Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.5.1 #448

Merged
merged 37 commits into from
Sep 3, 2024
Merged

4.5.1 #448

Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
a92d4e4
Fix Doc Generation
daknhh Jul 9, 2024
2d345e8
add more information
daknhh Jul 19, 2024
717a4ff
improve Docs
daknhh Jul 29, 2024
679c2cd
Updates
daknhh Aug 24, 2024
2d46a7d
Fixes
daknhh Aug 30, 2024
29e2869
eslint update
daknhh Aug 30, 2024
bcc2ada
add eslint config.js
daknhh Aug 30, 2024
c941129
linting
daknhh Aug 30, 2024
9d9267c
linting
daknhh Aug 30, 2024
12ecdcf
Linting
daknhh Aug 30, 2024
56b79b1
Linting
daknhh Aug 30, 2024
337b05f
linting
daknhh Aug 30, 2024
464e576
fix lint
daknhh Aug 30, 2024
c3e2ec3
lint
daknhh Aug 30, 2024
ca24a8e
fix
daknhh Aug 30, 2024
47f49d3
change to ManagedRuleGroupStatementProperty
daknhh Aug 30, 2024
33640d4
adjust changelog
daknhh Aug 30, 2024
aba7474
linting
daknhh Aug 30, 2024
038dc44
fix -scopeDownStatement.regexPatternSetReferenceStatement calculateC…
daknhh Aug 30, 2024
2f671a5
improve docs
daknhh Aug 30, 2024
2d8ab33
improve docs
daknhh Aug 31, 2024
ec782d5
fix lambda paths after restructure
daknhh Aug 31, 2024
a99493f
Adjust Changelog
daknhh Aug 31, 2024
5bb6532
add new tests and improve docs
daknhh Aug 31, 2024
56e2d9b
adjustname for new testrule
daknhh Aug 31, 2024
3cb5e35
Removed from the changelog because CloudFormation has not yet impleme…
daknhh Sep 2, 2024
520ef84
Removed from the changelog because CloudFormation has not yet impleme…
daknhh Sep 2, 2024
6826a3d
adjust docs for constructs
daknhh Sep 2, 2024
524dfa3
fix path to package.json
daknhh Sep 2, 2024
fd5b4e0
remove unused construct - restructure
daknhh Sep 2, 2024
70b258d
Adjust Docs
daknhh Sep 2, 2024
f4d7e57
change docs
daknhh Sep 2, 2024
b98c3e5
update docs
daknhh Sep 2, 2024
44accd5
add new test
daknhh Sep 2, 2024
1d94788
change test name
daknhh Sep 2, 2024
526b131
add icon to head of docs
daknhh Sep 2, 2024
55e5ea2
add icon to second header
daknhh Sep 2, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
change to ManagedRuleGroupStatementProperty
  • Loading branch information
daknhh committed Aug 30, 2024
commit 47f49d3ebaa8048aeebf2b458558b4aec8c4176f
2 changes: 1 addition & 1 deletion Taskfile.yml
Original file line number Diff line number Diff line change
@@ -39,7 +39,7 @@ tasks:
diff:
desc: CDK Diff
cmds:
- cdk diff
- bash -c 'source options.sh && cdk diff --toolkit-stack-name {{.TOOL_KIT_STACKNAME}}'
silent: true
interactive: true
env:
3 changes: 1 addition & 2 deletions lib/tools/helpers/cloudformation.ts
Original file line number Diff line number Diff line change
@@ -77,8 +77,7 @@ export async function getManagedRuleGroupVersionFromStack(deploymentRegion: stri
const outputValue = responseStack.Stacks?.[0]?.Outputs?.find(output => output.OutputKey === name+"Version")?.OutputValue || "";
return outputValue;
}
catch (error) {
console.error("Error getting ManagedRuleGroupVersion from CloudFormation Stack: ", error);
catch {
return undefined;
}
}
Original file line number Diff line number Diff line change
@@ -235,10 +235,10 @@ async function calculateManagedRuleGroupCapacities(type: "Pre" | "Post",deployme
managedrule.version = version;
}
}
const ruleversion = managedrule.version ?? await getcurrentManagedRuleGroupVersion(deploymentRegion, managedrule.vendor, managedrule.name, config.WebAcl.Scope);
const ruleversion = managedrule.version ?? await getcurrentManagedRuleGroupVersion(deploymentRegion, managedrule.vendorName, managedrule.name, config.WebAcl.Scope);
const capacity = await getManagedRuleCapacity(
deploymentRegion,
managedrule.vendor,
managedrule.vendorName,
managedrule.name,
config.WebAcl.Scope,
ruleversion
14 changes: 7 additions & 7 deletions lib/tools/helpers/web-application-firewall/rulegroups.ts
Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@ const subVariables : SubVariables = {};
export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: ManagedRuleGroup[], managedRuleGroupVersionProvider: cr.Provider, wafScope: string, runtimeProps: RuntimeProperties): { ServiceData: ServiceDataManagedRuleGroup[], ManagedRuleGroupInfo: string[], SubVariables: SubVariables } {
const cfnManagedRuleGroup : ServiceDataManagedRuleGroup[] = [];
for (const managedRuleGroup of managedRuleGroups) {
if(managedRuleGroup.overrideAction?.type === "COUNT"){
if(managedRuleGroup.ruleActionOverrides?.toString() === "COUNT"){
// eslint-disable-next-line quotes
guidanceHelper.getGuidance("overrideActionManagedRuleGroup", runtimeProps, managedRuleGroup.name);
}
@@ -38,26 +38,26 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups:
console.log("\nℹ️ ManagedRuleGroup " + managedRuleGroup.name + " is not versioned. Skip Custom Resource for Versioning.");
cfnManagedRuleGroup.push({
managedRuleGroupIdentifier: {
vendorName: managedRuleGroup.vendor,
vendorName: managedRuleGroup.vendorName,
managedRuleGroupName: managedRuleGroup.name,
version: undefined,
versionEnabled: undefined,
},
overrideAction: managedRuleGroup.overrideAction ? managedRuleGroup.overrideAction : { type: "NONE" },
ruleGroupArn: undefined,
excludeRules: managedRuleGroup.excludeRules ? managedRuleGroup.excludeRules : undefined,
excludeRules: managedRuleGroup.excludedRules ? managedRuleGroup.excludedRules : undefined,
ruleGroupType: "ManagedRuleGroup",
ruleActionOverrides: managedRuleGroup.ruleActionOverrides ?? undefined,
awsManagedRulesBotControlRuleSetProperty: managedRuleGroup.awsManagedRulesBotControlRuleSetProperty ?? undefined,
awsManagedRulesACFPRuleSetProperty: managedRuleGroup.awsManagedRulesACFPRuleSetProperty ?? undefined,
awsManagedRulesATPRuleSetProperty: managedRuleGroup.awsManagedRulesATPRuleSetProperty ?? undefined,
});
MANAGEDRULEGROUPSINFO.push(managedRuleGroup.name+" ["+managedRuleGroup.vendor +"]");
MANAGEDRULEGROUPSINFO.push(managedRuleGroup.name+" ["+managedRuleGroup.vendorName +"]");
}
else{
const crManagedRuleGroupanagedRuleGroupVersion = new cdk.CustomResource(scope, `Cr${managedRuleGroup.name}` , {
properties: {
VendorName: managedRuleGroup.vendor,
VendorName: managedRuleGroup.vendorName,
Name: managedRuleGroup.name,
Scope: wafScope,
ManagedRuleGroupVersion: managedRuleGroup.version,
@@ -78,7 +78,7 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups:

cfnManagedRuleGroup.push({
managedRuleGroupIdentifier: {
vendorName: managedRuleGroup.vendor,
vendorName: managedRuleGroup.vendorName,
managedRuleGroupName: managedRuleGroup.name,
version,
versionEnabled: managedRuleGroup.versionEnabled ?? undefined,
@@ -89,7 +89,7 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups:
ruleGroupType: "ManagedRuleGroup",
ruleActionOverrides: managedRuleGroup.ruleActionOverrides ?? undefined,
});
MANAGEDRULEGROUPSINFO.push(managedRuleGroup.name+" ["+managedRuleGroup.vendor +"] " + cwVersion);
MANAGEDRULEGROUPSINFO.push(managedRuleGroup.name+" ["+managedRuleGroup.vendorName +"] " + cwVersion);
}
}
return {ServiceData: cfnManagedRuleGroup, ManagedRuleGroupInfo: MANAGEDRULEGROUPSINFO, SubVariables: subVariables};
2 changes: 1 addition & 1 deletion lib/types/config.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/* eslint-disable @typescript-eslint/naming-convention */
import { Rule, ManagedRuleGroup } from "./fms";
import { aws_fms as fms, CfnTag, aws_events as events } from "aws-cdk-lib";
import { aws_fms as fms, CfnTag, aws_events as events} from "aws-cdk-lib";
import * as fwmEnums from "./enums";
import * as cdk from "aws-cdk-lib";
/**
7 changes: 1 addition & 6 deletions lib/types/fms.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
/* eslint-disable @typescript-eslint/no-explicit-any */

import { aws_wafv2 as waf } from "aws-cdk-lib";
import * as fwmEnums from "./enums";

/*
* Interface for the CustomRequestHandling
*/
@@ -77,9 +74,7 @@ type NameObject = {
/**
* Interface for the ManagedRuleGroup
*/
export interface ManagedRuleGroup {
vendor: fwmEnums.ManagedRuleGroupVendor | string,
name: fwmEnums.AwsManagedRules | string,
export interface ManagedRuleGroup extends waf.CfnWebACL.ManagedRuleGroupStatementProperty {
version?: string,
/**
* Will be automatically set using the [Check Capacity API](https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html).
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@
"watch": "tsc -w",
"test": "jest",
"cdk": "cdk",
"lint": "eslint",
"lint": "eslint .",
"preinstall": "npx only-allow npm"
},
"devDependencies": {
4 changes: 2 additions & 2 deletions values/examples/ip-sets-managed-test.ts
Original file line number Diff line number Diff line change
@@ -53,13 +53,13 @@ export const config: wafConfig = {
PostProcess: {
ManagedRuleGroups: [
{
vendor: "AWS",
vendorName: "AWS",
name: "AWSManagedRulesAmazonIpReputationList",
capacity: 25,
version: "",
},
{
vendor: "AWS",
vendorName: "AWS",
name: "AWSManagedRulesCommonRuleSet",
capacity: 700,
version: "Version_1.6",
12 changes: 6 additions & 6 deletions values/examples/owasptop10.ts
Original file line number Diff line number Diff line change
@@ -19,27 +19,27 @@ export const config: wafConfig = {
PreProcess: {
ManagedRuleGroups: [
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.AMAZON_IP_REPUTATION_LIST,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.ANONYMOUS_IP_LIST,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.BOT_CONTROL_RULE_SET,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.COMMON_RULE_SET,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.KNOWN_BAD_INPUTS_RULE_SET,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.SQLI_RULE_SET,
}
]
14 changes: 7 additions & 7 deletions values/tests/onlyManagedRuleGroups.ts
Original file line number Diff line number Diff line change
@@ -20,39 +20,39 @@ export const config: wafConfig = {
PreProcess: {
ManagedRuleGroups: [
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.AMAZON_IP_REPUTATION_LIST,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.ANONYMOUS_IP_LIST
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.BOT_CONTROL_RULE_SET,
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.COMMON_RULE_SET,
version: "Version_1.11",
versionEnabled: true,
enforceUpdate: true
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.KNOWN_BAD_INPUTS_RULE_SET,
enforceUpdate: true,
versionEnabled: false
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.SQLI_RULE_SET,
version: "Version_2.0",
versionEnabled: true,
enforceUpdate: true
},
{
vendor: ManagedRuleGroupVendor.AWS,
vendorName: ManagedRuleGroupVendor.AWS,
name: AwsManagedRules.ADMIN_PROTECTION_RULE_SET,
enforceUpdate: false,
versionEnabled: true,