[Mod-security-developers] JSON body processor

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Team

As my first attempt in contributing to mod_security I've decided to
tackle MODSEC-253, a JSON body processor. I've gone through the XML
and multipart body processors and found them apparently
straightforward. I would like some pointers on issues which I need to
address before deciding on my solution, though.

1. The XML body processor uses libxml for the actual XML parsing, I
assume adding a JSON parser library would be acceptable as well. If
so, what licenses would be acceptable?
2. XML processor offers a XPath interface for rules to match XML
contents, which is a standard, but AFAIK there is nothing equivalent
for JSON (aside from evaluating Javascript object references). What
interface would work best for the rules to gain access to the JSON
contents?
3. Are there any guidelines/rules regarding memory usage and
performance, i.e., how can if my code or the library I'm using is
performing acceptably? I know I can always benchmark/profile other
body processors and compare the results directly, but I'm looking more
towards hard numbers, if they're available.
4. Finally, do these kind of questions go into JIRA? I decided to try
the mailing list first as I did not want to add possibly irrelevant
information to the JIRA issue, but I think at least items [1] and [2]
should be registered there -- is that how it usually works?

Thanks a lot for the great work on mod_security
Ulisses

-- 
“If debugging is the process of removing software bugs, then
programming must be the process of putting them in.” - Edsger Dijkstra