Merge pull request #38077 from jp/f-waf-sqli-sensitivity-support

add sensitivityLevel support for SQLi WAF rule
hashicorp · Jun 24, 2024 · 4ff5898 · 4ff5898
2 parents 010bbca + a9ddebc
commit 4ff5898
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 1 deletion.
diff --git a/.changelog/38077.txt b/.changelog/38077.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_wafv2_web_acl: Add `sensitivity_level` argument to `sqli_match_statement` configuration block
+```
diff --git a/internal/service/wafv2/flex.go b/internal/service/wafv2/flex.go
@@ -913,6 +913,7 @@ func expandSQLiMatchStatement(l []interface{}) *awstypes.SqliMatchStatement {
 
  return &awstypes.SqliMatchStatement{
  FieldToMatch: expandFieldToMatch(m["field_to_match"].([]interface{})),
+ SensitivityLevel: awstypes.SensitivityLevel(m["sensitivity_level"].(string)),
  TextTransformations: expandTextTransformations(m["text_transformation"].(*schema.Set).List()),
  }
 }
@@ -2332,6 +2333,7 @@ func flattenSQLiMatchStatement(s *awstypes.SqliMatchStatement) interface{} {
 
  m := map[string]interface{}{
  "field_to_match": flattenFieldToMatch(s.FieldToMatch),
+ "sensitivity_level": s.SensitivityLevel,
  "text_transformation": flattenTextTransformations(s.TextTransformations),
  }
 

diff --git a/internal/service/wafv2/schemas.go b/internal/service/wafv2/schemas.go
@@ -317,7 +317,12 @@ func sqliMatchStatementSchema() *schema.Schema {
  MaxItems: 1,
  Elem: &schema.Resource{
  Schema: map[string]*schema.Schema{
- "field_to_match": fieldToMatchSchema(),
+ "field_to_match": fieldToMatchSchema(),
+ "sensitivity_level": {
+ Type: schema.TypeString,
+ Optional: true,
+ ValidateDiagFunc: enum.Validate[awstypes.SensitivityLevel](),
+ },
  "text_transformation": textTransformationSchema(),
  },
  },

diff --git a/website/docs/cdktf/typescript/r/wafv2_web_acl.html.markdown b/website/docs/cdktf/typescript/r/wafv2_web_acl.html.markdown
@@ -802,6 +802,7 @@ An SQL injection match condition identifies the part of web requests, such as th
 The `sqliMatchStatement` block supports the following arguments:
 
 * `fieldToMatch` - (Optional) Part of a web request that you want AWS WAF to inspect. See [`fieldToMatch`](#field_to_match-block) below for details.
+* `sensitivityLevel` - (Optional) The sensitivity that you want WAF to use to inspect for SQL injection attacks. Valid values include: `LOW` or `HIGH`.
 * `textTransformation` - (Required) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See [`textTransformation`](#text_transformation-block) below for details.
 
 ### `xssMatchStatement` Block