Single JSON Output Schema #50
Comments
|
Makes sense to me. Great idea @utkonos! |
|
It's great they finally released that. Will need to take a look at its output and see if we can output the same thing. |
|
From the new repo, it looks like it's based on the Northern Lights Golang repo. |
|
This will be a feature of 3.0.0. The schema of the new JSON format is not finalized (here at least). I want it to be informed by the output from both gyp and yara-python. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After making a release announcement on Twitter, the maintainers of YARA joined the conversation and mentioned that they're writing a Go implementation of the YARA parser that will provide JSON output as an option. Also, in the same thread, I learned that there is already a Go implementation here:
https://github.com/Northern-Lights/yara-parser
I've opened an issue on their repo for this same topic here:
Northern-Lights/yara-parser#17
Here is my proposal:
Let's coordinate on one single schema for data structure and JSON output format. We can definitely have local variation, but I think having a single schema that is interoperable among all three projects is a good thing. As a first step, I can post an annotated copy of our full JSON schema along with the reasoning behind various decisions. The short term goal would be to have both annotated schemas sent over to the core YARA developers. An ideal situation would be that core adopts as much of our "unified" schema as makes sense. They would then release the official schema when ready. We would then produce JSON that conforms to that official schema. If there are fields that we can't all agree on, we would then have a flag to enable additional local/optional fields in our output.
The text was updated successfully, but these errors were encountered: