diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index d235bdcd3db3..454e14b46530 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -4345,6 +4345,10 @@ components: - ip_match - "!ip_match" - capture_data + - exists + - "!exists" + - equals + - "!equals" example: "match_regex" type: string x-enum-varnames: @@ -4359,6 +4363,10 @@ components: - IP_MATCH - NOT_IP_MATCH - CAPTURE_DATA + - EXISTS + - NOT_EXISTS + - EQUALS + - NOT_EQUALS ApplicationSecurityWafCustomRuleConditionOptions: description: Options for the operator of this condition. properties: @@ -4399,6 +4407,8 @@ components: description: "Regex to use with the condition. Only used with match_regex and !match_regex operator." example: "path.*" type: string + type: + $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionParametersType" value: description: |- Store the captured value in the specified tag name. Only used with the capture_data operator. @@ -4407,6 +4417,22 @@ components: required: - inputs type: object + ApplicationSecurityWafCustomRuleConditionParametersType: + description: The type of the value to compare against. Only used with the equals and !equals operator. + enum: + - boolean + - signed + - unsigned + - float + - string + example: "string" + type: string + x-enum-varnames: + - BOOLEAN + - SIGNED + - UNSIGNED + - FLOAT + - STRING ApplicationSecurityWafCustomRuleCreateAttributes: description: "Create a new WAF custom rule." properties: diff --git a/examples/v2/application-security/CreateApplicationSecurityWafCustomRule.ts b/examples/v2/application-security/CreateApplicationSecurityWafCustomRule.ts index 2455d8fe8dfb..838e8883dac6 100644 --- a/examples/v2/application-security/CreateApplicationSecurityWafCustomRule.ts +++ b/examples/v2/application-security/CreateApplicationSecurityWafCustomRule.ts @@ -37,6 +37,7 @@ const params: v2.ApplicationSecurityApiCreateApplicationSecurityWafCustomRuleReq minLength: 0, }, regex: "path.*", + type: "string", value: "custom_tag", }, }, diff --git a/features/v2/application_security.feature b/features/v2/application_security.feature index f10a470ff2e0..aad0642b718a 100644 --- a/features/v2/application_security.feature +++ b/features/v2/application_security.feature @@ -16,21 +16,21 @@ Feature: Application Security @generated @skip @team:DataDog/asm-backend Scenario: Create a WAF custom rule returns "Bad Request" response Given new "CreateApplicationSecurityWafCustomRule" request - And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} + And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/asm-backend Scenario: Create a WAF custom rule returns "Concurrent Modification" response Given new "CreateApplicationSecurityWafCustomRule" request - And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} + And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} When the request is sent Then the response status is 409 Concurrent Modification @generated @skip @team:DataDog/asm-backend Scenario: Create a WAF custom rule returns "Created" response Given new "CreateApplicationSecurityWafCustomRule" request - And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} + And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from a bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} When the request is sent Then the response status is 201 Created @@ -153,7 +153,7 @@ Feature: Application Security Scenario: Update a WAF Custom Rule returns "Concurrent Modification" response Given new "UpdateApplicationSecurityWafCustomRule" request And request contains "custom_rule_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} + And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} When the request is sent Then the response status is 409 Concurrent Modification @@ -161,7 +161,7 @@ Feature: Application Security Scenario: Update a WAF Custom Rule returns "Not Found" response Given new "UpdateApplicationSecurityWafCustomRule" request And request contains "custom_rule_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} + And body with value {"data": {"attributes": {"action": {"action": "block_request", "parameters": {"location": "/blocking", "status_code": 403}}, "blocking": false, "conditions": [{"operator": "match_regex", "parameters": {"data": "blocked_users", "inputs": [{"address": "server.db.statement", "key_path": []}], "list": [], "options": {"case_sensitive": false, "min_length": 0}, "regex": "path.