From 8b758a58308a456ce561a700cb6d6aad07a07fd1 Mon Sep 17 00:00:00 2001 From: alphadev4 Date: Fri, 26 Jan 2024 18:29:17 +0500 Subject: [PATCH 1/8] Azure/AKS-Host-Based-Encryption --- exports.js | 1 + .../agMaxRequestBodySize.js | 66 +++++++++ .../agMaxRequestBodySize.spec.js | 134 ++++++++++++++++++ 3 files changed, 201 insertions(+) create mode 100644 plugins/azure/applicationGateway/agMaxRequestBodySize.js create mode 100644 plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js diff --git a/exports.js b/exports.js index 8bbe47f69a..9dd74474e9 100644 --- a/exports.js +++ b/exports.js @@ -1010,6 +1010,7 @@ module.exports = { 'agSslPolicy' : require(__dirname + '/plugins/azure/applicationGateway/agSslPolicy'), 'agPreventionModeEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agPreventionModeEnabled.js'), 'agRequestBodyInspection' : require(__dirname + '/plugins/azure/applicationGateway/agRequestBodyInspection'), + 'agMaxRequestBodySize' : require(__dirname + '/plugins/azure/applicationGateway/agMaxRequestBodySize.js'), 'subscriptionHasTags' : require(__dirname + '/plugins/azure/subscription/subscriptionHasTags.js'), diff --git a/plugins/azure/applicationGateway/agMaxRequestBodySize.js b/plugins/azure/applicationGateway/agMaxRequestBodySize.js new file mode 100644 index 0000000000..af89817212 --- /dev/null +++ b/plugins/azure/applicationGateway/agMaxRequestBodySize.js @@ -0,0 +1,66 @@ +const async = require('async'); +const helpers = require('../../../helpers/azure'); + +module.exports = { + title: 'Application Gateway Max Request Body', + category: 'Application Gateway', + domain: 'Network Access Control', + description: 'Ensures that Application Gateway WAF policy have desired request body size configured.', + more_info: 'Application Gateway WAF policy includes a maximum request body size field, specified in kilobytes. This setting controls the overall request size limit, excluding any file uploads. Configuring an appropriate value for this field is crucial for optimizing security and performance.', + recommended_action: 'Modify application gateway WAF policy, enable request body inspection and set the desired request body size.', + link: 'https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits', + apis: ['wafPolicies:listAll'], + settings: { + max_request_body_size: { + name: 'Max request body size', + description: 'The default value for request body size is 128.', + regex: '^(12[8-9]|1[3-9]{1,2}|2000)$', + default: '128', + }, + }, + run: function(cache, settings, callback) { + const results = []; + const source = {}; + const locations = helpers.locations(settings.govcloud); + var config = { + max_request_body_size: settings.max_request_body_size || this.settings.max_request_body_size.default, + }; + + async.each(locations.wafPolicies, (location, rcb) => { + + var wafPolicies = helpers.addSource(cache, source, + ['wafPolicies', 'listAll', location]); + + if (!wafPolicies) return rcb(); + + if (wafPolicies.err || !wafPolicies.data) { + helpers.addResult(results, 3, 'Unable to query for Application Gateway WAF policies: ' + helpers.addError(wafPolicies), location); + return rcb(); + } + if (!wafPolicies.data.length) { + helpers.addResult(results, 0, 'No existing WAF policies found', location); + return rcb(); + } + + for (let policy of wafPolicies.data) { + if (!policy.id) continue; + var maxRequestBodySize = config.max_request_body_size; + var bodyInspection = policy.policySettings && policy.policySettings.requestBodyCheck ? policy.policySettings.requestBodyCheck : false; + if (bodyInspection) { + if (policy.policySettings && policy.policySettings.maxRequestBodySizeInKb && policy.policySettings.maxRequestBodySizeInKb >= maxRequestBodySize) { + helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${maxRequestBodySize}`, location, policy.id); + } else { + helpers.addResult(results, 2, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is less than ${maxRequestBodySize}`, location, policy.id); + } + } else { + helpers.addResult(results, 0, 'Request Body Inspection is not enabled for WAF policy', location, policy.id); + } + + } + + rcb(); + }, function() { + callback(null, results, source); + }); + } +}; diff --git a/plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js b/plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js new file mode 100644 index 0000000000..a375317685 --- /dev/null +++ b/plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js @@ -0,0 +1,134 @@ +var expect = require('chai').expect; +var agMaxRequestBodySize = require('./agMaxRequestBodySize.js'); + +const wafPolicy = [ + { + "name": 'test-vnet', + "id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', + "type": 'Microsoft.Network/waf', + "tags": { "key": "value" }, + "location": 'eastus', + "provisioningState": 'Succeeded', + "virtualNetworkPeerings": [], + "enableDdosProtection": true, + "policySettings":{ + "mode": "prevention", + "requestBodyCheck": true, + "maxRequestBodySizeInKb": 128 + } + }, + { + "name": 'test-vnet', + "id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', + "type": 'Microsoft.Network/waf', + "tags": {}, + "location": 'eastus', + "provisioningState": 'Succeeded', + "virtualNetworkPeerings": [], + "enableDdosProtection": false, + "policySettings":{ + "mode": "prevention", + "requestBodyCheck": true, + "maxRequestBodySizeInKb": 200 + + } + }, + { + "name": 'test-vnet', + "id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies', + "type": 'Microsoft.Network/waf', + "tags": {}, + "location": 'eastus', + "provisioningState": 'Succeeded', + "virtualNetworkPeerings": [], + "enableDdosProtection": false, + "policySettings":{ + "mode": "prevention", + "requestBodyCheck": false, + "maxRequestBodySizeInKb": 128 + + } + }, +]; + +const createCache = (waf) => { + return { + wafPolicies: { + listAll: { + 'eastus': { + data: waf + } + } + } + }; +}; + +const createErrorCache = () => { + return { + wafPolicies: { + listAll: { + 'eastus': {} + } + } + }; +}; + +describe('agMaxRequestBodySize', function() { + describe('run', function() { + it('should give passing result if no WAF policy found', function(done) { + const cache = createCache([]); + agMaxRequestBodySize.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].message).to.include('No existing WAF policies found'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give unknown result if Unable to query for WAF policy', function(done) { + const cache = createErrorCache(); + agMaxRequestBodySize.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(3); + expect(results[0].message).to.include('Unable to query for Application Gateway WAF policies'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give passing result if Application gateway WAF policy does not have request body inspection enabled', function(done) { + const cache = createCache([wafPolicy[2]]); + agMaxRequestBodySize.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].message).to.include('Request Body Inspection is not enabled for WAF policy'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give passing result if Application gateway WAF policy has max request body size of 128 - without setting', function(done) { + const cache = createCache([wafPolicy[0]]); + agMaxRequestBodySize.run(cache, {}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(0); + expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 128'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + it('should give failing result if Application gateway WAF policy has max request body size less than 500 - with setting', function(done) { + const cache = createCache([wafPolicy[1]]); + agMaxRequestBodySize.run(cache, {max_request_body_size: 500}, (err, results) => { + expect(results.length).to.equal(1); + expect(results[0].status).to.equal(2); + expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 200 which is less than 500'); + expect(results[0].region).to.equal('eastus'); + done(); + }); + }); + + }); +}); \ No newline at end of file From ecb2bc2298880b106e314775bb2b5cf17bdc575a Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Fri, 26 Jan 2024 21:02:13 +0500 Subject: [PATCH 2/8] Update plugins/azure/applicationGateway/agMaxRequestBodySize.js Co-authored-by: mehakseedat63 <87388442+mehakseedat63@users.noreply.github.com> --- plugins/azure/applicationGateway/agMaxRequestBodySize.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/azure/applicationGateway/agMaxRequestBodySize.js b/plugins/azure/applicationGateway/agMaxRequestBodySize.js index af89817212..95ffb0ae2d 100644 --- a/plugins/azure/applicationGateway/agMaxRequestBodySize.js +++ b/plugins/azure/applicationGateway/agMaxRequestBodySize.js @@ -2,7 +2,7 @@ const async = require('async'); const helpers = require('../../../helpers/azure'); module.exports = { - title: 'Application Gateway Max Request Body', + title: 'Application Gateway Request Body Size', category: 'Application Gateway', domain: 'Network Access Control', description: 'Ensures that Application Gateway WAF policy have desired request body size configured.', From 9ce76ac636729417acfc042de23f0152ab54e86b Mon Sep 17 00:00:00 2001 From: alphadev4 <113519745+alphadev4@users.noreply.github.com> Date: Fri, 26 Jan 2024 21:02:49 +0500 Subject: [PATCH 3/8] Apply suggestions from code review Co-authored-by: mehakseedat63 <87388442+mehakseedat63@users.noreply.github.com> --- plugins/azure/applicationGateway/agMaxRequestBodySize.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/azure/applicationGateway/agMaxRequestBodySize.js b/plugins/azure/applicationGateway/agMaxRequestBodySize.js index 95ffb0ae2d..e87f0d71ef 100644 --- a/plugins/azure/applicationGateway/agMaxRequestBodySize.js +++ b/plugins/azure/applicationGateway/agMaxRequestBodySize.js @@ -7,12 +7,12 @@ module.exports = { domain: 'Network Access Control', description: 'Ensures that Application Gateway WAF policy have desired request body size configured.', more_info: 'Application Gateway WAF policy includes a maximum request body size field, specified in kilobytes. This setting controls the overall request size limit, excluding any file uploads. Configuring an appropriate value for this field is crucial for optimizing security and performance.', - recommended_action: 'Modify application gateway WAF policy, enable request body inspection and set the desired request body size.', + recommended_action: 'Modify application gateway WAF policy and set the max body size to desired value.', link: 'https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits', apis: ['wafPolicies:listAll'], settings: { max_request_body_size: { - name: 'Max request body size', + name: 'Max Request Body Size', description: 'The default value for request body size is 128.', regex: '^(12[8-9]|1[3-9]{1,2}|2000)$', default: '128', From a053f439bf67fd26199d1027c3c2b00a77603290 Mon Sep 17 00:00:00 2001 From: alphadev4 Date: Fri, 26 Jan 2024 21:12:46 +0500 Subject: [PATCH 4/8] Azure/Ag-Request-Body-Size --- exports.js | 2 +- ...axRequestBodySize.js => agRequestBodySize.js} | 4 ++-- ...odySize.spec.js => agRequestBodySize.spec.js} | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) rename plugins/azure/applicationGateway/{agMaxRequestBodySize.js => agRequestBodySize.js} (91%) rename plugins/azure/applicationGateway/{agMaxRequestBodySize.spec.js => agRequestBodySize.spec.js} (89%) diff --git a/exports.js b/exports.js index 9dd74474e9..330b47a64e 100644 --- a/exports.js +++ b/exports.js @@ -1010,7 +1010,7 @@ module.exports = { 'agSslPolicy' : require(__dirname + '/plugins/azure/applicationGateway/agSslPolicy'), 'agPreventionModeEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agPreventionModeEnabled.js'), 'agRequestBodyInspection' : require(__dirname + '/plugins/azure/applicationGateway/agRequestBodyInspection'), - 'agMaxRequestBodySize' : require(__dirname + '/plugins/azure/applicationGateway/agMaxRequestBodySize.js'), + 'agRequestBodySize' : require(__dirname + '/plugins/azure/applicationGateway/agRequestBodySize.js'), 'subscriptionHasTags' : require(__dirname + '/plugins/azure/subscription/subscriptionHasTags.js'), diff --git a/plugins/azure/applicationGateway/agMaxRequestBodySize.js b/plugins/azure/applicationGateway/agRequestBodySize.js similarity index 91% rename from plugins/azure/applicationGateway/agMaxRequestBodySize.js rename to plugins/azure/applicationGateway/agRequestBodySize.js index e87f0d71ef..18986cddca 100644 --- a/plugins/azure/applicationGateway/agMaxRequestBodySize.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.js @@ -13,7 +13,7 @@ module.exports = { settings: { max_request_body_size: { name: 'Max Request Body Size', - description: 'The default value for request body size is 128.', + description: 'The default value for request body size is 128 KB. The setting checks for request body size and produces pass result if it is greater than or equal to the desired value.', regex: '^(12[8-9]|1[3-9]{1,2}|2000)$', default: '128', }, @@ -48,7 +48,7 @@ module.exports = { var bodyInspection = policy.policySettings && policy.policySettings.requestBodyCheck ? policy.policySettings.requestBodyCheck : false; if (bodyInspection) { if (policy.policySettings && policy.policySettings.maxRequestBodySizeInKb && policy.policySettings.maxRequestBodySizeInKb >= maxRequestBodySize) { - helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${maxRequestBodySize}`, location, policy.id); + helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is greater than or equal to ${maxRequestBodySize}`, location, policy.id); } else { helpers.addResult(results, 2, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is less than ${maxRequestBodySize}`, location, policy.id); } diff --git a/plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js b/plugins/azure/applicationGateway/agRequestBodySize.spec.js similarity index 89% rename from plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js rename to plugins/azure/applicationGateway/agRequestBodySize.spec.js index a375317685..d1fcd7deaf 100644 --- a/plugins/azure/applicationGateway/agMaxRequestBodySize.spec.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.spec.js @@ -1,5 +1,5 @@ var expect = require('chai').expect; -var agMaxRequestBodySize = require('./agMaxRequestBodySize.js'); +var agRequestBodySize = require('./agRequestBodySize.js'); const wafPolicy = [ { @@ -73,11 +73,11 @@ const createErrorCache = () => { }; }; -describe('agMaxRequestBodySize', function() { +describe('agRequestBodySize', function() { describe('run', function() { it('should give passing result if no WAF policy found', function(done) { const cache = createCache([]); - agMaxRequestBodySize.run(cache, {}, (err, results) => { + agRequestBodySize.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); expect(results[0].message).to.include('No existing WAF policies found'); @@ -88,7 +88,7 @@ describe('agMaxRequestBodySize', function() { it('should give unknown result if Unable to query for WAF policy', function(done) { const cache = createErrorCache(); - agMaxRequestBodySize.run(cache, {}, (err, results) => { + agRequestBodySize.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(3); expect(results[0].message).to.include('Unable to query for Application Gateway WAF policies'); @@ -99,7 +99,7 @@ describe('agMaxRequestBodySize', function() { it('should give passing result if Application gateway WAF policy does not have request body inspection enabled', function(done) { const cache = createCache([wafPolicy[2]]); - agMaxRequestBodySize.run(cache, {}, (err, results) => { + agRequestBodySize.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); expect(results[0].message).to.include('Request Body Inspection is not enabled for WAF policy'); @@ -110,10 +110,10 @@ describe('agMaxRequestBodySize', function() { it('should give passing result if Application gateway WAF policy has max request body size of 128 - without setting', function(done) { const cache = createCache([wafPolicy[0]]); - agMaxRequestBodySize.run(cache, {}, (err, results) => { + agRequestBodySize.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 128'); + expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 128 which is greater than or equal to 128'); expect(results[0].region).to.equal('eastus'); done(); }); @@ -121,7 +121,7 @@ describe('agMaxRequestBodySize', function() { it('should give failing result if Application gateway WAF policy has max request body size less than 500 - with setting', function(done) { const cache = createCache([wafPolicy[1]]); - agMaxRequestBodySize.run(cache, {max_request_body_size: 500}, (err, results) => { + agRequestBodySize.run(cache, {max_request_body_size: 500}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 200 which is less than 500'); From 8e0d38d5082d432a78937dc1ca6cf20b24eab5b8 Mon Sep 17 00:00:00 2001 From: alphadev4 Date: Fri, 26 Jan 2024 21:18:21 +0500 Subject: [PATCH 5/8] Added rt-triggers --- plugins/azure/applicationGateway/agRequestBodySize.