[Bro-Dev] Configuration framework syntax proposal

Azoff, Justin S jazoff at illinois.edu
Thu Sep 21 07:30:10 PDT 2017 

> On Sep 21, 2017, at 9:18 AM, Seth Hall <seth at corelight.com> wrote:
> 
> There is just something about the idea of exposing variable names to 
> users (even if it's wrapped in a gui) that is intensely unpalatable to 
> me.  It's pretty much unheard of among other types of software.  It 
> would be like exposing internal variable names to command line programs 
> instead of abstracting it into easy flags (i.e. -a or --help)

I guess I was just thinking from my perspective, every script I would write would just have

module Foo;

export {
	## Set the threshold in bytes.
	const threshold = 1234 &config="foo.threshold";
}

And I would just be repeating the namespace + variable name for each option with no added value.  It would just become unnecessary repetition and a source of errors:

	const one = 1234 &config="foo.one;
	const two = 1234 &config="foo.tow"; #oops
	const three = 1234 &config="foo.tow"; #oops!

I say this as someone that will absolutely screw this up :-)

Maybe the design should support renaming variables for the configuration, but programmers should be strongly discouraged from renaming things unless they have a good reason from deviating from the automatic namespace + variable

> 
> or, if in 
> a gui a text entry box had a label next to it like 
> "GUI::My_Program::user_name" instead of showing "Username".

I'm not sure how exposing something like "input.pcap.filter" is any different from exposing something like "Pcap::filter" from that standpoint.  Maybe there's a larger discussion here around what the user experience should look like?  I feel like two different things are being talked about now.

Directly using variable names in UI elements is not unheard of though, a lot of UI frameworks will do things like present a variable like user_name as "User Name" in the UI.  This is usually a simple text transform like

    >>> s='My_Program::user_name'
    >>> s.replace("::", " - ").replace("_", " ").title()
    'My Program - User Name'

This way you don't end up with code that looks something like

    Args {
        user_name .. display as "User Name"
        age .. display as "Age"
        favorite_color .. display as "Favorite Color"
        favorite_food  .. display as "Favorite Food"
        pin .. display as "PIN"
    }

Instead you only need to override the display when you have a good reason to deviate from the standard underscore to space and Title Case transform:

    Args {
        user_name
        age
        favorite_color
        favorite_food
        pin .. display as "PIN"
    }


Having a bro configuration tool display something like the current SSH::password_guesses_limit as 

    SSH Password Guesses Limit
    The number of failed SSH connections before a host is designated as guessing passwords.
    Type: count
    Current Value: 30

Or Site::darknet_mode as

    Site Darknet Mode
    I just realized I didn't document the variable name itself :-)
    Type: DarknetMode enum
    Current Value: DARKNET
    Choices:
        DARKNET: Only hosts defined in darknet_address_space are dark
        NOT_ALLOCATED: Only hosts NOT listed in used_address_space are dark
        DARKNET_OR_NOT_ALLOCATED: Only hosts defined in darknet_address_space OR NOT listed in used_address_space are dar...
        DARKNET_AND_NOT_ALLOCATED: Only hosts both defined in darknet_address_space AND NOT listed in used_address...

wouldn't be crazy, and such a tool seems like it would be pretty user friendly to me.


— 
Justin Azoff

More information about the bro-dev mailing list