*", "type": "string", "value": "custom_tag"}}], "enabled": false, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [{"env": "prod", "service": "billing-service"}], "tags": {"category": "business_logic", "type": "users.login.success"}}, "type": "custom_rule"}} When the request is sent Then the response status is 404 Not Found diff --git a/packages/datadog-api-client-v2/index.ts b/packages/datadog-api-client-v2/index.ts index ece9e11b1213..b4f6601071f9 100644 --- a/packages/datadog-api-client-v2/index.ts +++ b/packages/datadog-api-client-v2/index.ts @@ -1395,6 +1395,7 @@ export { ApplicationSecurityWafCustomRuleConditionInputAddress } from "./models/ export { ApplicationSecurityWafCustomRuleConditionOperator } from "./models/ApplicationSecurityWafCustomRuleConditionOperator"; export { ApplicationSecurityWafCustomRuleConditionOptions } from "./models/ApplicationSecurityWafCustomRuleConditionOptions"; export { ApplicationSecurityWafCustomRuleConditionParameters } from "./models/ApplicationSecurityWafCustomRuleConditionParameters"; +export { ApplicationSecurityWafCustomRuleConditionParametersType } from "./models/ApplicationSecurityWafCustomRuleConditionParametersType"; export { ApplicationSecurityWafCustomRuleCreateAttributes } from "./models/ApplicationSecurityWafCustomRuleCreateAttributes"; export { ApplicationSecurityWafCustomRuleCreateData } from "./models/ApplicationSecurityWafCustomRuleCreateData"; export { ApplicationSecurityWafCustomRuleCreateRequest } from "./models/ApplicationSecurityWafCustomRuleCreateRequest"; diff --git a/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionOperator.ts b/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionOperator.ts index 2be8ddfa403d..4a70530574db 100644 --- a/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionOperator.ts +++ b/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionOperator.ts @@ -22,6 +22,10 @@ export type ApplicationSecurityWafCustomRuleConditionOperator = | typeof IP_MATCH | typeof NOT_IP_MATCH | typeof CAPTURE_DATA + | typeof EXISTS + | typeof NOT_EXISTS + | typeof EQUALS + | typeof NOT_EQUALS | UnparsedObject; export const MATCH_REGEX = "match_regex"; export const NOT_MATCH_REGEX = "!match_regex"; @@ -34,3 +38,7 @@ export const NOT_EXACT_MATCH = "!exact_match"; export const IP_MATCH = "ip_match"; export const NOT_IP_MATCH = "!ip_match"; export const CAPTURE_DATA = "capture_data"; +export const EXISTS = "exists"; +export const NOT_EXISTS = "!exists"; +export const EQUALS = "equals"; +export const NOT_EQUALS = "!equals"; diff --git a/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParameters.ts b/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParameters.ts index df8529b13dcb..7eb984473bfb 100644 --- a/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParameters.ts +++ b/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParameters.ts @@ -5,6 +5,7 @@ */ import { ApplicationSecurityWafCustomRuleConditionInput } from "./ApplicationSecurityWafCustomRuleConditionInput"; import { ApplicationSecurityWafCustomRuleConditionOptions } from "./ApplicationSecurityWafCustomRuleConditionOptions"; +import { ApplicationSecurityWafCustomRuleConditionParametersType } from "./ApplicationSecurityWafCustomRuleConditionParametersType"; import { AttributeTypeMap } from "../../datadog-api-client-common/util"; @@ -33,6 +34,10 @@ export class ApplicationSecurityWafCustomRuleConditionParameters { * Regex to use with the condition. Only used with match_regex and !match_regex operator. */ "regex"?: string; + /** + * The type of the value to compare against. Only used with the equals and !equals operator. + */ + "type"?: ApplicationSecurityWafCustomRuleConditionParametersType; /** * Store the captured value in the specified tag name. Only used with the capture_data operator. */ @@ -75,6 +80,10 @@ export class ApplicationSecurityWafCustomRuleConditionParameters { baseName: "regex", type: "string", }, + type: { + baseName: "type", + type: "ApplicationSecurityWafCustomRuleConditionParametersType", + }, value: { baseName: "value", type: "string", diff --git a/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParametersType.ts b/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParametersType.ts new file mode 100644 index 000000000000..05fd7ff9922c --- /dev/null +++ b/packages/datadog-api-client-v2/models/ApplicationSecurityWafCustomRuleConditionParametersType.ts @@ -0,0 +1,24 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * The type of the value to compare against. Only used with the equals and !equals operator. + */ + +export type ApplicationSecurityWafCustomRuleConditionParametersType = + | typeof BOOLEAN + | typeof SIGNED + | typeof UNSIGNED + | typeof FLOAT + | typeof STRING + | UnparsedObject; +export const BOOLEAN = "boolean"; +export const SIGNED = "signed"; +export const UNSIGNED = "unsigned"; +export const FLOAT = "float"; +export const STRING = "string"; diff --git a/packages/datadog-api-client-v2/models/ObjectSerializer.ts b/packages/datadog-api-client-v2/models/ObjectSerializer.ts index 576909906262..9c11f62d040c 100644 --- a/packages/datadog-api-client-v2/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v2/models/ObjectSerializer.ts @@ -3810,6 +3810,17 @@ const enumsMap: { [key: string]: any[] } = { "ip_match", "!ip_match", "capture_data", + "exists", + "!exists", + "equals", + "!equals", + ], + ApplicationSecurityWafCustomRuleConditionParametersType: [ + "boolean", + "signed", + "unsigned", + "float", + "string", ], ApplicationSecurityWafCustomRuleTagsCategory: [ "attack_attempt",