prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

feat(waf): add new check `waf_global_rulegroup_not_empty`

Open HugoPBrito opened this issue 1 year ago • 1 comments

Context

AWS WAF Classic global rule groups allow you to manage multiple web access rules in a unified structure, providing better scalability and simplified security management. By grouping multiple rules, administrators can apply comprehensive security controls to monitor and filter web traffic based on predefined conditions. Having at least one rule within a rule group is necessary for ensuring that web traffic is effectively inspected and that appropriate actions are taken on requests, such as allowing, blocking, or counting them.

Description

This check verifies that AWS WAF Classic global rule groups contain at least one rule. If no rules are present, the group does not perform any inspection of web traffic, potentially allowing all traffic to pass unchecked.

Checklist

  • Are there new checks included in this PR? Yes.
    • If so, do we need to update permissions for the provider? No.
  • [x] Review if the code is being covered by tests.
  • [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
  • [x] Review if backport is needed.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

HugoPBrito avatar Oct 18 '24 14:10 HugoPBrito

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 89.63%. Comparing base (2ef9e27) to head (0ffae63). Report is 1151 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5467      +/-   ##
==========================================
+ Coverage   89.60%   89.63%   +0.02%     
==========================================
  Files        1072     1073       +1     
  Lines       33219    33237      +18     
==========================================
+ Hits        29767    29793      +26     
+ Misses       3452     3444       -8
Components Coverage Δ
prowler 89.63% <100.00%> (+0.02%) :arrow_up:
api ∅ <ø> (∅)

codecov[bot] avatar Oct 18 '24 15:10 codecov[bot]