|
| 1 | +# Contributing to the CRS |
| 2 | + |
| 3 | +We value third-party contributions. To keep things simple for you and us, |
| 4 | +please adhere to the following contributing guidelines. |
| 5 | + |
| 6 | +## Getting Started |
| 7 | + |
| 8 | +* You will need a [GitHub account](https://github.com/signup/free). |
| 9 | +* Submit a [ticket for your issue](https://github.com/SpiderLabs/owasp-modsecurity-crs/issues), assuming one does not already exist. |
| 10 | + * Clearly describe the issue including steps to reproduce when it is a bug. |
| 11 | + * Make sure you specify the version that you know has the issue. |
| 12 | + * Bonus points for submitting a failing test along with the ticket. |
| 13 | +* If you don't have push access, fork the repository on GitHub. |
| 14 | + |
| 15 | +## Making Changes |
| 16 | + |
| 17 | +* Please base your changes on branch ```v3.1/dev``` |
| 18 | +* Create a topic branch for your feature or bug fix. |
| 19 | +* Make commits of logical units. |
| 20 | +* Make sure your commits adhere to the rules guidelines below. |
| 21 | +* Make sure your commit messages are in the [proper format](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html): The first line of the message should have 50 characters or less, separated by a blank line from the (optional) body. The body should be wrapped at 70 characters and paragraphs separated by blank lines. Bulleted lists are also fine. |
| 22 | + |
| 23 | +## General Formatting Guidelines for rules contributions |
| 24 | + |
| 25 | + - 4 spaces per indentation level, no tabs |
| 26 | + - no trailing whitespace at EOL or trailing blank lines at EOF |
| 27 | + - comments are good, especially when they clearly explain the rule |
| 28 | + - try to adhere to a 80 character line length limit |
| 29 | + - if it is a [chained rule](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#chain), alignment should be like |
| 30 | +``` |
| 31 | + SecRule .. ..\ |
| 32 | + "...." |
| 33 | + SecRule .. ..\ |
| 34 | + "..." |
| 35 | + SecRule .. ..\ |
| 36 | + ".." |
| 37 | +``` |
| 38 | + - use quotes even if there is only one action, it improves readability (e.g use `"chain"`, not `chain`, or `"ctl:requestBodyAccess=Off"` instead of `ctl:requestBodyAccess=Off`) |
| 39 | + - always use numbers for phases, instead of names |
| 40 | + - format your `SecMarker` between double quotes, using UPPERCASE and separating words using hyphens. Examples are |
| 41 | +``` |
| 42 | + SecMarker "END-RESPONSE-959-BLOCKING-EVALUATION" |
| 43 | + SecMarker "END-REQUEST-910-IP-REPUTATION" |
| 44 | +``` |
| 45 | + - the proposed order for actions is: |
| 46 | +``` |
| 47 | + id |
| 48 | + phase |
| 49 | + disruptive-action |
| 50 | + status |
| 51 | + capture |
| 52 | + t:xxx |
| 53 | + log |
| 54 | + nolog |
| 55 | + auditlog |
| 56 | + noauditlog |
| 57 | + msg |
| 58 | + logdata |
| 59 | + tag |
| 60 | + sanitiseArg |
| 61 | + sanitiseRequestHeader |
| 62 | + sanitiseMatched |
| 63 | + sanitiseMatchedBytes |
| 64 | + ctl |
| 65 | + setenv |
| 66 | + setvar |
| 67 | + chain |
| 68 | + skip |
| 69 | + skipAfter |
| 70 | +``` |
| 71 | + |
| 72 | +FIXME: |
| 73 | + |
| 74 | +- Add rule id numbering |
| 75 | +- Add naming conventions for vars |
0 commit comments