Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(waf): add new check waf_global_rulegroup_not_empty #5467

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(waf): add new check waf_global_rulegroup_not_empty #5467

wants to merge 4 commits into from
+515 −45

Conversation

HugoPBrito
Copy link
Member

Context

AWS WAF Classic global rule groups allow you to manage multiple web access rules in a unified structure, providing better scalability and simplified security management. By grouping multiple rules, administrators can apply comprehensive security controls to monitor and filter web traffic based on predefined conditions. Having at least one rule within a rule group is necessary for ensuring that web traffic is effectively inspected and that appropriate actions are taken on requests, such as allowing, blocking, or counting them.

Description

This check verifies that AWS WAF Classic global rule groups contain at least one rule. If no rules are present, the group does not perform any inspection of web traffic, potentially allowing all traffic to pass unchecked.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HugoPBrito HugoPBrito requested review from a team as code owners October 18, 2024 14:32
@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Oct 18, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 18, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 90.00000% with 9 lines in your changes missing coverage. Please review.

Project coverage is 89.46%. Comparing base (23a20a5) to head (085265c).

Files with missing lines Patch % Lines
prowler/providers/aws/services/waf/waf_service.py 87.50% 9 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5467      +/-   ##
==========================================
+ Coverage   89.45%   89.46%   +0.01%     
==========================================
  Files        1059     1061       +2     
  Lines       32855    32928      +73     
==========================================
+ Hits        29390    29459      +69     
- Misses       3465     3469       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@HugoPBrito HugoPBrito changed the title Prwlr 4459 ensure aws waf classic global rule groups have at least one rule feat(waf): add new check waf_global_rulegroup_not_empty Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@HugoPBrito