From 2e3af6d3266597dfb39ff67e91f7633888f937e9 Mon Sep 17 00:00:00 2001 From: daknhh Date: Thu, 16 Nov 2023 13:44:13 +0100 Subject: [PATCH 1/4] Missing WCU Calculation orstatement within andstatement --- lib/tools/helpers.ts | 70 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/lib/tools/helpers.ts b/lib/tools/helpers.ts index 8c507983..0a363524 100644 --- a/lib/tools/helpers.ts +++ b/lib/tools/helpers.ts @@ -334,6 +334,7 @@ function filterStatements(statement: wafv2.CfnWebACL.StatementProperty){ const ipSetReferenceStatement = statement.ipSetReferenceStatement as wafv2.CfnWebACL.IPSetReferenceStatementProperty | undefined; const regexPatternSetReferenceStatement = statement.regexPatternSetReferenceStatement as wafv2.CfnWebACL.RegexPatternSetReferenceStatementProperty | undefined; const notStatement = statement.notStatement as wafv2.CfnWebACL.NotStatementProperty | undefined; + const orStatement = statement.orStatement as wafv2.CfnWebACL.OrStatementProperty | undefined; if(ipSetReferenceStatement && !ipSetReferenceStatement.arn.startsWith("arn:aws:")) found = false; if(regexPatternSetReferenceStatement && !regexPatternSetReferenceStatement.arn.startsWith("arn:aws:")) found = false; if(notStatement) { @@ -343,6 +344,15 @@ function filterStatements(statement: wafv2.CfnWebACL.StatementProperty){ if(notipSetReferenceStatement && !notipSetReferenceStatement.arn.startsWith("arn:aws:")) found = false; if(notregexPatternSetReferenceStatement && !notregexPatternSetReferenceStatement.arn.startsWith("arn:aws:")) found = false; } + if(orStatement){ + const orStatementProp = orStatement.statements as wafv2.CfnWebACL.StatementProperty[]; + for(const statement of orStatementProp){ + const orStatementPropIpSetReferenceStatement = statement.ipSetReferenceStatement as wafv2.CfnWebACL.IPSetReferenceStatementProperty | undefined; + const orStatementPropRegexPatternSetReferenceStatement = statement.regexPatternSetReferenceStatement as wafv2.CfnWebACL.RegexPatternSetReferenceStatementProperty | undefined; + if(orStatementPropIpSetReferenceStatement && !orStatementPropIpSetReferenceStatement.arn.startsWith("arn:aws:")) found = false; + if(orStatementPropRegexPatternSetReferenceStatement && !orStatementPropRegexPatternSetReferenceStatement.arn.startsWith("arn:aws:")) found = false; + } + } return found; } } @@ -413,15 +423,51 @@ async function calculateCustomRulesCapacities(customRules: FmsRule[], deployment capacities.push(regexPatternSetsStatementsCapacity(notstatementRegexPatternSetsStatement)); } } + const orStatementStatement = statement.orStatement as wafv2.CfnWebACL.OrStatementProperty | undefined; + if(orStatementStatement && orStatementStatement.statements) { + const statementIpSetReferenceStatement = statement.ipSetReferenceStatement as wafv2.CfnWebACL.IPSetReferenceStatementProperty | undefined; + if(statementIpSetReferenceStatement && !statementIpSetReferenceStatement.arn.startsWith("arn:aws:")) { + capacities.push(calculateIpsSetStatementCapacity(statementIpSetReferenceStatement)); + } + const statementRegexPatternSetsStatement = statement.regexPatternSetReferenceStatement as wafv2.CfnWebACL.RegexPatternSetReferenceStatementProperty | undefined; + if(statementRegexPatternSetsStatement && !statementRegexPatternSetsStatement.arn.startsWith("arn:aws:")) { + capacities.push(regexPatternSetsStatementsCapacity(statementRegexPatternSetsStatement)); + } + const notStatementStatement = statement.notStatement as wafv2.CfnWebACL.NotStatementProperty | undefined; + if(notStatementStatement && notStatementStatement.statement) { + const statement = notStatementStatement.statement as wafv2.CfnWebACL.StatementProperty; + const notstatementIpSetReferenceStatement = statement.ipSetReferenceStatement as wafv2.CfnWebACL.IPSetReferenceStatementProperty | undefined; + if(notstatementIpSetReferenceStatement && !notstatementIpSetReferenceStatement.arn.startsWith("arn:aws:")) { + capacities.push(calculateIpsSetStatementCapacity(notstatementIpSetReferenceStatement)); + } + const notstatementRegexPatternSetsStatement = statement.regexPatternSetReferenceStatement as wafv2.CfnWebACL.RegexPatternSetReferenceStatementProperty | undefined; + if(notstatementRegexPatternSetsStatement && notstatementRegexPatternSetsStatement.arn.startsWith("arn:aws:")) { + capacities.push(regexPatternSetsStatementsCapacity(notstatementRegexPatternSetsStatement)); + } + } + } } const filteredAndStatements = { statements: (andStatement.statements as wafv2.CfnWebACL.StatementProperty[]).filter(statement => filterStatements(statement))}; + let IsOrStatement: boolean = false; if (filteredAndStatements && filteredAndStatements.statements && filteredAndStatements.statements.length > 0) { - const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredAndStatements, false); - const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); - capacities.push(capacity); + for(const statement of filteredAndStatements.statements){ + IsOrStatement = false; + const orStatementStatement = statement.orStatement as wafv2.CfnWebACL.OrStatementProperty | undefined; + if(orStatementStatement && orStatementStatement.statements) { + const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, orStatementStatement, true); + const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); + capacities.push(capacity); + IsOrStatement = true; + } + } + if(!IsOrStatement){ + const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredAndStatements, false); + const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); + capacities.push(capacity); + } } } else if(orStatement && orStatement.statements) { @@ -452,9 +498,21 @@ async function calculateCustomRulesCapacities(customRules: FmsRule[], deployment filterStatements(statement)) }; if (filteredOrStatements && filteredOrStatements.statements && filteredOrStatements.statements.length > 0) { - const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredOrStatements, false); - const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); - capacities.push(capacity); + let IsAndStatement: boolean = false; + for(const statement of filteredOrStatements.statements){ + const andStatementStatement = statement.andStatement as wafv2.CfnWebACL.AndStatementProperty | undefined; + if(andStatementStatement && andStatementStatement.statements) { + const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, andStatementStatement, false); + const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); + capacities.push(capacity); + IsAndStatement = true; + } + } + if(!IsAndStatement){ + const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredOrStatements, true); + const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); + capacities.push(capacity); + } } } else { From c163ae3d3a85757435cffdb14e9f24ba811d9554 Mon Sep 17 00:00:00 2001 From: daknhh Date: Thu, 16 Nov 2023 13:55:26 +0100 Subject: [PATCH 2/4] update packages --- package-lock.json | 279 ++++++++++++++++++++++++++++++++++++++-------- package.json | 6 +- 2 files changed, 235 insertions(+), 50 deletions(-) diff --git a/package-lock.json b/package-lock.json index c3924a8c..ded49219 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "aws-firewall-factory", - "version": "4.1.2", + "version": "4.1.5", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "aws-firewall-factory", - "version": "4.1.2", + "version": "4.1.5", "dependencies": { "@aws-sdk/client-cloudformation": "^3.428.0", "@aws-sdk/client-cloudwatch": "^3.427.0", @@ -35,10 +35,10 @@ }, "devDependencies": { "@types/node": "20.8.10", - "@typescript-eslint/eslint-plugin": "6.7.5", + "@typescript-eslint/eslint-plugin": "6.10.0", "@typescript-eslint/parser": "6.7.5", "aws-cdk": "2.100.0", - "eslint": "8.51.0", + "eslint": "8.53.0", "jest": "29.7.0", "ts-jest": "29.1.1", "ts-node": "10.9.1", @@ -2499,9 +2499,9 @@ } }, "node_modules/@eslint/eslintrc": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz", - "integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.3.tgz", + "integrity": "sha512-yZzuIG+jnVu6hNSzFEN07e8BxF3uAzYtQb6uDkaYZLo6oYZDCq454c5kB8zxnzfCYyP4MIuyBn10L0DqwujTmA==", "dev": true, "dependencies": { "ajv": "^6.12.4", @@ -2540,21 +2540,21 @@ } }, "node_modules/@eslint/js": { - "version": "8.51.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.51.0.tgz", - "integrity": "sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==", + "version": "8.53.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.53.0.tgz", + "integrity": "sha512-Kn7K8dx/5U6+cT1yEhpX1w4PCSg0M+XyRILPgvwcEBjerFWCwQj5sbr3/VmxqV0JGHCBCzyd6LxypEuehypY1w==", "dev": true, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, "node_modules/@humanwhocodes/config-array": { - "version": "0.11.11", - "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.11.tgz", - "integrity": "sha512-N2brEuAadi0CcdeMXUkhbZB84eskAc8MEX1By6qEchoVywSgXPIjou4rYsl0V3Hj0ZnuGycGCjdNgockbzeWNA==", + "version": "0.11.13", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.13.tgz", + "integrity": "sha512-JSBDMiDKSzQVngfRjOdFXgFfklaXI4K9nLF49Auh21lmBWRLIK3+xTErTWD4KU54pb6coM6ESE7Awz/FNU3zgQ==", "dev": true, "dependencies": { - "@humanwhocodes/object-schema": "^1.2.1", + "@humanwhocodes/object-schema": "^2.0.1", "debug": "^4.1.1", "minimatch": "^3.0.5" }, @@ -2576,9 +2576,9 @@ } }, "node_modules/@humanwhocodes/object-schema": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", - "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.1.tgz", + "integrity": "sha512-dvuCeX5fC9dXgJn9t+X5atfmgQAzUOWqS1254Gh0m6i8wKd10ebXkfNKiRK+1GWi/yTvvLDHpoxLr0xxxeslWw==", "dev": true }, "node_modules/@istanbuljs/load-nyc-config": { @@ -3947,9 +3947,9 @@ } }, "node_modules/@types/json-schema": { - "version": "7.0.13", - "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.13.tgz", - "integrity": "sha512-RbSSoHliUbnXj3ny0CNFOoxrIDV6SUGyStHsvDqosw6CkdPV8TtWGlfecuK4ToyMEAql6pzNxgCFKanovUzlgQ==", + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", "dev": true }, "node_modules/@types/lodash": { @@ -3967,9 +3967,9 @@ } }, "node_modules/@types/semver": { - "version": "7.5.3", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.3.tgz", - "integrity": "sha512-OxepLK9EuNEIPxWNME+C6WwbRAOOI2o2BaQEGzz5Lu2e4Z5eDnEo+/aVEDMIXywoJitJ7xWd641wrGLZdtwRyw==", + "version": "7.5.5", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.5.tgz", + "integrity": "sha512-+d+WYC1BxJ6yVOgUgzK8gWvp5qF8ssV5r4nsDcZWKRWcDQLQ619tvWAxJQYGgBrO1MnLJC7a5GtiYsAoQ47dJg==", "dev": true }, "node_modules/@types/stack-utils": { @@ -3999,16 +3999,16 @@ "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "6.7.5", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.7.5.tgz", - "integrity": "sha512-JhtAwTRhOUcP96D0Y6KYnwig/MRQbOoLGXTON2+LlyB/N35SP9j1boai2zzwXb7ypKELXMx3DVk9UTaEq1vHEw==", + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.10.0.tgz", + "integrity": "sha512-uoLj4g2OTL8rfUQVx2AFO1hp/zja1wABJq77P6IclQs6I/m9GLrm7jCdgzZkvWdDCQf1uEvoa8s8CupsgWQgVg==", "dev": true, "dependencies": { "@eslint-community/regexpp": "^4.5.1", - "@typescript-eslint/scope-manager": "6.7.5", - "@typescript-eslint/type-utils": "6.7.5", - "@typescript-eslint/utils": "6.7.5", - "@typescript-eslint/visitor-keys": "6.7.5", + "@typescript-eslint/scope-manager": "6.10.0", + "@typescript-eslint/type-utils": "6.10.0", + "@typescript-eslint/utils": "6.10.0", + "@typescript-eslint/visitor-keys": "6.10.0", "debug": "^4.3.4", "graphemer": "^1.4.0", "ignore": "^5.2.4", @@ -4033,6 +4033,53 @@ } } }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.10.0.tgz", + "integrity": "sha512-TN/plV7dzqqC2iPNf1KrxozDgZs53Gfgg5ZHyw8erd6jd5Ta/JIEcdCheXFt9b1NYb93a1wmIIVW/2gLkombDg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "@typescript-eslint/visitor-keys": "6.10.0" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.10.0.tgz", + "integrity": "sha512-36Fq1PWh9dusgo3vH7qmQAj5/AZqARky1Wi6WpINxB6SkQdY5vQoT2/7rW7uBIsPDcvvGCLi4r10p0OJ7ITAeg==", + "dev": true, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.10.0.tgz", + "integrity": "sha512-xMGluxQIEtOM7bqFCo+rCMh5fqI+ZxV5RUUOa29iVPz1OgCZrtc7rFnz5cLUazlkPKYqX+75iuDq7m0HQ48nCg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/parser": { "version": "6.7.5", "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.7.5.tgz", @@ -4079,13 +4126,13 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "6.7.5", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.7.5.tgz", - "integrity": "sha512-Gs0qos5wqxnQrvpYv+pf3XfcRXW6jiAn9zE/K+DlmYf6FcpxeNYN0AIETaPR7rHO4K2UY+D0CIbDP9Ut0U4m1g==", + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.10.0.tgz", + "integrity": "sha512-wYpPs3hgTFblMYwbYWPT3eZtaDOjbLyIYuqpwuLBBqhLiuvJ+9sEp2gNRJEtR5N/c9G1uTtQQL5AhV0fEPJYcg==", "dev": true, "dependencies": { - "@typescript-eslint/typescript-estree": "6.7.5", - "@typescript-eslint/utils": "6.7.5", + "@typescript-eslint/typescript-estree": "6.10.0", + "@typescript-eslint/utils": "6.10.0", "debug": "^4.3.4", "ts-api-utils": "^1.0.1" }, @@ -4105,6 +4152,63 @@ } } }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.10.0.tgz", + "integrity": "sha512-36Fq1PWh9dusgo3vH7qmQAj5/AZqARky1Wi6WpINxB6SkQdY5vQoT2/7rW7uBIsPDcvvGCLi4r10p0OJ7ITAeg==", + "dev": true, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.10.0.tgz", + "integrity": "sha512-ek0Eyuy6P15LJVeghbWhSrBCj/vJpPXXR+EpaRZqou7achUWL8IdYnMSC5WHAeTWswYQuP2hAZgij/bC9fanBg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "@typescript-eslint/visitor-keys": "6.10.0", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "semver": "^7.5.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.10.0.tgz", + "integrity": "sha512-xMGluxQIEtOM7bqFCo+rCMh5fqI+ZxV5RUUOa29iVPz1OgCZrtc7rFnz5cLUazlkPKYqX+75iuDq7m0HQ48nCg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/types": { "version": "6.7.5", "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.7.5.tgz", @@ -4146,17 +4250,17 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "6.7.5", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.7.5.tgz", - "integrity": "sha512-pfRRrH20thJbzPPlPc4j0UNGvH1PjPlhlCMq4Yx7EGjV7lvEeGX0U6MJYe8+SyFutWgSHsdbJ3BXzZccYggezA==", + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.10.0.tgz", + "integrity": "sha512-v+pJ1/RcVyRc0o4wAGux9x42RHmAjIGzPRo538Z8M1tVx6HOnoQBCX/NoadHQlZeC+QO2yr4nNSFWOoraZCAyg==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", "@types/json-schema": "^7.0.12", "@types/semver": "^7.5.0", - "@typescript-eslint/scope-manager": "6.7.5", - "@typescript-eslint/types": "6.7.5", - "@typescript-eslint/typescript-estree": "6.7.5", + "@typescript-eslint/scope-manager": "6.10.0", + "@typescript-eslint/types": "6.10.0", + "@typescript-eslint/typescript-estree": "6.10.0", "semver": "^7.5.4" }, "engines": { @@ -4170,6 +4274,80 @@ "eslint": "^7.0.0 || ^8.0.0" } }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.10.0.tgz", + "integrity": "sha512-TN/plV7dzqqC2iPNf1KrxozDgZs53Gfgg5ZHyw8erd6jd5Ta/JIEcdCheXFt9b1NYb93a1wmIIVW/2gLkombDg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "@typescript-eslint/visitor-keys": "6.10.0" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.10.0.tgz", + "integrity": "sha512-36Fq1PWh9dusgo3vH7qmQAj5/AZqARky1Wi6WpINxB6SkQdY5vQoT2/7rW7uBIsPDcvvGCLi4r10p0OJ7ITAeg==", + "dev": true, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.10.0.tgz", + "integrity": "sha512-ek0Eyuy6P15LJVeghbWhSrBCj/vJpPXXR+EpaRZqou7achUWL8IdYnMSC5WHAeTWswYQuP2hAZgij/bC9fanBg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "@typescript-eslint/visitor-keys": "6.10.0", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "semver": "^7.5.