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/azure/applicationGateway/agRequestBodySize.js b/plugins/azure/applicationGateway/agRequestBodySize.js index 18986cddca..225749b3ff 100644 --- a/plugins/azure/applicationGateway/agRequestBodySize.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.js @@ -18,6 +18,8 @@ module.exports = { default: '128', }, }, + realtime_triggers: ['microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:write','microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:delete'], + run: function(cache, settings, callback) { const results = []; const source = {}; From 3e5acb4280fda760d0acef40da921b0c0042a231 Mon Sep 17 00:00:00 2001 From: alphadev4 Date: Mon, 29 Jan 2024 13:49:02 +0500 Subject: [PATCH 6/8] resolved comments --- .../applicationGateway/agRequestBodySize.js | 20 +++++++------------ .../agRequestBodySize.spec.js | 11 ---------- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/plugins/azure/applicationGateway/agRequestBodySize.js b/plugins/azure/applicationGateway/agRequestBodySize.js index 225749b3ff..d257776df8 100644 --- a/plugins/azure/applicationGateway/agRequestBodySize.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.js @@ -18,9 +18,9 @@ module.exports = { default: '128', }, }, - realtime_triggers: ['microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:write','microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:delete'], - - run: function(cache, settings, callback) { + realtime_triggers: ['microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:write', 'microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:delete'], + + run: function (cache, settings, callback) { const results = []; const source = {}; const locations = helpers.locations(settings.govcloud); @@ -47,21 +47,15 @@ module.exports = { for (let policy of wafPolicies.data) { if (!policy.id) continue; var maxRequestBodySize = config.max_request_body_size; - var bodyInspection = policy.policySettings && policy.policySettings.requestBodyCheck ? policy.policySettings.requestBodyCheck : false; - if (bodyInspection) { - if (policy.policySettings && policy.policySettings.maxRequestBodySizeInKb && policy.policySettings.maxRequestBodySizeInKb >= maxRequestBodySize) { - helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is greater than or equal to ${maxRequestBodySize}`, location, policy.id); - } else { - helpers.addResult(results, 2, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is less than ${maxRequestBodySize}`, location, policy.id); - } + if (policy.policySettings && policy.policySettings.maxRequestBodySizeInKb && policy.policySettings.maxRequestBodySizeInKb >= maxRequestBodySize) { + helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is greater than or equal to ${maxRequestBodySize}`, location, policy.id); } else { - helpers.addResult(results, 0, 'Request Body Inspection is not enabled for WAF policy', location, policy.id); + helpers.addResult(results, 2, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is less than ${maxRequestBodySize}`, location, policy.id); } - } rcb(); - }, function() { + }, function () { callback(null, results, source); }); } diff --git a/plugins/azure/applicationGateway/agRequestBodySize.spec.js b/plugins/azure/applicationGateway/agRequestBodySize.spec.js index d1fcd7deaf..214b2c4808 100644 --- a/plugins/azure/applicationGateway/agRequestBodySize.spec.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.spec.js @@ -97,17 +97,6 @@ describe('agRequestBodySize', function() { }); }); - it('should give passing result if Application gateway WAF policy does not have request body inspection enabled', function(done) { - const cache = createCache([wafPolicy[2]]); - agRequestBodySize.run(cache, {}, (err, results) => { - expect(results.length).to.equal(1); - expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('Request Body Inspection is not enabled for WAF policy'); - expect(results[0].region).to.equal('eastus'); - done(); - }); - }); - it('should give passing result if Application gateway WAF policy has max request body size of 128 - without setting', function(done) { const cache = createCache([wafPolicy[0]]); agRequestBodySize.run(cache, {}, (err, results) => { From decbd6849a7913e2c61142c6ab3a1038ffa4338d Mon Sep 17 00:00:00 2001 From: alphadev4 Date: Mon, 29 Jan 2024 13:56:38 +0500 Subject: [PATCH 7/8] Linting --- plugins/azure/applicationGateway/agRequestBodySize.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/azure/applicationGateway/agRequestBodySize.js b/plugins/azure/applicationGateway/agRequestBodySize.js index d257776df8..2e12ce896c 100644 --- a/plugins/azure/applicationGateway/agRequestBodySize.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.js @@ -20,7 +20,7 @@ module.exports = { }, realtime_triggers: ['microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:write', 'microsoftnetwork:applicationgatewaywebapplicationfirewallpolicies:delete'], - run: function (cache, settings, callback) { + run: function(cache, settings, callback) { const results = []; const source = {}; const locations = helpers.locations(settings.govcloud); @@ -55,7 +55,7 @@ module.exports = { } rcb(); - }, function () { + }, function() { callback(null, results, source); }); } From 6d9d672dc9c88f6566419225b79fe275bffbe330 Mon Sep 17 00:00:00 2001 From: alphadev4 Date: Tue, 30 Jan 2024 15:00:15 +0500 Subject: [PATCH 8/8] Reverted conditional logic --- plugins/azure/applicationGateway/agRequestBodySize.js | 6 +++--- .../azure/applicationGateway/agRequestBodySize.spec.js | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/plugins/azure/applicationGateway/agRequestBodySize.js b/plugins/azure/applicationGateway/agRequestBodySize.js index 2e12ce896c..5284e60a85 100644 --- a/plugins/azure/applicationGateway/agRequestBodySize.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.js @@ -47,10 +47,10 @@ module.exports = { for (let policy of wafPolicies.data) { if (!policy.id) continue; var maxRequestBodySize = config.max_request_body_size; - if (policy.policySettings && policy.policySettings.maxRequestBodySizeInKb && policy.policySettings.maxRequestBodySizeInKb >= maxRequestBodySize) { - helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is greater than or equal to ${maxRequestBodySize}`, location, policy.id); + if (policy.policySettings && policy.policySettings.maxRequestBodySizeInKb && policy.policySettings.maxRequestBodySizeInKb <= maxRequestBodySize) { + helpers.addResult(results, 0, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is less than or equal to ${maxRequestBodySize}`, location, policy.id); } else { - helpers.addResult(results, 2, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is less than ${maxRequestBodySize}`, location, policy.id); + helpers.addResult(results, 2, `Application gateway WAF policy has max request body size of ${policy.policySettings.maxRequestBodySizeInKb} which is greater than ${maxRequestBodySize}`, location, policy.id); } } diff --git a/plugins/azure/applicationGateway/agRequestBodySize.spec.js b/plugins/azure/applicationGateway/agRequestBodySize.spec.js index 214b2c4808..67007c49c1 100644 --- a/plugins/azure/applicationGateway/agRequestBodySize.spec.js +++ b/plugins/azure/applicationGateway/agRequestBodySize.spec.js @@ -29,7 +29,7 @@ const wafPolicy = [ "policySettings":{ "mode": "prevention", "requestBodyCheck": true, - "maxRequestBodySizeInKb": 200 + "maxRequestBodySizeInKb": 800 } }, @@ -102,18 +102,18 @@ describe('agRequestBodySize', function() { agRequestBodySize.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 128 which is greater than or equal to 128'); + expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 128 which is less than or equal to 128'); expect(results[0].region).to.equal('eastus'); done(); }); }); - it('should give failing result if Application gateway WAF policy has max request body size less than 500 - with setting', function(done) { + it('should give failing result if Application gateway WAF policy has max request body size greater than 500 - with setting', function(done) { const cache = createCache([wafPolicy[1]]); agRequestBodySize.run(cache, {max_request_body_size: 500}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); - expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 200 which is less than 500'); + expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 800 which is greater than 500'); expect(results[0].region).to.equal('eastus'); done(); });