README

A 1:1 PHP port of msc_pyparser (ModSecurity SecRule parser) with JSON output.

Features
Requirements
Installation
Quick Start
- As a Library
- From the CLI
Usage
- Parsing a Single File
- Parsing a Directory
API Reference
Contributing
License

Features

Full fidelity to the original Python implementation: all variables, operators, actions, quoting rules, chaining logic, and error reporting are preserved exactly.
JSON output instead of YAML—no extra dependencies.
PSR-4 compliant, installable via Composer.
CLI tool for rapid testing and integration in scripts or CI.

Requirements

PHP 7.4 or higher
psr/log (optional, for logging)

Installation

composer require stardothosting/secrule-parser

Quick Start

As a Library

<?php

require 'vendor/autoload.php';

use StardotHosting\SecRuleParser\Parser;

// Parse a single rules file into a PHP array
$parser = new Parser();
$rules  = $parser->parseFile(__DIR__ . '/REQUEST-920-PROTOCOL-ENFORCEMENT.conf');

// Output pretty JSON
echo json_encode($rules, JSON_PRETTY_PRINT), "
";

Note:
The parser now returns a nested array structure:

Each top-level element is a group of rules (e.g., a main rule and its chained children).

Each group is an array of one or more rules, preserving the original chaining and grouping from the ModSecurity config.

To get a flat list of all rules (e.g., for searching by ID), you may need to recursively flatten the array.

From the CLI

# Parse one file and print JSON to stdout
vendor/bin/secrule-parser /path/to/my.conf --stdout

# Parse all .conf files in a directory, writing .json files to ./out/
vendor/bin/secrule-parser /path/to/rules/ ./out/

# Show help
vendor/bin/secrule-parser -h

Usage

Parsing a Single File

use StardotHosting\SecRuleParser\Parser;

$parser = new Parser();
$rules = $parser->parseFile('/path/to/rules.conf');
print_r($rules); // $rules is a nested array of rule groups

Parsing a Directory

$allRules = [];
foreach (glob('/etc/modsecurity/rules/*.conf') as $file) {
    $allRules[$file] = (new \StardotHosting\SecRuleParser\Parser())
        ->parseFile($file); // Each file returns a nested array of rule groups
}

API Reference

`Parser::parseFile(string $path): array`

Reads and parses the given .conf file.
Returns a nested array of rule groups. Each group is an array of one or more rules (for chained rules, the group contains the main rule and its chained children).
Throws \RuntimeException on read error or parse exception.

`Parser::parse(string $input, string $filename = '<string>'): array`

Parses a raw ruleset string.
Returns a nested array of rule groups (see above).

Contributing

Fork the repository
Create your feature branch (git checkout -b feature/YourFeature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin feature/YourFeature)
Open a Pull Request

Please follow PSR-12 coding standards and provide unit tests for any new parsing rules.

License

This project is licensed under the GPL-3.0-or-later. See the LICENSE file for details.
Ported from the original msc_pyparser by Ervin Hegedüs (GPL-3.0).

Breaking Changes in v3.0.1 (2024-06-07)

Parser output is now a nested array of rule groups.
- Each group is an array of one or more rules, preserving ModSecurity's chaining/grouping.
- If you need a flat list of rules, you must flatten the array yourself.
Test suite updated to recursively flatten the output for ID checks.
(Also see v3.0.0 changes below.)

Breaking Changes in v3.0.0 (2024-06-06)

Namespace changed to StardotHosting\SecRuleParser\
Composer package renamed to stardothosting/secrule-parser
Minimum PHP version is now 7.4
Old namespaces and package names are no longer supported

stardothosting/modsecurity-parser

包简介

README 文档