Skip to content
Snippets Groups Projects
Forked from 713 / Warden / Warden - archive
Source project has a limited visibility.

Welcome to ransack

ransack is a modern, extensible language for manipulation with structured data.

Structured data --- like JSON, YAML, TOML and domain-specific formats such as IDEA --- form the backbone of many modern applications. These formats appear in configuration files, security logs, telemetry systems, and beyond.

ransack was designed to meet the increasing need for a robust and expressive language to query, filter, and inspect structured data. Whether used in Python code, as part of a log analysis tool, or as a compiler frontend for other systems, ransack provides a flexible foundation.

Why ransack?

ransack is a new implementation and improvement over existing libraries like Pynspect, which was widely used in security monitoring systems like NEMEA and Mentat. Compared to older tools, ransack:

  • supports user-defined variables
  • enables multi-argument functions
  • is extensible and modular
  • supports multiple backends (e.g., Python evaluation, SQL translation)
  • offers a clean internal architecture for future enhancements

Key features

  • a simple and expressive syntax for filters and conditions
  • support for context-aware variables and data scoping
  • predefined functions
  • support for IPv4/IPv6, datetimes, string and list manipulation
  • safe and maintainable implementation using Lark for parsing