From 2f9a76ff0b974f7c9ca64f0a4345811cef910f4a Mon Sep 17 00:00:00 2001 From: Deepanjan Bhattacharyya <deepanjan@brightspot.com> Date: Tue, 13 Feb 2024 10:13:50 -0800 Subject: [PATCH 1/2] Add label match statement to wafv2 --- .../wafv2/LabelMatchStatementResource.java | 87 +++++++++++++++++++ .../gyro/aws/wafv2/StatementResource.java | 30 ++++++- 2 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java diff --git a/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java b/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java new file mode 100644 index 000000000..fd728327c --- /dev/null +++ b/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java @@ -0,0 +1,87 @@ +/* + * Copyright 2024, Brightspot. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package gyro.aws.wafv2; + +import gyro.aws.Copyable; +import gyro.core.resource.Diffable; +import gyro.core.validation.Required; +import gyro.core.validation.ValidStrings; +import software.amazon.awssdk.services.wafv2.model.LabelMatchScope; +import software.amazon.awssdk.services.wafv2.model.LabelMatchStatement; + +public class LabelMatchStatementResource extends Diffable implements Copyable<LabelMatchStatement> { + + private LabelMatchScope scope; + private String key; + private String label; + + /** + * The part of the web request that you want AWS WAF to inspect. + */ + @Required + @ValidStrings({ "LABEL", "NAMESPACE" }) + public LabelMatchScope getScope() { + return scope; + } + + public void setScope(LabelMatchScope scope) { + this.scope = scope; + } + + /** + * The value that you want AWS WAF to search for. + */ + @Required + public String getKey() { + return key; + } + + public void setKey(String key) { + this.key = key; + } + + /** + * The label that you want AWS WAF to search for. + */ + @Required + public String getLabel() { + return label; + } + + public void setLabel(String label) { + this.label = label; + } + + @Override + public String primaryKey() { + return String.format("label match statement - '%s'", getScope()); + } + + @Override + public void copyFrom(LabelMatchStatement labelMatchStatement) { + setScope(labelMatchStatement.scope()); + setKey(labelMatchStatement.key()); + } + + LabelMatchStatement toLabelMatchStatement() { + return LabelMatchStatement.builder() + .scope(getScope()) + .key(getKey()) + .build(); + } + +} diff --git a/src/main/java/gyro/aws/wafv2/StatementResource.java b/src/main/java/gyro/aws/wafv2/StatementResource.java index 7c56873e6..816b80f46 100644 --- a/src/main/java/gyro/aws/wafv2/StatementResource.java +++ b/src/main/java/gyro/aws/wafv2/StatementResource.java @@ -39,6 +39,7 @@ public class StatementResource extends Diffable implements Copyable<Statement> { private SizeConstraintStatementResource sizeConstraintStatement; private SqliMatchStatementResource sqliMatchStatement; private XssMatchStatementResource xssMatchStatement; + private LabelMatchStatementResource labelMatchStatement; private RateBasedStatementResource rateBasedStatement; private ManagedRuleGroupStatementResource managedRuleGroupStatement; private RuleGroupReferenceStatementResource ruleGroupReferenceStatement; @@ -173,6 +174,19 @@ public void setXssMatchStatement(XssMatchStatementResource xssMatchStatement) { this.xssMatchStatement = xssMatchStatement; } + /** + * Label match statement configuration. + * + * @subresource gyro.aws.wafv2.LabelMatchStatementResource + */ + public LabelMatchStatementResource getLabelMatchStatement() { + return labelMatchStatement; + } + + public void setLabelMatchStatement(LabelMatchStatementResource labelMatchStatement) { + this.labelMatchStatement = labelMatchStatement; + } + /** * Rate based statement configuration. * @@ -286,6 +300,13 @@ public void copyFrom(Statement statement) { setXssMatchStatement(xssMatchStatement); } + setLabelMatchStatement(null); + if (statement.labelMatchStatement() != null) { + LabelMatchStatementResource labelMatchStatement = newSubresource(LabelMatchStatementResource.class); + labelMatchStatement.copyFrom(statement.labelMatchStatement()); + setLabelMatchStatement(labelMatchStatement); + } + setRateBasedStatement(null); if (statement.rateBasedStatement() != null) { RateBasedStatementResource rateBasedStatement = newSubresource(RateBasedStatementResource.class); @@ -335,6 +356,8 @@ Statement toStatement() { builder = builder.xssMatchStatement(getXssMatchStatement().toXssMatchStatement()); } else if (getRateBasedStatement() != null) { builder = builder.rateBasedStatement(getRateBasedStatement().toRateBasedStatement()); + } else if (getLabelMatchStatement() !=null) { + builder = builder.labelMatchStatement(getLabelMatchStatement().toLabelMatchStatement()); } else if (getManagedRuleGroupStatement() != null) { builder = builder.managedRuleGroupStatement(getManagedRuleGroupStatement().toManagedRuleGroupStatement()); } else if (getRuleGroupReferenceStatement() != null) { @@ -359,6 +382,7 @@ public List<ValidationError> validate(Set<String> configuredFields) { getSizeConstraintStatement(), getSqliMatchStatement(), getXssMatchStatement(), + getLabelMatchStatement(), getRateBasedStatement(), getManagedRuleGroupStatement(), getRuleGroupReferenceStatement()) @@ -373,7 +397,7 @@ public List<ValidationError> validate(Set<String> configuredFields) { "One and only one of [ 'and-statement', 'not-statement', 'or-statement', 'byte-match-statement'," + "'geo-match-statement', 'ip-set-reference-statement', 'regex-pattern-set-reference-statement'," + "'size-constraint-statement', 'sqli-match-statement', 'xss-match-statement'," - + "'rate-based-statement', 'managed-rule-group-statement' or 'rule-group-reference-statement' ] " + + "'rate-based-statement', 'label-match-statement', 'managed-rule-group-statement' or 'rule-group-reference-statement' ] " + "is required")); } @@ -403,6 +427,8 @@ private String findStatementType() { type = "sql injection match"; } else if (getXssMatchStatement() != null) { type = "xss match"; + } else if (getLabelMatchStatement() != null) { + type = "label match"; } else if (getRateBasedStatement() != null) { type = "rate based"; } else if (getManagedRuleGroupStatement() != null) { @@ -437,6 +463,8 @@ private String findStatementDetailPrimaryKey() { key = getSqliMatchStatement().primaryKey(); } else if (getXssMatchStatement() != null) { key = getXssMatchStatement().primaryKey(); + } else if (getLabelMatchStatement() != null) { + key = getLabelMatchStatement().primaryKey(); } else if (getRateBasedStatement() != null) { key = getRateBasedStatement().primaryKey(); } else if (getManagedRuleGroupStatement() != null) { From 4ddc43a6fb0f2b995da6f0b73d290d3709ba1f83 Mon Sep 17 00:00:00 2001 From: Deepanjan Bhattacharyya <deepanjan@brightspot.com> Date: Thu, 22 Feb 2024 11:30:47 -0800 Subject: [PATCH 2/2] Remove unused label --- .../gyro/aws/wafv2/LabelMatchStatementResource.java | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java b/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java index fd728327c..29ed47a94 100644 --- a/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java +++ b/src/main/java/gyro/aws/wafv2/LabelMatchStatementResource.java @@ -27,7 +27,6 @@ public class LabelMatchStatementResource extends Diffable implements Copyable<La private LabelMatchScope scope; private String key; - private String label; /** * The part of the web request that you want AWS WAF to inspect. @@ -54,18 +53,6 @@ public void setKey(String key) { this.key = key; } - /** - * The label that you want AWS WAF to search for. - */ - @Required - public String getLabel() { - return label; - } - - public void setLabel(String label) { - this.label = label; - } - @Override public String primaryKey() { return String.format("label match statement - '%s'", getScope());