diff --git a/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml b/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml index a7e5ac5630..c06e46cb24 100644 --- a/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml +++ b/deployments/common/crds/appprotect.f5.com_aplogconfs.yaml @@ -39,6 +39,7 @@ spec: - arcsight - default - user-defined + - grpc type: string format_string: type: string diff --git a/deployments/common/crds/appprotect.f5.com_appolicies.yaml b/deployments/common/crds/appprotect.f5.com_appolicies.yaml index 6eb0801928..9c32159a6b 100644 --- a/deployments/common/crds/appprotect.f5.com_appolicies.yaml +++ b/deployments/common/crds/appprotect.f5.com_appolicies.yaml @@ -161,6 +161,11 @@ spec: type: string name: enum: + - VIOL_GRPC_FORMAT + - VIOL_GRPC_MALFORMED + - VIOL_GRPC_METHOD + - VIOL_PARAMETER_ARRAY_VALUE + - VIOL_PARAMETER_VALUE_REGEXP - VIOL_PARAMETER_VALUE_BASE64 - VIOL_MANDATORY_HEADER - VIOL_HEADER_REPEATED @@ -377,6 +382,8 @@ spec: - explicit - wildcard type: string + wildcardOrder: + type: integer type: object type: array data-guard: @@ -427,6 +434,8 @@ spec: filetypes: items: properties: + action: + type: string allowed: type: boolean checkPostDataLength: @@ -454,6 +463,8 @@ spec: type: string urlLength: type: integer + wildcardOrder: + type: integer type: object type: array fullPath: @@ -482,6 +493,62 @@ spec: pattern: ^http type: string type: object + grpc-profiles: + items: + properties: + associateUrls: + type: boolean + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + allowUnknownFields: + type: boolean + maximumDataLength: + pattern: any|\d+ + type: string + type: object + description: + type: string + hasIdlFiles: + type: boolean + idlFiles: + items: + properties: + idlFile: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + isPrimary: + type: boolean + primaryIdlFileName: + type: string + type: object + type: array + metacharElementCheck: + type: boolean + name: + type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + type: object + type: array header-settings: properties: maximumHttpHeaderLength: @@ -503,6 +570,8 @@ spec: headers: items: properties: + allowRepeatedOccurrences: + type: boolean base64Decoding: type: boolean checkSignatures: @@ -525,6 +594,19 @@ spec: type: boolean percentDecoding: type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array type: enum: - explicit @@ -532,6 +614,19 @@ spec: type: string urlNormalization: type: boolean + wildcardOrder: + type: integer + type: object + type: array + idl-files: + items: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean type: object type: array json-profiles: @@ -558,6 +653,8 @@ spec: type: object description: type: string + handleJsonValuesAsParameters: + type: boolean hasValidationFiles: type: boolean metacharOverrides: @@ -636,6 +733,8 @@ spec: methods: items: properties: + action: + type: string name: type: string type: object @@ -719,6 +818,8 @@ spec: type: boolean exclusiveMin: type: boolean + isBase64: + type: boolean isCookie: type: boolean isHeader: @@ -728,12 +829,20 @@ spec: - global - url type: string + mandatory: + type: boolean maximumLength: type: integer + maximumValue: + type: integer metacharsOnParameterValueCheck: type: boolean minimumLength: type: integer + minimumValue: + type: integer + multipleOf: + type: integer name: type: string nameMetacharOverrides: @@ -784,6 +893,8 @@ spec: - explicit - wildcard type: string + url: + type: object valueMetacharOverrides: items: properties: @@ -807,6 +918,8 @@ spec: - user-input - xml type: string + wildcardOrder: + type: integer type: object type: array response-pages: @@ -826,6 +939,11 @@ spec: type: string ajaxRedirectUrl: type: string + grpcStatusCode: + pattern: ABORTED|ALREADY_EXISTS|CANCELLED|DATA_LOSS|DEADLINE_EXCEEDED|FAILED_PRECONDITION|INTERNAL|INVALID_ARGUMENT|NOT_FOUND|OK|OUT_OF_RANGE|PERMISSION_DENIED|RESOURCE_EXHAUSTED|UNAUTHENTICATED|UNAVAILABLE|UNIMPLEMENTED|UNKNOWN|d+ + type: string + grpcStatusMessage: + type: string responseActionType: enum: - custom @@ -853,6 +971,7 @@ spec: - mobile - persistent-flow - xml + - grpc type: string responseRedirectUrl: type: string @@ -1060,6 +1179,8 @@ spec: urls: items: properties: + $action: + type: string attackSignaturesCheck: type: boolean description: @@ -1242,6 +1363,8 @@ spec: type: boolean exclusiveMin: type: boolean + isBase64: + type: boolean isCookie: type: boolean isHeader: @@ -1251,12 +1374,20 @@ spec: - global - url type: string + mandatory: + type: boolean maximumLength: type: integer + maximumValue: + type: integer metacharsOnParameterValueCheck: type: boolean minimumLength: type: integer + minimumValue: + type: integer + multipleOf: + type: integer name: type: string nameMetacharOverrides: @@ -1307,6 +1438,8 @@ spec: - explicit - wildcard type: string + url: + type: object valueMetacharOverrides: items: properties: @@ -1330,6 +1463,8 @@ spec: - user-input - xml type: string + wildcardOrder: + type: integer type: object urlSegmentIndex: type: integer @@ -1361,6 +1496,11 @@ spec: urlContentProfiles: items: properties: + contentProfile: + properties: + name: + type: string + type: object headerName: type: string headerOrder: @@ -1379,6 +1519,7 @@ spec: - gwt - json - xml + - grpc type: string type: object type: array @@ -1466,6 +1607,19 @@ spec: type: boolean name: type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array type: object type: array xml-validation-files: diff --git a/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml b/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml index a7e5ac5630..ea30d42e79 100644 --- a/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml +++ b/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml @@ -15,50 +15,55 @@ spec: preserveUnknownFields: false scope: Namespaced versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APLogConf is the Schema for the APLogConfs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APLogConfSpec defines the desired state of APLogConf - properties: - content: - properties: - format: - enum: - - splunk - - arcsight - - default - - user-defined - type: string - format_string: - type: string - max_message_size: - pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ - type: string - max_request_size: - pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|1[0-9]{3}|20[1-3][0-9]|204[1-8]|any)$ - type: string - type: object - filter: - properties: - request_type: - enum: - - all - - illegal - - blocked - type: string - type: object - type: object - type: object - served: true - storage: true + - name: v1beta1 + schema: + openAPIV3Schema: + description: APLogConf is the Schema for the APLogConfs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APLogConfSpec defines the