-
Notifications
You must be signed in to change notification settings - Fork 82
/
custom_protection_rule.go
96 lines (79 loc) · 5.56 KB
/
custom_protection_rule.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// Copyright (c) 2016, 2018, 2023, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
// Code generated. DO NOT EDIT.
// Web Application Acceleration and Security Services API
//
// OCI Web Application Acceleration and Security Services
//
package waas
import (
"fmt"
"github.com/oracle/oci-go-sdk/v65/common"
"strings"
)
// CustomProtectionRule The details of a custom protection rule.
type CustomProtectionRule struct {
// The OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the custom protection rule.
Id *string `mandatory:"false" json:"id"`
// The OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the custom protection rule's compartment.
CompartmentId *string `mandatory:"false" json:"compartmentId"`
// The user-friendly name of the custom protection rule.
DisplayName *string `mandatory:"false" json:"displayName"`
// The description of the custom protection rule.
Description *string `mandatory:"false" json:"description"`
// The auto-generated ID for the custom protection rule. These IDs are referenced in logs.
ModSecurityRuleIds []string `mandatory:"false" json:"modSecurityRuleIds"`
// The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language.
// Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule.
// `id: {{id_1}}` - This field is populated with a unique rule ID generated by the WAF service which identifies a `SecRule`. More than one `SecRule` can be defined in the `template` field of a CreateCustomSecurityRule call. The value of the first `SecRule` must be `id: {{id_1}}` and the `id` field of each subsequent `SecRule` should increase by one, as shown in the example.
// `ctl:ruleEngine={{mode}}` - The action to be taken when the criteria of the `SecRule` are met, either `OFF`, `DETECT` or `BLOCK`. This field is automatically populated with the corresponding value of the `action` field of the `CustomProtectionRuleSetting` schema when the `WafConfig` is updated.
// *Example:*
// ```
// SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \
// "phase:2, \
// msg:'Detects chained SQL injection attempts 1/2.', \
// id: {{id_1}}, \
// ctl:ruleEngine={{mode}}, \
// deny"
// SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \
// "phase:2, \
// msg:'Detects chained SQL injection attempts 2/2.', \
// id: {{id_2}}, \
// ctl:ruleEngine={{mode}}, \
// deny"
// ```
//
// The example contains two `SecRules` each having distinct regex expression to match the `Cookie` header value during the second input analysis phase.
// For more information about custom protection rules, see Custom Protection Rules (https://docs.cloud.oracle.com/Content/WAF/Tasks/customprotectionrules.htm).
// For more information about ModSecurity syntax, see Making Rules: The Basic Syntax (https://www.modsecurity.org/CRS/Documentation/making.html).
// For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation (https://www.modsecurity.org/CRS/Documentation/index.html).
Template *string `mandatory:"false" json:"template"`
// The current lifecycle state of the custom protection rule.
LifecycleState LifecycleStatesEnum `mandatory:"false" json:"lifecycleState,omitempty"`
// The date and time the protection rule was created, expressed in RFC 3339 timestamp format.
TimeCreated *common.SDKTime `mandatory:"false" json:"timeCreated"`
// Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace.
// For more information, see Resource Tags (https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm).
// Example: `{"Department": "Finance"}`
FreeformTags map[string]string `mandatory:"false" json:"freeformTags"`
// Defined tags for this resource. Each key is predefined and scoped to a namespace.
// For more information, see Resource Tags (https://docs.cloud.oracle.com/Content/General/Concepts/resourcetags.htm).
// Example: `{"Operations": {"CostCenter": "42"}}`
DefinedTags map[string]map[string]interface{} `mandatory:"false" json:"definedTags"`
}
func (m CustomProtectionRule) String() string {
return common.PointerString(m)
}
// ValidateEnumValue returns an error when providing an unsupported enum value
// This function is being called during constructing API request process
// Not recommended for calling this function directly
func (m CustomProtectionRule) ValidateEnumValue() (bool, error) {
errMessage := []string{}
if _, ok := GetMappingLifecycleStatesEnum(string(m.LifecycleState)); !ok && m.LifecycleState != "" {
errMessage = append(errMessage, fmt.Sprintf("unsupported enum value for LifecycleState: %s. Supported values are: %s.", m.LifecycleState, strings.Join(GetLifecycleStatesEnumStringValues(), ",")))
}
if len(errMessage) > 0 {
return true, fmt.Errorf(strings.Join(errMessage, "\n"))
}
return false, nil
}