From 21b7b88783a2ed95471c8777d0b234e2a5d31374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 15 Nov 2022 14:07:37 +0100 Subject: [PATCH 1/8] Add function --- PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 | 405 +++++++++++++++++++ 1 file changed, 405 insertions(+) create mode 100644 PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 diff --git a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 new file mode 100644 index 00000000..7e7fb382 --- /dev/null +++ b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 @@ -0,0 +1,405 @@ +# +# Copyright 2022, Alexis La Goutte +# Copyright 2022, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Add-FGTWebfilterUrlfilter { + + <# + .SYNOPSIS + Add a FortiGate URL Filter + + .DESCRIPTION + Add a FortiGate URL Filter + + .EXAMPLE + Add-FGTFirewallVip -name myVIP1 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 + + Add VIP objet type static-nat (One to One) with name myVIP1 with external IP 192.0.2.1 and mapped IP 198.51.100.1 + + .EXAMPLE + Add-FGTFirewallVip -name myVIP2 -type static-nat -extip 192.0.2.2 -mappedip 198.51.100.2 -interface port1 -comment "My FGT VIP" + + Add VIP objet type static-nat (One to One) with name myVIP1 with external IP 192.0.2.1, mapped IP 198.51.100.1, associated to interface port2 and a comment + + .EXAMPLE + Add-FGTFirewallVip -name myVIP3-8080 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 -portforward -extport 8080 + + Add VIP objet type static-nat (One to One) with name myVIP3 with external IP 192.0.2.1 and mapped IP 198.51.100.1 with Port Forward and TCP Port 8080 + + .EXAMPLE + Add-FGTFirewallVip -name myVIP4-5000-6000 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 -portforward -extport 5000 -mappedport 6000 -protocol udp + + Add VIP objet type static-nat (One to One) with name myVIP3 with external IP 192.0.2.1 and mapped IP 198.51.100.1 with Port Forward and UDP Port 5000 mapped to port 6000 + + #> + + Param( + [Parameter (Mandatory = $false)] + [string]$id, + [Parameter (Mandatory = $false)] + [string]$name, + [Parameter (Mandatory = $false)] + [string]$url_id, + [Parameter (Mandatory = $false)] + [string]$url_type, + [Parameter (Mandatory = $false)] + [string]$url, + [Parameter (Mandatory = $false)] + [string]$action, + [Parameter (Mandatory = $false)] + [switch]$status, + [Parameter (Mandatory = $false)] + [string]$exempt, + [Parameter (Mandatory = $false)] + [switch]$skip, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('skip') ) { + $invokeParams.add( 'skip', $skip ) + } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + if ( Get-FGTWebfilterUrlfilter -connection $connection @invokeParams -name $name ) { + Throw "Already a VIP object using the same name" + } + + $uri = "api/v2/cmdb/webfilter/urlfilter" + + $vip = new-Object -TypeName PSObject + + $vip | add-member -name "name" -membertype NoteProperty -Value $name + + $vip | add-member -name "type" -membertype NoteProperty -Value $type + + $vip | add-member -name "extip" -membertype NoteProperty -Value $extip.ToString() + + $range = New-Object -TypeName PSObject + + $range | Add-member -name "range" -membertype NoteProperty -value $mappedip.ToString() + $vip | add-member -name "mappedip" -membertype NoteProperty -Value @($range) + + #TODO check if the interface (zone ?) is valid + $vip | add-member -name "extintf" -membertype NoteProperty -Value $interface + + if ( $PsBoundParameters.ContainsKey('comment') ) { + $vip | add-member -name "comment" -membertype NoteProperty -Value $comment + } + + if ( $PsBoundParameters.ContainsKey('portforward') -and $portforward -eq $true) { + #check if export is set before... + if ( $extport -eq "") { + throw "you need to set -extport when enable portforward parameter" + } + $vip | add-member -name "portforward" -membertype NoteProperty -Value "enable" + $vip | add-member -name "protocol" -membertype NoteProperty -Value $protocol + $vip | add-member -name "extport" -membertype NoteProperty -Value $extport + #if no mappedport use the extport + if ( $PsBoundParameters.ContainsKey('mappedport') ) { + $vip | add-member -name "mappedport" -membertype NoteProperty -Value $mappedport + } + else { + $vip | add-member -name "mappedport" -membertype NoteProperty -Value $extport + } + } + + Invoke-FGTRestMethod -method "POST" -body $vip -uri $uri -connection $connection @invokeParams | Out-Null + + Get-FGTFirewallVip -connection $connection @invokeParams -name $name + } + + End { + } +} + +function Get-FGTWebfilterUrlfilter { + + <# + .SYNOPSIS + Get list of all URL Filter + + .DESCRIPTION + Get list of all URL Filter (URL, actions, etc ...) + + .EXAMPLE + Get-FGTWebfilterUrlfilter + + Get list of all all URL Filter + + .EXAMPLE + Get-FGTWebfilterUrlfilter -name myFGTURLFilter + + Get URL Filter named myFGTURLFilter + + .EXAMPLE + Get-FGTWebfilterUrlfilter -name FGT -filter_type contains + + Get URL Filter contains *FGT* + + .EXAMPLE + Get-FGTWebfilterUrlfilter -id 1 + + Get URL Filter with id 1 + + .EXAMPLE + Get-FGTWebfilterUrlfilter -skip + + Get list of all URL Filter but only the relevant attributes + + .EXAMPLE + Get-FGTWebfilterUrlfilter -vdom vdomX + + Get list of all URL Filter object on vdomX + #> + + [CmdletBinding(DefaultParameterSetName = "default")] + Param( + [Parameter (Mandatory = $false, Position = 1, ParameterSetName = "name")] + [string]$name, + [Parameter (Mandatory = $false, ParameterSetName = "uuid")] + [string]$id, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "filter")] + [string]$filter_attribute, + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "name")] + [Parameter (ParameterSetName = "uuid")] + [Parameter (ParameterSetName = "filter")] + [ValidateSet('equal', 'contains')] + [string]$filter_type = "equal", + [Parameter (Mandatory = $false)] + [Parameter (ParameterSetName = "filter")] + [psobject]$filter_value, + [Parameter(Mandatory = $false)] + [switch]$skip, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('skip') ) { + $invokeParams.add( 'skip', $skip ) + } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + #Filtering + switch ( $PSCmdlet.ParameterSetName ) { + "name" { + $filter_value = $name + $filter_attribute = "name" + } + "id" { + $filter_value = $id + $filter_attribute = "id" + } + default { } + } + + #if filter value and filter_attribute, add filter (by default filter_type is equal) + if ( $filter_value -and $filter_attribute ) { + $invokeParams.add( 'filter_value', $filter_value ) + $invokeParams.add( 'filter_attribute', $filter_attribute ) + $invokeParams.add( 'filter_type', $filter_type ) + } + + $response = Invoke-FGTRestMethod -uri 'api/v2/cmdb/webfilter/urlfilter' -method 'GET' -connection $connection @invokeParams + + $response.results + } + + End { + } +} + +function Set-FGTWebfilterUrlfilter { + + <# + .SYNOPSIS + Configure a FortiGate URL Filter + + .DESCRIPTION + Change a FortiGate Address (ip, mask, comment, associated interface... ) + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -ip 192.0.2.0 -mask 255.255.255.0 + + Change MyFGTAddress to value (ip and mask) 192.0.2.0/24 + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -ip 192.0.2.1 + + Change MyFGTAddress to value (ip) 192.0.2.1 + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -interface port1 + + Change MyFGTAddress to set associated interface to port 1 + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -comment "My FGT Address" -visibility:$false + + Change MyFGTAddress to set a new comment and disabled visibility + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -fqdn fortipower.github.io + + Change MyFGTAddress to set a new fqdn fortipower.github.io + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -startip 192.0.2.100 + + Change MyFGTAddress to set a new startip (iprange) 192.0.2.100 + + .EXAMPLE + $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress + PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -endip 192.0.2.200 + + Change MyFGTAddress to set a new endip (iprange) 192.0.2.200 + + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + #[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })] + [psobject]$urlfilter, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 63)] + [string]$name, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 255)] + [string]$comment, + [Parameter (Mandatory = $false)] + [ValidateRange(0, 4294967295)] + [string]$url_id, + [Parameter (Mandatory = $false)] + [ValidateSet("simple","regex","wildcard")] + [string]$url_type, + [Parameter (Mandatory = $false)] + [ValidateLength(0, 511)] + [string]$url, + [Parameter (Mandatory = $false)] + [ValidateSet("block","allow","monitor")] + [string]$action, + [Parameter (Mandatory = $false)] + [ValidateSet("enable","disable")] + [string]$status, + [Parameter (Mandatory = $false)] + [ValidateSet("av","web-content","activex-java-cookie","dlp","fortiguard","range-block","pass","antiphish","all")] + [string]$exempt, + [Parameter (Mandatory = $false)] + [boolean]$visibility, + [Parameter (Mandatory = $false)] + [String[]]$vdom, + [Parameter (Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/webfilter/urlfilter/$($urlfilter.id)" + + $_urlfilter = new-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('name') ) { + #TODO check if there is no already a object with this name ? + $_urlfilter | add-member -name "name" -membertype NoteProperty -Value $name + $urlfilter.name = $name + } + + if ( $PsBoundParameters.ContainsKey('comment') ) { + $_urlfilter | add-member -name "comment" -membertype NoteProperty -Value $comment + } + + $_entry = new-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('url_id') ) { + $_entry | add-member -name "id" -membertype NoteProperty -Value $url_id + } + + if ( $PsBoundParameters.ContainsKey('url_type') ) { + $_entry | add-member -name "type" -membertype NoteProperty -Value $url_type + } + + if ( $PsBoundParameters.ContainsKey('url') ) { + $_entry | add-member -name "url" -membertype NoteProperty -Value $url + } + + if ( $PsBoundParameters.ContainsKey('action') ) { + $_entry | add-member -name "action" -membertype NoteProperty -Value $action + } + + if ( $PsBoundParameters.ContainsKey('status') ) { + $_entry | add-member -name "status" -membertype NoteProperty -Value $status + } + + if ( $PsBoundParameters.ContainsKey('exempt') ) { + $_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt + } + + $urlfilter.entries += $_entry + + $_urlfilter | add-member -name "entries" -membertype NoteProperty -Value $urlfilter.entries + + if ( $PsBoundParameters.ContainsKey('visibility') ) { + #with 6.4.x, there is no longer visibility parameter + if ($connection.version -ge "6.4.0") { + Write-Warning "-visibility parameter is no longer available with FortiOS 6.4.x and after" + } + else { + if ( $visibility ) { + $_urlfilter | add-member -name "visibility" -membertype NoteProperty -Value "enable" + } + else { + $_urlfilter | add-member -name "visibility" -membertype NoteProperty -Value "disable" + } + } + } + + if ($PSCmdlet.ShouldProcess($urlfilter.name, 'Configure URL FIlter entry')) { + Invoke-FGTRestMethod -method "PUT" -body $_urlfilter -uri $uri -connection $connection @invokeParams | out-Null + + Get-FGTFirewallAddress -connection $connection @invokeParams -name $urlfilter.name + } + } + + End { + } +} \ No newline at end of file From 30a5ed6f666e377e5fbc2a996764133422189112 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 15 Nov 2022 14:59:57 +0100 Subject: [PATCH 2/8] Change examples of set function --- PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 | 46 ++++++-------------- 1 file changed, 14 insertions(+), 32 deletions(-) diff --git a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 index 7e7fb382..7e2dbaf4 100644 --- a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 +++ b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 @@ -241,49 +241,31 @@ function Set-FGTWebfilterUrlfilter { Configure a FortiGate URL Filter .DESCRIPTION - Change a FortiGate Address (ip, mask, comment, associated interface... ) + Change a FortiGate URL Filter (comment, action, status... ) .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -ip 192.0.2.0 -mask 255.255.255.0 + $MyFGTUrl = Get-FGTWebfilterUrlfilter -name MyFGTUrl + PS C:\>$MyFGTUrl | Set-FGTWebfilterUrlfilter -url_id 10 -action block - Change MyFGTAddress to value (ip and mask) 192.0.2.0/24 + Change MyFGTUrl URL ID 10 to value (action) block .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -ip 192.0.2.1 + $MyFGTUrl = Get-FGTWebfilterUrlfilter -name MyFGTUrl + PS C:\>$MyFGTUrl | Set-FGTWebfilterUrlfilter -url_id 10 -status disable - Change MyFGTAddress to value (ip) 192.0.2.1 + Change MyFGTUrl URL ID 10 to value (status) disable .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -interface port1 + $MyFGTUrl = Get-FGTWebfilterUrlfilter -name MyFGTUrl + PS C:\>$MyFGTUrl | Set-FGTWebfilterUrlfilter -comment 'Changed by PowerFGT" - Change MyFGTAddress to set associated interface to port 1 + Change MyFGTUrl to set comment to "Changed by PowerFGT" .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -comment "My FGT Address" -visibility:$false + $MyFGTUrl = Get-FGTWebfilterUrlfilter -name MyFGTUrl + PS C:\>$MyFGTUrl | Set-FGTWebfilterUrlfilter -url_id 15 -url_type simple -url powerfgt.com -action allow -status enable - Change MyFGTAddress to set a new comment and disabled visibility - - .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -fqdn fortipower.github.io - - Change MyFGTAddress to set a new fqdn fortipower.github.io - - .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -startip 192.0.2.100 - - Change MyFGTAddress to set a new startip (iprange) 192.0.2.100 - - .EXAMPLE - $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress - PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -endip 192.0.2.200 - - Change MyFGTAddress to set a new endip (iprange) 192.0.2.200 + Add a new URL to the MyFGTUrl profil for the url powerfgt.com #> @@ -396,7 +378,7 @@ function Set-FGTWebfilterUrlfilter { if ($PSCmdlet.ShouldProcess($urlfilter.name, 'Configure URL FIlter entry')) { Invoke-FGTRestMethod -method "PUT" -body $_urlfilter -uri $uri -connection $connection @invokeParams | out-Null - Get-FGTFirewallAddress -connection $connection @invokeParams -name $urlfilter.name + Get-FGTWebfilterUrlfilter -connection $connection @invokeParams -name $urlfilter.name } } From e1005657579e070b2f1badbe95a9adb588e56bc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 15 Nov 2022 15:21:16 +0100 Subject: [PATCH 3/8] Complete add function --- PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 | 78 ++++++++++---------- 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 index 7e2dbaf4..ae8464b0 100644 --- a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 +++ b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 @@ -15,31 +15,26 @@ function Add-FGTWebfilterUrlfilter { Add a FortiGate URL Filter .EXAMPLE - Add-FGTFirewallVip -name myVIP1 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 + Add-FGTWebfilterUrlfilter -name myURL1 -id 1 -name MyURL -comment "Added by PowerFGT" - Add VIP objet type static-nat (One to One) with name myVIP1 with external IP 192.0.2.1 and mapped IP 198.51.100.1 + Add URL Filter object named MyURL with comment .EXAMPLE - Add-FGTFirewallVip -name myVIP2 -type static-nat -extip 192.0.2.2 -mappedip 198.51.100.2 -interface port1 -comment "My FGT VIP" + Add-FGTWebfilterUrlfilter -name myURL1 -id 1 -name MyURL -comment "Added by PowerFGT" -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable - Add VIP objet type static-nat (One to One) with name myVIP1 with external IP 192.0.2.1, mapped IP 198.51.100.1, associated to interface port2 and a comment + Add URL Filter object named MyURL with an url (URL : powerfgt.com, type : simple, action : allow, status : enable) .EXAMPLE - Add-FGTFirewallVip -name myVIP3-8080 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 -portforward -extport 8080 + Add-FGTWebfilterUrlfilter -name myURL1 -id 1 -name MyURL -comment "Added by PowerFGT" -url_id 1 -url_type wildcard -url *powerfgt.com -action block -status enable - Add VIP objet type static-nat (One to One) with name myVIP3 with external IP 192.0.2.1 and mapped IP 198.51.100.1 with Port Forward and TCP Port 8080 - - .EXAMPLE - Add-FGTFirewallVip -name myVIP4-5000-6000 -type static-nat -extip 192.0.2.1 -mappedip 198.51.100.1 -portforward -extport 5000 -mappedport 6000 -protocol udp - - Add VIP objet type static-nat (One to One) with name myVIP3 with external IP 192.0.2.1 and mapped IP 198.51.100.1 with Port Forward and UDP Port 5000 mapped to port 6000 + Add URL Filter object named MyURL with an url (URL : *powerfgt.com, type : wildcard, action : block, status : enable) #> Param( [Parameter (Mandatory = $false)] [string]$id, - [Parameter (Mandatory = $false)] + [Parameter (Mandatory = $true)] [string]$name, [Parameter (Mandatory = $false)] [string]$url_id, @@ -75,51 +70,52 @@ function Add-FGTWebfilterUrlfilter { } if ( Get-FGTWebfilterUrlfilter -connection $connection @invokeParams -name $name ) { - Throw "Already a VIP object using the same name" + Throw "Already a URL profile object using the same name" } $uri = "api/v2/cmdb/webfilter/urlfilter" - $vip = new-Object -TypeName PSObject + $urlfilter = new-Object -TypeName PSObject - $vip | add-member -name "name" -membertype NoteProperty -Value $name + $urlfilter | add-member -name "name" -membertype NoteProperty -Value $name - $vip | add-member -name "type" -membertype NoteProperty -Value $type + $urlfilter | add-member -name "id" -membertype NoteProperty -Value $id - $vip | add-member -name "extip" -membertype NoteProperty -Value $extip.ToString() + if ( $PsBoundParameters.ContainsKey('comment') ) { + $_urlfilter | add-member -name "comment" -membertype NoteProperty -Value $comment + } - $range = New-Object -TypeName PSObject + $_entry = new-Object -TypeName PSObject - $range | Add-member -name "range" -membertype NoteProperty -value $mappedip.ToString() - $vip | add-member -name "mappedip" -membertype NoteProperty -Value @($range) + if ( $PsBoundParameters.ContainsKey('url_id') ) { + $_entry | add-member -name "id" -membertype NoteProperty -Value $url_id + } - #TODO check if the interface (zone ?) is valid - $vip | add-member -name "extintf" -membertype NoteProperty -Value $interface + if ( $PsBoundParameters.ContainsKey('url_type') ) { + $_entry | add-member -name "type" -membertype NoteProperty -Value $url_type + } - if ( $PsBoundParameters.ContainsKey('comment') ) { - $vip | add-member -name "comment" -membertype NoteProperty -Value $comment + if ( $PsBoundParameters.ContainsKey('url') ) { + $_entry | add-member -name "url" -membertype NoteProperty -Value $url } - if ( $PsBoundParameters.ContainsKey('portforward') -and $portforward -eq $true) { - #check if export is set before... - if ( $extport -eq "") { - throw "you need to set -extport when enable portforward parameter" - } - $vip | add-member -name "portforward" -membertype NoteProperty -Value "enable" - $vip | add-member -name "protocol" -membertype NoteProperty -Value $protocol - $vip | add-member -name "extport" -membertype NoteProperty -Value $extport - #if no mappedport use the extport - if ( $PsBoundParameters.ContainsKey('mappedport') ) { - $vip | add-member -name "mappedport" -membertype NoteProperty -Value $mappedport - } - else { - $vip | add-member -name "mappedport" -membertype NoteProperty -Value $extport - } + if ( $PsBoundParameters.ContainsKey('action') ) { + $_entry | add-member -name "action" -membertype NoteProperty -Value $action + } + + if ( $PsBoundParameters.ContainsKey('status') ) { + $_entry | add-member -name "status" -membertype NoteProperty -Value $status + } + + if ( $PsBoundParameters.ContainsKey('exempt') ) { + $_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt } - Invoke-FGTRestMethod -method "POST" -body $vip -uri $uri -connection $connection @invokeParams | Out-Null + $urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entry + + Invoke-FGTRestMethod -method "POST" -body $urlfilter -uri $uri -connection $connection @invokeParams | Out-Null - Get-FGTFirewallVip -connection $connection @invokeParams -name $name + Get-FGTWebfilterUrlfilter -connection $connection @invokeParams -name $name } End { From 6a06025b06a6c99759080b59294f181d7c73d876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 15 Nov 2022 16:42:13 +0100 Subject: [PATCH 4/8] Add remove function --- PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 | 64 +++++++++++++++++++- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 index ae8464b0..833fe9ac 100644 --- a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 +++ b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 @@ -45,7 +45,7 @@ function Add-FGTWebfilterUrlfilter { [Parameter (Mandatory = $false)] [string]$action, [Parameter (Mandatory = $false)] - [switch]$status, + [string]$status, [Parameter (Mandatory = $false)] [string]$exempt, [Parameter (Mandatory = $false)] @@ -111,7 +111,10 @@ function Add-FGTWebfilterUrlfilter { $_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt } - $urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entry + $_entries = @() + $_entries += $_entry + + $urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entries Invoke-FGTRestMethod -method "POST" -body $urlfilter -uri $uri -connection $connection @invokeParams | Out-Null @@ -207,7 +210,7 @@ function Get-FGTWebfilterUrlfilter { $filter_value = $name $filter_attribute = "name" } - "id" { + "uiid" { $filter_value = $id $filter_attribute = "id" } @@ -378,6 +381,61 @@ function Set-FGTWebfilterUrlfilter { } } + End { + } +} + +function Remove-FGTWebfilterUrlfilter { + + <# + .SYNOPSIS + Remove a FortiGate Webfilter URLFilter + + .DESCRIPTION + Remove a FortiGate Webfilter URLFilter object on the FortiGate + + .EXAMPLE + $MyFGTURL = Get-FGTWebfilterUrlfilter -name MyFGTURL + PS C:\>$MyFGTURL | Remove-FGTWebfilterUrlfilter + + Remove Webfilter URLFilter object $MyFGTURL + + .EXAMPLE + $MyFGTURL = Get-FGTWebfilterUrlfilter -name MyFGTURL + PS C:\>$MyFGTURL | Remove-FGTWebfilterUrlfilter -confirm:$false + + Remove Webfilter URLFilter object $MyFGTURL with no confirmation + + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] + Param( + [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] + #[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })] + [psobject]$url, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $uri = "api/v2/cmdb/webfilter/urlfilter/$($url.id)" + + if ($PSCmdlet.ShouldProcess($url.name, 'Remove WebFilter UrlFilter')) { + $null = Invoke-FGTRestMethod -method "DELETE" -uri $uri -connection $connection @invokeParams + } + } + End { } } \ No newline at end of file From 04852dbc2c87c5685a6710554860c57efa3438f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Tue, 15 Nov 2022 17:43:39 +0100 Subject: [PATCH 5/8] add tests --- .../integration/WebfilterUrlfilter.Tests.ps1 | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 Tests/integration/WebfilterUrlfilter.Tests.ps1 diff --git a/Tests/integration/WebfilterUrlfilter.Tests.ps1 b/Tests/integration/WebfilterUrlfilter.Tests.ps1 new file mode 100644 index 00000000..e3cbdd55 --- /dev/null +++ b/Tests/integration/WebfilterUrlfilter.Tests.ps1 @@ -0,0 +1,108 @@ +# +# Copyright 2022, Cédric Moreau +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get WebFilter UrlFilter" { + + BeforeAll { + $urlfilter = Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + $script:uuid = $urlfilter.id + Add-FGTWebfilterUrlfilter -name $pester_url2 -url_id 2 -url_type wildcard -url *powerfgt.com -action allow -status enable + } + + It "Get WebFilter UrlFilter Does not throw an error" { + { + Get-FGTWebfilterUrlfilter + } | Should -Not -Throw + } + + It "Get ALL URL Filter" { + $urlfilter = Get-FGTWebfilterUrlfilter + $urlfilter.count | Should -Not -Be $NULL + } + + It "Get ALL URL Filter with -skip" { + $urlfilter = Get-FGTWebfilterUrlfilter -skip + $urlfilter.count | Should -Not -Be $NULL + } + + It "Get URL Filter ($pester_url1)" { + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + } + + It "Get URL Filter ($pester_url1) and confirm (via Confirm-FGTWebfilterUrlfilter)" { + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + Confirm-FGTWebfilterUrlfilter ($urlfilter) | Should -Be $true + } + + Context "Search" { + + It "Search URL Filter by name ($pester_url1)" { + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + @($urlfilter).count | Should -be 1 + $urlfilter.name | Should -Be $pester_url1 + } + + It "Search URL Filter by uuid ($script:uuid)" { + $urlfilter = Get-FGTWebfilterUrlfilter -id $script:uuid + @($urlfilter).count | Should -be 1 + $urlfilter.name | Should -Be $pester_url1 + } + + } + + AfterAll { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Remove-FGTWebfilterUrlfilter -confirm:$false + Get-FGTWebfilterUrlfilter -name $pester_url2 | Remove-FGTWebfilterUrlfilter -confirm:$false + } + +} + +Describe "Add WebFilter UrlFilter" { + + AfterEach { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Remove-FGTWebfilterUrlfilter -confirm:$false + } + + It "Add URL Filter $pester_url1" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "allow" + $urlfilter.entries.status | Should -Be "enable" + } + + It "Add URL Filter $pester_url1 (with comment)" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable -comment "Added by PowerFGT" + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -Be "Added by PowerFGT" + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "allow" + $urlfilter.entries.status | Should -Be "enable" + } + + It "Try to Add URL Filter $pester_url1 (but there is already a object with same name)" { + #Add first URL Filter + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + #Add Second URL Filter with same name + { Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable } | Should -Throw "Already a URL profile object using the same name" + } + +} \ No newline at end of file From 06ae6107cb9c84a8539804edd5130e5d6c783abb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 26 Aug 2024 16:53:30 +0200 Subject: [PATCH 6/8] Changes after reviex (Add/Set) + add tests for Add/Set/Remove + add function in confirm.ps1) --- PowerFGT/Private/Confirm.ps1 | 31 +++ PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 | 38 +-- .../integration/WebfilterUrlfilter.Tests.ps1 | 220 ++++++++++++++++++ 3 files changed, 261 insertions(+), 28 deletions(-) diff --git a/PowerFGT/Private/Confirm.ps1 b/PowerFGT/Private/Confirm.ps1 index 86e4b2d9..614937be 100644 --- a/PowerFGT/Private/Confirm.ps1 +++ b/PowerFGT/Private/Confirm.ps1 @@ -386,3 +386,34 @@ Function Confirm-FGTVpnIpsecPhase2Interface { $true } + +Function Confirm-FGTWebfilterUrlfilter { + + Param ( + [Parameter (Mandatory = $true)] + [object]$argument + ) + + #Check if it looks like a Web Filter URL Filter element + + if ( -not ( $argument | get-member -name name -Membertype Properties)) { + throw "Element specified does not contain a name property." + } + if ( -not ( $argument | get-member -name comment -Membertype Properties)) { + throw "Element specified does not contain a comment property." + } + if ( -not ( $argument | get-member -name one-arm-ips-urlfilter -Membertype Properties)) { + throw "Element specified does not contain an one-arm-ips-urlfilter property." + } + if ( -not ( $argument | get-member -name ip-addr-block -Membertype Properties)) { + throw "Element specified does not contain an ip-addr-block property." + } + if ( -not ( $argument | get-member -name ip4-mapped-ip6 -Membertype Properties)) { + throw "Element specified does not contain an ip4-mapped-ip6 property." + } + if ( -not ( $argument | get-member -name entries -Membertype Properties)) { + throw "Element specified does not contain an entries property." + } + + $true +} \ No newline at end of file diff --git a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 index 833fe9ac..c4970a93 100644 --- a/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 +++ b/PowerFGT/Public/cmdb/webfilter/urlfilter.ps1 @@ -39,17 +39,16 @@ function Add-FGTWebfilterUrlfilter { [Parameter (Mandatory = $false)] [string]$url_id, [Parameter (Mandatory = $false)] + [ValidateSet('simple', 'regex', 'wildcard')] [string]$url_type, [Parameter (Mandatory = $false)] [string]$url, [Parameter (Mandatory = $false)] + [ValidateSet("block", "allow", "monitor")] [string]$action, [Parameter (Mandatory = $false)] + [ValidateSet("enable", "disable")] [string]$status, - [Parameter (Mandatory = $false)] - [string]$exempt, - [Parameter (Mandatory = $false)] - [switch]$skip, [Parameter(Mandatory = $false)] [String[]]$vdom, [Parameter(Mandatory = $false)] @@ -62,15 +61,12 @@ function Add-FGTWebfilterUrlfilter { Process { $invokeParams = @{ } - if ( $PsBoundParameters.ContainsKey('skip') ) { - $invokeParams.add( 'skip', $skip ) - } if ( $PsBoundParameters.ContainsKey('vdom') ) { $invokeParams.add( 'vdom', $vdom ) } if ( Get-FGTWebfilterUrlfilter -connection $connection @invokeParams -name $name ) { - Throw "Already a URL profile object using the same name" + Throw "Already an URL profile object using the same name" } $uri = "api/v2/cmdb/webfilter/urlfilter" @@ -107,14 +103,7 @@ function Add-FGTWebfilterUrlfilter { $_entry | add-member -name "status" -membertype NoteProperty -Value $status } - if ( $PsBoundParameters.ContainsKey('exempt') ) { - $_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt - } - - $_entries = @() - $_entries += $_entry - - $urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entries + $urlfilter | add-member -name "entries" -membertype NoteProperty -Value $_entry Invoke-FGTRestMethod -method "POST" -body $urlfilter -uri $uri -connection $connection @invokeParams | Out-Null @@ -271,7 +260,7 @@ function