Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add pgAdmin rule exclusions plugin #9

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

flo-mic
Copy link

@flo-mic flo-mic commented Apr 2, 2022

This PR adds a 3rd party pgAdmin rule exclusion plugin to the registry. I developed this for myself but if you have interests in hosting this under the repos of coreruleset and making it an "official" plugin let me know.

Signed-off-by: Florian Michel <florianmichel@hotmail.de>
@azurit
Copy link
Member

azurit commented Apr 4, 2022

Hi @flo-mic, this looks very nice! We will review your work and discuss integration soon.

@dune73
Copy link
Member

dune73 commented Apr 22, 2022

Very nice. Thank you very much @flo-mic.

You are the the first 3rd party contributor with a plugin and I'd be very happy to have you in the registry.

This is all a bit dynamic and the moment and unfortunately this forces you to run after a moving target.

Yet, I believe things have stabilized quite much and you should be able to meet our new standard easily.

  • Please use the rule range 9516xxx rule range.
  • Please check out the dummy-plugin and how we implemented
  • Please add license information. Feel free to declare it public domain, or use Apache2, like we do.
  • Can you put an contact address in the README?
  • The plugin registry table got a new column. You will need to redo the README anyways.

Signed-off-by: Florian Michel <florianmichel@hotmail.de>
@flo-mic
Copy link
Author

flo-mic commented May 5, 2022

@dune73 What exactly do you mean with contact address? In the readme of the plugin? Have not seen such contact address in any other plugin. But for now I have also added the CONTRIBUTOR.md file as it is done on all other plugins.

Beside of the contact address I have done all suggested changes and also updated the readme of this PR. Let me know if something is missing.

@azurit
Copy link
Member

azurit commented May 7, 2022

Thanks, it looks very good! I suggest more changes:

  • copy Installation section in the README from any other plugin, for example phpMyAdmin
  • you can remove rule 9516110 (and also SecMarker) as this is now a standard feature of all plugins (rule 9516099)
  • fix indentation of chained rules, for example see phpMyAdmin
  • when using @rx, you don't need to prefix pattern with .*
  • when using @rx, you don't need to escape / (see rule 9516190)
  • BIG NOTE: with current plugin implementation, updating tx.allowed_methods, tx.allowed_request_content_type and other tx.* doesn't work, see here

Besides this and the fact that i wasn't able to test it (as i'm not using PostreSQL), i think this is a very good 3rd party plugin and i suggest to include it in the list.

@dune73
Copy link
Member

dune73 commented May 11, 2022

@flo-mic : Regarding Contact address: With the official plugins, the contact address is the CRS project. Yet with 3rd party plugins, we would like to have a contact address for inclusion.

The case could be different if your plugin would become an official plugin. This would probably need some time though, so we still need a contact address.

@fzipi
Copy link
Member

fzipi commented May 28, 2022

@flo-mic Looks like we have some conflicts now :( Can you solve them and update this PR?

@azurit
Copy link
Member

azurit commented Jan 10, 2024

@flo-mic ping.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants