duo-labs/parliament

Feature: Command-line filters

Open

#59 opened on Jan 16, 2020

View on GitHub
 (0 comments) (1 reaction) (0 assignees)Python (954 stars) (88 forks)batch import
enhancementgood first issuelow_priority

Description

Mentioned in #57, @kmcquade raised the idea of having filtering at the command-line such as:

parliament --exclude informational,community,whatevergroup

Right now, you can specify --minimum_severity INFO

Each rule I have been giving a grouping, such as group: INVALID. Currently, these aren't used for anything. I could rename this to tag and allow multiple tags. I could also have the exclude be able to work off of the key, severity, and these tags. I think it make sense to keep this as a basic list and not try to do any logic (ex. don't worry about "If informational AND community". If someone wants more advanced logic they can just output as json and run it through jq or something else for more logic.

Contributor guide

Tech stack
python
Domain
clisecurity
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
Python programmingCLI design
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Look at the existing CLI implementation in the codebase, likely in a file like `parliament/cli.py` or similar. Review the referenced issue #57 for context. Examine how ` minimum severity` flag is implemented to understand the pattern. Consider how to add ` exclude` flag that takes a list of rule keys or tags. The maintainer suggested using 'tag' field on rules; investigate how rules are structured. No linked PRs exist.