-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request - Add NOT operator in filters #71
Comments
Hey, thanks for the suggestion! The next release of Logger++ includes a much more robust parser and grammar for the filters and includes the NOT operator. However this is still in development while I'm fixing some major bugs before the release. Thanks, |
Hey, I've released a beta release with the new grammar and various new operators and the ability to use NOT/! to invert filters. https://github.com/nccgroup/BurpSuiteLoggerPlusPlus/releases/tag/v3.11-beta If you have any issues or questions regarding its use please let me know. |
Your job is well appreciated @CoreyD97 :) I understand negating an expression is valuable, but cannot understand whats the difference between
and
maybe I'm missing something :/ |
Thank you! :) Sorry, not sure if by that question you're asking for the logical difference on why those two filters work differently, or as a design difference on why the negation has been implemented as !( ) also, so I'll answer both questions. Logically:
Design: Additionally, if you're creating large nested filters, being able to wrap a sub-filter in a negation can make the filter more readable than constructing the inverse filter. Finally, I haven't yet made it possible to do things like: Hopefully that answers your question 😃 |
Hey @CoreyD97, Thanks for your explanation. I was wondering if there was a different behavior because to me seemed the same sentence.
But it does not, right? It should return exactly the same elements with both expressions. Also, as said, it's valuable to be able to negate an entire expression but precisely the feature you commented is way more important. I mean, I can live without negating expressions but not with a contains comparison. While negating an expression it's just a matter of thinking, using the expression IN or NOT IN its a significant filter reduction, so thanks for implementing it :) |
So the two examples you provided will result in a different output as: Is there anything else you would like implementing for the filter? Thanks, |
Sorry, I did the obvious mistake inverting the operands. I pretended to have the || version. I would only add a thing, but I think this is probably a different feature request. To be able to describe filtering aliases. I would change So one may use, for example, a predefined filter e.g.
Then a reference in the filter such as If you find this interesting I can write a feature request as a different issue if you prefer it. Thanks! |
That's a great idea! :) |
Add the NOT operator to use negative expressions such as:
NOT(STATUS == "500" && RESPONSELENGTH == "25")
This expression would hide all requests with a response code 500 AND length of 25.
The text was updated successfully, but these errors were encountered: