Skip to content
This repository was archived by the owner on Dec 13, 2023. It is now read-only.

Redefine WAF provisioning to include disabled rules defined in TOML file #97

Open
jwadolowski wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Redefine WAF provisioning to include disabled rules defined in TOML file #97

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ef7ca9b
Redefine WAF provisioning to include disabled rules defined in TOML file
jwadolowski Oct 10, 2019
63f362c
createOWASP is not self-contained (prepare & promote thersholds). Pat…
jwadolowski Oct 24, 2019
f13e186
Merge with upstream master branch
jwadolowski Nov 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions waflyctl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1074,8 +1074,8 @@ func rulesConfig(apiEndpoint, apiKey, serviceID, wafID string, config TOMLConfig
}
}

// DefaultRuleDisabled disables rule IDs defined in the configuration file
func DefaultRuleDisabled(apiEndpoint, apiKey, serviceID, wafID string, config TOMLConfig) {
// disabledRulesConfig disables rule IDs defined in the configuration file
func disabledRulesConfig(apiEndpoint, apiKey, serviceID, wafID string, config TOMLConfig) {

//implement individual rule management here
for _, rule := range config.DisabledRules {
Expand Down Expand Up @@ -2142,19 +2142,23 @@ func main() {
os.Exit(1)
}

// WAF provisioning eqauls to waflyctl.toml deployment
case *provision:
Warning.Println("Publisher, Rules, OWASP Settings and Tags changes are versionless actions and thus do not generate a new config version")

// Prepare WAF ruleset. Order matters - go from the widest groups (publisher/tags) to the most granular rules
publisherConfig(config.APIEndpoint, *apiKey, *serviceID, waf.ID, config)

//tags management
tagsConfig(config.APIEndpoint, *apiKey, *serviceID, waf.ID, config, *forceStatus)
//rule management
// extra rules you'd like to include, but they're not covered by publisher/tag
rulesConfig(config.APIEndpoint, *apiKey, *serviceID, waf.ID, config)
//publisher management
publisherConfig(config.APIEndpoint, *apiKey, *serviceID, waf.ID, config)
//OWASP
disabledRulesConfig(config.APIEndpoint, *apiKey, *serviceID, waf.ID, config)

// Update OWASP setttings at the very end
createOWASP(*client, *serviceID, config, waf.ID)

//patch ruleset
// Patch ruleset
if PatchRules(*serviceID, waf.ID, *client) {
Info.Println("Rule set successfully patched")

Expand Down Expand Up @@ -2190,8 +2194,8 @@ func main() {
//rule management
rulesConfig(config.APIEndpoint, *apiKey, *serviceID, wafID, config)

//Default Disabled
DefaultRuleDisabled(config.APIEndpoint, *apiKey, *serviceID, wafID, config)
//disabled rules management
disabledRulesConfig(config.APIEndpoint, *apiKey, *serviceID, wafID, config)

//Add logging conditions
// Ensure logging is defined in config and not being explicitly omitted
Expand Down