desired state of APLogConf + properties: + content: + properties: + format: + enum: + - splunk + - arcsight + - default + - user-defined + - grpc + type: string + format_string: + type: string + max_message_size: + pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ + type: string + max_request_size: + pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|1[0-9]{3}|20[1-3][0-9]|204[1-8]|any)$ + type: string + type: object + filter: + properties: + request_type: + enum: + - all + - illegal + - blocked + type: string + type: object + type: object + type: object + served: true + storage: true diff --git a/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml b/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml index 6eb0801928..1e084d23cf 100644 --- a/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml +++ b/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml @@ -15,1484 +15,1642 @@ spec: preserveUnknownFields: false scope: Namespaced versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APPolicyConfig is the Schema for the APPolicyconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APPolicySpec defines the desired state of APPolicy - properties: - modifications: - items: - properties: - action: - type: string - description: - type: string - entity: - properties: - name: - type: string - type: object - entityChanges: - properties: - type: - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - modificationsReference: + - name: v1beta1 + schema: + openAPIV3Schema: + description: APPolicyConfig is the Schema for the APPolicyconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APPolicySpec defines the desired state of APPolicy + properties: + modifications: + items: properties: - link: - pattern: ^http + action: type: string - type: object - policy: - description: Defines the App Protect policy - properties: - applicationLanguage: - enum: - - iso-8859-10 - - iso-8859-6 - - windows-1255 - - auto-detect - - koi8-r - - gb18030 - - iso-8859-8 - - windows-1250 - - iso-8859-9 - - windows-1252 - - iso-8859-16 - - gb2312 - - iso-8859-2 - - iso-8859-5 - - windows-1257 - - windows-1256 - - iso-8859-13 - - windows-874 - - windows-1253 - - iso-8859-3 - - euc-jp - - utf-8 - - gbk - - windows-1251 - - big5 - - iso-8859-1 - - shift_jis - - euc-kr - - iso-8859-4 - - iso-8859-7 - - iso-8859-15 + description: type: string - blocking-settings: + entity: properties: - evasions: - items: - properties: - description: - enum: - - '%u decoding' - - Apache whitespace - - Bad unescape - - Bare byte decoding - - Directory traversals - - IIS backslashes - - IIS Unicode codepoints - - Multiple decoding - type: string - enabled: - type: boolean - maxDecodingPasses: - type: integer - type: object - type: array - http-protocols: - items: - properties: - description: - enum: - - Unescaped space in URL - - Unparsable request content - - Several Content-Length headers - - 'POST request with Content-Length: 0' - - Null in request - - No Host header in HTTP/1.1 request - - Multiple host headers - - Host header contains IP address - - High ASCII characters in headers - - Header name with no header value - - CRLF characters before request start - - Content length should be a positive number - - Chunked request with Content-Length header - - Check maximum number of parameters - - Check maximum number of headers - - Body in GET or HEAD requests - - Bad multipart/form-data request parsing - - Bad multipart parameters parsing - - Bad HTTP version - - Bad host header value - type: string - enabled: - type: boolean - maxHeaders: - type: integer - maxParams: - type: integer - type: object - type: array - violations: - items: - properties: - alarm: - type: boolean - block: - type: boolean - description: - type: string - name: - enum: - - VIOL_PARAMETER_VALUE_BASE64 - - VIOL_MANDATORY_HEADER - - VIOL_HEADER_REPEATED - - VIOL_ASM_COOKIE_MODIFIED - - VIOL_BLACKLISTED_IP - - VIOL_COOKIE_EXPIRED - - VIOL_COOKIE_LENGTH - - VIOL_COOKIE_MALFORMED - - VIOL_COOKIE_MODIFIED - - VIOL_DATA_GUARD - - VIOL_ENCODING - - VIOL_EVASION - - VIOL_FILETYPE - - VIOL_FILE_UPLOAD - - VIOL_FILE_UPLOAD_IN_BODY - - VIOL_HEADER_LENGTH - - VIOL_HEADER_METACHAR - - VIOL_HTTP_PROTOCOL - - VIOL_HTTP_RESPONSE_STATUS - - VIOL_JSON_FORMAT - - VIOL_JSON_MALFORMED - - VIOL_JSON_SCHEMA - - VIOL_MANDATORY_PARAMETER - - VIOL_MANDATORY_REQUEST_BODY - - VIOL_METHOD - - VIOL_PARAMETER - - VIOL_PARAMETER_DATA_TYPE - - VIOL_PARAMETER_EMPTY_VALUE - - VIOL_PARAMETER_LOCATION - - VIOL_PARAMETER_MULTIPART_NULL_VALUE - - VIOL_PARAMETER_NAME_METACHAR - - VIOL_PARAMETER_NUMERIC_VALUE - - VIOL_PARAMETER_REPEATED - - VIOL_PARAMETER_STATIC_VALUE - - VIOL_PARAMETER_VALUE_LENGTH - - VIOL_PARAMETER_VALUE_METACHAR - - VIOL_POST_DATA_LENGTH - - VIOL_QUERY_STRING_LENGTH - - VIOL_RATING_THREAT - - VIOL_RATING_NEED_EXAMINATION - - VIOL_REQUEST_MAX_LENGTH - - VIOL_REQUEST_LENGTH - - VIOL_THREAT_CAMPAIGN - - VIOL_URL - - VIOL_URL_CONTENT_TYPE - - VIOL_URL_LENGTH - - VIOL_URL_METACHAR - - VIOL_XML_FORMAT - - VIOL_XML_MALFORMED - type: string - type: object - type: array + name: + type: string type: object - blockingSettingReference: + entityChanges: properties: - link: - pattern: ^http + type: type: string type: object - bot-defense: - properties: - mitigations: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + modificationsReference: + properties: + link: + pattern: ^http + type: string + type: object + policy: + description: Defines the App Protect policy + properties: + applicationLanguage: + enum: + - iso-8859-10 + - iso-8859-6 + - windows-1255 + - auto-detect + - koi8-r + - gb18030 + - iso-8859-8 + - windows-1250 + - iso-8859-9 + - windows-1252 + - iso-8859-16 + - gb2312 + - iso-8859-2 + - iso-8859-5 + - windows-1257 + - windows-1256 + - iso-8859-13 + - windows-874 + - windows-1253 + - iso-8859-3 + - euc-jp + - utf-8 + - gbk + - windows-1251 + - big5 + - iso-8859-1 + - shift_jis + - euc-kr + - iso-8859-4 + - iso-8859-7 + - iso-8859-15 + type: string + blocking-settings: + properties: + evasions: + items: properties: - anomalies: - items: - properties: - action: - enum: - - alarm - - block - - default - - detect - - ignore - type: string - name: - type: string - scoreThreshold: - pattern: '[0-9]|[1-9][0-9]|1[0-4][0-9]|150|default' - type: string - type: object - type: array - classes: - items: - properties: - action: - enum: - - alarm - - block - - detect - - ignore - type: string - name: - enum: - - malicious-bot - - suspicious-browser - - trusted-bot - - untrusted-bot - type: string - type: object - type: array - signatures: - items: - properties: - action: - enum: - - alarm - - block - - detect - - ignore - type: string - name: - type: string - type: object - type: array + description: + enum: + - '%u decoding' + - Apache whitespace + - Bad unescape + - Bare byte decoding + - Directory traversals + - IIS backslashes + - IIS Unicode codepoints + - Multiple decoding + type: string + enabled: + type: boolean + maxDecodingPasses: + type: integer + type: object + type: array + http-protocols: + items: + properties: + description: + enum: + - Unescaped space in URL + - Unparsable request content + - Several Content-Length headers + - 'POST request with Content-Length: 0' + - Null in request + - No Host header in HTTP/1.1 request + - Multiple host headers + - Host header contains IP address + - High ASCII characters in headers + - Header name with no header value + - CRLF characters before request start + - Content length should be a positive number + - Chunked request with Content-Length header + - Check maximum number of parameters + - Check maximum number of headers + - Body in GET or HEAD requests + - Bad multipart/form-data request parsing + - Bad multipart parameters parsing + - Bad HTTP version + - Bad host header value + type: string + enabled: + type: boolean + maxHeaders: + type: integer + maxParams: + type: integer type: object - settings: + type: array + violations: + items: properties: - isEnabled: + alarm: + type: boolean + block: type: boolean + description: + type: string + name: + enum: + - VIOL_GRPC_FORMAT + - VIOL_GRPC_MALFORMED + - VIOL_GRPC_METHOD + - VIOL_PARAMETER_ARRAY_VALUE + - VIOL_PARAMETER_VALUE_REGEXP + - VIOL_PARAMETER_VALUE_BASE64 + - VIOL_MANDATORY_HEADER + - VIOL_HEADER_REPEATED + - VIOL_ASM_COOKIE_MODIFIED + - VIOL_BLACKLISTED_IP + - VIOL_COOKIE_EXPIRED + - VIOL_COOKIE_LENGTH + - VIOL_COOKIE_MALFORMED + - VIOL_COOKIE_MODIFIED + - VIOL_DATA_GUARD + - VIOL_ENCODING + - VIOL_EVASION + - VIOL_FILETYPE + - VIOL_FILE_UPLOAD + - VIOL_FILE_UPLOAD_IN_BODY + - VIOL_HEADER_LENGTH + - VIOL_HEADER_METACHAR + - VIOL_HTTP_PROTOCOL + - VIOL_HTTP_RESPONSE_STATUS + - VIOL_JSON_FORMAT + - VIOL_JSON_MALFORMED + - VIOL_JSON_SCHEMA + - VIOL_MANDATORY_PARAMETER + - VIOL_MANDATORY_REQUEST_BODY + - VIOL_METHOD + - VIOL_PARAMETER + - VIOL_PARAMETER_DATA_TYPE + - VIOL_PARAMETER_EMPTY_VALUE + - VIOL_PARAMETER_LOCATION + - VIOL_PARAMETER_MULTIPART_NULL_VALUE + - VIOL_PARAMETER_NAME_METACHAR + - VIOL_PARAMETER_NUMERIC_VALUE + - VIOL_PARAMETER_REPEATED + - VIOL_PARAMETER_STATIC_VALUE + - VIOL_PARAMETER_VALUE_LENGTH + - VIOL_PARAMETER_VALUE_METACHAR + - VIOL_POST_DATA_LENGTH + - VIOL_QUERY_STRING_LENGTH + - VIOL_RATING_THREAT + - VIOL_RATING_NEED_EXAMINATION + - VIOL_REQUEST_MAX_LENGTH + - VIOL_REQUEST_LENGTH + - VIOL_THREAT_CAMPAIGN + - VIOL_URL + - VIOL_URL_CONTENT_TYPE + - VIOL_URL_LENGTH + - VIOL_URL_METACHAR + - VIOL_XML_FORMAT + - VIOL_XML_MALFORMED + type: string type: object - type: object - caseInsensitive: - type: boolean - character-sets: - items: + type: array + type: object + blockingSettingReference: + properties: + link: + pattern: ^http + type: string + type: object + bot-defense: + properties: + mitigations: properties: - characterSet: + anomalies: items: properties: - isAllowed: - type: boolean - metachar: + action: + enum: + - alarm + - block + - default + - detect + - ignore + type: string + name: + type: string + scoreThreshold: + pattern: '[0-9]|[1-9][0-9]|1[0-4][0-9]|150|default' type: string type: object type: array - characterSetType: - enum: - - gwt-content - - header - - json-content - - parameter-name - - parameter-value - - plain-text-content - - url - - xml-content - type: string - type: object - type: array - characterSetReference: - properties: - link: - pattern: ^http - type: string - type: object - cookie-settings: - properties: - maximumCookieHeaderLength: - pattern: any|\d+ - type: string - type: object - cookieReference: - properties: - link: - pattern: ^http - type: string - type: object - cookieSettingsReference: - properties: - link: - pattern: ^http - type: string - type: object - cookies: - items: - properties: - accessibleOnlyThroughTheHttpProtocol: - type: boolean - attackSignaturesCheck: - type: boolean - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - enforcementType: - type: string - insertSameSiteAttribute: - enum: - - lax - - none - - none-value - - strict - type: string - name: - type: string - securedOverHttpsConnection: - type: boolean - signatureOverrides: + classes: items: properties: - enabled: - type: boolean + action: + enum: + - alarm + - block + - detect + - ignore + type: string name: + enum: + - malicious-bot + - suspicious-browser + - trusted-bot + - untrusted-bot + type: string + type: object + type: array + signatures: + items: + properties: + action: + enum: + - alarm + - block + - detect + - ignore type: string - signatureId: - type: integer - tag: + name: type: string type: object type: array - type: - enum: - - explicit - - wildcard - type: string type: object - type: array - data-guard: + settings: + properties: + isEnabled: + type: boolean + type: object + type: object + caseInsensitive: + type: boolean + character-sets: + items: + properties: + characterSet: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + characterSetType: + enum: + - gwt-content + - header + - json-content + - parameter-name + - parameter-value + - plain-text-content + - url + - xml-content + type: string + type: object + type: array + characterSetReference: + properties: + link: + pattern: ^http + type: string + type: object + cookie-settings: + properties: + maximumCookieHeaderLength: + pattern: any|\d+ + type: string + type: object + cookieReference: + properties: + link: + pattern: ^http + type: string + type: object + cookieSettingsReference: + properties: + link: + pattern: ^http + type: string + type: object + cookies: + items: properties: - creditCardNumbers: + accessibleOnlyThroughTheHttpProtocol: type: boolean - enabled: + attackSignaturesCheck: type: boolean - enforcementMode: + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + enforcementType: + type: string + insertSameSiteAttribute: enum: - - ignore-urls-in-list - - enforce-urls-in-list + - lax + - none + - none-value + - strict + type: string + name: type: string - enforcementUrls: + securedOverHttpsConnection: + type: boolean + signatureOverrides: items: - type: string + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object type: array - lastCcnDigitsToExpose: - type: integer - lastSsnDigitsToExpose: + type: + enum: + - explicit + - wildcard + type: string + wildcardOrder: type: integer - maskData: - type: boolean - usSocialSecurityNumbers: - type: boolean type: object - dataGuardReference: - properties: - link: - pattern: ^http + type: array + data-guard: + properties: + creditCardNumbers: + type: boolean + enabled: + type: boolean + enforcementMode: + enum: + - ignore-urls-in-list + - enforce-urls-in-list + type: string + enforcementUrls: + items: type: string - type: object - description: - type: string - enablePassiveMode: - type: boolean - enforcementMode: - enum: - - transparent - - blocking - type: string - filetypeReference: + type: array + lastCcnDigitsToExpose: + type: integer + lastSsnDigitsToExpose: + type: integer + maskData: + type: boolean + usSocialSecurityNumbers: + type: boolean + type: object + dataGuardReference: + properties: + link: + pattern: ^http + type: string + type: object + description: + type: string + enablePassiveMode: + type: boolean + enforcementMode: + enum: + - transparent + - blocking + type: string + filetypeReference: + properties: + link: + pattern: ^http + type: string + type: object + filetypes: + items: properties: - link: - pattern: ^http + action: type: string - type: object - filetypes: - items: - properties: - allowed: - type: boolean - checkPostDataLength: - type: boolean - checkQueryStringLength: - type: boolean - checkRequestLength: - type: boolean - checkUrlLength: - type: boolean - name: - type: string - postDataLength: - type: integer - queryStringLength: - type: integer - requestLength: - type: integer - responseCheck: - type: boolean - type: - enum: - - explicit - - wildcard - type: string - urlLength: - type: integer - type: object - type: array - fullPath: - type: string - general: - properties: - allowedResponseCodes: - items: - format: int32 - maximum: 999 - minimum: 100 - type: integer - type: array - customXffHeaders: - items: - type: string - type: array - maskCreditCardNumbersInRequest: + allowed: type: boolean - trustXff: + checkPostDataLength: type: boolean - type: object - generalReference: - properties: - link: - pattern: ^http + checkQueryStringLength: + type: boolean + checkRequestLength: + type: boolean + checkUrlLength: + type: boolean + name: type: string - type: object - header-settings: - properties: - maximumHttpHeaderLength: - pattern: any|\d+ + postDataLength: + type: integer + queryStringLength: + type: integer + requestLength: + type: integer + responseCheck: + type: boolean + type: + enum: + - explicit + - wildcard type: string + urlLength: + type: integer + wildcardOrder: + type: integer type: object - headerReference: - properties: - link: - pattern: ^http + type: array + fullPath: + type: string + general: + properties: + allowedResponseCodes: + items: + format: int32 + maximum: 999 + minimum: 100 + type: integer + type: array + customXffHeaders: + items: type: string - type: object - headerSettingsReference: + type: array + maskCreditCardNumbersInRequest: + type: boolean + trustXff: + type: boolean + type: object + generalReference: + properties: + link: + pattern: ^http + type: string + type: object + grpc-profiles: + items: properties: - link: - pattern: ^http + associateUrls: + type: boolean + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + allowUnknownFields: + type: boolean + maximumDataLength: + pattern: any|\d+ + type: string + type: object + description: type: string - type: object - headers: - items: - properties: - base64Decoding: - type: boolean - checkSignatures: - type: boolean - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - htmlNormalization: - type: boolean - mandatory: - type: boolean - maskValueInLogs: - type: boolean - name: - type: string - normalizationViolations: - type: boolean - percentDecoding: - type: boolean - type: - enum: - - explicit - - wildcard - type: string - urlNormalization: - type: boolean - type: object - type: array - json-profiles: - items: - properties: - attackSignaturesCheck: - type: boolean - defenseAttributes: + hasIdlFiles: + type: boolean + idlFiles: + items: properties: - maximumArrayLength: - pattern: any|\d+ - type: string - maximumStructureDepth: - pattern: any|\d+ + idlFile: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + isPrimary: + type: boolean + primaryIdlFileName: type: string - maximumTotalLengthOfJSONData: - pattern: any|\d+ + type: object + type: array + metacharElementCheck: + type: boolean + name: + type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: type: string - maximumValueLength: - pattern: any|\d+ + signatureId: + type: integer + tag: type: string - tolerateJSONParsingWarnings: - type: boolean type: object - description: - type: string - hasValidationFiles: - type: boolean - metacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - name: - type: string - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - validationFiles: - items: - properties: - importUrl: - type: string - isPrimary: - type: boolean - jsonValidationFile: - properties: - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: object - type: array - type: object - type: array - json-validation-files: - items: - properties: - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: array - jsonProfileReference: - properties: - link: - pattern: ^http - type: string - type: object - jsonValidationFileReference: - properties: - link: - pattern: ^http - type: string + type: array type: object - methodReference: + type: array + header-settings: + properties: + maximumHttpHeaderLength: + pattern: any|\d+ + type: string + type: object + headerReference: + properties: + link: + pattern: ^http + type: string + type: object + headerSettingsReference: + properties: + link: + pattern: ^http + type: string + type: object + headers: + items: properties: - link: - pattern: ^http + allowRepeatedOccurrences: + type: boolean + base64Decoding: + type: boolean + checkSignatures: + type: boolean + decodeValueAsBase64: + enum: + - enabled + - disabled + - required type: string - type: object - methods: - items: - properties: - name: - type: string - type: object - type: array - name: - type: string - open-api-files: - items: - properties: - link: - pattern: ^http - type: string - type: object - type: array - parameterReference: - properties: - link: - pattern: ^http + htmlNormalization: + type: boolean + mandatory: + type: boolean + maskValueInLogs: + type: boolean + name: type: string - type: object - parameters: - items: - properties: - allowEmptyValue: - type: boolean - allowRepeatedParameterName: - type: boolean - arraySerializationFormat: - enum: - - csv - - form - - label - - matrix - - multi - - multipart - - pipe - - ssv - - tsv - type: string - attackSignaturesCheck: - type: boolean - checkMaxValue: - type: boolean - checkMaxValueLength: - type: boolean - checkMetachars: - type: boolean - checkMinValue: - type: boolean - checkMinValueLength: - type: boolean - checkMultipleOfValue: - type: boolean - contentProfile: + normalizationViolations: + type: boolean + percentDecoding: + type: boolean + signatureOverrides: + items: properties: + enabled: + type: boolean name: type: string + signatureId: + type: integer + tag: + type: string type: object - dataType: - enum: - - alpha-numeric - - binary - - boolean - - decimal - - email - - integer - - none - - phone - type: string - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - disallowFileUploadOfExecutables: - type: boolean - enableRegularExpression: - type: boolean - exclusiveMax: - type: boolean - exclusiveMin: - type: boolean - isCookie: - type: boolean - isHeader: - type: boolean - level: - enum: - - global - - url - type: string - maximumLength: - type: integer - metacharsOnParameterValueCheck: - type: boolean - minimumLength: - type: integer - name: - type: string - nameMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - objectSerializationStyle: - type: string - parameterEnumValues: - items: - type: string - type: array - parameterLocation: - enum: - - any - - cookie - - form-data - - header - - path - - query - type: string - regularExpression: - type: string - sensitiveParameter: - type: boolean - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - staticValues: - type: string - type: - enum: - - explicit - - wildcard - type: string - valueMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - valueType: - enum: - - array - - auto-detect - - dynamic-content - - dynamic-parameter-name - - ignore - - json - - object - - openapi-array - - static-content - - user-input - - xml - type: string - type: object - type: array - response-pages: - items: - properties: - ajaxActionType: - enum: - - alert-popup - - custom - - redirect - type: string - ajaxCustomContent: - type: string - ajaxEnabled: - type: boolean - ajaxPopupMessage: - type: string - ajaxRedirectUrl: - type: string - responseActionType: - enum: - - custom - - default - - erase-cookies - - redirect - - soap-fault - type: string - responseContent: - type: string - responseHeader: - type: string - responsePageType: - enum: - - ajax - - ajax-login - - captcha - - captcha-fail - - default - - failed-login-honeypot - - failed-login-honeypot-ajax - - hijack - - leaked-credentials - - leaked-credentials-ajax - - mobile - - persistent-flow - - xml - type: string - responseRedirectUrl: - type: string - type: object - type: array - responsePageReference: - properties: - link: - pattern: ^http + type: array + type: + enum: + - explicit + - wildcard type: string + urlNormalization: + type: boolean + wildcardOrder: + type: integer type: object - sensitive-parameters: - items: - properties: - name: - type: string - type: object - type: array - sensitiveParameterReference: + type: array + idl-files: + items: properties: - link: - pattern: ^http + contents: type: string + fileName: + type: string + isBase64: + type: boolean type: object - server-technologies: - items: - properties: - serverTechnologyName: - enum: - - Jenkins - - SharePoint - - Oracle Application Server - - Python - - Oracle Identity Manager - - Spring Boot - - CouchDB - - SQLite - - Handlebars - - Mustache - - Prototype - - Zend - - Redis - - Underscore.js - - Ember.js - - ZURB Foundation - - ef.js - - Vue.js - - UIKit - - TYPO3 CMS - - RequireJS - - React - - MooTools - - Laravel - - GraphQL - - Google Web Toolkit - - Express.js - - CodeIgniter - - Backbone.js - - AngularJS - - JavaScript - - Nginx - - Jetty - - Joomla - - JavaServer Faces (JSF) - - Ruby - - MongoDB - - Django - - Node.js - - Citrix - - JBoss - - Elasticsearch - - Apache Struts - - XML - - PostgreSQL - - IBM DB2 - - Sybase/ASE - - CGI - - Proxy Servers - - SSI (Server Side Includes) - - Cisco - - Novell - - Macromedia JRun - - BEA Systems WebLogic Server - - Lotus Domino - - MySQL - - Oracle - - Microsoft SQL Server - - PHP - - Outlook Web Access - - Apache/NCSA HTTP Server - - Apache Tomcat - - WordPress - - Macromedia ColdFusion - - Unix/Linux - - Microsoft Windows - - ASP.NET - - Front Page Server Extensions (FPSE) - - IIS - - WebDAV - - ASP - - Java Servlets/JSP - - jQuery - type: string - type: object - type: array - serverTechnologyReference: + type: array + json-profiles: + items: properties: - link: - pattern: ^http + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + maximumArrayLength: + pattern: any|\d+ + type: string + maximumStructureDepth: + pattern: any|\d+ + type: string + maximumTotalLengthOfJSONData: + pattern: any|\d+ + type: string + maximumValueLength: + pattern: any|\d+ + type: string + tolerateJSONParsingWarnings: + type: boolean + type: object + description: + type: string + handleJsonValuesAsParameters: + type: boolean + hasValidationFiles: + type: boolean + metacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + name: type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + validationFiles: + items: + properties: + importUrl: + type: string + isPrimary: + type: boolean + jsonValidationFile: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + type: object + type: array type: object - signature-requirements: - items: - properties: - tag: - type: string - type: object - type: array - signature-sets: - items: - properties: - alarm: - type: boolean - block: - type: boolean - name: - type: string - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - signature-settings: + type: array + json-validation-files: + items: properties: - attackSignatureFalsePositiveMode: - enum: - - detect - - detect-and-allow - - disabled + contents: type: string - minimumAccuracyForAutoAddedSignatures: - enum: - - high - - low - - medium + fileName: type: string + isBase64: + type: boolean type: object - signatureReference: + type: array + jsonProfileReference: + properties: + link: + pattern: ^http + type: string + type: object + jsonValidationFileReference: + properties: + link: + pattern: ^http + type: string + type: object + methodReference: + properties: + link: + pattern: ^http + type: string + type: object + methods: + items: properties: - link: - pattern: ^http + action: + type: string + name: type: string type: object - signatureSetReference: + type: array + name: + type: string + open-api-files: + items: properties: link: pattern: ^http type: string type: object - signatureSettingReference: + type: array + parameterReference: + properties: + link: + pattern: ^http + type: string + type: object + parameters: + items: properties: - link: - pattern: ^http + allowEmptyValue: + type: boolean + allowRepeatedParameterName: + type: boolean + arraySerializationFormat: + enum: + - csv + - form + - label + - matrix + - multi + - multipart + - pipe + - ssv + - tsv type: string - type: object - signatures: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: + attackSignaturesCheck: + type: boolean + checkMaxValue: + type: boolean + checkMaxValueLength: + type: boolean + checkMetachars: + type: boolean + checkMinValue: + type: boolean + checkMinValueLength: + type: boolean + checkMultipleOfValue: + type: boolean + contentProfile: + properties: + name: + type: string + type: object + dataType: + enum: + - alpha-numeric + - binary + - boolean + - decimal + - email + - integer + - none + - phone + type: string + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + disallowFileUploadOfExecutables: + type: boolean + enableRegularExpression: + type: boolean + exclusiveMax: + type: boolean + exclusiveMin: + type: boolean + isBase64: + type: boolean + isCookie: + type: boolean + isHeader: + type: boolean + level: + enum: + - global + - url + type: string + mandatory: + type: boolean + maximumLength: + type: integer + maximumValue: + type: integer + metacharsOnParameterValueCheck: + type: boolean + minimumLength: + type: integer + minimumValue: + type: integer + multipleOf: + type: integer + name: + type: string + nameMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + objectSerializationStyle: + type: string + parameterEnumValues: + items: type: string - type: object - type: array - softwareVersion: - type: string - template: + type: array + parameterLocation: + enum: + - any + - cookie + - form-data + - header + - path + - query + type: string + regularExpression: + type: string + sensitiveParameter: + type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + staticValues: + type: string + type: + enum: + - explicit + - wildcard + type: string + url: + type: object + valueMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + valueType: + enum: + - array + - auto-detect + - dynamic-content + - dynamic-parameter-name + - ignore + - json + - object + - openapi-array + - static-content + - user-input + - xml + type: string + wildcardOrder: + type: integer + type: object + type: array + response-pages: + items: + properties: + ajaxActionType: + enum: + - alert-popup + - custom + - redirect + type: string + ajaxCustomContent: + type: string + ajaxEnabled: + type: boolean + ajaxPopupMessage: + type: string + ajaxRedirectUrl: + type: string + grpcStatusCode: + pattern: ABORTED|ALREADY_EXISTS|CANCELLED|DATA_LOSS|DEADLINE_EXCEEDED|FAILED_PRECONDITION|INTERNAL|INVALID_ARGUMENT|NOT_FOUND|OK|OUT_OF_RANGE|PERMISSION_DENIED|RESOURCE_EXHAUSTED|UNAUTHENTICATED|UNAVAILABLE|UNIMPLEMENTED|UNKNOWN|d+ + type: string + grpcStatusMessage: + type: string + responseActionType: + enum: + - custom + - default + - erase-cookies + - redirect + - soap-fault + type: string + responseContent: + type: string + responseHeader: + type: string + responsePageType: + enum: + - ajax + - ajax-login + - captcha + - captcha-fail + - default + - failed-login-honeypot + - failed-login-honeypot-ajax + - hijack + - leaked-credentials + - leaked-credentials-ajax + - mobile + - persistent-flow + - xml + - grpc + type: string + responseRedirectUrl: + type: string + type: object + type: array + responsePageReference: + properties: + link: + pattern: ^http + type: string + type: object + sensitive-parameters: + items: properties: name: type: string type: object - threat-campaigns: - items: - properties: - isEnabled: - type: boolean - name: - type: string - type: object - type: array - threatCampaignReference: + type: array + sensitiveParameterReference: + properties: + link: + pattern: ^http + type: string + type: object + server-technologies: + items: properties: - link: - pattern: ^http + serverTechnologyName: + enum: + - Jenkins + - SharePoint + - Oracle Application Server + - Python + - Oracle Identity Manager + - Spring Boot + - CouchDB + - SQLite + - Handlebars + - Mustache + - Prototype + - Zend + - Redis + - Underscore.js + - Ember.js + - ZURB Foundation + - ef.js + - Vue.js + - UIKit + - TYPO3 CMS + - RequireJS + - React + - MooTools + - Laravel + - GraphQL + - Google Web Toolkit + - Express.js + - CodeIgniter + - Backbone.js + - AngularJS + - JavaScript + - Nginx + - Jetty + - Joomla + - JavaServer Faces (JSF) + - Ruby + - MongoDB + - Django + - Node.js + - Citrix + - JBoss + - Elasticsearch + - Apache Struts + - XML + - PostgreSQL + - IBM DB2 + - Sybase/ASE + - CGI + - Proxy Servers + - SSI (Server Side Includes) + - Cisco + - Novell + - Macromedia JRun + - BEA Systems WebLogic Server + - Lotus Domino + - MySQL + - Oracle + - Microsoft SQL Server + - PHP + - Outlook Web Access + - Apache/NCSA HTTP Server + - Apache Tomcat + - WordPress + - Macromedia ColdFusion + - Unix/Linux + - Microsoft Windows + - ASP.NET + - Front Page Server Extensions (FPSE) + - IIS + - WebDAV + - ASP + - Java Servlets/JSP + - jQuery type: string type: object - urlReference: + type: array + serverTechnologyReference: + properties: + link: + pattern: ^http + type: string + type: object + signature-requirements: + items: properties: - link: - pattern: ^http + tag: type: string type: object - urls: - items: - properties: - attackSignaturesCheck: - type: boolean - description: - type: string - disallowFileUploadOfExecutables: - type: boolean - isAllowed: - type: boolean - mandatoryBody: - type: boolean - metacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - metacharsOnUrlCheck: - type: boolean - method: - enum: - - ACL - - BCOPY - - BDELETE - - BMOVE - - BPROPFIND - - BPROPPATCH - - CHECKIN - - CHECKOUT - - CONNECT - - COPY - - DELETE - - GET - - HEAD - - LINK - - LOCK - - MERGE - - MKCOL - - MKWORKSPACE - - MOVE - - NOTIFY - - OPTIONS - - PATCH - - POLL - - POST - - PROPFIND - - PROPPATCH - - PUT - - REPORT - - RPC_IN_DATA - - RPC_OUT_DATA - - SEARCH - - SUBSCRIBE - - TRACE - - TRACK - - UNLINK - - UNLOCK - - UNSUBSCRIBE - - VERSION_CONTROL - - X-MS-ENUMATTS - - '*' - type: string - methodOverrides: - items: - properties: - allowed: - type: boolean - method: - enum: - - ACL - - BCOPY - - BDELETE - - BMOVE - - BPROPFIND - - BPROPPATCH - - CHECKIN - - CHECKOUT - - CONNECT - - COPY - - DELETE - - GET - - HEAD - - LINK - - LOCK - - MERGE - - MKCOL - - MKWORKSPACE - - MOVE - - NOTIFY - - OPTIONS - - PATCH - - POLL - - POST - - PROPFIND - - PROPPATCH - - PUT - - REPORT - - RPC_IN_DATA - - RPC_OUT_DATA - - SEARCH - - SUBSCRIBE - - TRACE - - TRACK - - UNLINK - - UNLOCK - - UNSUBSCRIBE - - VERSION_CONTROL - - X-MS-ENUMATTS - type: string - type: object - type: array - methodsOverrideOnUrlCheck: - type: boolean - name: - type: string - positionalParameters: - items: - properties: - parameter: - properties: - allowEmptyValue: - type: boolean - allowRepeatedParameterName: - type: boolean - arraySerializationFormat: - enum: - - csv - - form - - label - - matrix - - multi - - multipart - - pipe - - ssv - - tsv - type: string - attackSignaturesCheck: - type: boolean - checkMaxValue: - type: boolean - checkMaxValueLength: - type: boolean - checkMetachars: - type: boolean - checkMinValue: - type: boolean - checkMinValueLength: - type: boolean - checkMultipleOfValue: - type: boolean - contentProfile: + type: array + signature-sets: + items: + properties: + alarm: + type: boolean + block: + type: boolean + name: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + signature-settings: + properties: + attackSignatureFalsePositiveMode: + enum: + - detect + - detect-and-allow + - disabled + type: string + minimumAccuracyForAutoAddedSignatures: + enum: + - high + - low + - medium + type: string + type: object + signatureReference: + properties: + link: + pattern: ^http + type: string + type: object + signatureSetReference: + properties: + link: + pattern: ^http + type: string + type: object + signatureSettingReference: + properties: + link: + pattern: ^http + type: string + type: object + signatures: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + softwareVersion: + type: string + template: + properties: + name: + type: string + type: object + threat-campaigns: + items: + properties: + isEnabled: + type: boolean + name: + type: string + type: object + type: array + threatCampaignReference: + properties: + link: + pattern: ^http + type: string + type: object + urlReference: + properties: + link: + pattern: ^http + type: string + type: object + urls: + items: + properties: + $action: + type: string + attackSignaturesCheck: + type: boolean + description: + type: string + disallowFileUploadOfExecutables: + type: boolean + isAllowed: + type: boolean + mandatoryBody: + type: boolean + metacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + metacharsOnUrlCheck: + type: boolean + method: + enum: + - ACL + - BCOPY + - BDELETE + - BMOVE + - BPROPFIND + - BPROPPATCH + - CHECKIN + - CHECKOUT + - CONNECT + - COPY + - DELETE + - GET + - HEAD + - LINK + - LOCK + - MERGE + - MKCOL + - MKWORKSPACE + - MOVE + - NOTIFY + - OPTIONS + - PATCH + - POLL + - POST + - PROPFIND + - PROPPATCH + - PUT + - REPORT + - RPC_IN_DATA + - RPC_OUT_DATA + - SEARCH + - SUBSCRIBE + - TRACE + - TRACK + - UNLINK + - UNLOCK + - UNSUBSCRIBE + - VERSION_CONTROL + - X-MS-ENUMATTS + - '*' + type: string + methodOverrides: + items: + properties: + allowed: + type: boolean + method: + enum: + - ACL + - BCOPY + - BDELETE + - BMOVE + - BPROPFIND + - BPROPPATCH + - CHECKIN + - CHECKOUT + - CONNECT + - COPY + - DELETE + - GET + - HEAD + - LINK + - LOCK + - MERGE + - MKCOL + - MKWORKSPACE + - MOVE + - NOTIFY + - OPTIONS + - PATCH + - POLL + - POST + - PROPFIND + - PROPPATCH + - PUT + - REPORT + - RPC_IN_DATA + - RPC_OUT_DATA + - SEARCH + - SUBSCRIBE + - TRACE + - TRACK + - UNLINK + - UNLOCK + - UNSUBSCRIBE + - VERSION_CONTROL + - X-MS-ENUMATTS + type: string + type: object + type: array + methodsOverrideOnUrlCheck: + type: boolean + name: + type: string + positionalParameters: + items: + properties: + parameter: + properties: + allowEmptyValue: + type: boolean + allowRepeatedParameterName: + type: boolean + arraySerializationFormat: + enum: + - csv + - form + - label + - matrix + - multi + - multipart + - pipe + - ssv + - tsv + type: string + attackSignaturesCheck: + type: boolean + checkMaxValue: + type: boolean + checkMaxValueLength: + type: boolean + checkMetachars: + type: boolean + checkMinValue: + type: boolean + checkMinValueLength: + type: boolean + checkMultipleOfValue: + type: boolean + contentProfile: + properties: + name: + type: string + type: object + dataType: + enum: + - alpha-numeric + - binary + - boolean + - decimal + - email + - integer + - none + - phone + type: string + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + disallowFileUploadOfExecutables: + type: boolean + enableRegularExpression: + type: boolean + exclusiveMax: + type: boolean + exclusiveMin: + type: boolean + isBase64: + type: boolean + isCookie: + type: boolean + isHeader: + type: boolean + level: + enum: + - global + - url + type: string + mandatory: + type: boolean + maximumLength: + type: integer + maximumValue: + type: integer + metacharsOnParameterValueCheck: + type: boolean + minimumLength: + type: integer + minimumValue: + type: integer + multipleOf: + type: integer + name: + type: string + nameMetacharOverrides: + items: properties: - name: + isAllowed: + type: boolean + metachar: type: string type: object - dataType: - enum: - - alpha-numeric - - binary - - boolean - - decimal - - email - - integer - - none - - phone - type: string - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - disallowFileUploadOfExecutables: - type: boolean - enableRegularExpression: - type: boolean - exclusiveMax: - type: boolean - exclusiveMin: - type: boolean - isCookie: - type: boolean - isHeader: - type: boolean - level: - enum: - - global - - url - type: string - maximumLength: - type: integer - metacharsOnParameterValueCheck: - type: boolean - minimumLength: - type: integer - name: - type: string - nameMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - objectSerializationStyle: - type: string - parameterEnumValues: - items: - type: string - type: array - parameterLocation: - enum: - - any - - cookie - - form-data - - header - - path - - query - type: string - regularExpression: - type: string - sensitiveParameter: - type: boolean - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - staticValues: - type: string - type: - enum: - - explicit - - wildcard - type: string - valueMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - valueType: - enum: - - array - - auto-detect - - dynamic-content - - dynamic-parameter-name - - ignore - - json - - object - - openapi-array - - static-content - - user-input - - xml + type: array + objectSerializationStyle: + type: string + parameterEnumValues: + items: type: string - type: object - urlSegmentIndex: - type: integer - type: object - type: array - protocol: - enum: - - http - - https - type: string - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - type: - enum: - - explicit - - wildcard - type: string - urlContentProfiles: - items: - properties: - headerName: - type: string - headerOrder: - type: string - headerValue: - type: string - name: - type: string - type: - enum: - - apply-content-signatures - - apply-value-and-content-signatures - - disallow - - do-nothing + type: array + parameterLocation: + enum: + - any + - cookie - form-data - - gwt + - header + - path + - query + type: string + regularExpression: + type: string + sensitiveParameter: + type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + staticValues: + type: string + type: + enum: + - explicit + - wildcard + type: string + url: + type: object + valueMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + valueType: + enum: + - array + - auto-detect + - dynamic-content + - dynamic-parameter-name + - ignore - json + - object + - openapi-array + - static-content + - user-input - xml - type: string - type: object - type: array - wildcardOrder: - type: integer - type: object - type: array - whitelist-ips: - items: - properties: - blockRequests: - enum: - - always - - never - - policy-default - type: string - ipAddress: - pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' - type: string - ipMask: - pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' - type: string - type: object - type: array - whitelistIpReference: - properties: - link: - pattern: ^http + type: string + wildcardOrder: + type: integer + type: object + urlSegmentIndex: + type: integer + type: object + type: array + protocol: + enum: + - http + - https type: string - type: object - xml-profiles: - items: - properties: - attackSignaturesCheck: - type: boolean - defenseAttributes: + signatureOverrides: + items: properties: - allowCDATA: - type: boolean - allowDTDs: - type: boolean - allowExternalReferences: - type: boolean - allowProcessingInstructions: + enabled: type: boolean - maximumAttributeValueLength: - pattern: any|\d+ - type: string - maximumAttributesPerElement: - pattern: any|\d+ - type: string - maximumChildrenPerElement: - pattern: any|\d+ + name: type: string - maximumDocumentDepth: - pattern: any|\d+ + signatureId: + type: integer + tag: type: string - maximumDocumentSize: - pattern: any|\d+ + type: object + type: array + type: + enum: + - explicit + - wildcard + type: string + urlContentProfiles: + items: + properties: + contentProfile: + properties: + name: + type: string + type: object + headerName: type: string - maximumElements: - pattern: any|\d+ + headerOrder: type: string - maximumNSDeclarations: - pattern: any|\d+ + headerValue: type: string - maximumNameLength: - pattern: any|\d+ + name: type: string - maximumNamespaceLength: - pattern: any|\d+ + type: + enum: + - apply-content-signatures + - apply-value-and-content-signatures + - disallow + - do-nothing + - form-data + - gwt + - json + - xml + - grpc type: string - tolerateCloseTagShorthand: - type: boolean - tolerateLeadingWhiteSpace: - type: boolean - tolerateNumericNames: - type: boolean type: object - description: - type: string - enableWss: - type: boolean - followSchemaLinks: - type: boolean - name: - type: string - type: object - type: array - xml-validation-files: - items: - properties: - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: array - xmlProfileReference: + type: array + wildcardOrder: + type: integer + type: object + type: array + whitelist-ips: + items: properties: - link: - pattern: ^http + blockRequests: + enum: + - always + - never + - policy-default + type: string + ipAddress: + pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' + type: string + ipMask: + pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' type: string type: object - xmlValidationFileReference: + type: array + whitelistIpReference: + properties: + link: + pattern: ^http + type: string + type: object + xml-profiles: + items: properties: - link: - pattern: ^http + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + allowCDATA: + type: boolean + allowDTDs: + type: boolean + allowExternalReferences: + type: boolean + allowProcessingInstructions: + type: boolean + maximumAttributeValueLength: + pattern: any|\d+ + type: string + maximumAttributesPerElement: + pattern: any|\d+ + type: string + maximumChildrenPerElement: + pattern: any|\d+ + type: string + maximumDocumentDepth: + pattern: any|\d+ + type: string + maximumDocumentSize: + pattern: any|\d+ + type: string + maximumElements: + pattern: any|\d+ + type: string + maximumNSDeclarations: + pattern: any|\d+ + type: string + maximumNameLength: + pattern: any|\d+ + type: string + maximumNamespaceLength: + pattern: any|\d+ + type: string + tolerateCloseTagShorthand: + type: boolean + tolerateLeadingWhiteSpace: + type: boolean + tolerateNumericNames: + type: boolean + type: object + description: + type: string + enableWss: + type: boolean + followSchemaLinks: + type: boolean + name: type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array type: object - type: object - type: object - type: object - served: true - storage: true + type: array + xml-validation-files: + items: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + type: array + xmlProfileReference: + properties: + link: + pattern: ^http + type: string + type: object + xmlValidationFileReference: + properties: + link: + pattern: ^http + type: string + type: object + type: object + type: object + type: object + served: true + storage: true diff --git a/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml b/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml index 044eeb4563..a651a00598 100644 --- a/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml +++ b/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml @@ -15,79 +15,83 @@ spec: preserveUnknownFields: false scope: Namespaced versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APUserSig is the Schema for the apusersigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APUserSigSpec defines the desired state of APUserSig + - name: v1beta1 + schema: + openAPIV3Schema: + description: APUserSig is the Schema for the apusersigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APUserSigSpec defines the desired state of APUserSig + properties: properties: - properties: - type: string - signatures: - items: - properties: - accuracy: - enum: - - high - - medium - - low - type: string - attackType: + type: string + signatures: + items: + properties: + accuracy: + enum: + - high + - medium + - low + type: string + attackType: + properties: + name: + type: string + type: object + description: + type: string + name: + type: string + references: + properties: + type: + enum: + - bugtraq + - cve + - nessus + - url + type: string + value: + type: string + type: object + risk: + enum: + - high + - medium + - low + type: string + rule: + type: string + signatureType: + enum: + - request + - response + type: string + systems: + items: properties: name: type: string type: object - description: - type: string - name: - type: string - references: - properties: - type: - enum: - - bugtraq - - cve - - nessus - - url - type: string - value: - type: string - type: object - risk: - enum: - - high - - medium - - low - type: string - rule: - type: string - signatureType: - enum: - - request - - response - type: string - systems: - items: - properties: - name: - type: string - type: object - type: array - type: object - type: array - tag: - type: string - type: object - type: object - served: true - storage: true + type: array + type: object + type: array + tag: + type: string + type: object + type: object + served: true + storage: true