prowler-cloud
feat(waf): add new check `waf_global_webacl_with_rules`
Context
AWS WAF Classic global web ACLs (Web Access Control Lists) are essential for controlling access to web applications. A web ACL can include a set of rules or rule groups that filter and manage HTTP and HTTPS requests. These rules help define which traffic should be allowed, blocked, or counted, improving security and controlling access to your AWS resources such as CloudFront distributions.
Description
This check verifies whether an AWS WAF Classic global web ACL contains at least one rule or rule group. If no rules or rule groups are present, the web traffic might pass without inspection, leaving the application vulnerable to attacks.
Checklist
- Are there new checks included in this PR? Yes.
- If so, do we need to update permissions for the provider? No.
- [x] Review if the code is being covered by tests.
- [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
- [x] Review if backport is needed.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 89.63%. Comparing base (
4c5f3a2) to head (47a1452). Report is 1155 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #5469 +/- ##
==========================================
+ Coverage 89.60% 89.63% +0.02%
==========================================
Files 1073 1074 +1
Lines 33237 33255 +18
==========================================
+ Hits 29782 29808 +26
+ Misses 3455 3447 -8
| Components | Coverage Δ | |
|---|---|---|
| prowler | 89.63% <100.00%> (+0.02%) |
:arrow_up: |
| api | ∅ <ø> (∅) |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}