xml / json parsers

Hi all,
Has anyone out there written a generic xml and/or json parser for Bro? I didn't see anything like that in the base or contributed scripts.


Hi Dan,

yes and no. "No" because not in the traditional sense of manually
writing a parser. "Yes" because there's what I think is a very cool
piece for analyzing XML: we have an exerimental analyzer that
performs live xqueries: it looks for XML documents going over there
wire and then performs customizable queries to extract interesting
stuff; the results of the queries are then *automatically* turned
into events, for which which you can then write Bro script handlers
for further processing.

If you want to give it a try, you can find the analyzer in my work
branch (see CHANGES.features there). It is however indeed quite
experimental. The basic functionality is there and should be
working[1] but the main open question is performance: I have no idea
whether the XML libraries it uses are sufficientlt efficient for
realistic online operation. Nobody has really looked into that yet.
(The analyzer doens't have a maintainer anymore as the person who
wrote it has moved on to other things).


[1] Hhaven't tried it in a while though; it pulls in these huge XML
libraries, and I remember some trouble gettting it to compile with
updated versions; that might take a few cycles again assuming
further library updates have come out in the meantime.