crowdsec/pkg/waf/waap_rule/waap_rule.go

package waap_rule

import (
	"fmt"
)

/*
rules:
 - name: "test"
   and:
   	- zones:
   		- BODY_ARGS
   	  variables:
		- foo
		- bar
   	  transform:
   		- lowercase|uppercase|b64decode|...
	  match:
	    type: regex
	   	value: "[^a-zA-Z]"
	- zones:
	   - ARGS
	  variables:
	   - bla

*/

type match struct {
	Type  string `yaml:"type"`
	Value string `yaml:"value"`
}

type CustomRule struct {
	Name string `yaml:"name"`

	Zones     []string `yaml:"zones"`
	Variables []string `yaml:"variables"`

	Match     match        `yaml:"match"`
	Transform []string     `yaml:"transform"` //t:lowercase, t:uppercase, etc
	And       []CustomRule `yaml:"and,omitempty"`
	Or        []CustomRule `yaml:"or,omitempty"`
}

func (v *CustomRule) Convert(ruleType string, waapRuleName string) (string, []uint32, error) {

	if v.Zones == nil && v.And == nil && v.Or == nil {
		return "", nil, fmt.Errorf("no zones defined")
	}

	if v.Match.Type == "" && v.And == nil && v.Or == nil {
		return "", nil, fmt.Errorf("no match type defined")
	}

	if v.Match.Value == "" && v.And == nil && v.Or == nil {
		return "", nil, fmt.Errorf("no match value defined")
	}

	switch ruleType {
	case ModsecurityRuleType:
		r := ModsecurityRule{}
		return r.Build(v, waapRuleName)
	default:
		return "", nil, fmt.Errorf("unknown rule format '%s'", ruleType)
	}
}
new custom rule format 2023-10-25 16:45:49 +00:00			`package waap_rule`

			`import (`
			`"fmt"`
			`)`

			`/*`
			`rules:`
			`- name: "test"`
			`and:`
			`- zones:`
			`- BODY_ARGS`
			`variables:`
			`- foo`
			`- bar`
			`transform:`
			`- lowercase\|uppercase\|b64decode\|...`
			`match:`
			`type: regex`
			`value: "[^a-zA-Z]"`
			`- zones:`
			`- ARGS`
			`variables:`
			`- bla`

			`*/`

			`type match struct {`
			Type string `yaml:"type"`
			Value string `yaml:"value"`
			`}`

			`type CustomRule struct {`
			Name string `yaml:"name"`

			Zones []string `yaml:"zones"`
			Variables []string `yaml:"variables"`

			Match match `yaml:"match"`
			Transform []string `yaml:"transform"` //t:lowercase, t:uppercase, etc
			And []CustomRule `yaml:"and,omitempty"`
			Or []CustomRule `yaml:"or,omitempty"`
			`}`

up 2023-10-27 09:17:27 +00:00			`func (v *CustomRule) Convert(ruleType string, waapRuleName string) (string, []uint32, error) {`
new custom rule format 2023-10-25 16:45:49 +00:00
			`if v.Zones == nil && v.And == nil && v.Or == nil {`
up 2023-10-27 09:17:27 +00:00			`return "", nil, fmt.Errorf("no zones defined")`
new custom rule format 2023-10-25 16:45:49 +00:00			`}`

			`if v.Match.Type == "" && v.And == nil && v.Or == nil {`
up 2023-10-27 09:17:27 +00:00			`return "", nil, fmt.Errorf("no match type defined")`
new custom rule format 2023-10-25 16:45:49 +00:00			`}`

			`if v.Match.Value == "" && v.And == nil && v.Or == nil {`
up 2023-10-27 09:17:27 +00:00			`return "", nil, fmt.Errorf("no match value defined")`
new custom rule format 2023-10-25 16:45:49 +00:00			`}`

			`switch ruleType {`
			`case ModsecurityRuleType:`
up 2023-10-27 09:10:35 +00:00			`r := ModsecurityRule{}`
			`return r.Build(v, waapRuleName)`
new custom rule format 2023-10-25 16:45:49 +00:00			`default:`
up 2023-10-27 09:17:27 +00:00			`return "", nil, fmt.Errorf("unknown rule format '%s'", ruleType)`
new custom rule format 2023-10-25 16:45:49 +00:00			`}`
			`}`