prowler-cloud
feat(waf): add new check `waf_global_rule_with_conditions`
Context
AWS WAF Classic global rules are used to manage and control web traffic by specifying conditions that determine how the firewall handles requests. These conditions help identify, inspect, and mitigate potential security threats, such as malicious or suspicious traffic, thereby improving the overall security posture. Without any conditions in place, web traffic flows freely, which can lead to vulnerabilities being exploited, bypassing security policies.
Description
This check ensures that AWS WAF Classic global rules contain at least one condition. If no conditions are present, the rule becomes ineffective, allowing all traffic to pass unchecked.
Checklist
- Are there new checks included in this PR? Yes.
- If so, do we need to update permissions for the provider? No.
- [x] Review if the code is being covered by tests.
- [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
- [x] Review if backport is needed.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Codecov Report
Attention: Patch coverage is 92.85714% with 6 lines in your changes missing coverage. Please review.
Project coverage is 89.59%. Comparing base (
23a20a5) to head (829b485). Report is 1163 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #5465 +/- ##
==========================================
+ Coverage 89.45% 89.59% +0.14%
==========================================
Files 1059 1070 +11
Lines 32855 33172 +317
==========================================
+ Hits 29390 29721 +331
+ Misses 3465 3451 -14
| Components | Coverage Δ | |
|---|---|---|
| prowler | 89.59% <92.85%> (+0.14%) |
:arrow_up: |
| api | ∅ <ø> (∅) |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}