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.10.0.tgz", + "integrity": "sha512-xMGluxQIEtOM7bqFCo+rCMh5fqI+ZxV5RUUOa29iVPz1OgCZrtc7rFnz5cLUazlkPKYqX+75iuDq7m0HQ48nCg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "6.10.0", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/visitor-keys": { "version": "6.7.5", "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.7.5.tgz", @@ -4187,6 +4365,12 @@ "url": "https://opencollective.com/typescript-eslint" } }, + "node_modules/@ungap/structured-clone": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "integrity": "sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==", + "dev": true + }, "node_modules/abab": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz", @@ -5759,18 +5943,19 @@ } }, "node_modules/eslint": { - "version": "8.51.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.51.0.tgz", - "integrity": "sha512-2WuxRZBrlwnXi+/vFSJyjMqrNjtJqiasMzehF0shoLaW7DzS3/9Yvrmq5JiT66+pNjiX4UBnLDiKHcWAr/OInA==", + "version": "8.53.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.53.0.tgz", + "integrity": "sha512-N4VuiPjXDUa4xVeV/GC/RV3hQW9Nw+Y463lkWaKKXKYMvmRiRDAtfpuPFLN+E1/6ZhyR8J2ig+eVREnYgUsiag==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", - "@eslint/eslintrc": "^2.1.2", - "@eslint/js": "8.51.0", - "@humanwhocodes/config-array": "^0.11.11", + "@eslint/eslintrc": "^2.1.3", + "@eslint/js": "8.53.0", + "@humanwhocodes/config-array": "^0.11.13", "@humanwhocodes/module-importer": "^1.0.1", "@nodelib/fs.walk": "^1.2.8", + "@ungap/structured-clone": "^1.2.0", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.2", diff --git a/package.json b/package.json index 9d098ed5..b055a2dc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aws-firewall-factory", - "version": "4.1.2", + "version": "4.1.5", "bin": { "firewallfactory": "bin/aws-firewall-factory.js" }, @@ -13,10 +13,10 @@ }, "devDependencies": { "@types/node": "20.8.10", - "@typescript-eslint/eslint-plugin": "6.7.5", + "@typescript-eslint/eslint-plugin": "6.10.0", "@typescript-eslint/parser": "6.7.5", "aws-cdk": "2.100.0", - "eslint": "8.51.0", + "eslint": "8.53.0", "jest": "29.7.0", "ts-jest": "29.1.1", "ts-node": "10.9.1", From c9274a284801073b6a8c8392a6be192036251ccb Mon Sep 17 00:00:00 2001 From: daknhh Date: Thu, 16 Nov 2023 13:57:24 +0100 Subject: [PATCH 3/4] adjust changelog --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10bafdc8..6dab6066 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ ## Released +## 4.1.5 +### Fixed +- Addressed issue with missing WCU Calculation OR statement within AND statement. - [Issues232](https://github.com/globaldatanet/aws-firewall-factory/issues/232) +- Addressed issue with missing WCU Calculation AND statement within OR statement. +- Bump @typescript-eslint/eslint-plugin from 6.7.5 to 6.10.0 +- Bump eslint from 8.51.0 to 8.53.0 + ## 4.1.4 ### Added - Automation for [Documentation](https://docs.aws-firewall-factory.com/) for the AWS Firewall Factory to assist you in utilizing our solution. From f69e935e186d77078d0ed2239203db8171190190 Mon Sep 17 00:00:00 2001 From: daknhh Date: Fri, 17 Nov 2023 08:50:43 +0100 Subject: [PATCH 4/4] improve code --- lib/tools/helpers.ts | 37 ++++++------------------------------- lib/tools/transformer.ts | 10 ++++++++++ 2 files changed, 16 insertions(+), 31 deletions(-) diff --git a/lib/tools/helpers.ts b/lib/tools/helpers.ts index 0a363524..819153d3 100644 --- a/lib/tools/helpers.ts +++ b/lib/tools/helpers.ts @@ -451,23 +451,10 @@ async function calculateCustomRulesCapacities(customRules: FmsRule[], deployment const filteredAndStatements = { statements: (andStatement.statements as wafv2.CfnWebACL.StatementProperty[]).filter(statement => filterStatements(statement))}; - let IsOrStatement: boolean = false; if (filteredAndStatements && filteredAndStatements.statements && filteredAndStatements.statements.length > 0) { - for(const statement of filteredAndStatements.statements){ - IsOrStatement = false; - const orStatementStatement = statement.orStatement as wafv2.CfnWebACL.OrStatementProperty | undefined; - if(orStatementStatement && orStatementStatement.statements) { - const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, orStatementStatement, true); - const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); - capacities.push(capacity); - IsOrStatement = true; - } - } - if(!IsOrStatement){ - const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredAndStatements, false); - const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); - capacities.push(capacity); - } + const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredAndStatements, false); + const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); + capacities.push(capacity); } } else if(orStatement && orStatement.statements) { @@ -498,21 +485,9 @@ async function calculateCustomRulesCapacities(customRules: FmsRule[], deployment filterStatements(statement)) }; if (filteredOrStatements && filteredOrStatements.statements && filteredOrStatements.statements.length > 0) { - let IsAndStatement: boolean = false; - for(const statement of filteredOrStatements.statements){ - const andStatementStatement = statement.andStatement as wafv2.CfnWebACL.AndStatementProperty | undefined; - if(andStatementStatement && andStatementStatement.statements) { - const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, andStatementStatement, false); - const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); - capacities.push(capacity); - IsAndStatement = true; - } - } - if(!IsAndStatement){ - const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredOrStatements, true); - const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); - capacities.push(capacity); - } + const calcRule = buildCustomRuleWithoutReferenceStatements(customRule, filteredOrStatements, true); + const capacity = await calculateCustomRuleStatementsCapacity(calcRule, deploymentRegion, scope); + capacities.push(capacity); } } else { diff --git a/lib/tools/transformer.ts b/lib/tools/transformer.ts index f13c4f07..f351bfb0 100644 --- a/lib/tools/transformer.ts +++ b/lib/tools/transformer.ts @@ -822,6 +822,8 @@ export function transformConcatenatedStatement(statement: wafv2.CfnWebACL.AndSta let NotStatement = undefined; let RegexMatchStatement = undefined; let RateBasedStatement = undefined; + let OrStatement = undefined; + let AndStatement = undefined; switch(Object.keys(currentstatement)[0]){ case "byteMatchStatement": ByteMatchStatement = transformByteMatchStatement(currentstatement.byteMatchStatement as wafv2.CfnWebACL.ByteMatchStatementProperty); @@ -867,6 +869,14 @@ export function transformConcatenatedStatement(statement: wafv2.CfnWebACL.AndSta RateBasedStatement = tranformRateBasedStatement(currentstatement.rateBasedStatement as wafv2.CfnWebACL.RateBasedStatementProperty); Statement.RateBasedStatement = RateBasedStatement as RateBasedStatement; break; + case "orStatement": + OrStatement = transformConcatenatedStatement(currentstatement.orStatement as wafv2.CfnWebACL.OrStatementProperty, false); + Statement.OrStatement = OrStatement as OrStatement; + break; + case "andStatement": + AndStatement = transformConcatenatedStatement(currentstatement.andStatement as wafv2.CfnWebACL.AndStatementProperty, true); + Statement.AndStatement = AndStatement as AndStatement; + break; default: break; }