Set-FGTWebfilterUrlfilter { [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium', DefaultParameterSetName = 'default')] Param( [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] - #[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })] + [ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })] [psobject]$urlfilter, [Parameter (Mandatory = $false)] [ValidateLength(0, 63)] @@ -283,21 +272,18 @@ function Set-FGTWebfilterUrlfilter { [ValidateRange(0, 4294967295)] [string]$url_id, [Parameter (Mandatory = $false)] - [ValidateSet("simple","regex","wildcard")] + [ValidateSet("simple", "regex", "wildcard")] [string]$url_type, [Parameter (Mandatory = $false)] [ValidateLength(0, 511)] [string]$url, [Parameter (Mandatory = $false)] - [ValidateSet("block","allow","monitor")] + [ValidateSet("block", "allow", "monitor")] [string]$action, [Parameter (Mandatory = $false)] - [ValidateSet("enable","disable")] + [ValidateSet("enable", "disable")] [string]$status, [Parameter (Mandatory = $false)] - [ValidateSet("av","web-content","activex-java-cookie","dlp","fortiguard","range-block","pass","antiphish","all")] - [string]$exempt, - [Parameter (Mandatory = $false)] [boolean]$visibility, [Parameter (Mandatory = $false)] [String[]]$vdom, @@ -351,10 +337,6 @@ function Set-FGTWebfilterUrlfilter { $_entry | add-member -name "status" -membertype NoteProperty -Value $status } - if ( $PsBoundParameters.ContainsKey('exempt') ) { - $_entry | add-member -name "exempt" -membertype NoteProperty -Value $exempt - } - $urlfilter.entries += $_entry $_urlfilter | add-member -name "entries" -membertype NoteProperty -Value $urlfilter.entries @@ -411,7 +393,7 @@ function Remove-FGTWebfilterUrlfilter { [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'high')] Param( [Parameter (Mandatory = $true, ValueFromPipeline = $true, Position = 1)] - #[ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })] + [ValidateScript({ Confirm-FGTWebfilterUrlfilter $_ })] [psobject]$url, [Parameter(Mandatory = $false)] [String[]]$vdom, diff --git a/Tests/integration/WebfilterUrlfilter.Tests.ps1 b/Tests/integration/WebfilterUrlfilter.Tests.ps1 index e3cbdd55..5439bf41 100644 --- a/Tests/integration/WebfilterUrlfilter.Tests.ps1 +++ b/Tests/integration/WebfilterUrlfilter.Tests.ps1 @@ -98,6 +98,94 @@ Describe "Add WebFilter UrlFilter" { $urlfilter.entries.status | Should -Be "enable" } + It "Add URL Filter $pester_url1 with type simple" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + + } + + It "Add URL Filter $pester_url1 with type wildcard" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type wildcard -url "*powerfgt.com" -action allow -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "*powerfgt.com" + $urlfilter.entries.type | Should -Be "wildcard" + } + + It "Add URL Filter $pester_url1 with type regex" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type regex -url "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)" -action allow -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)" + $urlfilter.entries.type | Should -Be "regex" + } + + It "Add URL Filter $pester_url1 with action allow" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "allow" + } + + It "Add URL Filter $pester_url1 with action block" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action block -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "block" + } + + It "Add URL Filter $pester_url1 with action monitor" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action monitor -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -BeNullOrEmpty + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "monitor" + } + + It "Add URL Filter $pester_url1 enabled" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -Be "Added by PowerFGT" + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "allow" + $urlfilter.entries.status | Should -Be "enable" + } + + It "Add URL Filter $pester_url1 disabled" { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status disable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -Be "Added by PowerFGT" + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "allow" + $urlfilter.entries.status | Should -Be "disable" + } + It "Try to Add URL Filter $pester_url1 (but there is already a object with same name)" { #Add first URL Filter Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable @@ -105,4 +193,136 @@ Describe "Add WebFilter UrlFilter" { { Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable } | Should -Throw "Already a URL profile object using the same name" } + It "Try to Add a second URL to Filter $pester_url1 " { + #Add first URL Filter + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + #Add Second URL + { Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 2 -url_type simple -url powerfgt2.com -action allow -status enable } | Should -Not -Throw + } + + AfterEach { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Remove-FGTWebfilterUrlfilter -confirm:$false + } + +} + +Describe "Set WebFilter UrlFilter" { + + BeforeAll { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + } + + It "Change URL Filter $pester_url1 comment" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -comment "Changed by PowerFGT !" + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.comment | Should -Be "Changed by PowerFGT !" + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + $urlfilter.entries.action | Should -Be "allow" + $urlfilter.entries.status | Should -Be "enable" + } + + It "Change URL Filter $pester_url1 type to wildcard" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url_type wildcard -url "*powerfgt.com" + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "*powerfgt.com" + $urlfilter.entries.type | Should -Be "wildcard" + } + + It "Change URL Filter $pester_url1 type to regex" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url_type regex -url "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)" + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)" + $urlfilter.entries.type | Should -Be "regex" + } + + It "Change URL Filter $pester_url1 type to simple" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url_type simple -url powerfgt.com + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt.com" + $urlfilter.entries.type | Should -Be "simple" + } + + It "Change URL Filter $pester_url1 to action block" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -action block + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.action | Should -Be "block" + } + + It "Change URL Filter $pester_url1 to action allow" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -action allow + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.action | Should -Be "allow" + } + + It "Change URL Filter $pester_url1 to action monitor" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -action monitor + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.action | Should -Be "monitor" + } + + It "Add URL Filter $pester_url1 to status disabled" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -status disable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.status | Should -Be "disable" + } + + It "Change URL Filter $pester_url1 to status enabled" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -status enable + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.status | Should -Be "enable" + } + + It "Change URL Filter $pester_url1 URL" { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Set-FGTWebfilterUrlfilter -url_id 1 -url powerfgt2.com + $urlfilter = Get-FGTWebfilterUrlfilter -name $pester_url1 + $urlfilter.name | Should -Be $pester_url1 + $urlfilter.entries.id | Should -Be 1 + $urlfilter.entries.url | Should -Be "powerfgt2.com" + $urlfilter.entries.type | Should -Be "simple" + } + + AfterEach { + Get-FGTWebfilterUrlfilter -name $pester_url1 | Remove-FGTWebfilterUrlfilter -confirm:$false + } + +} + +Describe "Remove Web Filter Url Filter" { + + BeforeAll { + Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable + } + + It "Remove WebFilterURLFilter $pester_url1 by pipeline" { + $url = Get-FGTWebfilterUrlfilter -name $pester_url1 + $url | Remove-FGTFirewallAddress -confirm:$false + $url = Get-FGTWebfilterUrlfilter -name $pester_url1 + $url | Should -Be $NULL + } + + } + +} + +AfterAll { + Disconnect-FGT -confirm:$false } \ No newline at end of file From ed1e02da2bde19678ad9af9f6b9ad4a0b40afa5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 26 Aug 2024 16:59:27 +0200 Subject: [PATCH 7/8] Add Encoding to test file --- Tests/integration/WebfilterUrlfilter.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/WebfilterUrlfilter.Tests.ps1 b/Tests/integration/WebfilterUrlfilter.Tests.ps1 index 5439bf41..cf07d5ae 100644 --- a/Tests/integration/WebfilterUrlfilter.Tests.ps1 +++ b/Tests/integration/WebfilterUrlfilter.Tests.ps1 @@ -1,4 +1,4 @@ -# +# # Copyright 2022, Cédric Moreau # # SPDX-License-Identifier: Apache-2.0 From 74876d7324b774476b921d0f03d3a6747a504922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Moreau?= Date: Mon, 26 Aug 2024 17:02:47 +0200 Subject: [PATCH 8/8] Removed white space --- Tests/integration/WebfilterUrlfilter.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/integration/WebfilterUrlfilter.Tests.ps1 b/Tests/integration/WebfilterUrlfilter.Tests.ps1 index cf07d5ae..0af30801 100644 --- a/Tests/integration/WebfilterUrlfilter.Tests.ps1 +++ b/Tests/integration/WebfilterUrlfilter.Tests.ps1 @@ -197,7 +197,7 @@ Describe "Add WebFilter UrlFilter" { #Add first URL Filter Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 1 -url_type simple -url powerfgt.com -action allow -status enable #Add Second URL - { Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 2 -url_type simple -url powerfgt2.com -action allow -status enable } | Should -Not -Throw + { Add-FGTWebfilterUrlfilter -name $pester_url1 -url_id 2 -url_type simple -url powerfgt2.com -action allow -status enable } | Should -Not -Throw } AfterEach {