it more difficult to test properly, and to perform updates on tools independent from the rules themselves.
After considering it in our October 2024 monthly chat, we decided to move away from this pattern.
The idea is then to split the tools and scripts in different repos. This will be the epic ticket to start the move.
The (updated) proposal is:
Move
rule_ctl
directory to its own repository.find-rules-without-test
as it is part of CI/CD tools #3880Add to
crs-toolchain
as featurefp-finder
👉 created fp-finder: tool to find potential false positives in data files crs-toolchain#181regexp-tricks
+ add documentationphp-dictionary-gen
add feature to crs-toolchain? move to own repo?Remove
av-scanning
from utils #3870change-version
from util #3868find-max-datalen-in-tests
#3890virtual-patching
#3888honeypot-sensor
#3882join-multiline-rules
#3876send-payload-pls.sh
#3878geo-location
#3874crs2-renumbering
#3872browser-tools
#3886verify.rb
andid-range
#3884This proposal will be updated with your comments below. Once you are satisfied, please add your 👍 here.
The text was updated successfully, but these errors were encountered: