diff --git a/.DS_Store b/.DS_Store index aa892572..915fdd31 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/.eslintrc b/.eslintrc deleted file mode 100644 index 5474da52..00000000 --- a/.eslintrc +++ /dev/null @@ -1,67 +0,0 @@ -{ - "root": true, - "parser": "@typescript-eslint/parser", - "plugins": [ - "@typescript-eslint" - ], - "extends": [ - "eslint:recommended", - "plugin:@typescript-eslint/eslint-recommended", - "plugin:@typescript-eslint/recommended", - "plugin:@typescript-eslint/recommended-requiring-type-checking" - ], - "parserOptions": { - "ecmaVersion": 2018, - "sourceType": "module", - "project": "tsconfig.eslint.json" - }, - "ignorePatterns": [ - "*.js", - "*.d.ts", - "node_modules/", - "*.generated.ts", - "values", - "gotestwaf", - "coverage" - ], - "rules": { - "semi": [ - "error", - "always" - ], - "indent": [ - "error", - 2, - { - "SwitchCase": 1 - } - ], - "quotes": [ - "error", - "double" - ], - "@typescript-eslint/naming-convention": [ - "error", - { - "selector": [ - "method" - ], - "format": [ - "strictCamelCase" - ] - }, - { - "selector": [ - "class", - "interface", - "typeParameter", - "typeAlias" - ], - "format": [ - "StrictPascalCase" - ] - } - ] - } -} - diff --git a/.github/workflows/tests_autoUpdatedManagedIpSets.yml b/.github/workflows/tests_autoUpdatedManagedIpSets.yml new file mode 100644 index 00000000..91d2379d --- /dev/null +++ b/.github/workflows/tests_autoUpdatedManagedIpSets.yml @@ -0,0 +1,77 @@ +name: autoUpdatedManagedIpSets + + +env: + AWS_REGION: eu-central-1 + AWS_ROLE: FirewallFactoryGithubPipelineRole + AWS_ACCOUNT: 859220371210 + +permissions: + id-token: write + contents: read + +# concurrency: +# group: test_envrionment +# cancel-in-progress: true + +on: + push: + branches: + - master + pull_request: + branches: + - master + paths: + - 'bin/**/*' + - 'lib/**/*' + - 'package*.json' +jobs: + deploy_production_main: + name: Test and deploy autoUpdatedManagedIpSet + runs-on: ubuntu-latest + steps: + - name: ⬇️ Checkout + uses: actions/checkout@v4.1.1 + - name: 📁 Install Taskfile + run: | + npm install -g @go-task/cli + - name: ☊ Use Node.js + uses: actions/setup-node@v4.0.2 + with: + node-version: '21.x' + - name: 💾 Cache Node.js modules + uses: actions/cache@v4.0.2 + with: + path: ~/.npm + key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.OS }}-node- + ${{ runner.OS }}- + - name: 🌐 Install CDK and typescript globally + run: | + npm i -g aws-cdk typescript ts-node @types/node yarn + npm link typescript + - name: 📦 Install Packages + run: | + npm install + - name: 🔑 Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + env: + ACCOUNT_ID: ${{ env.AWS_ACCOUNT }} + with: + role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + role-session-name: GitHubActionsSession + mask-aws-account-id: false + - name: 🚀 Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: 🫙 Set up Docker Buildx + uses: docker/setup-buildx-action@v3.3.0 + - name: 🔥 Deploy AutoUpdatedManagedIpSet to AWS + run: | + export STACK_NAME=AutoUpdatedManagedIpSets + task deploy config=azureIpSet + - name: 🗑️ Remove AutoUpdatedManagedIpSet from AWS + run: | + export STACK_NAME=AutoUpdatedManagedIpSets + task destroy config=azureIpSet \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 06b6cd50..16ce2ad8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,37 @@ ## Released +## 4.6.0 +### Added +- Automated IP Set Management: The AutoUpdatedManagedIpSet feature now supports automated management of IP sets through AWS Firewall Factory. + - Easy Configuration: Simply provide a URL pointing to a JSON file and specify the key containing the CIDRs you want to include in your IP sets. + - Automated Scheduling: IP sets are updated based on a predefined schedule, ensuring up-to-date protection without manual intervention. The IP set will only be updated if new CIDRs are detected in the downloaded JSON file. If the file is empty or the CIDRs are unchanged, no update will occur. + - Rollback Support: The IP addresses of IP sets are stored in SSM Parameter Store, allowing for easy rollback to previous versions as needed. + - CloudWatch Monitoring: When an IP set is updated in the latest schedule, a metric labeled "ManagedIpSets" in the "AWS-Firewall-Factory" namespace is set to 1 for that specific IP set. This enables you to configure a CloudWatch alarm for real-time notifications. +- Restructured Enums and Configuration Files: Improved code organization by separating and reorganizing enums and configuration settings into service- and stack-specific files. This restructuring enhances maintainability and simplifies dependency management. 🚨 Note: You will need to update the imports in your value files. 🚨 + + +### Updated +- **@aws-sdk/client-cloudfront**: Updated from 3.637.0 to 3.682.0 +- **@aws-sdk/client-config-service**: Updated from 3.637.0 to 3.682.0 +- **@aws-sdk/client-ec2**: Updated from 3.641.0 to 3.682.0 +- **@aws-sdk/client-s3**: Updated from 3.637.0 to 3.682.0 +- **@aws-sdk/client-secrets-manager**: Updated from 3.637.0 to 3.682.0 +- **@aws-solutions-constructs/aws-eventbridge-stepfunctions**: Updated from 2.65.0 to 2.74.0 +- **@babel/traverse**: Updated from 7.25.6 to 7.25.9 +- **@slack/types**: Updated from 2.12.0 to 2.14.0 +- **@types/aws-lambda**: Updated from 8.10.143 to 8.10.145 +- **@types/lodash**: Updated from 4.17.7 to 4.17.7 +- **@types/node**: Updated from 22.5.0 to 22.8.4 +- **@typescript-eslint/eslint-plugin**: Updated from 8.3.0 to 8.12.2 +- **@typescript-eslint/parser**: Updated from 8.3.0 to 8.12.2 +- **@typescript-eslint/typescript-estree**: Updated from 8.3.0 to 8.12.2 +- **adaptivecards**: Updated from 3.0.4 to 3.0.4 +- **axios**: Updated from 1.7.5 to 1.7.7 +- **cdk-sops-secrets**: Updated from 1.13.1 to 1.13.4 +- **eslint**: Updated from 8.57.0 to 8.57.1 +- **eslint-plugin-import**: Updated from 2.29.1 to 2.31.0 +- **npm**: Updated from 10.8.2 to 10.9.0 ## 4.5.1 ### Added diff --git a/README.md b/README.md index 4f3d360f..b6303eaa 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ If you want to learn more about the AWS Firewall Factory feel free to look at th | WAF Deployment - IpSets | ![IpSets](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_ipSets.yml/badge.svg?branch=master) | | WAF Deployment - RegexPatternSets | ![regexPatternSets](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_regexPatternSets.yml/badge.svg?branch=master) | | WAF Deployment - RateBasedwithScopeDown | ![rateBasedwithScopeDown](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_rateBasedwithScopeDown.yml/badge.svg?branch=master) | - +| AutoUpdatedManagedIpSet - azureIpSet | ![azureIpSet](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/tests_autoUpdatedManagedIpSets.yml/badge.svg?branch=master) | ## 🦸🏼‍♀️ Contributors diff --git a/bin/aws-firewall-factory.ts b/bin/aws-firewall-factory.ts index 49001190..157d00b7 100644 --- a/bin/aws-firewall-factory.ts +++ b/bin/aws-firewall-factory.ts @@ -1,23 +1,11 @@ #!/usr/bin/env node -import { WafStack } from "../lib/_waf/index"; -import { PrerequisitesStack } from "../lib/_prerequisites/index"; -import { ShieldStack } from "../lib/_shield-advanced/index"; +import { WafStack } from "../lib/_waf"; +import { PrerequisitesStack } from "../lib/_prerequisites"; +import { ShieldStack } from "../lib/_shield-advanced"; +import { AutoUpdatedManagedIpSetsStack } from "../lib/_autoUpdatedManagedIpSets"; +import { AutoUpdatedManagedIpSetsConfig, ShieldConfig, PrerequisitesConfig, WafConfig, PriceRegions, RegionString } from "../lib/types"; import * as cdk from "aws-cdk-lib"; -import { - wafConfig, - ShieldConfig, - Prerequisites, - PriceRegions, - RegionString, -} from "../lib/types/config"; -import { - wafHelper, - afwfHelper, - pricingHelper, - cloudformationHelper, - guidanceHelper, - ssmHelper, -} from "../lib/tools/helpers"; +import * as helpers from "../lib/tools/helpers"; /** @@ -41,240 +29,269 @@ void (async () => { !CONFIG_OBJECT_NAME || (values.configs[CONFIG_OBJECT_NAME] === undefined && values.prereq[CONFIG_OBJECT_NAME] === undefined && - values.shieldConfigs[CONFIG_OBJECT_NAME] === undefined) + values.shieldConfigs[CONFIG_OBJECT_NAME] === undefined && + values.autoUpdatedManagedIpSetsConfigs[CONFIG_OBJECT_NAME] === undefined) ) { console.log("Configuration ", CONFIG_OBJECT_NAME, " not found."); process.exit(1); } - // --------------------------------------------------------------------- - // Deploying prerequisite stack - console.log(process.env.PREREQUISITE); - if (process.env.STACK_NAME === "PreRequisiteStack") { - const prerequisites: Prerequisites = values.prereq[CONFIG_OBJECT_NAME]; - const deploymentRegion = afwfHelper.outputInfoBanner(); - const runtimeProperties = afwfHelper.initRuntimeProperties(); - await ssmHelper.getAllAwsRegionsFromPublicSsmParameter( - deploymentRegion, - runtimeProperties - ); - console.log("ℹ️ Deploying Prerequisites Stack."); - const app = new cdk.App(); - new PrerequisitesStack( - app, - prerequisites.General.Prefix.toUpperCase() + - "-AWS-FIREWALL-FACTORY-PREQUISITES", - { - // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Error: Either remove this useless object instantiation or use it. - prerequisites, - env: { - region: process.env.AWS_REGION, - account: process.env.CDK_DEFAULT_ACCOUNT, - }, - runtimeProperties: runtimeProperties, - } - ); - } - // --------------------------------------------------------------------- - // Deploying advanced shield stack - console.log(process.env.STACK_NAME); - if (process.env.STACK_NAME === "ShieldAdvancedStack") { - // eslint-disable-next-line @typescript-eslint/no-var-requires, @typescript-eslint/no-unsafe-assignment - const shieldConfig: ShieldConfig = values.shieldConfigs[CONFIG_OBJECT_NAME]; - const deploymentRegion = process.env.AWS_REGION; - const runtimeProperties = afwfHelper.initRuntimeProperties(); - console.log(`🛡️ Deploy Shield Policy: ${shieldConfig.General.Prefix.toUpperCase()}-${ - shieldConfig.General.Stage + switch (process.env.STACK_NAME) { + case "PreRequisiteStack": { + // --------------------------------------------------------------------- + // Deploying prerequisite stack + const prerequisites: PrerequisitesConfig = values.prereq[CONFIG_OBJECT_NAME]; + const deploymentRegion = helpers.afwfHelper.outputInfoBanner(); + const runtimeProperties = helpers.afwfHelper.initRuntimeProperties(); + await helpers.ssmHelper.getAllAwsRegionsFromPublicSsmParameter( + deploymentRegion, + runtimeProperties + ); + console.log("ℹ️ Deploying Prerequisites Stack."); + const app = new cdk.App(); + new PrerequisitesStack( + app, + prerequisites.General.Prefix.toUpperCase() + + "-AWS-FIREWALL-FACTORY-PREQUISITES", + { + // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Error: Either remove this useless object instantiation or use it. + prerequisites, + env: { + region: process.env.AWS_REGION, + account: process.env.CDK_DEFAULT_ACCOUNT, + }, + runtimeProperties: runtimeProperties, + } + ); + break; } - \n ⦂ Type: - ${shieldConfig.resourceType}\n`); - console.log("\n 🎯 Targets:"); - if (shieldConfig.includeMap?.account) { - for (const account of shieldConfig.includeMap.account) { - console.log("\x1b[32m", ` 🛬 ${account}`, "\x1b[0m"); + case "ShieldAdvancedStack": { + const shieldConfig: ShieldConfig = values.shieldConfigs[CONFIG_OBJECT_NAME]; + const deploymentRegion = process.env.AWS_REGION; + const runtimeProperties = helpers.afwfHelper.initRuntimeProperties(); + console.log(`🛡️ Deploy Shield Policy: ${shieldConfig.General.Prefix.toUpperCase()}-${ + shieldConfig.General.Stage } - } - if (shieldConfig.includeMap?.orgunit) { - for (const unit of shieldConfig.includeMap.orgunit) { - console.log("\x1b[32m", ` 🛬 ${unit}`, "\x1b[0m"); + \n ⦂ Type: + ${shieldConfig.resourceType}\n`); + console.log("\n 🎯 Targets:"); + if (shieldConfig.includeMap?.account) { + for (const account of shieldConfig.includeMap.account) { + console.log("\x1b[32m", ` 🛬 ${account}`, "\x1b[0m"); + } } - } - console.log("\n 📑 Logging:"); - if (shieldConfig.General.LoggingConfiguration === "Firehose") { - console.log(" 🧯 " + shieldConfig.General.LoggingConfiguration); - console.log( - " ⚙️ [" + shieldConfig.General.S3LoggingBucketName + "]" - ); - } - if (shieldConfig.General.LoggingConfiguration === "S3") { - console.log(" 🪣 " + shieldConfig.General.LoggingConfiguration); - console.log( - " ⚙️ [" + shieldConfig.General.S3LoggingBucketName + "]" + if (shieldConfig.includeMap?.orgunit) { + for (const unit of shieldConfig.includeMap.orgunit) { + console.log("\x1b[32m", ` 🛬 ${unit}`, "\x1b[0m"); + } + } + console.log("\n 📑 Logging:"); + if (shieldConfig.General.LoggingConfiguration === "Firehose") { + console.log(" 🧯 " + shieldConfig.General.LoggingConfiguration); + console.log( + " ⚙️ [" + shieldConfig.General.S3LoggingBucketName + "]" + ); + } + if (shieldConfig.General.LoggingConfiguration === "S3") { + console.log(" 🪣 " + shieldConfig.General.LoggingConfiguration); + console.log( + " ⚙️ [" + shieldConfig.General.S3LoggingBucketName + "]" + ); + } + const app = new cdk.App(); + new ShieldStack( + app, + shieldConfig.General.Prefix.toUpperCase() + + "-SHIELD-ADVANCED-" + + shieldConfig.General.Stage.toUpperCase(), + { + shieldConfig, + env: { + region: deploymentRegion, + account: process.env.CDK_DEFAULT_ACCOUNT, + }, + runtimeProperties: runtimeProperties, + } ); + await helpers.pricingHelper.isShieldPriceCalculated(shieldConfig); + helpers.guidanceHelper.outputGuidance(runtimeProperties); + break; } - const app = new cdk.App(); - - new ShieldStack( - app, - shieldConfig.General.Prefix.toUpperCase() + - "-SHIELD-ADVANCED-" + - shieldConfig.General.Stage.toUpperCase(), - { - shieldConfig, - env: { - region: deploymentRegion, - account: process.env.CDK_DEFAULT_ACCOUNT, - }, - runtimeProperties: runtimeProperties, + case "WAFStack": { + // --------------------------------------------------------------------- + // Deploying Firewall stack + const config: WafConfig = values.configs[CONFIG_OBJECT_NAME]; + const deploymentRegion = helpers.afwfHelper.outputInfoBanner(config); + const runtimeProperties = helpers.afwfHelper.initRuntimeProperties(); + if (process.env.SKIP_QUOTA_CHECK === "true") { + console.log("❗️ SKIPPING Quota Check for Policies.❗️\n\n"); + } else { + const policyQuotaReached = await helpers.wafHelper.isPolicyQuotaReached( + deploymentRegion + ); + if (policyQuotaReached) { + console.error( + "\u001B[31m", + "🚨 ERROR: Exit process due Quota Check for Policies 🚨 \n\n", + "\x1b[0m" + "\n\n" + ); + process.exit(1); + } } - ); - - await pricingHelper.isShieldPriceCalculated(shieldConfig); - guidanceHelper.outputGuidance(runtimeProperties); - } - // --------------------------------------------------------------------- - // Deploying Firewall stack - if (process.env.STACK_NAME === "WAFStack") { - // eslint-disable-next-line @typescript-eslint/no-var-requires - const config: wafConfig = values.configs[CONFIG_OBJECT_NAME]; - const deploymentRegion = afwfHelper.outputInfoBanner(config); - const runtimeProperties = afwfHelper.initRuntimeProperties(); - if (process.env.SKIP_QUOTA_CHECK === "true") { - console.log("❗️ SKIPPING Quota Check for Policies.❗️\n\n"); - } else { - const policyQuotaReached = await wafHelper.isPolicyQuotaReached( - deploymentRegion + await helpers.cloudformationHelper.setOutputsFromStack( + deploymentRegion, + runtimeProperties, + config ); - if (policyQuotaReached) { - console.error( - "\u001B[31m", - "🚨 ERROR: Exit process due Quota Check for Policies 🚨 \n\n", - "\x1b[0m" + "\n\n" + if (config.General.DeployHash) { + console.log( + "#️⃣ Deployment Hash for this WAF: " + config.General.DeployHash ); - process.exit(1); + helpers.guidanceHelper.getGuidance("deploymentHash", runtimeProperties); } - } - await cloudformationHelper.setOutputsFromStack( - deploymentRegion, - runtimeProperties, - config - ); - if (config.General.DeployHash) { - console.log( - "#️⃣ Deployment Hash for this WAF: " + config.General.DeployHash - ); - guidanceHelper.getGuidance("deploymentHash", runtimeProperties); - } - console.log(`🔥 Deploy FMS Policy: ${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${ - config.General.DeployHash - ? "-" + config.General.DeployHash.toUpperCase() - : "" - }\n ⦂ Type: - ${config.WebAcl.Type}\n📚 Stackname:`); - console.log( - "\u001b[32m", - ` ${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${ + console.log(`🔥 Deploy FMS Policy: ${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${ config.General.DeployHash ? "-" + config.General.DeployHash.toUpperCase() : "" - }`, - "\u001b[0m" - ); - console.log("\n 🎯 Targets:"); - if (config.WebAcl.IncludeMap.account) { - for (const account of config.WebAcl.IncludeMap.account) { - console.log("\x1b[32m", ` 🛬 ${account}`, "\x1b[0m"); + }\n ⦂ Type: + ${config.WebAcl.Type}\n📚 Stackname:`); + console.log( + "\u001b[32m", + ` ${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${ + config.General.DeployHash + ? "-" + config.General.DeployHash.toUpperCase() + : "" + }`, + "\u001b[0m" + ); + console.log("\n 🎯 Targets:"); + if (config.WebAcl.IncludeMap.account) { + for (const account of config.WebAcl.IncludeMap.account) { + console.log("\x1b[32m", ` 🛬 ${account}`, "\x1b[0m"); + } } - } - if (config.WebAcl.IncludeMap.orgunit) { - for (const unit of config.WebAcl.IncludeMap.orgunit) { - console.log("\x1b[32m", ` 🛬 ${unit}`, "\x1b[0m"); + if (config.WebAcl.IncludeMap.orgunit) { + for (const unit of config.WebAcl.IncludeMap.orgunit) { + console.log("\x1b[32m", ` 🛬 ${unit}`, "\x1b[0m"); + } } - } - console.log("\n 📑 Logging:"); - if (config.General.LoggingConfiguration === "Firehose") { - console.log(" 🧯 " + config.General.LoggingConfiguration); - console.log(" ⚙️ [" + config.General.S3LoggingBucketName + "]"); - } - if (config.General.LoggingConfiguration === "S3") { - console.log(" 🪣 " + config.General.LoggingConfiguration); - console.log(" ⚙️ [" + config.General.S3LoggingBucketName + "]"); - } - if ( - Array.isArray(config.WebAcl.IPSets) && - config.WebAcl.IPSets.length > 0 - ) { - console.log("\n𝍂 IPSets"); - for (const ipSet of config.WebAcl.IPSets) { - console.log(" ➕ " + ipSet.name); - console.log( - " ⚙️ [" + - ipSet.ipAddressVersion + - "] | 🌎 [" + - config.WebAcl.Scope + - "]" - ); + console.log("\n 📑 Logging:"); + if (config.General.LoggingConfiguration === "Firehose") { + console.log(" 🧯 " + config.General.LoggingConfiguration); + console.log(" ⚙️ [" + config.General.S3LoggingBucketName + "]"); } - } - if ( - Array.isArray(config.WebAcl.RegexPatternSets) && - config.WebAcl.RegexPatternSets.length > 0 - ) { - console.log("\n𝍂 RegexPatternSets"); - for (const regpatternset of config.WebAcl.RegexPatternSets) { - console.log(" ➕ " + regpatternset.name); - console.log(" ⚙️ 🌎 [" + config.WebAcl.Scope + "]"); + if (config.General.LoggingConfiguration === "S3") { + console.log(" 🪣 " + config.General.LoggingConfiguration); + console.log(" ⚙️ [" + config.General.S3LoggingBucketName + "]"); } - } - const wcuQuotaReached = await wafHelper.isWcuQuotaReached( - deploymentRegion, - runtimeProperties, - config - ); - if (wcuQuotaReached) { - console.error( - "\u001B[31m", - "🚨 ERROR: Exit process due Quota Check for WCU 🚨 \n\n", - "\x1b[0m" + "\n\n" + if ( + Array.isArray(config.WebAcl.IPSets) && + config.WebAcl.IPSets.length > 0 + ) { + console.log("\n𝍂 IPSets"); + for (const ipSet of config.WebAcl.IPSets) { + console.log(" ➕ " + ipSet.name); + console.log( + " ⚙️ [" + + ipSet.ipAddressVersion + + "] | 🌎 [" + + config.WebAcl.Scope + + "]" + ); + } + } + if ( + Array.isArray(config.WebAcl.RegexPatternSets) && + config.WebAcl.RegexPatternSets.length > 0 + ) { + console.log("\n𝍂 RegexPatternSets"); + for (const regpatternset of config.WebAcl.RegexPatternSets) { + console.log(" ➕ " + regpatternset.name); + console.log(" ⚙️ 🌎 [" + config.WebAcl.Scope + "]"); + } + } + const wcuQuotaReached = await helpers.wafHelper.isWcuQuotaReached( + deploymentRegion, + runtimeProperties, + config ); - process.exit(1); - } - if (afwfHelper.wrongLoggingConfiguration(config)) { - console.error( - "\u001B[31m", - " 🚨 ERROR: Amazon S3 bucket name is invalid 🚨 ", - "\x1b[0m" + - "\n 🪣 Amazon S3 bucket name must begin with \"aws-waf-logs-\" followed by at least one \n of the following characters [a-z0-9_.-]\n\n", - "\x1b[0m" + "\n\n" + if (wcuQuotaReached) { + console.error( + "\u001B[31m", + "🚨 ERROR: Exit process due Quota Check for WCU 🚨 \n\n", + "\x1b[0m" + "\n\n" + ); + process.exit(1); + } + if (helpers.afwfHelper.wrongLoggingConfiguration(config)) { + console.error( + "\u001B[31m", + " 🚨 ERROR: Amazon S3 bucket name is invalid 🚨 ", + "\x1b[0m" + + "\n 🪣 Amazon S3 bucket name must begin with \"aws-waf-logs-\" followed by at least one \n of the following characters [a-z0-9_.-]\n\n", + "\x1b[0m" + "\n\n" + ); + + process.exit(1); + } + new WafStack( + app, + `${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${ + config.General.DeployHash + ? "-" + config.General.DeployHash.toUpperCase() + : "" + }`, + { + // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Error: Either remove this useless object instantiation or use it. + config, + runtimeProperties: runtimeProperties, + env: { + region: deploymentRegion, + account: process.env.CDK_DEFAULT_ACCOUNT, + }, + } ); - process.exit(1); - } - new WafStack( - app, - `${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${ - config.General.DeployHash - ? "-" + config.General.DeployHash.toUpperCase() - : "" - }`, - { - // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Error: Either remove this useless object instantiation or use it. + await helpers.pricingHelper.isWafPriceCalculated( + PriceRegions[deploymentRegion as RegionString], + runtimeProperties, config, - runtimeProperties: runtimeProperties, - env: { - region: deploymentRegion, - account: process.env.CDK_DEFAULT_ACCOUNT, - }, + deploymentRegion + ); + helpers.guidanceHelper.outputGuidance(runtimeProperties, config); + break; + } + case "AutoUpdatedManagedIpSets": { + helpers.afwfHelper.outputInfoBanner(); + console.log("ℹ️ Deploying AutoUpdatedManagedIpSets Stack"); + console.log("\n𝍂 Managed IPSets"); + for (const ipSet of values.autoUpdatedManagedIpSetsConfigs[CONFIG_OBJECT_NAME].ManagedIpSets) { + console.log(" ➕ " + ipSet.name); + console.log(` ⚙️ ${ipSet.ipAddressVersion} | 🌎 ${ipSet.scope} - ${ipSet.region} | ⏱️ ${ipSet.updateSchedule.expressionString} + `); } - ); - - await pricingHelper.isWafPriceCalculated( - PriceRegions[deploymentRegion as RegionString], - runtimeProperties, - config, - deploymentRegion - ); - guidanceHelper.outputGuidance(runtimeProperties, config); + const app = new cdk.App(); + const autoUpdatedManagedIpSetsConfig: AutoUpdatedManagedIpSetsConfig = values.autoUpdatedManagedIpSetsConfigs[CONFIG_OBJECT_NAME]; + new AutoUpdatedManagedIpSetsStack( + app, + "AutoUpdatedManagedIpSets", + { + env: { + region: process.env.AWS_REGION, + account: process.env.CDK_DEFAULT_ACCOUNT, + }, + config: autoUpdatedManagedIpSetsConfig, + runtimeProperties: helpers.afwfHelper.initRuntimeProperties(), + stackName: autoUpdatedManagedIpSetsConfig.General.Prefix.toUpperCase() + "-AWS-FIREWALL-FACTORY-AUTO-UPDATED-MANAGED-IPSETS", + }); + break; + } + default: { + helpers.afwfHelper.outputInfoBanner(); + console.log("⚠️ No Stack to deploy found."); + } } })(); + + diff --git a/eslint.config.mjs b/eslint.config.mjs new file mode 100644 index 00000000..72053fc6 --- /dev/null +++ b/eslint.config.mjs @@ -0,0 +1,88 @@ +import typescriptEslint from "@typescript-eslint/eslint-plugin"; +import tsParser from "@typescript-eslint/parser"; +import path from "node:path"; +import { fileURLToPath } from "node:url"; +import js from "@eslint/js"; +import { FlatCompat } from "@eslint/eslintrc"; + +const __filename = fileURLToPath(import.meta.url); +const __dirname = path.dirname(__filename); +const compat = new FlatCompat({ + baseDirectory: __dirname, + recommendedConfig: js.configs.recommended, + allConfig: js.configs.all +}); + +export default [{ + ignores: [ + "**/node_modules/", + "**/dist/", + "**/cdk.out/", + "**/cdk.context.json", + "**/cdk", + ".github/enumcheck.ts", + "jest.config.js", + "values/migrate.ts" + ], +}, ...compat.extends( + "eslint:recommended", + "plugin:@typescript-eslint/eslint-recommended", + "plugin:@typescript-eslint/recommended", +), { + plugins: { + "@typescript-eslint": typescriptEslint, + }, + + languageOptions: { + parser: tsParser, + }, + + rules: { + semi: [2, "always"], + eqeqeq: 2, + + indent: [2, 2, { + SwitchCase: 1, + }], + + quotes: ["error", "double"], + "linebreak-style": "off", + "array-bracket-newline": "off", + "array-bracket-spacing": ["error", "never"], + "no-trailing-spaces": "off", + "padded-blocks": "off", + "arrow-body-style": "off", + "init-declarations": "off", + "comma-dangle": "off", + + "keyword-spacing": [0, { + before: true, + after: true, + overrides: null, + }], + + "prefer-template": "off", + "id-blacklist": "off", + "no-console": "off", + "no-sync": "off", + complexity: "off", + "max-statements": "off", + "array-element-newline": "off", + "object-curly-spacing": "off", + "template-curly-spacing": "off", + camelcase: "off", + "no-use-before-define": "off", + "id-length": "off", + "id-match": "off", + "max-len": "off", + "no-magic-numbers": "off", + "no-underscore-dangle": "off", + "no-process-env": "off", + + "func-style": ["error", "declaration", { + allowArrowFunctions: true, + }], + + "no-useless-escape": "off", + }, +}]; \ No newline at end of file diff --git a/lib/_autoUpdatedManagedIpSets/index.ts b/lib/_autoUpdatedManagedIpSets/index.ts new file mode 100644 index 00000000..4e7d0345 --- /dev/null +++ b/lib/_autoUpdatedManagedIpSets/index.ts @@ -0,0 +1,58 @@ +/** + * @packageDocumentation + * # AWS Firewall Factory - Automated Managed IpSets + * + * The Prequisites Stack is used to deploy the Automated Managed IpSets for the AWS Firewall Factory. + * + * It contains the following resources: + * - Lambda to update the Managed IpSets + * - Event Schedule Rules to trigger the Lambda + * - SSM Parameter with information for the Managed IpSets + * @description + * + * @example +import { autoUpdatedManagedIpSets } from "../../lib/types/config/index"; +import { AWSRegion } from "../../lib/types/enums/general"; +import * as events from "aws-cdk-lib/aws-events"; +import * as cdk from "aws-cdk-lib"; + +export const config: autoUpdatedManagedIpSets.config = { + General: { + Prefix: "aws-firewall-factory", + }, + ManagedIpSets: [ + { + name: "entraid-ipaddresses", + description: "EntraID IP Addresses", + ipAddressVersion: "IPV4", + updateSchedule: events.Schedule.rate(cdk.Duration.days(1)), + cidrLocations: [ + { + downloadUrl: "https://www.microsoft.com/en-us/download/details.aspx?id=56519", + downloadSearchRegexOnUrl: /https:\/\/download\.microsoft\.com\/download\/[0-9A-Za-z]+\/[0-9A-Za-z]+\/[0-9A-Za-z]+\/[0-9A-Za-z-]+\/ServiceTags_Public_\d{8}\.json/, + outputType: "JSON", + OutputInformation: { + outputConditionKey: "systemService", + outputConditionValue: "AzureAD", + outputTargetKey: "addressPrefixes", + }, + }, + { + downloadUrl: "https://learn.microsoft.com/de-de/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide", + downloadSearchRegexOnUrl: /https:\/\/endpoints\.office\.com\/endpoints\/worldwide\?clientrequestid=[a-f0-9\-]{36}/, + outputType: "JSON", + OutputInformation: { + outputConditionKey: "serviceArea", + outputConditionValue: "Common", + outputTargetKey: "ips", + }, + }, + ], + region: AWSRegion.EU_CENTRAL_1, + scope: "REGIONAL", + }, + ], +}; + + */ +export * from "./stack"; \ No newline at end of file diff --git a/lib/_autoUpdatedManagedIpSets/stack.ts b/lib/_autoUpdatedManagedIpSets/stack.ts new file mode 100644 index 00000000..4605a2ee --- /dev/null +++ b/lib/_autoUpdatedManagedIpSets/stack.ts @@ -0,0 +1,135 @@ +import * as cdk from "aws-cdk-lib"; +import { Construct } from "constructs"; +import { RuntimeProps, AutoUpdatedManagedIpSetsConfig } from "../types/config/index"; +import { + aws_lambda as lambda, + aws_lambda_nodejs as NodejsFunction, + aws_ssm as ssm, + aws_iam as iam, + aws_events_targets as targets, + aws_events as events, + custom_resources as cr, +} from "aws-cdk-lib"; +import * as path from "path"; +import { regExReplacer } from "../../lib/lambda/SharedComponents/helpers"; + +export interface AutoUpdatedManagedIpSetsStackProps extends cdk.StackProps { + /** + * Class Variable for WAF Properties. + */ + readonly config: AutoUpdatedManagedIpSetsConfig; + /** + * Class Variable for Runtime Properties. + */ + runtimeProperties: RuntimeProps; +} + + + +export class AutoUpdatedManagedIpSetsStack extends cdk.Stack { + constructor(scope: Construct, id: string, props: AutoUpdatedManagedIpSetsStackProps) { + super(scope, id, props); + + const ManagedIpSetsParameter = new ssm.StringParameter( + this, + "ManagedIpSetsParameter", + { + parameterName: `/${props.config.General.Prefix.toUpperCase()}/AWS-FIREWALL-FACTORY/MANAGEDIPSETS/CONFIGURATION`, + stringValue: JSON.stringify(props.config.ManagedIpSets, regExReplacer, 2), + description: "Auto Updated Managed IP Sets Parameter - © AWS Firewall Factory ", + tier: ssm.ParameterTier.ADVANCED, + } + ); + new cdk.CfnOutput(this, "AWS-Firewall-Factory-ManagedIpSet-Configuration-Parameter", { + key: "AwsFirewallFactoryManagedIpSetConfigurationParameter", + exportName: "AwsFirewallFactoryManagedIpSetConfigurationParameter", + value: ManagedIpSetsParameter.parameterName, + description: "Auto Updated Managed IP Sets Parameter - © AWS Firewall Factory ", + }); + const awsFirewallFactoryIpSetManager = new NodejsFunction.NodejsFunction( + this, + "AwsFirewallFactoryIpSetManager", + { + architecture: lambda.Architecture.ARM_64, + entry: path.join( + __dirname, + "../lambda/AutoUpdatedManagedIpSets/index.ts" + ), + handler: "handler", + timeout: cdk.Duration.seconds(360), + environment: { + PARAM_NAME: ManagedIpSetsParameter.parameterName, + }, + runtime: lambda.Runtime.NODEJS_20_X, + memorySize: 128, + bundling: { + minify: true, + }, + description: + "Lambda Function to manage the Auto Updated Managed IP Sets", + } + ); + ManagedIpSetsParameter.grantRead(awsFirewallFactoryIpSetManager); + const wafIpSetManagement = new iam.PolicyStatement({ // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Sonarqube identify the following Error: Either remove this useless object instantiation or use it. + actions:["wafv2:ListIpSets","wafv2:CreateIPSet","wafv2:UpdateIPSet","wafv2:DeleteIPSet", "wafv2:GetIPSet"], + resources: ["*"]}); + awsFirewallFactoryIpSetManager.addToRolePolicy(wafIpSetManagement); + const ssmParameterManagement = new iam.PolicyStatement({ // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Sonarqube identify the following Error: Either remove this useless object instantiation or use it. + actions:["ssm:PutParameter", + "ssm:DeleteParameter"], + resources: [`arn:aws:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter/${props.config.General.Prefix.toUpperCase()}/AWS-FIREWALL-FACTORY/MANAGEDIPSETS/*/ADDRESSES`, `arn:aws:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter/${props.config.General.Prefix.toUpperCase()}/AWS-FIREWALL-FACTORY/MANAGEDIPSETS/*`]}); + awsFirewallFactoryIpSetManager.addToRolePolicy(ssmParameterManagement); + const ssmParameterGet = new iam.PolicyStatement({ // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Sonarqube identify the following Error: Either remove this useless object instantiation or use it. + actions:["ssm:DescribeParameters", + "ssm:ListParameters"], + resources: ["*"]}); + awsFirewallFactoryIpSetManager.addToRolePolicy(ssmParameterGet); + const cloudwatchMetric = new iam.PolicyStatement({ // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Sonarqube identify the following Error: Either remove this useless object instantiation or use it. + actions:["cloudwatch:PutMetricData"], + resources: ["*"]}); + awsFirewallFactoryIpSetManager.addToRolePolicy(cloudwatchMetric); + const autoUpdatedManagedIpSetProvider = new cr.Provider(this, "CustomResourceProviderAwsFirewallFactoryIpSetManagerLambda", { // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Sonarqube identify the following Error: Either remove this useless object instantiation or use it. + onEventHandler: awsFirewallFactoryIpSetManager + }); + + + for (const ipSet of props.config.ManagedIpSets) { + const autoUpdatedManagedIpSetCustomResource = new cdk.CustomResource(this, `AWS-Firewall-Factory-CustomResource-${ipSet.name}`, { + serviceToken: autoUpdatedManagedIpSetProvider.serviceToken, + properties: { + IpSetName: ipSet.name, + Region: ipSet.region, + Scope: ipSet.scope, + Prefix: props.config.General.Prefix, + }, + }); + + new cdk.CfnOutput(this, `AWS-Firewall-Factory-ManagedIpSet-${ipSet.name}`, { + key: `${ipSet.name.replace(/[^0-9a-z]/gi, "")}Arn`, + exportName: `${ipSet.name}Arn`, + value: autoUpdatedManagedIpSetCustomResource.getAttString("IpSetArn"), + description: "Autoupdated Managed IP Set ARN from aws-firewall-factory", + }); + + new events.Rule(this, `aws-firewall-factory-${ipSet.name}-Rule`, { + ruleName: `${props.config.General.Prefix}-aws-firewall-factory-${ipSet.name}-UpdateRule`, + schedule: ipSet.updateSchedule, + targets: [new targets.LambdaFunction(awsFirewallFactoryIpSetManager, { + event: events.RuleTargetInput.fromObject({ + Type: "aws-firewall-factory-IpSetUpdate", + ResourceProperties: { + IpSetName: ipSet.name, + Region: ipSet.region, + Scope: ipSet.scope, + Prefix: props.config.General.Prefix, + }, + }), + })], + }); + } + + + + + } +} \ No newline at end of file diff --git a/lib/_prerequisites/index.ts b/lib/_prerequisites/index.ts index ff80ef1a..583cadb5 100644 --- a/lib/_prerequisites/index.ts +++ b/lib/_prerequisites/index.ts @@ -13,8 +13,8 @@ * @description * * @example - * import { Prerequisites } from "../../lib/types/config"; - * export const prequisites: Prerequisites = { + * import { prerquisites } from "../../lib/types/config"; + * export const prequisites: prerquisites.config = { * General: { * Prefix: "aws-firewall-factory", * }, diff --git a/lib/_prerequisites/stack.ts b/lib/_prerequisites/stack.ts index e45dcab4..6d7556df 100644 --- a/lib/_prerequisites/stack.ts +++ b/lib/_prerequisites/stack.ts @@ -1,7 +1,6 @@ import * as cdk from "aws-cdk-lib"; import { Construct } from "constructs"; -import { Prerequisites } from "../types/config"; -import { RuntimeProperties } from "../types/runtimeprops"; +import {PrerequisitesConfig, RuntimeProps } from "../types/config/index"; import { aws_s3 as s3, aws_kms as kms, @@ -44,11 +43,11 @@ export interface StackProps extends cdk.StackProps { /** * Class Variable for Prerequisites Properties. */ - readonly prerequisites: Prerequisites; + readonly prerequisites: PrerequisitesConfig; /** * Class Variable for Runtime Properties. */ - runtimeProperties: RuntimeProperties; + runtimeProperties: RuntimeProps; } export class PrerequisitesStack extends cdk.Stack { @@ -341,7 +340,7 @@ export class PrerequisitesStack extends cdk.Stack { console.log( "\n🪣 Creating Bucket with Name: AWS-Firewall-Factory-Logging" ); - let encryptionKey = undefined; + let encryptionKey: kms.Key | undefined; if (props.prerequisites.Logging.BucketProperties?.KmsEncryptionKey) { console.log( " 🔑 Creating KMS Key for: AWS-Firewall-Factory-Logging Bucket." @@ -441,7 +440,6 @@ export class PrerequisitesStack extends cdk.Stack { console.log( " ➕ Adding ObjectLock to Bucket: AWS-Firewall-Factory-Logging \n" ); - // eslint-disable-next-line @typescript-eslint/restrict-plus-operands console.log( " ⚙️ Settings: \n 🗓️ Retention-Days: " + props.prerequisites.Logging.BucketProperties?.ObjectLock?.Days + diff --git a/lib/_shield-advanced/index.ts b/lib/_shield-advanced/index.ts index 2cc17698..f5e63510 100644 --- a/lib/_shield-advanced/index.ts +++ b/lib/_shield-advanced/index.ts @@ -5,8 +5,8 @@ * The Shield Advanced Stack deploy Shield Advanced Policies using Firewall Manager. * * @example - * import { ShieldConfig } from "../../lib/types/config"; -* export const shieldConfig: ShieldConfig = { + * import { shield } from "../../lib/types/config"; +* export const shieldConfig: shield.config = { * General: { * Prefix: "aws-firewall-factory", * Stage: "test", diff --git a/lib/_shield-advanced/stack.ts b/lib/_shield-advanced/stack.ts index 51d94157..2ee858b7 100644 --- a/lib/_shield-advanced/stack.ts +++ b/lib/_shield-advanced/stack.ts @@ -1,10 +1,8 @@ import * as cdk from "aws-cdk-lib"; import { Construct } from "constructs"; import { aws_fms as fms } from "aws-cdk-lib"; -import { ManagedServiceData } from "../types/fms"; import { getGuidance } from "../tools/helpers/guidance"; -import { RuntimeProperties } from "../types/runtimeprops"; -import { ShieldConfig } from "../types/config"; +import { RuntimeProps, ShieldConfig, ManagedServiceData } from "../types/config"; import { ShieldDashboard } from "../constructs/shieldDashboard/index"; /** @@ -34,11 +32,11 @@ export interface ShieldProps extends cdk.StackProps { /** * Class Variable for a Shield Config. */ - readonly shieldConfig: ShieldConfig; + readonly shieldConfig: ShieldConfig; /** * Class Variable for Runtime Properties. */ - readonly runtimeProperties: RuntimeProperties; + readonly runtimeProperties: RuntimeProps; } export class ShieldStack extends cdk.Stack { readonly oamSinkArn: string = ""; diff --git a/lib/_waf/index.ts b/lib/_waf/index.ts index dbeec8a9..f31611a8 100644 --- a/lib/_waf/index.ts +++ b/lib/_waf/index.ts @@ -5,9 +5,9 @@ * The waf Stack deploy WAF using Firewall Manager. * * @example -* import { wafConfig } from "../../lib/types/config"; -* import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums"; -* export const config: wafConfig = { +* import { waf } from "../../lib/types/config"; +* import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums/waf"; +* export const config: WafConfig= { * General: { * FireHoseKeyArn: "", * Prefix: "aws-firewall-factory", diff --git a/lib/_waf/stack.ts b/lib/_waf/stack.ts index 564f2afb..e3e2810b 100644 --- a/lib/_waf/stack.ts +++ b/lib/_waf/stack.ts @@ -1,12 +1,7 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ import * as cdk from "aws-cdk-lib"; import { Construct } from "constructs"; import { aws_wafv2 as wafv2, aws_fms as fms,aws_lambda_nodejs as NodejsFunction, aws_lambda as lambda, aws_kinesisfirehose as firehouse, aws_iam as iam, aws_logs as logs } from "aws-cdk-lib"; -import { wafConfig } from "../types/config"; -import { ManagedServiceData, SubVariables } from "../types/fms"; -import { RuntimeProperties } from "../types/runtimeprops"; +import { RuntimeProps, WafConfig, SubVariables, ManagedServiceData, ManagedRuleGroup, ServiceDataManagedRuleGroup, ServiceDataRuleGroup } from "../types/config/index"; import {WafCloudWatchDashboard} from "../constructs/wafDashboard/index"; import * as path from "path"; import * as cr from "aws-cdk-lib/custom-resources"; @@ -27,11 +22,11 @@ export interface ConfigStackProps extends cdk.StackProps { /** * Class Variable for WAF Properties. */ - readonly config: wafConfig; + readonly config: WafConfig; /** * Class Variable for Runtime Properties. */ - runtimeProperties: RuntimeProperties; + runtimeProperties: RuntimeProps; } export class WafStack extends cdk.Stack { @@ -208,8 +203,8 @@ export class WafStack extends cdk.Stack { // -------------------------------------------------------------------- - const preProcessRuleGroups = []; - const postProcessRuleGroups = []; + const preProcessRuleGroups: (ServiceDataManagedRuleGroup | ManagedRuleGroup | ServiceDataRuleGroup)[] = []; + const postProcessRuleGroups: (ServiceDataManagedRuleGroup | ManagedRuleGroup | ServiceDataRuleGroup)[] = []; const MANAGEDRULEGROUPSINFO: string[]= [""]; let subVariables : SubVariables = {}; if (props.config.WebAcl.PreProcess.ManagedRuleGroups) { @@ -279,7 +274,6 @@ export class WafStack extends cdk.Stack { } if(props.config.General.CreateDashboard && props.config.General.CreateDashboard === true) { - // eslint-disable-next-line @typescript-eslint/no-unsafe-call new WafCloudWatchDashboard(this, "cloudwatch",props.config, MANAGEDRULEGROUPSINFO); // NOSONAR -> SonarQube is identitfying this line as a Major Issue, but it is not. Sonarqube identify the following Error: Either remove this useless object instantiation or use it. } } diff --git a/lib/constructs/wafDashboard/dashboard.ts b/lib/constructs/wafDashboard/dashboard.ts index 94284546..c764c944 100644 --- a/lib/constructs/wafDashboard/dashboard.ts +++ b/lib/constructs/wafDashboard/dashboard.ts @@ -1,11 +1,11 @@ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/restrict-plus-operands */ + + + import { aws_cloudwatch as cloudwatch } from "aws-cdk-lib"; import * as fs from "fs"; import * as path from "path"; import * as cdk from "aws-cdk-lib"; -import { wafConfig } from "../../types/config"; +import { WafConfig } from "../../types/config"; import { Construct } from "constructs"; const REGION = cdk.Aws.REGION; @@ -15,9 +15,9 @@ const REGION = cdk.Aws.REGION; */ const packageJsonPath = path.resolve(__dirname, "../../../package.json"); const packageJsonContent = fs.readFileSync(packageJsonPath, "utf-8"); -// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment + const packageJson = JSON.parse(packageJsonContent); -// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment + const FIREWALL_FACTORY_VERSION = packageJson.version; /** @@ -25,7 +25,7 @@ const FIREWALL_FACTORY_VERSION = packageJson.version; */ export class WafCloudWatchDashboard extends Construct { - constructor(scope: Construct, id: string, config: wafConfig,managedRuleGroupsInfo:string[]) { + constructor(scope: Construct, id: string, config: WafConfig,managedRuleGroupsInfo:string[]) { super(scope, id); console.log("\n🎨 Creating central CloudWatch Dashboard \n 📊 DashboardName: ","\u001b[32m", `${config.General.Prefix.toUpperCase()}-${config.WebAcl.Name}-${config.General.Stage}${config.General.DeployHash ? "-"+config.General.DeployHash : ""}`,"\u001b[0m"); console.log(" ℹ️ Warnings for Math expressions can be ignored."); @@ -66,7 +66,7 @@ export class WafCloudWatchDashboard extends Construct { const firstrow = new cloudwatch.Row(infowidget,app,fwfactory); cwdashboard.addWidgets(firstrow); for(const account of config.WebAcl.IncludeMap.account){ - // eslint-disable-next-line no-useless-escape + const countexpression = "SEARCH('{AWS\/WAFV2,\Region,\WebACL,\Rule} \WebACL="+webaclNamewithPrefix+" \MetricName=\"\CountedRequests\"', '\Sum', 300)"; const countedRequests = new cloudwatch.GraphWidget({ @@ -83,7 +83,7 @@ export class WafCloudWatchDashboard extends Construct { searchRegion: REGION, color: "#9dbcd4" })); - // eslint-disable-next-line no-useless-escape + const blockedexpression = "SEARCH('{AWS\/WAFV2,\Region,\WebACL,\Rule} \WebACL="+webaclNamewithPrefix+" \MetricName=\"\BlockedRequests\"', '\Sum', 300)"; const blockedRequests = new cloudwatch.GraphWidget({ title: "❌ Blocked Requests in " + account, @@ -99,7 +99,7 @@ export class WafCloudWatchDashboard extends Construct { searchRegion: REGION, color: "#ff0000" })); - // eslint-disable-next-line no-useless-escape + const allowedexpression = "SEARCH('{AWS\/WAFV2,\Region,\WebACL,\Rule} \WebACL="+webaclNamewithPrefix+" \MetricName=\"\AllowedRequests\"', '\Sum', 300)"; const allowedRequests = new cloudwatch.GraphWidget({ title: "✅ Allowed Requests in " + account, @@ -115,15 +115,15 @@ export class WafCloudWatchDashboard extends Construct { searchRegion: REGION, color: "#00FF00" })); - // eslint-disable-next-line no-useless-escape + const sinlevaluecountedrequestsexpression = "SEARCH('{AWS\/WAFV2,\Rule,\WebACL,\Region} \WebACL="+webaclNamewithPrefix+" \MetricName=\"CountedRequests\" \Rule=\"ALL\"', '\Sum', 300)"; - // eslint-disable-next-line no-useless-escape + const expression1 = "SEARCH('{AWS\/WAFV2,\Rule,\WebACL,\Region} \WebACL="+webaclNamewithPrefix+" \MetricName=\"AllowedRequests\" \Rule=\"ALL\"', '\Sum', 300)"; - // eslint-disable-next-line no-useless-escape + const expression2 = "SEARCH('{AWS\/WAFV2,\Rule,\WebACL,\Region} \WebACL="+webaclNamewithPrefix+" \MetricName=\"BlockedRequests\" \Rule=\"ALL\"', '\Sum', 300)"; - // eslint-disable-next-line no-useless-escape + const expression3 = "SEARCH('{AWS\/WAFV2,\LabelName,\LabelNamespace,\WebACL,\Region} \WebACL="+webaclNamewithPrefix+" \LabelNamespace=\"awswaf:managed:aws:bot-control:bot:category\" \MetricName=\"AllowedRequests\" \Rule=\"ALL\"', '\Sum', 300)"; - // eslint-disable-next-line no-useless-escape + const expression4 = "SEARCH('{AWS\/WAFV2,\LabelName,\LabelNamespace,\WebACL,\Region} \WebACL="+webaclNamewithPrefix+" \LabelNamespace=\"awswaf:managed:aws:bot-control:bot:category\" \MetricName=\"BlockedRequests\" \Rule=\"ALL\"', '\Sum', 300)"; const expression5 = "SUM([e3,e4])"; const expression6 = "SUM([e1,e2,-e3,-e4])"; diff --git a/lib/lambda/AutoUpdatedManagedIpSets/downloader.ts b/lib/lambda/AutoUpdatedManagedIpSets/downloader.ts new file mode 100644 index 00000000..628a3a83 --- /dev/null +++ b/lib/lambda/AutoUpdatedManagedIpSets/downloader.ts @@ -0,0 +1,38 @@ +import axios from "axios"; +import * as fs from "fs"; + + + +// Helper function to download a File based indicate on the URL +export async function downloadFile(downloadUrl: string,searchRegexOnUrl: RegExp, outputType: string ): Promise { + let savePath = ""; + + try { + // Fetch the download page + console.log(`ℹ️ Fetching the download page from: ${downloadUrl}`); + console.log(`🔎 Searching for the download link using the regex: ${searchRegexOnUrl.source}`); + console.log(`⦂ Output type: ${outputType}`); + const downloadPage = await axios.get(downloadUrl); + const downloadLinkMatch = downloadPage.data.match(searchRegexOnUrl); + if (!downloadLinkMatch) { + console.error("❌ Failed to find the download link"); + throw new Error("❌ Failed to find the download link"); + } + const downloadLink = downloadLinkMatch[0]; + + if (downloadLink) { + // Download the actual file + const response = await axios.get(downloadLink, { responseType: "arraybuffer" }); + console.log(`🔗 Found the download link: ${downloadLink} - Downloading file`); + savePath = `/tmp/${downloadLink.split("/").pop()?.replaceAll("?", "")?.replaceAll("=", "")}.${outputType.toLowerCase()}`; + // Save the file to the specified path + fs.writeFileSync(savePath, response.data, "utf8"); + console.log(`📂 File saved to ${savePath}`); + } + } + catch (error) { + console.error(`❌ Error downloading the file: ${error}`); + throw new Error(`❌ Error downloading the file: ${error}`); + } + return savePath; +} \ No newline at end of file diff --git a/lib/lambda/AutoUpdatedManagedIpSets/index.ts b/lib/lambda/AutoUpdatedManagedIpSets/index.ts new file mode 100644 index 00000000..7fb9b8b0 --- /dev/null +++ b/lib/lambda/AutoUpdatedManagedIpSets/index.ts @@ -0,0 +1,100 @@ +import { downloadFile} from "./downloader"; +import { extractIPAddressesFromJson } from "./ipextractor"; +import * as fs from "fs"; +import { ManagedIpSet } from "../../types/config/autoUpdatedManagedIpSets"; +import {getSsmParameterFromEnvParamString} from "../SharedComponents/services/ssm"; +import {ipSetManager, deleteIpSet} from "../SharedComponents/services/waf"; +import {deleteSsmParameter} from "../SharedComponents/services/ssm"; +import { + CdkCustomResourceEvent, + CdkCustomResourceResponse, + EventBridgeEvent, +} from "aws-lambda"; +import { regExReviver as reviver } from "../SharedComponents/helpers"; + + +// eslint-disable-next-line @typescript-eslint/no-explicit-any +export async function handler(Event: CdkCustomResourceEvent | EventBridgeEvent): Promise { + console.log(`Event: ${JSON.stringify(Event)}`); + const IpSetArns: string[] = []; + try { + const ipSetsSettingsParameter = await getSsmParameterFromEnvParamString(); + const ipSetsSettings: ManagedIpSet[] = JSON.parse(ipSetsSettingsParameter, reviver); + for(const ipSet of ipSetsSettings) { + if(("ResourceProperties" in Event && Event.ResourceProperties.IpSetName === ipSet.name && "Type" in Event && Event.Type === "aws-firewall-factory-IpSetUpdate") || ("RequestType" in Event && Event.RequestType === "Create" && Event.ResourceProperties.IpSetName === ipSet.name) || "RequestType" in Event && Event.RequestType === "Update" && Event.ResourceProperties.IpSetName === ipSet.name){ + const allcidrs: string[]= []; + console.log(`♻️ Updating: ${ipSet.name}`); + for(const location of ipSet.cidrLocations){ + const file = await downloadFile(location.downloadUrl, location.downloadSearchRegexOnUrl , location.outputType); + const data = fs.readFileSync(file, "utf8"); + const cidrs = extractIPAddressesFromJson(JSON.parse(data),location.OutputInformation.outputTargetKey,location.OutputInformation.outputConditionKey,location.OutputInformation.outputConditionValue,ipSet.ipAddressVersion); + allcidrs.push(...cidrs); + } + // Remove duplicates from the CIDR list + new Set(allcidrs); + IpSetArns.push(await ipSetManager(ipSet.region, ipSet.name, ipSet.scope, allcidrs,ipSet.ipAddressVersion, Event.ResourceProperties.Prefix, ipSet.description, ipSet.tags)); + console.log(`📦 IpSet ${ipSet.name} in ${ipSet.region} 🌎 - Updated with ${allcidrs.length} CIDRs`); + } + else{ + console.error(` 🚨 Could not find: ${ipSet.name} in SSM Parameter or WAF Service`); + throw new Error(` 🚨 Could not find: ${ipSet.name} in SSM Parameter or WAF Service`); + } + } + if (("RequestType" in Event && Event.RequestType === "Create" ) || ("RequestType" in Event && Event.RequestType === "Update")){ + return { + Status: "SUCCESS", + Reason: "IPSet updated successfully", + PhysicalResourceId: Event.LogicalResourceId, + StackId: Event.StackId, + RequestId: Event.RequestId, + LogicalResourceId: Event.LogicalResourceId, + Data: { IpSetArn: IpSetArns.toString() }, + }; + } + } catch (error) { + console.error(`❌ Error: ${error}`); + if ("RequestType" in Event && Event.RequestType) { + if (error instanceof Error) { + return { + Status: "FAILED", + Reason: error.message, + PhysicalResourceId: Event.LogicalResourceId, + StackId: Event.StackId, + RequestId: Event.RequestId, + LogicalResourceId: Event.LogicalResourceId, + Data: {}, + }; + } + } + throw error; + } + if ("RequestType" in Event && Event.RequestType === "Delete") { + try { + await deleteIpSet(Event.ResourceProperties.Region, Event.ResourceProperties.IpSetName, Event.ResourceProperties.Scope); + await deleteSsmParameter(`/${Event.ResourceProperties.Prefix.toUpperCase()}/AWS-FIREWALL-FACTORY/MANAGEDIPSETS/${Event.ResourceProperties.IpSetName.toLocaleUpperCase()}/ADDRESSES`); + return { + Status: "SUCCESS", + Reason: "IP set successfully deleted", + PhysicalResourceId: Event.LogicalResourceId, + StackId: Event.StackId, + RequestId: Event.RequestId, + LogicalResourceId: Event.LogicalResourceId, + Data: {}, + }; + } catch (error) { + console.error(`❌ Error: ${error}`); + if (error instanceof Error && "RequestType" in Event && Event.RequestType) { + return { + Status: "FAILED", + Reason: error.message, + PhysicalResourceId: Event.LogicalResourceId, + StackId: Event.StackId, + RequestId: Event.RequestId, + LogicalResourceId: Event.LogicalResourceId, + Data: {}, + }; + } + throw error; + } + } +} \ No newline at end of file diff --git a/lib/lambda/AutoUpdatedManagedIpSets/ipextractor.ts b/lib/lambda/AutoUpdatedManagedIpSets/ipextractor.ts new file mode 100644 index 00000000..61603ff0 --- /dev/null +++ b/lib/lambda/AutoUpdatedManagedIpSets/ipextractor.ts @@ -0,0 +1,41 @@ +import * as ip from "neoip"; + +type JSONValue = string | number | boolean | { [key: string]: JSONValue } | JSONValue[]; + +export function extractIPAddressesFromJson( + jsonData: JSONValue, + targetKey: string, + conditionKey: string, + conditionValue: string, + type: "IPV4" | "IPV6" +): string[] { + const cidrs: string[] = []; + + function search(data: JSONValue) { + if (Array.isArray(data)) { + data.forEach(search); // Recursively search each element if it's an array + } else if (typeof data === "object" && data !== null) { + if (data[conditionKey] === conditionValue && targetKey in data) { + const target = data[targetKey]; + if (Array.isArray(target)) { + target.forEach((cidr) => validateAndAdd(cidr)); + } else { + validateAndAdd(target); + } + } + + // Recursively search in each property of the object + Object.values(data).forEach(search); + } + } + + function validateAndAdd(cidr: JSONValue) { + if (typeof cidr === "string" && ip.cidr(cidr)) { + if (type === "IPV4" && !cidr.includes(":")) cidrs.push(cidr); + if (type === "IPV6" && cidr.includes(":")) cidrs.push(cidr); + } + } + + search(jsonData); + return cidrs; +} diff --git a/lib/lambda/FmsDdosNotification/messengers/teams/notification.ts b/lib/lambda/FmsDdosNotification/messengers/teams/notification.ts index 296eb446..4fae2ef9 100644 --- a/lib/lambda/FmsDdosNotification/messengers/teams/notification.ts +++ b/lib/lambda/FmsDdosNotification/messengers/teams/notification.ts @@ -1,7 +1,7 @@ -/* eslint-disable @typescript-eslint/restrict-plus-operands */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ + + + + import { IncomingWebhook } from "./IncomingWebhook"; import { SNSEventRecord } from "aws-lambda"; @@ -11,11 +11,11 @@ import * as AdaptiveCards from "adaptivecards"; export async function ddosNotificationTeams(Record: SNSEventRecord, Webhook: string) { const webhook = new IncomingWebhook(Webhook); const card = new AdaptiveCards.AdaptiveCard(); - card.version = AdaptiveCards.Versions.v1_4; + card.version = AdaptiveCards.Versions.v1_5; card.height = "stretch"; const subjectblock = new AdaptiveCards.TextBlock(); - subjectblock.text = Record.Sns.Subject; + subjectblock.text = Record.Sns.Subject || "DDoS Notification"; subjectblock.wrap = true; subjectblock.weight = AdaptiveCards.TextWeight.Bolder; subjectblock.size = AdaptiveCards.TextSize.Large; diff --git a/lib/lambda/ManagedRuleGroupInfo/messengers/teams/notification.ts b/lib/lambda/ManagedRuleGroupInfo/messengers/teams/notification.ts index 397f659a..b647b455 100644 --- a/lib/lambda/ManagedRuleGroupInfo/messengers/teams/notification.ts +++ b/lib/lambda/ManagedRuleGroupInfo/messengers/teams/notification.ts @@ -1,7 +1,7 @@ -/* eslint-disable @typescript-eslint/restrict-plus-operands */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ + + + + import { IncomingWebhook } from "./IncomingWebhook"; import { SNSEventRecord } from "aws-lambda"; @@ -15,11 +15,11 @@ export async function mangedRuleGroupNotificationTeams(CurrentDefaultVersion: st cardfacts.push(new AdaptiveCards.Fact("Current Default Version", CurrentDefaultVersion)); const card = new AdaptiveCards.AdaptiveCard(); - card.version = AdaptiveCards.Versions.v1_4; + card.version = AdaptiveCards.Versions.v1_5; card.height = "stretch"; const subjectblock = new AdaptiveCards.TextBlock(); - subjectblock.text = Record.Sns.Subject; + subjectblock.text = Record.Sns.Subject || "Managed Rule Group Notification"; subjectblock.wrap = true; subjectblock.weight = AdaptiveCards.TextWeight.Bolder; subjectblock.size = AdaptiveCards.TextSize.Large; diff --git a/lib/lambda/ManagedRuleGroupVersion/index.ts b/lib/lambda/ManagedRuleGroupVersion/index.ts index 243ee099..61602a2f 100644 --- a/lib/lambda/ManagedRuleGroupVersion/index.ts +++ b/lib/lambda/ManagedRuleGroupVersion/index.ts @@ -1,7 +1,7 @@ -/* eslint-disable @typescript-eslint/no-unsafe-argument */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ -/* eslint-disable @typescript-eslint/restrict-template-expressions */ -/* eslint-disable @typescript-eslint/naming-convention */ + + + + import { CdkCustomResourceEvent, CdkCustomResourceResponse diff --git a/lib/lambda/SendUnusedResourceNotification/index.ts b/lib/lambda/SendUnusedResourceNotification/index.ts index 2ac5e4bf..fe50034d 100644 --- a/lib/lambda/SendUnusedResourceNotification/index.ts +++ b/lib/lambda/SendUnusedResourceNotification/index.ts @@ -27,7 +27,7 @@ export const handler = async ( for (const file of files) { console.log(`📄 Importing File: ${file}`); const content = await getFileContent(bucketName, file); - // eslint-disable-next-line @typescript-eslint/no-unsafe-argument + allwebacls.push(JSON.parse(content)); } diff --git a/lib/lambda/SendUnusedResourceNotification/messengers/slack/notification.ts b/lib/lambda/SendUnusedResourceNotification/messengers/slack/notification.ts index 77015c5c..6c9825bf 100644 --- a/lib/lambda/SendUnusedResourceNotification/messengers/slack/notification.ts +++ b/lib/lambda/SendUnusedResourceNotification/messengers/slack/notification.ts @@ -3,7 +3,7 @@ import { MessageAttachment } from "@slack/types"; import { PolicySummary } from "@aws-sdk/client-fms"; import { AccountWebAcls, FmsPolicy } from "../../../SharedComponents/types/index"; import {getProductPrice} from "../../../../tools/helpers/pricing"; -import { PriceRegions, RegionString } from "../../../../types/config"; +import { pricing, general } from "../../../../types/enums"; import * as packageJsonObject from "../../../../../package.json"; @@ -29,8 +29,8 @@ export async function unusedNotificationSlack( const region = process.env.AWS_DEFAULT_REGION || "us-east-1"; - const policyPrice = Number(await getProductPrice(PriceRegions[region as RegionString],"AWSFMS","WAFv2")); - const webAclPrice = Number(await getProductPrice(PriceRegions[region as RegionString] as PriceRegions,"awswaf",undefined,"Web ACL")); + const policyPrice = Number(await getProductPrice(pricing.PriceRegions[region as general.RegionString],"AWSFMS","WAFv2")); + const webAclPrice = Number(await getProductPrice(pricing.PriceRegions[region as general.RegionString] as pricing.PriceRegions,"awswaf",undefined,"Web ACL")); const totalcost = (allFMSPolicies.length * policyPrice) + (totalWafs * webAclPrice); diff --git a/lib/lambda/SendUnusedResourceNotification/messengers/teams/notification.ts b/lib/lambda/SendUnusedResourceNotification/messengers/teams/notification.ts index 3f217c5f..a3501599 100644 --- a/lib/lambda/SendUnusedResourceNotification/messengers/teams/notification.ts +++ b/lib/lambda/SendUnusedResourceNotification/messengers/teams/notification.ts @@ -1,14 +1,14 @@ -/* eslint-disable @typescript-eslint/restrict-plus-operands */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ + + + + import { IncomingWebhook } from "./IncomingWebhook"; import { PolicySummary } from "@aws-sdk/client-fms"; import { AccountWebAcls, FmsPolicy } from "../../../SharedComponents/types/index"; import * as AdaptiveCards from "adaptivecards"; import {getProductPrice} from "../../../../tools/helpers/pricing"; -import { PriceRegions, RegionString } from "../../../../types/config"; +import { pricing, general } from "../../../../types/enums"; import * as packageJsonObject from "../../../../../package.json"; import {addAccount} from "../../helper"; @@ -131,8 +131,8 @@ export async function unusedNotificationTeams(AllWAFs: AccountWebAcls[], UniqueU const region = process.env.AWS_DEFAULT_REGION || "us-east-1"; - const policyPrice = Number(await getProductPrice(PriceRegions[region as RegionString],"AWSFMS","WAFv2")); - const webAclPrice = Number(await getProductPrice(PriceRegions[region as RegionString] as PriceRegions,"awswaf",undefined,"Web ACL")); + const policyPrice = Number(await getProductPrice(pricing.PriceRegions[region as general.RegionString],"AWSFMS","WAFv2")); + const webAclPrice = Number(await getProductPrice(pricing.PriceRegions[region as general.RegionString] as pricing.PriceRegions,"awswaf",undefined,"Web ACL")); const totalcost = (allFMSPolicies.length * policyPrice) + (totalWafs * webAclPrice); const potentialsavings = ((UniqueUnusedFMSPolicies.length)*policyPrice) + ((totalWafs - wafsInUse)*webAclPrice); diff --git a/lib/lambda/SharedComponents/helpers.ts b/lib/lambda/SharedComponents/helpers.ts new file mode 100644 index 00000000..052fc0d5 --- /dev/null +++ b/lib/lambda/SharedComponents/helpers.ts @@ -0,0 +1,19 @@ + +// eslint-disable-next-line @typescript-eslint/no-explicit-any +export const regExReviver = (key: string, value: any) => { + if (typeof value === "string" && value.startsWith("/") && value.endsWith("/")) { + const parts = value.match(/^\/(.*)\/([a-z]*)$/); + if (parts) { + return new RegExp(parts[1], parts[2]); // Convert string back to RegExp + } + } + return value; +}; + +// eslint-disable-next-line @typescript-eslint/no-explicit-any +export const regExReplacer = (key: string, value: any) => { + if (value instanceof RegExp) { + return value.toString(); // Convert RegExp to string + } + return value; +}; \ No newline at end of file diff --git a/lib/lambda/SharedComponents/services/cloudwatch.ts b/lib/lambda/SharedComponents/services/cloudwatch.ts new file mode 100644 index 00000000..21b62f34 --- /dev/null +++ b/lib/lambda/SharedComponents/services/cloudwatch.ts @@ -0,0 +1,43 @@ +import { CloudWatchClient, PutMetricDataCommand, PutMetricDataCommandInput } from "@aws-sdk/client-cloudwatch"; +import { general } from "../../../types/enums/index"; + +/** + * Set the IpSet metric to CloudWatch to see whenever the IPSet was updated during the last schedule + * @param region The AWS region to send the metric to + * @param namespace The namespace of the metric + * @param metricName The name of the metric + * @param value The value of the metric + * @param dimension The dimension of the metric + */ +export async function putIpSetMetric( + region: general.AWSRegion, + namespace: string, + metricName: string, + value: number, + dimension: { Name: string, Value: string } +): Promise { + // Initialize CloudWatch client + const cloudwatchClient = new CloudWatchClient({ region }); + try { + // Prepare the metric data + const input: PutMetricDataCommandInput = { + Namespace: namespace, + MetricData: [ + { + MetricName: metricName, + Dimensions: [dimension], + Unit: "None", + Value: value + } + ] + }; + + // Send the metric data to CloudWatch + const command = new PutMetricDataCommand(input); + await cloudwatchClient.send(command); + console.log(`ℹ️ Set Metric "${metricName}" with value ${value} sent to CloudWatch.`); + } catch (error) { + console.error("🚨 Failed to send metric data to CloudWatch:", error); + throw new Error("Failed to send metric data to CloudWatch"); + } +} \ No newline at end of file diff --git a/lib/lambda/SharedComponents/services/ssm.ts b/lib/lambda/SharedComponents/services/ssm.ts new file mode 100644 index 00000000..8732cba2 --- /dev/null +++ b/lib/lambda/SharedComponents/services/ssm.ts @@ -0,0 +1,63 @@ +import { SSMClient, GetParameterCommand, PutParameterCommand, DeleteParameterCommand, PutParameterCommandInput, ParameterType } from "@aws-sdk/client-ssm"; + +const client = new SSMClient({ region: process.env.AWS_REGION }); + +const { PARAM_NAME } = process.env; + +let param: string; + +/** + * Get Parameter Store Parameter Value String from Environment Variable + * @return Parameter Store Parameter Value as string + */ + +export async function getSsmParameterFromEnvParamString(){ + const commandInput = { + Name: PARAM_NAME + }; + const command = new GetParameterCommand(commandInput); + const ssmResponse = await client.send(command); + if (ssmResponse.Parameter && ssmResponse.Parameter.Value) { + param = ssmResponse.Parameter.Value; + } + return param; +} + + +/** + * Put Parameter Store Parameter Value String + * @return Parameter Store Parameter Value as string + */ +export async function putSsmParameter(Name: string, Value: string, Description: string) { + try { + const commandInput: PutParameterCommandInput = { + Name, + Value, + Description, + Type: ParameterType.STRING, + Tier: "Advanced", + }; + const command = new PutParameterCommand(commandInput); + const ssmResponse = await client.send(command); + console.log(`ℹ️ Update SSM Parameter Store PARAMETER: ${Name} - ${ssmResponse.Version}`); + } + catch (error) { + console.error("❌ Error in SSM Parameter Store: " + error); + throw error; + } +} + +export async function deleteSsmParameter(Name: string) { + try { + const commandInput = { + Name, + }; + const command = new DeleteParameterCommand(commandInput); + const ssmResponse = await client.send(command); + console.log(`ℹ️ Delete SSM Parameter Store PARAMETER: ${Name} - Result: ${ssmResponse.$metadata.httpStatusCode}`); + } + catch (error) { + console.error("❌ Error in SSM Parameter Store: " + error); + throw error; + } +} \ No newline at end of file diff --git a/lib/lambda/SharedComponents/services/waf.ts b/lib/lambda/SharedComponents/services/waf.ts index 2dcadc2c..90fd4a99 100644 --- a/lib/lambda/SharedComponents/services/waf.ts +++ b/lib/lambda/SharedComponents/services/waf.ts @@ -1,9 +1,12 @@ -/* eslint-disable @typescript-eslint/naming-convention */ -import { WAFV2Client, ListAvailableManagedRuleGroupVersionsCommand, ListWebACLsCommand, ListWebACLsCommandInput, ListResourcesForWebACLCommand, ListResourcesForWebACLCommandOutput, Scope, ResourceType} from "@aws-sdk/client-wafv2"; -import { PaginatedManagedRuleGroupVersions, ManagedRuleGroupVersionResponse} from "../types/index"; + +import { WAFV2Client, ListAvailableManagedRuleGroupVersionsCommand, ListWebACLsCommand, ListWebACLsCommandInput, ListResourcesForWebACLCommand, ListResourcesForWebACLCommandOutput, Scope, ResourceType, UpdateIPSetCommand, ListIPSetsCommandInput, ListIPSetsCommand, CreateIPSetCommand, IPAddressVersion, CreateIPSetCommandInput, IPSetSummary, UpdateIPSetCommandInput, DeleteIPSetCommand, DeleteIPSetCommandInput, GetIPSetCommand, GetIPSetCommandInput} from "@aws-sdk/client-wafv2"; import {CloudFrontClient, ListDistributionsByWebACLIdCommand, ListDistributionsByWebACLIdCommandOutput} from "@aws-sdk/client-cloudfront"; +import {putSsmParameter} from "./ssm"; import { AwsCredentialIdentity } from "@aws-sdk/types"; -import { AccountWebAcls, WebAcls} from "../types/index"; +import { AWSRegion } from "../../../types"; +import { AccountWebAcls, WebAcls, PaginatedManagedRuleGroupVersions, ManagedRuleGroupVersionResponse} from "../types"; +import {CfnTag} from "aws-cdk-lib"; +import {putIpSetMetric} from "./cloudwatch"; export async function getManagedRuleGroupVersions(VendorName: string,Name: string,WafScope: string): Promise { const client = new WAFV2Client({region: process.env.AWS_DEFAULT_REGION}); @@ -38,7 +41,7 @@ export async function getManagedRuleGroupVersions(VendorName: string,Name: strin console.log("⏱️ Throttled - waiting 5 seconds"); await new Promise(r => setTimeout(r, 5000)); } else { - // eslint-disable-next-line @typescript-eslint/restrict-template-expressions + console.log(`❌ Error: ${error}`); console.log(error.message); console.log(error.name); @@ -226,9 +229,9 @@ async function getWAFs(client: WAFV2Client, maxResults: number, scope: Scope) { */ export async function checkWafUsageInAccount(credentials: AwsCredentialIdentity, regions: string[], accountwafs: AccountWebAcls, regexString?:string): Promise { for(const region of regions){ - const WebACLsInUse =[]; - const UnusedWebACLs = []; - const IgnoredWebACLs = []; + const WebACLsInUse : WebAcls[] = []; + const UnusedWebACLs: WebAcls[] = []; + const IgnoredWebACLs: WebAcls[] = []; console.log(`🌎 Checking region: ${region}`); const client = new WAFV2Client({ region: region, @@ -295,3 +298,117 @@ export async function checkWafUsageInAccount(credentials: AwsCredentialIdentity, } return accountwafs; } + +async function checkIfIpSetExist(region: AWSRegion, ipSetName: string, scope: "REGIONAL" | "CLOUDFRONT"): Promise { + const client = new WAFV2Client({region}); + try { + // List all IP sets in the specified scope + const input: ListIPSetsCommandInput = { Scope: scope }; + const command = new ListIPSetsCommand(input); + const response = await client.send(command); + const ipSet = response.IPSets?.find(ipSet => ipSet.Name === ipSetName); + // Check if an IP set with the given name exists + return ipSet; + } catch (error) { + console.error("Error checking IP set existence:", error); + throw new Error(`Error checking IP set existence: ${ipSetName}`); + } +} + +async function getAddressesFromIPSet(region: AWSRegion, Name: string, Id: string, Scope: "REGIONAL" | "CLOUDFRONT"): Promise { + const client = new WAFV2Client({region}); + try { + const input: GetIPSetCommandInput = { + Id, + Scope, + Name + }; + const command = new GetIPSetCommand(input); + const response = await client.send(command); + if( + response.IPSet && + response.IPSet.Addresses && + response.IPSet.Addresses.length > 0 + ){ + return response.IPSet.Addresses; + } + else{ + console.error("Error getting Addresses from IPset:", response); + throw new Error(`Error getting Addresses from IPset: ${Name}`); + } + } + catch (error) { + console.error("Error getting Addresses from IPset:", error); + throw new Error(error); + } +} + +export async function ipSetManager(Region: AWSRegion, Name: string, Scope: "CLOUDFRONT" | "REGIONAL", Addresses: string[], IPAddressVersion: IPAddressVersion, prefix: string, customDescription?: string, tags?: CfnTag[]): Promise{ + const client = new WAFV2Client({region: Region}); + + const now = new Date().toISOString().slice(0, 19).replace("T", " "); + const timezone = Intl.DateTimeFormat().resolvedOptions().timeZone; + + const Description = customDescription ? `${customDescription} - AWS Firewall Factory Managed IP Set - Last updated: ${now} ${timezone}` : `AWS Firewall Factory Managed IP Set - Last updated: ${now} ${timezone}`; + const existingIpSet = await checkIfIpSetExist(Region, Name, Scope); + + if(existingIpSet && existingIpSet.Id){ + const currentAddresses = await getAddressesFromIPSet(Region, Name, existingIpSet.Id, Scope); + const missing = currentAddresses.filter(item => Addresses.indexOf(item) < 0); + if(missing.length > 0 && Addresses.length > 0){ + console.log(`ℹ️ Update existing IpSet: ${Name} - ${existingIpSet.Id}`); + await putSsmParameter(`/${prefix.toUpperCase()}/AWS-FIREWALL-FACTORY/MANAGEDIPSETS/${Name.toLocaleUpperCase()}/ADDRESSES`, Addresses.toString(), `Addresses for ${Name}`); + await putIpSetMetric(Region, "AWS-Firewall-Factory", "ManagedIpSets", 1, { Name: "IpSetName", Value: Name }); + const input: UpdateIPSetCommandInput = { + Name, + Scope, + Id: existingIpSet.Id, + Description, + Addresses, + LockToken: existingIpSet.LockToken + }; + const command = new UpdateIPSetCommand(input); + const response = await client.send(command); + console.log(response); + return existingIpSet.ARN || ""; + } else{ + console.log(`ℹ️ IpSet ${Name} already up to date`); + await putIpSetMetric(Region, "AWS-Firewall-Factory", "ManagedIpSets", 0, { Name: "IpSetName", Value: Name }); + return existingIpSet.ARN || ""; + } + }else { + console.log("ℹ️ Create IpSet"); + const Tags = tags ? tags.map(tag => ({ Key: tag.key, Value: tag.value })) : undefined; + const input: CreateIPSetCommandInput = { + Name, + Scope, + Addresses, + Description, + IPAddressVersion, + Tags + }; + const command = new CreateIPSetCommand(input); + const response = await client.send(command); + await putSsmParameter(`/${prefix.toUpperCase()}/AWS-FIREWALL-FACTORY/MANAGEDIPSETS/${Name.toLocaleUpperCase()}/ADDRESSES`,Addresses.toString() , `Addresses for ${Name}`); + await putIpSetMetric(Region, "AWS-Firewall-Factory", "ManagedIpSets", 1, { Name: "IpSetName", Value: Name }); + console.log(response); + return response.Summary?.ARN || ""; + } + +} + +export async function deleteIpSet(Region: AWSRegion, Name: string, Scope: "CLOUDFRONT" | "REGIONAL"): Promise { + const client = new WAFV2Client({region: Region}); + const existingIpSet = await checkIfIpSetExist(Region, Name, Scope); + console.log(`ℹ️ Delete IpSet: ${Name}`); + if(existingIpSet){ + const input: DeleteIPSetCommandInput = { + Name, + Scope, + Id: existingIpSet.Id, + LockToken: existingIpSet.LockToken + }; + const command = new DeleteIPSetCommand(input); + await client.send(command); + } +} \ No newline at end of file diff --git a/lib/tools/generate-shield-skeleton.ts b/lib/tools/generate-shield-skeleton.ts index 1f9d74eb..8ba48e3f 100644 --- a/lib/tools/generate-shield-skeleton.ts +++ b/lib/tools/generate-shield-skeleton.ts @@ -1,4 +1,4 @@ -import { ShieldConfig } from "../types/config"; +import { ShieldConfig } from "../types/config/index"; import util from "util"; import { afwfHelper } from "./helpers"; diff --git a/lib/tools/generate-waf-skeleton.ts b/lib/tools/generate-waf-skeleton.ts index e4d6615e..eaf9aef9 100644 --- a/lib/tools/generate-waf-skeleton.ts +++ b/lib/tools/generate-waf-skeleton.ts @@ -1,12 +1,12 @@ -import { wafConfig } from "../types/config"; +import { WafConfig } from "../types/config/index"; import util from "util"; import { afwfHelper } from "./helpers"; -import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums"; +import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../types/enums/waf"; /** * The script will output a example WAF Skeleton Config to the terminal */ -const skeletonConfig : wafConfig = { +const skeletonConfig : WafConfig = { General: { FireHoseKeyArn: "", Prefix: "myPrefix", @@ -25,11 +25,11 @@ const skeletonConfig : wafConfig = { PreProcess: { ManagedRuleGroups: [ { - vendor: ManagedRuleGroupVendor.AWS, + vendorName: ManagedRuleGroupVendor.AWS, name: AwsManagedRules.AMAZON_IP_REPUTATION_LIST, }, { - vendor: ManagedRuleGroupVendor.AWS, + vendorName: ManagedRuleGroupVendor.AWS, name: AwsManagedRules.COMMON_RULE_SET, } ] diff --git a/lib/tools/helpers/aws-firewall-factory.ts b/lib/tools/helpers/aws-firewall-factory.ts index 301fc329..e58474dd 100644 --- a/lib/tools/helpers/aws-firewall-factory.ts +++ b/lib/tools/helpers/aws-firewall-factory.ts @@ -1,7 +1,6 @@ import * as fs from "fs"; import * as path from "path"; -import { RuntimeProperties } from "../../types/runtimeprops"; -import { wafConfig, ShieldConfig } from "../../types/config"; +import { RuntimeProps, WafConfig, ShieldConfig } from "../../types/config/index"; import * as cfonts from "cfonts"; /** @@ -9,9 +8,7 @@ import * as cfonts from "cfonts"; */ const packageJsonPath = path.resolve(__dirname, "../../../package.json"); const packageJsonContent = fs.readFileSync(packageJsonPath, "utf-8"); -// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment const packageJson = JSON.parse(packageJsonContent); -// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access const FIREWALL_FACTORY_VERSION = packageJson.version; /** @@ -20,14 +17,13 @@ const FIREWALL_FACTORY_VERSION = packageJson.version; * @return deploymentRegion AWS region, e.g. eu-central-1 */ export const outputInfoBanner = ( - config?: wafConfig, + config?: WafConfig, shieldConfig?: ShieldConfig ) => { /** * the region into which the stack is deployed */ let deploymentRegion = ""; - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call cfonts.say("AWS FIREWALL FACTORY", { font: "block", align: "center", @@ -91,7 +87,7 @@ export const outputInfoBanner = ( * initialize a runtime properties object * @returns the runtime properties object */ -export function initRuntimeProperties(): RuntimeProperties { +export function initRuntimeProperties(): RuntimeProps { return { AllAwsRegions: [], GuidanceSummary: [], @@ -154,7 +150,7 @@ export function initRuntimeProperties(): RuntimeProperties { * The function will check if s3 bucket is Parameter is starting with aws-waf-logs- if Logging Configuration is set to S3 * @param config Config */ -export function wrongLoggingConfiguration(config: wafConfig): boolean { +export function wrongLoggingConfiguration(config: WafConfig): boolean { if (config.General.LoggingConfiguration === "S3") { if (!config.General.S3LoggingBucketName.startsWith("aws-waf-logs-")) { return true; diff --git a/lib/tools/helpers/cloudformation.ts b/lib/tools/helpers/cloudformation.ts index 63099c34..724efcfb 100644 --- a/lib/tools/helpers/cloudformation.ts +++ b/lib/tools/helpers/cloudformation.ts @@ -1,7 +1,5 @@ import * as cloudformation from "@aws-sdk/client-cloudformation"; -import { RuntimeProperties, ProcessProperties } from "../../types/runtimeprops"; -import { wafConfig } from "../../types/config"; - +import { WafConfig, ProcessProperties, RuntimeProps } from "../../types/config/index"; /** Puts specified output values into the runtimeprops - this function is needed to identify chagend WCUs of WAF RuleGroups @@ -10,7 +8,7 @@ import { wafConfig } from "../../types/config"; * @param cloudformationOutputName name of the cloudformation output to get eg.: PreProcessDeployedRuleGroupNames * @param describeStacksCommandOutput the output of the CloudFormation describeStacksCommand */ -// eslint-disable-next-line no-inner-declarations + function processOutputsToProcessProperties( propertyName: K, runtimeProps: ProcessProperties, @@ -33,7 +31,7 @@ function processOutputsToProcessProperties( * @param runtimeprops runtime properties, where to write stack outputs into * @param config the config object from the values ts */ -export async function setOutputsFromStack(deploymentRegion: string, runtimeProps: RuntimeProperties, config: wafConfig): Promise { +export async function setOutputsFromStack(deploymentRegion: string, runtimeProps: RuntimeProps, config:WafConfig ): Promise { const stackName = `${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${config.General.DeployHash ? "-" + config.General.DeployHash.toUpperCase() : ""}`; const cloudformationClient = new cloudformation.CloudFormationClient({ region: deploymentRegion }); const params = { @@ -64,7 +62,7 @@ export async function setOutputsFromStack(deploymentRegion: string, runtimeProps * @param config the config object from the values ts * @param name the name of the output to get eg.: (AWSManagedRulesCommonRuleSetVersion) */ -export async function getManagedRuleGroupVersionFromStack(deploymentRegion: string, config: wafConfig, name: string): Promise { +export async function getManagedRuleGroupVersionFromStack(deploymentRegion: string, config: WafConfig, name: string): Promise { const stackName = `${config.General.Prefix.toUpperCase()}-WAF-${config.WebAcl.Name.toUpperCase()}-${config.General.Stage.toUpperCase()}${config.General.DeployHash ? "-" + config.General.DeployHash.toUpperCase() : ""}`; const cloudformationClient = new cloudformation.CloudFormationClient({ region: deploymentRegion }); const params = { diff --git a/lib/tools/helpers/guidance.ts b/lib/tools/helpers/guidance.ts index c7fe1a43..49713015 100644 --- a/lib/tools/helpers/guidance.ts +++ b/lib/tools/helpers/guidance.ts @@ -1,12 +1,11 @@ -import { RuntimeProperties } from "../../types/runtimeprops"; -import { wafConfig } from "../../types/config"; +import { RuntimeProps, WafConfig } from "../../types/config/index"; /** This function will help you to get guidance on implementing Best Practices for AWS Firewalls. @param context - The context of the guidance. For example, nestedRateStatement. @param source - The source of the guidance. For example, ManagedRuleGroup. */ -export function getGuidance(context: string, runtimeProperties: RuntimeProperties, source?: string) { +export function getGuidance(context: string, runtimeProperties: RuntimeProps, source?: string) { switch(context){ case "nestedRateStatement": runtimeProperties.Guidance.nestedRateStatementCount++; @@ -60,7 +59,7 @@ export function getGuidance(context: string, runtimeProperties: RuntimePropertie This function will print out the collected guidance for your Firewall. @param runtimeProperties - The runtimeProperties object. */ -export function outputGuidance(runtimeProperties: RuntimeProperties, config?: wafConfig) { +export function outputGuidance(runtimeProperties: RuntimeProps, config?: WafConfig) { if(runtimeProperties.GuidanceSummary.length !== 0 || runtimeProperties.Guidance.nestedRateStatementCount !== 0 || runtimeProperties.Guidance.overrideActionManagedRuleGroupCount !== 0 || runtimeProperties.Guidance.noRuleLabelsCount !== 0 || runtimeProperties.Guidance.byteMatchStatementPositionalConstraintCount !== 0){ console.log("\x1b[0m","\n🛟 Guidance:","\x1b[0m"); runtimeProperties.GuidanceSummary.forEach(element => { diff --git a/lib/tools/helpers/pricing/calculator.ts b/lib/tools/helpers/pricing/calculator.ts index 026935c5..aeb5d0ed 100644 --- a/lib/tools/helpers/pricing/calculator.ts +++ b/lib/tools/helpers/pricing/calculator.ts @@ -1,20 +1,11 @@ /* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/no-unnecessary-type-assertion */ -/* eslint-disable @typescript-eslint/restrict-plus-operands */ -/* eslint-disable @typescript-eslint/no-unsafe-argument */ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ -/* eslint-disable @typescript-eslint/no-for-in-array */ -/* eslint-disable @typescript-eslint/no-unsafe-return */ import { PricingClient, GetProductsCommand, GetProductsCommandInput, FilterType, } from "@aws-sdk/client-pricing"; -import { RuntimeProperties } from "../../../types/runtimeprops"; -import { wafConfig, PriceRegions, ShieldConfig } from "../../../types/config"; +import { PriceRegions, WafConfig, RuntimeProps, ShieldConfig } from "../../../types/"; import { CloudWatchClient, ListDashboardsCommand, @@ -74,8 +65,8 @@ function findValuesHelper(obj: any, key: string, list: any) { */ async function getCurrentWafPrices( deploymentRegion: PriceRegions, - runtimeProps: RuntimeProperties, - config: wafConfig, + runtimeProps: RuntimeProps, + config: WafConfig, awsregion: string ): Promise { console.log(" 🔎 Getting current prices for: ", deploymentRegion, "\n"); @@ -143,7 +134,7 @@ async function getCurrentWafPrices( */ async function getDashboardPrice( deploymentRegion: string, - config: wafConfig + config: WafConfig ): Promise { const client = new CloudWatchClient({ region: deploymentRegion }); const input: ListDashboardsCommandInput = {}; @@ -231,8 +222,8 @@ export async function getProductPrice( */ export async function isWafPriceCalculated( deploymentRegion: PriceRegions, - runtimeProps: RuntimeProperties, - config: wafConfig, + runtimeProps: RuntimeProps, + config: WafConfig, awsregion: string ): Promise { const shieldSubscriptionState = await getShieldSubscriptionState(); diff --git a/lib/tools/helpers/ssm.ts b/lib/tools/helpers/ssm.ts index 58c65ebe..160fac3c 100644 --- a/lib/tools/helpers/ssm.ts +++ b/lib/tools/helpers/ssm.ts @@ -1,11 +1,11 @@ import { SSMClient, paginateGetParametersByPath } from "@aws-sdk/client-ssm"; -import { RuntimeProperties } from "../../types/runtimeprops"; +import { RuntimeProps } from "../../types/config/index"; /** * Get all AWS regions from public SSM parameter * @param deploymentRegion AWS region, e.g. eu-central-1 */ -export async function getAllAwsRegionsFromPublicSsmParameter(deploymentRegion: string, runtimeProps: RuntimeProperties): Promise { +export async function getAllAwsRegionsFromPublicSsmParameter(deploymentRegion: string, runtimeProps: RuntimeProps): Promise { const client = new SSMClient({ region: deploymentRegion }); const paginator = paginateGetParametersByPath( { client, pageSize: 10 }, { diff --git a/lib/tools/helpers/web-application-firewall/quotas-and-capacity.ts b/lib/tools/helpers/web-application-firewall/quotas-and-capacity.ts index 480611b5..77c06267 100644 --- a/lib/tools/helpers/web-application-firewall/quotas-and-capacity.ts +++ b/lib/tools/helpers/web-application-firewall/quotas-and-capacity.ts @@ -2,12 +2,10 @@ import { table } from "table"; import * as quota from "@aws-sdk/client-service-quotas"; import { Scope, WAFV2Client, CheckCapacityCommand, CheckCapacityCommandInput, CheckCapacityCommandOutput, DescribeManagedRuleGroupCommand, DescribeManagedRuleGroupCommandInput,DescribeManagedRuleGroupCommandOutput, Rule as SdkRule} from "@aws-sdk/client-wafv2"; import { FMSClient, ListPoliciesCommand, ListPoliciesCommandInput } from "@aws-sdk/client-fms"; -import { RuntimeProperties, ProcessProperties } from "../../../types/runtimeprops"; -import { wafConfig } from "../../../types/config"; import { cloudformationHelper, guidanceHelper } from "../../helpers"; import * as lodash from "lodash"; import {transformCdkRuletoSdkRule} from "../../transformer"; -import { Rule as FmsRule, ManagedRuleGroup } from "../../../types/fms"; +import { WafConfig, RuntimeProps, ProcessProperties, ManagedRuleGroup, Rule } from "../../../types/config"; import { aws_wafv2 as wafv2 } from "aws-cdk-lib"; import {getcurrentManagedRuleGroupVersion} from "./rulegroups"; @@ -38,13 +36,13 @@ async function getPolicyCount(deploymentRegion: string): Promise { /** * * @param config Config - * @param runtimeProperties RuntimeProperties + * @param runtimeProperties props * @param deploymentRegion AWS region, e.g. eu-central-1 * @param scope whether scope is REGIONAL or CLOUDFRONT * @param rules rules for which you want to calculate the capacity * @returns the total capacity of the supplied rules */ -async function getTotalCapacityOfRules(config: wafConfig, runtimeProperties: RuntimeProperties, deploymentRegion: string, scope: "REGIONAL" | "CLOUDFRONT", rules: SdkRule[]): Promise { +async function getTotalCapacityOfRules(config: WafConfig, runtimeProperties: RuntimeProps, deploymentRegion: string, scope: "REGIONAL" | "CLOUDFRONT", rules: SdkRule[]): Promise { const client = new WAFV2Client({ region: deploymentRegion }); if(scope === "CLOUDFRONT"){ scope = Scope.CLOUDFRONT; @@ -57,7 +55,6 @@ async function getTotalCapacityOfRules(config: wafConfig, runtimeProperties: Run }; const command = new CheckCapacityCommand(input); try { - // eslint-disable-next-line @typescript-eslint/no-explicit-any const response : CheckCapacityCommandOutput = await client.send(command); return response.Capacity || 0; } catch(err) { @@ -162,9 +159,9 @@ async function getManagedRuleCapacity(deploymentRegion: string, vendor: string, * @param runtimeProperties runtime properties object, where to store capacities */ async function calculateCapacities( - config: wafConfig, + config: WafConfig, deploymentRegion: string, - runtimeProperties: RuntimeProperties + runtimeProperties: RuntimeProps ): Promise { console.log("\n👀 Get CustomRule Capacity:"); if (!config.WebAcl.PreProcess.CustomRules) { @@ -207,9 +204,9 @@ async function calculateCapacities( * @param type "Pre" | "Post" * @param deploymentRegion string * @param config Config - * @param runtimeProperties RuntimeProperties + * @param runtimeProperties props */ -async function calculateManagedRuleGroupCapacities(type: "Pre" | "Post",deploymentRegion:string, config: wafConfig, runtimeProperties: RuntimeProperties): Promise { +async function calculateManagedRuleGroupCapacities(type: "Pre" | "Post",deploymentRegion:string, config: WafConfig, runtimeProperties: RuntimeProps): Promise { let managedrules: ManagedRuleGroup[] = []; let processProperties: ProcessProperties; switch(type){ @@ -305,7 +302,7 @@ function filterStatements(statement: wafv2.CfnWebACL.StatementProperty){ * @param scope the scope of the WebACL, e.g. REGIONAL or CLOUDFRONT * @returns an array with the capacities of the supplied custom rules */ -async function calculateCustomRulesCapacities(config: wafConfig, customRules: FmsRule[], deploymentRegion: string, scope: "REGIONAL" | "CLOUDFRONT", runtimeProperties: RuntimeProperties) { +async function calculateCustomRulesCapacities(config: WafConfig, customRules: Rule[], deploymentRegion: string, scope: "REGIONAL" | "CLOUDFRONT", runtimeProperties: RuntimeProps) { const capacities: number[] = []; const capacitieslog: string[][] = []; capacitieslog.push(["🔺 Priority", "➕ RuleName", "🧮 Capacity", "ℹ StatementType"]); @@ -561,7 +558,6 @@ async function calculateCustomRulesCapacities(config: wafConfig, customRules: Fm } capacitieslog.push([customRule.priority.toString(), customRule.name,capacities[capacities.length-1].toString(), Object.keys(customRule.statement)[0].charAt(0).toUpperCase()+ Object.keys(customRule.statement)[0].slice(1)]); } - // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion capacitieslog.sort((a, b) => parseInt(a[0] as string,10) - parseInt(b[0] as string,10)); console.log(table(capacitieslog)); return capacities; @@ -573,13 +569,13 @@ async function calculateCustomRulesCapacities(config: wafConfig, customRules: Fm * @param rateBasedStatement the RateBasedStatement * @returns tempCalcRule */ -function calculateRatebasedStatementwithoutScopeDownStatement(customRule: FmsRule, rateBasedStatement: wafv2.CfnWebACL.RateBasedStatementProperty): FmsRule { +function calculateRatebasedStatementwithoutScopeDownStatement(customRule: Rule, rateBasedStatement: wafv2.CfnWebACL.RateBasedStatementProperty): Rule { // eslint-disable-next-line @typescript-eslint/no-unused-vars const { scopeDownStatement, ...rateBasedWithoutScopeDown } = rateBasedStatement; const statement:wafv2.CfnWebACL.StatementProperty = { rateBasedStatement: rateBasedWithoutScopeDown }; - const tempCalcRule : FmsRule = { + const tempCalcRule : Rule = { name: customRule.name, priority: customRule.priority, visibilityConfig: customRule.visibilityConfig, @@ -610,7 +606,7 @@ function calculateIpsSetStatementCapacity(ipSetReferenceStatement: wafv2.CfnWebA * @param scope "REGIONAL" | "CLOUDFRONT" * @returns */ -async function calculateCustomRuleStatementsCapacity(config: wafConfig, customRule: FmsRule, deploymentRegion: string, scope: "REGIONAL" | "CLOUDFRONT", runtimeProperties: RuntimeProperties) { +async function calculateCustomRuleStatementsCapacity(config: WafConfig, customRule: Rule, deploymentRegion: string, scope: "REGIONAL" | "CLOUDFRONT", runtimeProperties: RuntimeProps) { const ruleCalculatedCapacityJson: SdkRule[] = []; const rule = transformCdkRuletoSdkRule(customRule, runtimeProperties); ruleCalculatedCapacityJson.push(rule); @@ -656,7 +652,7 @@ function calculateRegexPatternSetsStatementsCapacity(regexPatternSetsStatement: * @param isOrStatement boolean * @returns tempCalcRule */ -function buildCustomRuleWithoutReferenceStatements(customRule: FmsRule, concatenatedStatement: wafv2.CfnWebACL.AndStatementProperty | wafv2.CfnWebACL.OrStatementProperty, isOrStatement: boolean) { +function buildCustomRuleWithoutReferenceStatements(customRule: Rule, concatenatedStatement: wafv2.CfnWebACL.AndStatementProperty | wafv2.CfnWebACL.OrStatementProperty, isOrStatement: boolean) { const statements = concatenatedStatement.statements as wafv2.CfnWebACL.StatementProperty[]; let statement; if (statements.length === 1) { @@ -670,7 +666,7 @@ function buildCustomRuleWithoutReferenceStatements(customRule: FmsRule, concaten andStatement: concatenatedStatement }; } - const tempCalcRule : FmsRule = { + const tempCalcRule : Rule = { name: customRule.name, priority: customRule.priority, visibilityConfig: customRule.visibilityConfig, @@ -710,7 +706,7 @@ export async function isPolicyQuotaReached(deploymentRegion: string): Promise { +export async function isWcuQuotaReached(deploymentRegion: string, runtimeProps: RuntimeProps, config: WafConfig): Promise { await calculateCapacities(config, deploymentRegion, runtimeProps); const customCapacity = runtimeProps.PreProcess.Capacity + runtimeProps.PostProcess.Capacity; const totalWcu = runtimeProps.PreProcess.Capacity + runtimeProps.PostProcess.Capacity + runtimeProps.ManagedRuleCapacity; diff --git a/lib/tools/helpers/web-application-firewall/rulegroups.ts b/lib/tools/helpers/web-application-firewall/rulegroups.ts index f3bc019f..a21f1ccd 100644 --- a/lib/tools/helpers/web-application-firewall/rulegroups.ts +++ b/lib/tools/helpers/web-application-firewall/rulegroups.ts @@ -1,9 +1,8 @@ import * as cdk from "aws-cdk-lib"; import { aws_wafv2 as wafv2 } from "aws-cdk-lib"; -import { CustomResponseBodies, NONEVERSIONEDMANAGEDRULEGRPOUP, wafConfig } from "../../../types/config"; -import { ManagedRuleGroup, ServiceDataManagedRuleGroup, ServiceDataRuleGroup, Rule, SubVariables } from "../../../types/fms"; import { Scope, WAFV2Client, ListAvailableManagedRuleGroupVersionsCommand, ListAvailableManagedRuleGroupVersionsCommandInput, ListAvailableManagedRuleGroupVersionsCommandOutput} from "@aws-sdk/client-wafv2"; -import { RuntimeProperties, ProcessProperties } from "../../../types/runtimeprops"; +import { WafConfig, RuntimeProps, SubVariables, ManagedRuleGroup,ServiceDataRuleGroup, CustomResponseBodies, Rule, + ServiceDataManagedRuleGroup, NONEVERSIONEDMANAGEDRULEGRPOUP, ProcessProperties } from "../../../types/config"; import { transformWafRuleStatements } from "./statements"; import { Construct } from "constructs"; import { guidanceHelper } from "../../helpers"; @@ -22,11 +21,10 @@ const subVariables : SubVariables = {}; * @param regexPatternSets cdk.aws_wafv2.CfnRegexPatternSet[] * @returns adjustedRule */ -export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: ManagedRuleGroup[], managedRuleGroupVersionProvider: cr.Provider, wafScope: string, runtimeProps: RuntimeProperties): { ServiceData: ServiceDataManagedRuleGroup[], ManagedRuleGroupInfo: string[], SubVariables: SubVariables } { +export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: ManagedRuleGroup[], managedRuleGroupVersionProvider: cr.Provider, wafScope: string, runtimeProps: RuntimeProps): { ServiceData: ServiceDataManagedRuleGroup[], ManagedRuleGroupInfo: string[], SubVariables: SubVariables } { const cfnManagedRuleGroup : ServiceDataManagedRuleGroup[] = []; for (const managedRuleGroup of managedRuleGroups) { if(managedRuleGroup.ruleActionOverrides?.toString() === "COUNT"){ - // eslint-disable-next-line quotes guidanceHelper.getGuidance("overrideActionManagedRuleGroup", runtimeProps, managedRuleGroup.name); } if(managedRuleGroup.name === "AWSManagedRulesBotControlRuleSet"){ @@ -35,6 +33,7 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: } } if(NONEVERSIONEDMANAGEDRULEGRPOUP.find((rulegroup) => rulegroup === managedRuleGroup.name)){ + console.log("\nℹ️ ManagedRuleGroup " + managedRuleGroup.name + " is not versioned. Skip Custom Resource for Versioning."); cfnManagedRuleGroup.push({ managedRuleGroupIdentifier: { @@ -45,7 +44,7 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: }, overrideAction: managedRuleGroup.overrideAction ? managedRuleGroup.overrideAction : { type: "NONE" }, ruleGroupArn: undefined, - excludeRules: managedRuleGroup.excludedRules ? managedRuleGroup.excludedRules : undefined, + excludeRules: managedRuleGroup.excludeRules ? managedRuleGroup.excludeRules : undefined, ruleGroupType: "ManagedRuleGroup", ruleActionOverrides: managedRuleGroup.ruleActionOverrides ?? undefined, awsManagedRulesBotControlRuleSetProperty: managedRuleGroup.awsManagedRulesBotControlRuleSetProperty ?? undefined, @@ -103,7 +102,7 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: * @param webaclName string * @param webAclScope string * @param stage string - * @param processRuntimeProps RuntimeProperties + * @param processRuntimeProps props * @param prefix string * @param ruleGroupSet: Rule[] * @param customResponseBodies CustomResponseBodies | undefined @@ -112,7 +111,7 @@ export function buildServiceDataManagedRgs(scope: Construct, managedRuleGroups: * @param deployHash string * @returns serviceDataRuleGroup */ -export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post", runtimeProps: RuntimeProperties, config: wafConfig, ipSets: cdk.aws_wafv2.CfnIPSet[],regexPatternSets: cdk.aws_wafv2.CfnRegexPatternSet[]) : ServiceDataRuleGroup[] { +export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post", runtimeProps: RuntimeProps, config: WafConfig, ipSets: cdk.aws_wafv2.CfnIPSet[],regexPatternSets: cdk.aws_wafv2.CfnRegexPatternSet[]) : ServiceDataRuleGroup[] { const webaclName = config.WebAcl.Name; const prefix = config.General.Prefix; const webAclScope = config.WebAcl.Scope; @@ -144,7 +143,7 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" ); if (capacity < 1500) { - const rules = []; + const rules: wafv2.CfnRuleGroup.RuleProperty[] = []; let count = 1; if(ruleGroupSet){ for (const rule of ruleGroupSet) { @@ -175,7 +174,7 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" if (rule.ruleLabels) { cfnRuleProperties = cfnRuleProperty as wafv2.CfnWebACL.RuleProperty; } else { - // eslint-disable-next-line @typescript-eslint/no-unused-vars, @typescript-eslint/no-unsafe-assignment + // eslint-disable-next-line @typescript-eslint/no-unused-vars const { ruleLabels, ...cfnRulePropertii } = cfnRuleProperty; guidanceHelper.getGuidance("noRuleLabels", runtimeProps, rulename); cfnRuleProperties = cfnRulePropertii as wafv2.CfnWebACL.RuleProperty; @@ -194,7 +193,6 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" "⭕️ Deploy new RuleGroup because the Capacity has changed!" ); console.log( - // eslint-disable-next-line @typescript-eslint/restrict-plus-operands "\n 🟥 Old Capacity: [" + processRuntimeProps.DeployedRuleGroupCapacities[0] + "]\n 🟩 New Capacity: [" + @@ -219,11 +217,9 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" } // Don't lowercase the first char of the Key of the Custom Response Body, // only toAwsCamel the properties below the Key - // eslint-disable-next-line @typescript-eslint/no-unused-expressions // eslint-disable-next-line @typescript-eslint/no-explicit-any let cstResBodies: { [key:string]: any} | undefined = {}; if(customResponseBodies) { - // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion cstResBodies = Object.keys(customResponseBodies).reduce((acc, curr) => { acc[curr] = customResponseBodies![curr]; return acc; }, cstResBodies); } else { @@ -247,7 +243,6 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" overrideAction: { type: "NONE" }, }); console.log( - // eslint-disable-next-line @typescript-eslint/restrict-plus-operands " ➡️ Creating " + rulegroupidentifier + " with calculated capacity: [" + @@ -288,7 +283,7 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" // eslint-disable-next-line @typescript-eslint/no-explicit-any const rulesets: any[] = []; const indexes: number[] = []; - const rulegroupcapacities = []; + const rulegroupcapacities: number[] = []; //ORDER BY Priority DESC while ( indexes.length < processRuntimeProps.RuleCapacities.length @@ -334,7 +329,6 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" " !" ); console.log( - // eslint-disable-next-line @typescript-eslint/restrict-plus-operands "\n 🟥 Old Capacity: [" + processRuntimeProps.DeployedRuleGroupCapacities[ count @@ -375,21 +369,17 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" rulegroupidentifier = type + "R" + count.toString(); name = `${webaclName}-${stage}-${count.toString()}${deployHash ? "-"+deployHash : ""}`; } - const cfnRuleProperties = []; + const cfnRuleProperties: wafv2.CfnRuleGroup.RuleProperty[] = []; let rulegroupcounter = 0; - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access while (rulegroupcounter < rulesets[count].length) { - // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access const statementindex = rulesets[count][rulegroupcounter]; let rulename = ""; if ( - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access ruleGroupSet[statementindex] .name !== undefined ) { const tempHash = Date.now().toString(36); rulename = - // eslint-disable-next-line @typescript-eslint/restrict-plus-operands, @typescript-eslint/no-unsafe-member-access ruleGroupSet[statementindex] .name + "-" + @@ -397,37 +387,27 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" } else { rulename = `${webaclName}-${stage}-${type.toLocaleLowerCase()}-${rulegroupcounter.toString()}${deployHash ? "-"+deployHash : ""}`; } - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access const statement = transformWafRuleStatements(ruleGroupSet[statementindex],prefix, stage, config.WebAcl.Name, ipSets, regexPatternSets); const cfnRuleProperty = { name: rulename, - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access priority: ruleGroupSet[statementindex].priority, - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access action: ruleGroupSet[statementindex].action, statement, visibilityConfig: { sampledRequestsEnabled: - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access ruleGroupSet[statementindex] .visibilityConfig.sampledRequestsEnabled, cloudWatchMetricsEnabled: - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access ruleGroupSet[statementindex] .visibilityConfig.cloudWatchMetricsEnabled, - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access metricName: ruleGroupSet[statementindex].visibilityConfig.metricName, }, - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access captchaConfig: (Object.keys(ruleGroupSet[statementindex] - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access .action)[0] === "captcha") ? ruleGroupSet[statementindex].captchaConfig : undefined, - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access ruleLabels: ruleGroupSet[statementindex].ruleLabels, }; let cfnRuleProperti: wafv2.CfnRuleGroup.RuleProperty; if ( - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access ruleGroupSet[statementindex] .ruleLabels ) { @@ -444,7 +424,6 @@ export function buildServiceDataCustomRgs(scope: Construct, type: "Pre" | "Post" // eslint-disable-next-line @typescript-eslint/no-explicit-any let cstResBodies: { [key:string]: any} | undefined = {}; if(customResponseBodies) { - // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion cstResBodies = Object.keys(customResponseBodies).reduce((acc, curr) => { acc[curr] = customResponseBodies![curr]; return acc; }, cstResBodies); } else { @@ -536,7 +515,6 @@ export async function getcurrentManagedRuleGroupVersion(deploymentRegion: string Limit: 5, }; const command = new ListAvailableManagedRuleGroupVersionsCommand(input); - // eslint-disable-next-line @typescript-eslint/no-explicit-any const response: ListAvailableManagedRuleGroupVersionsCommandOutput = await client.send(command); if(response.Versions!.length > 0){ return response.Versions![0].Name; diff --git a/lib/tools/helpers/web-application-firewall/statements.ts b/lib/tools/helpers/web-application-firewall/statements.ts index 74deb296..87dda0e2 100644 --- a/lib/tools/helpers/web-application-firewall/statements.ts +++ b/lib/tools/helpers/web-application-firewall/statements.ts @@ -1,5 +1,5 @@ import * as cdk from "aws-cdk-lib"; -import { Rule, NotStatementProperty } from "../../../types/fms"; +import { Rule, NotStatementProperty } from "../../../types/config"; import { aws_wafv2 as wafv2 } from "aws-cdk-lib"; /** * Function to transform RuleStatements @@ -202,20 +202,20 @@ export function convertPropValuesToUint8Array(rulesObject: Record, // eslint-disable-next-line @typescript-eslint/no-explicit-any const convertedObject: Record = {}; for (const origKey in rulesObject) { - // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment + if (Object.prototype.hasOwnProperty.call(rulesObject, origKey)) { - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-assignment + let value = rulesObject[origKey]; - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access + if (value instanceof Array || (value !== null && value.constructor === Object)) { - // eslint-disable-next-line @typescript-eslint/no-unsafe-argument + value = convertPropValuesToUint8Array(value, propertyName); } if (origKey === propertyName) { - // eslint-disable-next-line @typescript-eslint/no-unsafe-argument + value = convertStringToUint8Array(value); } - // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment + convertedObject[origKey] = value; } } diff --git a/lib/tools/transformer.ts b/lib/tools/transformer.ts index 41264b61..468d21f5 100644 --- a/lib/tools/transformer.ts +++ b/lib/tools/transformer.ts @@ -1,43 +1,72 @@ -/* eslint-disable @typescript-eslint/no-unsafe-call */ -/* eslint-disable @typescript-eslint/no-unnecessary-type-assertion */ -/* eslint-disable @typescript-eslint/no-unsafe-member-access */ -/* eslint-disable @typescript-eslint/no-unsafe-assignment */ -/* eslint-disable @typescript-eslint/naming-convention */ import { aws_wafv2 as wafv2 } from "aws-cdk-lib"; import { NotStatement, LabelMatchStatement, OrStatement, AndStatement, XssMatchStatement, SqliMatchStatement, RegexPatternSetReferenceStatement, Statement, IPSetReferenceStatement, SizeConstraintStatement, Rule, RegexMatchStatement, RateBasedStatement, - ByteMatchStatement, GeoMatchStatement, FieldToMatch, JsonMatchScope, Headers, MapMatchScope, OversizeHandling, Cookies, JsonBody, Body, RateBasedStatementCustomKey, RateLimitHeader, RateLimitQueryString, RateLimitUriPath, RateLimitIP, RateLimitHTTPMethod } from "@aws-sdk/client-wafv2"; + ByteMatchStatement, GeoMatchStatement, ForwardedIPConfig, FieldToMatch, JsonMatchScope, Headers, MapMatchScope, OversizeHandling, Cookies, JsonBody, Body, RateBasedStatementCustomKey, RateLimitHeader, RateLimitQueryString, RateLimitUriPath, RateLimitIP, RateLimitHTTPMethod, + FallbackBehavior, + CountryCode, + TextTransformation, + TextTransformationType, + ComparisonOperator, + IPSetForwardedIPConfig, + ForwardedIPPosition, + SensitivityLevel, + LabelMatchScope, + PositionalConstraint, + SingleQueryArgument, + UriPath, + SingleHeader, + CookieMatchPattern, + HeaderMatchPattern, + AllQueryArguments, + JsonMatchPattern, + BlockAction, + CaptchaAction, + CountAction, + CaptchaConfig, + ImmunityTimeProperty, + AllowAction, + ChallengeConfig, + OverrideAction, + CustomResponse, + ChallengeAction, + VisibilityConfig, + RateBasedStatementAggregateKeyType, + RuleAction} from "@aws-sdk/client-wafv2"; import { wafHelper, guidanceHelper} from "./helpers"; -import { RuntimeProperties } from "../types/runtimeprops"; +import { RuntimeProps } from "../types/config"; /** * The function will map a CDK ByteMatchStatement Property to a SDK ByteMatchStatement Property * @param statement object of a CDK ByteMatchStatement Property * @return configuration object of a SDK ByteMatchStatement Property */ -export function transformByteMatchStatement(statement: wafv2.CfnWebACL.ByteMatchStatementProperty, runtimeProperties: RuntimeProperties): ByteMatchStatement { +export function transformByteMatchStatement(statement: wafv2.CfnWebACL.ByteMatchStatementProperty, runtimeProperties: RuntimeProps): ByteMatchStatement { const bmst = statement as wafv2.CfnWebACL.ByteMatchStatementProperty | undefined; - let ByteMatchStatement = undefined; + let ByteMatchStatement: ByteMatchStatement | undefined = undefined; if (bmst) { - let FieldToMatch = undefined; + let FieldToMatch: undefined | FieldToMatch = undefined; if (bmst.fieldToMatch) { FieldToMatch = transformfieldToMatch(bmst.fieldToMatch as wafv2.CfnWebACL.FieldToMatchProperty); } - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined = undefined; if (bmst.textTransformations) { TextTransformations = []; (bmst.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } + let positionalConstraint: PositionalConstraint | undefined = undefined; if(bmst.positionalConstraint === "CONTAINS" || bmst.positionalConstraint === "CONTAINS_WORD" || bmst.positionalConstraint === "STARTS_WITH" || bmst.positionalConstraint === "ENDS_WITH"){ guidanceHelper.getGuidance("byteMatchStatementPositionalConstraint", runtimeProperties, "CONTSTRAINT: " + bmst.positionalConstraint +"; SearchString: "+ bmst.searchString+"; FieldtoMatch: "+ JSON.stringify(FieldToMatch)); } + if(bmst.positionalConstraint){ + positionalConstraint = bmst.positionalConstraint as PositionalConstraint; + } ByteMatchStatement = { - PositionalConstraint: bmst.positionalConstraint, + PositionalConstraint: positionalConstraint, SearchString: bmst.searchString ? wafHelper.convertStringToUint8Array(bmst.searchString) : undefined, TextTransformations, FieldToMatch @@ -53,19 +82,19 @@ export function transformByteMatchStatement(statement: wafv2.CfnWebACL.ByteMatch */ export function transformRegexMatchStatement(statement: wafv2.CfnWebACL.RegexMatchStatementProperty): RegexMatchStatement { const rest = statement as wafv2.CfnWebACL.RegexMatchStatementProperty | undefined; - let RegexMatchStatement = undefined; + let RegexMatchStatement: RegexMatchStatement | undefined; if (rest) { - let FieldToMatch = undefined; + let FieldToMatch: undefined | FieldToMatch; if (rest.fieldToMatch) { FieldToMatch = transformfieldToMatch(rest.fieldToMatch as wafv2.CfnWebACL.FieldToMatchProperty); } - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (rest.textTransformations) { TextTransformations = []; (rest.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -85,19 +114,23 @@ export function transformRegexMatchStatement(statement: wafv2.CfnWebACL.RegexMat */ export function transformGeoMatchStatement(statement: wafv2.CfnWebACL.GeoMatchStatementProperty): GeoMatchStatement { const gmst = statement as wafv2.CfnWebACL.GeoMatchStatementProperty | undefined; - let GeoMatchStatement = undefined; + let GeoMatchStatement: GeoMatchStatement | undefined; if (gmst) { - let ForwardedIPConfig = undefined; + let ForwardedIPConfig: ForwardedIPConfig | undefined; if (gmst.forwardedIpConfig) { const fic = gmst.forwardedIpConfig as wafv2.CfnWebACL.ForwardedIPConfigurationProperty; ForwardedIPConfig ={ - FallbackBehavior: fic.fallbackBehavior, + FallbackBehavior: fic.fallbackBehavior as FallbackBehavior, HeaderName: fic.headerName }; } + let CountryCodes: CountryCode[] | undefined; + if(gmst.countryCodes){ + CountryCodes = gmst.countryCodes as CountryCode[]; + } GeoMatchStatement = { ForwardedIPConfig, - CountryCodes: gmst.countryCodes + CountryCodes }; } return GeoMatchStatement as GeoMatchStatement; @@ -110,26 +143,25 @@ export function transformGeoMatchStatement(statement: wafv2.CfnWebACL.GeoMatchSt */ export function transformSizeConstraintStatement(statement: wafv2.CfnWebACL.SizeConstraintStatementProperty): SizeConstraintStatement { const szst = statement as wafv2.CfnWebACL.SizeConstraintStatementProperty | undefined; - let SizeConstraintStatement = undefined; + let SizeConstraintStatement: SizeConstraintStatement | undefined; if (szst) { - let FieldToMatch = undefined; + let FieldToMatch: FieldToMatch | undefined; if (szst.fieldToMatch) { FieldToMatch = transformfieldToMatch(szst.fieldToMatch as wafv2.CfnWebACL.FieldToMatchProperty); } - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (szst.textTransformations) { - TextTransformations = []; (szst.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } SizeConstraintStatement = { TextTransformations, FieldToMatch, - ComparisonOperator: szst.comparisonOperator, + ComparisonOperator: szst.comparisonOperator as ComparisonOperator, Size: szst.size, }; } @@ -143,15 +175,15 @@ export function transformSizeConstraintStatement(statement: wafv2.CfnWebACL.Size */ export function transformIPSetReferenceStatement(statement: wafv2.CfnWebACL.IPSetReferenceStatementProperty): IPSetReferenceStatement { const ipsst = statement as wafv2.CfnWebACL.IPSetReferenceStatementProperty | undefined; - let IPSetReferenceStatement = undefined; + let IPSetReferenceStatement: IPSetReferenceStatement | undefined; if (ipsst) { - let IPSetForwardedIPConfig = undefined; + let IPSetForwardedIPConfig: IPSetForwardedIPConfig | undefined; if (ipsst.ipSetForwardedIpConfig) { const fic = ipsst.ipSetForwardedIpConfig as wafv2.CfnWebACL.IPSetForwardedIPConfigurationProperty; IPSetForwardedIPConfig = { - FallbackBehavior: fic.fallbackBehavior, + FallbackBehavior: fic.fallbackBehavior as FallbackBehavior, HeaderName: fic.headerName, - Position: fic.position, + Position: fic.position as ForwardedIPPosition, }; } IPSetReferenceStatement = { @@ -169,19 +201,19 @@ export function transformIPSetReferenceStatement(statement: wafv2.CfnWebACL.IPSe */ export function transformRegexPatternSetReferenceStatement(statement: wafv2.CfnWebACL.RegexPatternSetReferenceStatementProperty): RegexPatternSetReferenceStatement { const regpst = statement as wafv2.CfnWebACL.RegexPatternSetReferenceStatementProperty | undefined; - let RegexPatternSetReferenceStatement = undefined; + let RegexPatternSetReferenceStatement: RegexPatternSetReferenceStatement | undefined; if (regpst) { - let FieldToMatch = undefined; + let FieldToMatch: FieldToMatch | undefined; if (regpst.fieldToMatch) { FieldToMatch = transformfieldToMatch(regpst.fieldToMatch as wafv2.CfnWebACL.FieldToMatchProperty); } - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (regpst.textTransformations) { TextTransformations = []; (regpst.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -201,26 +233,26 @@ export function transformRegexPatternSetReferenceStatement(statement: wafv2.CfnW */ export function transformSqliMatchStatement(statement: wafv2.CfnWebACL.SqliMatchStatementProperty): SqliMatchStatement { const sqlst = statement as wafv2.CfnWebACL.SqliMatchStatementProperty | undefined; - let SqliMatchStatement = undefined; + let SqliMatchStatement: SqliMatchStatement | undefined; if (sqlst) { - let FieldToMatch = undefined; + let FieldToMatch: FieldToMatch | undefined; if (sqlst.fieldToMatch) { FieldToMatch = transformfieldToMatch(sqlst.fieldToMatch as wafv2.CfnWebACL.FieldToMatchProperty); } - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (sqlst.textTransformations) { TextTransformations = []; (sqlst.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } SqliMatchStatement = { TextTransformations, FieldToMatch, - SensitivityLevel: sqlst.sensitivityLevel, + SensitivityLevel: sqlst.sensitivityLevel as SensitivityLevel, }; } return SqliMatchStatement as SqliMatchStatement; @@ -233,19 +265,18 @@ export function transformSqliMatchStatement(statement: wafv2.CfnWebACL.SqliMatch */ export function transformXssMatchStatement(statement: wafv2.CfnWebACL.XssMatchStatementProperty): XssMatchStatement { const xsst = statement as wafv2.CfnWebACL.XssMatchStatementProperty | undefined; - let XssMatchStatement = undefined; + let XssMatchStatement: XssMatchStatement | undefined; if (xsst) { - let FieldToMatch = undefined; + let FieldToMatch: FieldToMatch | undefined; if (xsst.fieldToMatch) { FieldToMatch = transformfieldToMatch(xsst.fieldToMatch as wafv2.CfnWebACL.FieldToMatchProperty); } - let TextTransformations = undefined; + let TextTransformations: TextTransformation[]| undefined; if (xsst.textTransformations) { - TextTransformations = []; (xsst.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -262,25 +293,25 @@ export function transformXssMatchStatement(statement: wafv2.CfnWebACL.XssMatchSt * @param statement object of a CDK And/OrStatement Property Property * @return configuration object of a SDK And/OrStatement Property Property */ -export function transformConcatenatedStatement(statement: wafv2.CfnWebACL.AndStatementProperty | wafv2.CfnWebACL.OrStatementProperty, isandStatement:boolean, runtimeProperties: RuntimeProperties): AndStatement | OrStatement | undefined { - const Statements = []; - let ConcatenatedStatement = undefined; +export function transformConcatenatedStatement(statement: wafv2.CfnWebACL.AndStatementProperty | wafv2.CfnWebACL.OrStatementProperty, isandStatement:boolean, runtimeProperties: RuntimeProps): AndStatement | OrStatement | undefined { + const Statements: Statement[] = []; + let ConcatenatedStatement: OrStatement | AndStatement | undefined; if(statement.statements && Array.isArray(statement.statements)){ for (const currentstatement of statement.statements as wafv2.CfnWebACL.StatementProperty[]) { const Statement: Statement ={}; - let ByteMatchStatement = undefined; - let GeoMatchStatement = undefined; - let IPSetReferenceStatement = undefined; - let RegexPatternSetReferenceStatement = undefined; - let SizeConstraintStatement = undefined; - let SqliMatchStatement = undefined; - let XssMatchStatement = undefined; - let LabelMatchStatement = undefined; - let NotStatement = undefined; - let RegexMatchStatement = undefined; - let RateBasedStatement = undefined; - let OrStatement = undefined; - let AndStatement = undefined; + let ByteMatchStatement: ByteMatchStatement | undefined; + let GeoMatchStatement: GeoMatchStatement | undefined; + let IPSetReferenceStatement: IPSetReferenceStatement | undefined; + let RegexPatternSetReferenceStatement: RegexPatternSetReferenceStatement | undefined; + let SizeConstraintStatement: SizeConstraintStatement | undefined; + let SqliMatchStatement: SqliMatchStatement | undefined; + let XssMatchStatement: XssMatchStatement | undefined; + let LabelMatchStatement: LabelMatchStatement | undefined; + let NotStatement: NotStatement | undefined; + let RegexMatchStatement: RegexMatchStatement | undefined; + let RateBasedStatement: RateBasedStatement | undefined; + let OrStatement: OrStatement | undefined; + let AndStatement: AndStatement | undefined; switch(Object.keys(currentstatement)[0]){ case "byteMatchStatement": ByteMatchStatement = transformByteMatchStatement(currentstatement.byteMatchStatement as wafv2.CfnWebACL.ByteMatchStatementProperty, runtimeProperties); @@ -360,10 +391,10 @@ export function transformConcatenatedStatement(statement: wafv2.CfnWebACL.AndSta */ export function transformLabelMatchStatement(statement: wafv2.CfnWebACL.LabelMatchStatementProperty): LabelMatchStatement { const lst = statement as wafv2.CfnWebACL.LabelMatchStatementProperty | undefined; - let LabelMatchStatement = undefined; + let LabelMatchStatement: LabelMatchStatement | undefined; if (lst) { LabelMatchStatement = { - Scope: lst.scope, + Scope: lst.scope as LabelMatchScope, Key: lst.key, }; } @@ -375,21 +406,21 @@ export function transformLabelMatchStatement(statement: wafv2.CfnWebACL.LabelMat * @param statement object of a CDK NotStatement Property * @return configuration object of a SDK NotStatement Property */ -export function tranformNotStatement(statement: wafv2.CfnWebACL.NotStatementProperty, runtimeProperties: RuntimeProperties): NotStatement { +export function tranformNotStatement(statement: wafv2.CfnWebACL.NotStatementProperty, runtimeProperties: RuntimeProps): NotStatement { const nst = statement as wafv2.CfnWebACL.NotStatementProperty | undefined; - let NotStatement = undefined; + let NotStatement: NotStatement | undefined; if (nst && nst.statement) { const Statement: Statement ={}; - let ByteMatchStatement = undefined; - let GeoMatchStatement = undefined; - let IPSetReferenceStatement = undefined; - let RegexPatternSetReferenceStatement = undefined; - let SizeConstraintStatement = undefined; - let SqliMatchStatement = undefined; - let XssMatchStatement = undefined; - let LabelMatchStatement = undefined; - let RegexMatchStatement = undefined; - let RateBasedStatement = undefined; + let ByteMatchStatement: ByteMatchStatement | undefined; + let GeoMatchStatement: GeoMatchStatement | undefined; + let IPSetReferenceStatement: IPSetReferenceStatement | undefined; + let RegexPatternSetReferenceStatement: RegexPatternSetReferenceStatement | undefined; + let SizeConstraintStatement: SizeConstraintStatement | undefined; + let SqliMatchStatement: SqliMatchStatement | undefined; + let XssMatchStatement: XssMatchStatement | undefined; + let LabelMatchStatement: LabelMatchStatement | undefined; + let RegexMatchStatement: RegexMatchStatement | undefined; + let RateBasedStatement: RateBasedStatement | undefined; switch(Object.keys(nst.statement)[0]){ case "byteMatchStatement": ByteMatchStatement = transformByteMatchStatement((nst.statement as wafv2.CfnWebACL.StatementProperty).byteMatchStatement as wafv2.CfnWebACL.ByteMatchStatementProperty, runtimeProperties); @@ -445,31 +476,31 @@ export function tranformNotStatement(statement: wafv2.CfnWebACL.NotStatementProp * @param statement object of a CDK RateBasedStatement Property * @return configuration object of a SDK RateBasedStatement Property */ -export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedStatementProperty, runtimeProperties: RuntimeProperties): RateBasedStatement { +export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedStatementProperty, runtimeProperties: RuntimeProps): RateBasedStatement { const rbst = statement as wafv2.CfnWebACL.RateBasedStatementProperty | undefined; - let RateBasedStatement = undefined; + let RateBasedStatement: RateBasedStatement | undefined; let Limit: number | undefined = undefined; let Statement: Statement | ByteMatchStatement | GeoMatchStatement | LabelMatchStatement | OrStatement | NotStatement | AndStatement | IPSetReferenceStatement | SizeConstraintStatement | XssMatchStatement | SqliMatchStatement | undefined; - let AggregateKeyType: string | undefined = undefined; + let AggregateKeyType: RateBasedStatementAggregateKeyType | undefined = undefined; let CustomKeys: RateBasedStatementCustomKey[] | undefined = undefined; let Header: RateLimitHeader | undefined = undefined; let EvaluationWindowSec: number | undefined = undefined; - let ForwardedIPConfig = undefined; + let ForwardedIPConfig: ForwardedIPConfig | undefined; if(rbst){ runtimeProperties.Guidance.rateBasedStatementCount++; if (rbst.scopeDownStatement) { - let ByteMatchStatement = undefined; - let GeoMatchStatement = undefined; - let IPSetReferenceStatement = undefined; - let RegexPatternSetReferenceStatement = undefined; - let SizeConstraintStatement = undefined; - let SqliMatchStatement = undefined; - let XssMatchStatement = undefined; - let LabelMatchStatement = undefined; - let RegexMatchStatement = undefined; - let AndStatement = undefined; - let OrStatement = undefined; - let NotStatement = undefined; + let ByteMatchStatement: ByteMatchStatement | undefined; + let GeoMatchStatement: GeoMatchStatement | undefined; + let IPSetReferenceStatement: IPSetReferenceStatement | undefined; + let RegexPatternSetReferenceStatement: RegexPatternSetReferenceStatement | undefined; + let SizeConstraintStatement: SizeConstraintStatement | undefined; + let SqliMatchStatement: SqliMatchStatement | undefined; + let XssMatchStatement: XssMatchStatement | undefined; + let LabelMatchStatement: LabelMatchStatement | undefined; + let NotStatement: NotStatement | undefined; + let RegexMatchStatement: RegexMatchStatement | undefined; + let OrStatement: OrStatement | undefined; + let AndStatement: AndStatement | undefined; switch(Object.keys(rbst.scopeDownStatement)[0]){ case "byteMatchStatement": ByteMatchStatement = transformByteMatchStatement((rbst.scopeDownStatement as wafv2.CfnWebACL.StatementProperty).byteMatchStatement as wafv2.CfnWebACL.ByteMatchStatementProperty, runtimeProperties); @@ -524,7 +555,7 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS if (rbst.forwardedIpConfig) { const fic = rbst.forwardedIpConfig as wafv2.CfnWebACL.ForwardedIPConfigurationProperty; ForwardedIPConfig ={ - FallbackBehavior: fic.fallbackBehavior, + FallbackBehavior: fic.fallbackBehavior as FallbackBehavior, HeaderName: fic.headerName }; } @@ -532,7 +563,7 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS Limit = rbst.limit; } if(rbst.aggregateKeyType){ - AggregateKeyType = rbst.aggregateKeyType; + AggregateKeyType = rbst.aggregateKeyType as RateBasedStatementAggregateKeyType; } if(rbst.customKeys){ const customkeys = rbst.customKeys as wafv2.CfnWebACL.RateBasedStatementCustomKeyProperty[]; @@ -540,13 +571,13 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS for(const customKey of customkeys) { if(customKey.header){ const header = customKey.header as wafv2.CfnWebACL.RateLimitHeaderProperty; - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (header.textTransformations) { TextTransformations = []; (header.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -558,13 +589,13 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS } if(customKey.cookie){ const cookie = customKey.cookie as wafv2.CfnWebACL.RateLimitCookieProperty; - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (cookie.textTransformations) { TextTransformations = []; (cookie.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -591,13 +622,13 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS } if(customKey.queryArgument){ const queryArgument = customKey.queryArgument as wafv2.CfnWebACL.RateLimitQueryArgumentProperty; - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (queryArgument.textTransformations) { TextTransformations = []; (queryArgument.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -609,13 +640,13 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS } if(customKey.queryString){ const queryString = customKey.queryString as wafv2.CfnWebACL.RateLimitQueryStringProperty; - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (queryString.textTransformations) { TextTransformations = []; (queryString.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -626,13 +657,13 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS } if(customKey.uriPath){ const uriPath = customKey.uriPath as wafv2.CfnWebACL.RateLimitUriPathProperty; - let TextTransformations = undefined; + let TextTransformations: TextTransformation[] | undefined; if (uriPath.textTransformations) { TextTransformations = []; (uriPath.textTransformations as wafv2.CfnWebACL.TextTransformationProperty[]).forEach((tt) => { TextTransformations?.push({ Priority: tt.priority, - Type: tt.type + Type: tt.type as TextTransformationType }); }); } @@ -666,9 +697,10 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS EvaluationWindowSec = rbst.evaluationWindowSec; } } + // eslint-disable-next-line prefer-const RateBasedStatement = { ForwardedIPConfig, - ScopeDownStatement: Statement, + ScopeDownStatement: Statement as Statement, Limit, AggregateKeyType, EvaluationWindowSec, @@ -683,11 +715,11 @@ export function tranformRateBasedStatement(statement: wafv2.CfnWebACL.RateBasedS * @param cdkRule configuration object of a CDK Rule Property * @return configuration object of a SDK Rule Property */ -export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, runtimeProperties: RuntimeProperties): Rule { +export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, runtimeProperties: RuntimeProps): Rule { const action = (cdkRule.action as wafv2.CfnWebACL.RuleActionProperty) as wafv2.CfnWebACL.RuleActionProperty | undefined; - let Action = undefined; + let Action: RuleAction | undefined; if (action) { - let Captcha = undefined; + let Captcha: CaptchaAction | undefined; if (action.captcha) { const ac = action.captcha as wafv2.CfnWebACL.CaptchaActionProperty; if(ac.customRequestHandling){ @@ -711,7 +743,7 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, Captcha = {}; } } - let Allow = undefined; + let Allow: AllowAction | undefined; if (action.allow) { const al = action.allow as wafv2.CfnWebACL.AllowActionProperty; if(al.customRequestHandling){ @@ -735,10 +767,10 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, } } - let Block = undefined; + let Block: BlockAction | undefined; if (action.block) { const bl = action.block as wafv2.CfnWebACL.BlockActionProperty; - let CustomResponse = undefined; + let CustomResponse: CustomResponse | undefined; if(bl.customResponse){ const cr = bl.customResponse as wafv2.CfnWebACL.CustomResponseProperty; const CustomResponseHeaders: { Name: string; Value: string; }[]= []; @@ -762,7 +794,7 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, Block = {}; } } - let Count = undefined; + let Count: CountAction | undefined; if (action.count) { const ct = action.count as wafv2.CfnWebACL.CountActionProperty; if(ct.customRequestHandling){ @@ -786,7 +818,7 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, } } - let Challenge = undefined; + let Challenge: ChallengeAction | undefined; if (action.challenge) { const ch = action.challenge as wafv2.CfnWebACL.ChallengeActionProperty; if(ch.customRequestHandling){ @@ -819,7 +851,7 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, }; } const vc = (cdkRule.visibilityConfig as wafv2.CfnWebACL.VisibilityConfigProperty) as wafv2.CfnWebACL.VisibilityConfigProperty | undefined; - let VisibilityConfig = undefined; + let VisibilityConfig: VisibilityConfig | undefined; if(vc){ VisibilityConfig = { CloudWatchMetricsEnabled: vc.cloudWatchMetricsEnabled as boolean, @@ -829,7 +861,7 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, } const oa = (cdkRule.overrideAction as wafv2.CfnWebACL.OverrideActionProperty) as wafv2.CfnWebACL.OverrideActionProperty | undefined; - let OverrideAction = undefined; + let OverrideAction: OverrideAction | undefined; if(oa){ OverrideAction ={ Count: oa.count, @@ -838,7 +870,7 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, } const rl = cdkRule.ruleLabels as wafv2.CfnWebACL.LabelProperty[] | undefined; - let RuleLabels = undefined; + let RuleLabels: Array<{ Name: string }> | undefined; if (rl) { RuleLabels = []; rl.forEach((l) => { @@ -850,9 +882,9 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, } const cC = (cdkRule.captchaConfig as wafv2.CfnWebACL.CaptchaConfigProperty) as wafv2.CfnWebACL.CaptchaConfigProperty | undefined; - let CaptchaConfig = undefined; + let CaptchaConfig: CaptchaConfig | undefined; if(cC){ - let ImmunityTimeProperty = undefined; + let ImmunityTimeProperty: ImmunityTimeProperty | undefined; if(cC.immunityTimeProperty){ const ccIt = cC.immunityTimeProperty as wafv2.CfnWebACL.ImmunityTimePropertyProperty; ImmunityTimeProperty = { @@ -865,9 +897,9 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, } const cConfig = (cdkRule.challengeConfig as wafv2.CfnWebACL.ChallengeConfigProperty) as wafv2.CfnWebACL.ChallengeConfigProperty | undefined; - let ChallengeConfig = undefined; + let ChallengeConfig: ChallengeConfig | undefined; if(cConfig){ - let ImmunityTimeProperty = undefined; + let ImmunityTimeProperty :ImmunityTimeProperty | undefined; if(cConfig.immunityTimeProperty){ const ccIt = cConfig.immunityTimeProperty as wafv2.CfnWebACL.ImmunityTimePropertyProperty; ImmunityTimeProperty = { @@ -879,19 +911,19 @@ export function transformCdkRuletoSdkRule(cdkRule: wafv2.CfnWebACL.RuleProperty, }; } - let ByteMatchStatement = undefined; - let GeoMatchStatement = undefined; - let IPSetReferenceStatement = undefined; - let RegexPatternSetReferenceStatement = undefined; - let SizeConstraintStatement = undefined; - let SqliMatchStatement = undefined; - let XssMatchStatement = undefined; - let AndStatement = undefined; - let OrStatement = undefined; - let LabelMatchStatement = undefined; - let NotStatement = undefined; - let RegexMatchStatement = undefined; - let RateBasedStatement = undefined; + let ByteMatchStatement: ByteMatchStatement | undefined; + let GeoMatchStatement: GeoMatchStatement | undefined; + let IPSetReferenceStatement: IPSetReferenceStatement | undefined; + let RegexPatternSetReferenceStatement: RegexPatternSetReferenceStatement | undefined; + let SizeConstraintStatement: SizeConstraintStatement | undefined; + let SqliMatchStatement: SqliMatchStatement | undefined; + let XssMatchStatement: XssMatchStatement | undefined; + let LabelMatchStatement: LabelMatchStatement | undefined; + let NotStatement: NotStatement | undefined; + let RegexMatchStatement: RegexMatchStatement | undefined; + let RateBasedStatement: RateBasedStatement | undefined; + let OrStatement: OrStatement | undefined; + let AndStatement: AndStatement | undefined; switch(Object.keys(cdkRule.statement)[0]){ case "byteMatchStatement": @@ -977,19 +1009,19 @@ export function transformfieldToMatch(fieldToMatch: wafv2.CfnWebACL.FieldToMatch OversizeHandling: ftmBody.oversizeHandling as OversizeHandling, }; } - let SingleHeader = undefined; + let SingleHeader: SingleHeader | undefined; if(fieldToMatch.singleHeader){ SingleHeader = { Name: fieldToMatch.singleHeader.name, }; } - let SingleQueryArgument = undefined; + let SingleQueryArgument: SingleQueryArgument | undefined; if(fieldToMatch.singleQueryArgument){ SingleQueryArgument ={ Name: fieldToMatch.singleQueryArgument.name, }; } - let UriPath = undefined; + let UriPath: UriPath | undefined; if(fieldToMatch.uriPath){ UriPath ={ Path: fieldToMatch.uriPath.path, @@ -998,17 +1030,17 @@ export function transformfieldToMatch(fieldToMatch: wafv2.CfnWebACL.FieldToMatch let JsonBody: JsonBody | undefined = undefined; if (fieldToMatch.jsonBody) { const ftmJsonBody = fieldToMatch.jsonBody as wafv2.CfnWebACL.JsonBodyProperty; - let IncludedPaths = undefined; - let MatchPattern = undefined; + let IncludedPaths: string[] | undefined; + let MatchPattern: JsonMatchPattern | undefined; if(ftmJsonBody.matchPattern){ const mp = ftmJsonBody.matchPattern as wafv2.CfnWebACL.JsonMatchPatternProperty; - IncludedPaths = mp.includedPaths as string[]; + IncludedPaths = mp.includedPaths; MatchPattern = { IncludedPaths, All: mp.all, }; } - let MatchScope = undefined; + let MatchScope: JsonMatchScope | undefined; if(ftmJsonBody.matchScope){ const ms = ftmJsonBody.matchScope as JsonMatchScope; MatchScope = ms; @@ -1022,7 +1054,7 @@ export function transformfieldToMatch(fieldToMatch: wafv2.CfnWebACL.FieldToMatch let Cookies: Cookies | undefined = undefined; if(fieldToMatch.cookies){ const ftmCookies = fieldToMatch.cookies as wafv2.CfnWebACL.CookiesProperty; - let MatchPattern = undefined; + let MatchPattern: CookieMatchPattern | undefined; if(ftmCookies.matchPattern){ const cmp = ftmCookies.matchPattern as wafv2.CfnWebACL.CookieMatchPatternProperty; MatchPattern = { @@ -1040,7 +1072,7 @@ export function transformfieldToMatch(fieldToMatch: wafv2.CfnWebACL.FieldToMatch let Headers: Headers | undefined = undefined; if(fieldToMatch.headers){ const fmtHeaders = fieldToMatch.headers as wafv2.CfnWebACL.HeadersProperty; - let MatchPattern = undefined; + let MatchPattern: HeaderMatchPattern | undefined; if(fmtHeaders.matchPattern){ const hmp = fmtHeaders.matchPattern as wafv2.CfnWebACL.HeaderMatchPatternProperty; MatchPattern = { @@ -1055,7 +1087,7 @@ export function transformfieldToMatch(fieldToMatch: wafv2.CfnWebACL.FieldToMatch OversizeHandling: fmtHeaders.oversizeHandling as OversizeHandling, }; } - let AllQueryArguments = undefined; + let AllQueryArguments: AllQueryArguments | undefined; if(fieldToMatch.allQueryArguments){ AllQueryArguments = { OversizeHandling: fieldToMatch.allQueryArguments.oversizeHandling, diff --git a/lib/types/config.ts b/lib/types/config.ts deleted file mode 100644 index 7b15221c..00000000 --- a/lib/types/config.ts +++ /dev/null @@ -1,575 +0,0 @@ -/* eslint-disable @typescript-eslint/naming-convention */ -import { Rule, ManagedRuleGroup } from "./fms"; -import { aws_fms as fms, CfnTag, aws_events as events} from "aws-cdk-lib"; -import * as fwmEnums from "./enums"; -import * as cdk from "aws-cdk-lib"; -/** - * Settings for the AWS WAF policy (type WAFV2) that specifies rule groups to run first in the corresponding AWS WAF Web ACL and rule groups to run last in the Web ACL. - */ -export interface wafConfig { - readonly General: { - /** - * Defines a Prefix which will be added to all resources. - */ - readonly Prefix: string; - /** - * Defines a Stage which will be added to all resources. - */ - readonly Stage: string; - /** - * Defines the selected logging option for the WAF. - */ - readonly LoggingConfiguration: "S3" | "Firehose"; - /** - * Define KMS Key to be used for Kinesis Firehose. - */ - readonly FireHoseKeyArn?: string; - /** - * Define Name of the S3 Bucket where the Firewall logs will be stored. - */ - readonly S3LoggingBucketName: string; - readonly DeployHash?: string; - /** - * Defines the domain(s) that can be checked to audit your WAF. - */ - readonly SecuredDomain: Array; - /** - * Defines whether to set up a dashboard for your firewall in the central security account. To use this feature, cross-account functionality must be enabled in CloudWatch. - */ - readonly CreateDashboard?: boolean; - }; - - readonly WebAcl: { - /** - * Defines Name of your web application firewall. - */ - readonly Name: string; - /** - * Defines Description of your web application firewall. - */ - readonly Description?: string; - /** - * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include from the policy. - * - * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. - * - * This is used for the policy's `IncludeMap`. - * - * You can specify account IDs, OUs, or a combination: - * - * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . - * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - * @struct - * @stability external - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html - */ - readonly IncludeMap: fms.CfnPolicy.IEMapProperty; - /** - * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. - * - * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. - * - * This is used for the policy's `ExcludeMap`. - * - * You can specify account IDs, OUs, or a combination: - * - * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . - * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - * @struct - * @stability external - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html - */ - readonly ExcludeMap?: fms.CfnPolicy.IEMapProperty; - /** - * Replace web ACLs that are currently associated with in-scope resources with the web ACLs created by this policy - Default is False - */ - readonly OverrideCustomerWebACLAssociation?: boolean; - /** - * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. - * A regional application can be - * - an Application Load Balancer (ALB), - * - an Amazon API Gateway REST API, - * - an AWS AppSync GraphQL API, - * - an Amazon Cognito user pool, - * - an AWS App Runner service, - * - or an AWS Verified Access instance. - * - * Valid Values are CLOUDFRONT and REGIONAL. - * - * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html - */ - readonly Scope: fwmEnums.WebAclScope | "CLOUDFRONT" | "REGIONAL"; - /** - * The type of resource protected by or in scope of the policy. To apply this policy to multiple resource types, specify a resource type of ResourceTypeList and then specify the resource types in a ResourceTypeList. - */ - readonly Type: fwmEnums.WebAclTypeEnum | "ResourceTypeList" | WebAclType; - /** - * enum for supportd webacl types - */ - readonly TypeList?: fwmEnums.WebAclTypeEnum[] | WebAclType[]; - /** - * An array of ResourceTag objects, used to explicitly include resources in the policy scope or explicitly exclude them. If this isn't set, then tags aren't used to modify policy scope. See also ExcludeResourceTags. - */ - readonly ResourceTags?: Array; - /** - * Used only when tags are specified in the ResourceTags property. If this property is True, resources with the specified tags are not in scope of the policy. If it's False, only resources with the specified tags are in scope of the policy. - */ - readonly ExcludeResourceTags?: boolean; - /** - * Indicates if the policy should be automatically applied to new resources. - */ - readonly RemediationEnabled?: boolean; - /** - * Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. - */ - readonly ResourcesCleanUp?: boolean; - /** - * Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. - */ - readonly IPSets?: IPSet[]; - /** - * The RegexPatternSet specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a@]dB[o0]t. You can then configure AWS WAF to reject those requests. - */ - readonly RegexPatternSets?: RegexPatternSet[]; - /** - * Defines a Set of Custom Rules and AWS ManagedRulesGroups. - */ - readonly PreProcess: RuleGroupSet; - /** - * Defines a Set of Custom Rules and AWS ManagedRulesGroups. - */ - readonly PostProcess: RuleGroupSet; - }; -} - -/** - * Interface for Shield Configuration in the Firewall Factory - */ -export interface ShieldConfig { - readonly General: { - /** - * Defines a Prefix which will be added to all resources. - */ - readonly Prefix: string; - /** - * Defines a Stage which will be added to all resources. - */ - readonly Stage: string; - /** - * Defines the selected logging option for the WAF. - */ - readonly LoggingConfiguration: "S3" | "Firehose"; - /** - * Define KMS Key to be used for Kinesis Firehose. - */ - readonly FireHoseKeyArn?: string; - /** - * Define Name of the S3 Bucket where the Firewall logs will be stored. - */ - readonly S3LoggingBucketName: string; - readonly DeployHash?: string; - /** - * Defines the domain(s) that can be checked to audit your WAF. - */ - readonly SecuredDomain: Array; - /** - * Defines whether to set up a dashboard for your firewall in the central security account. To use this feature, cross-account functionality must be enabled in CloudWatch. - */ - readonly CreateDashboard?: boolean; - }; - readonly WebAcl: { - /** - * Replace web ACLs that are currently associated with in-scope resources with the web ACLs created by this policy - Default is False - */ - readonly OverrideCustomerWebACLAssociation?: boolean; - }; - - defaultActionType: "ALLOW" | "DENY" | "COUNT" | "NONE"; - /** - * Indicates if the policy should be automatically applied to new resources. - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-remediationenabled - */ - readonly remediationEnabled: boolean | cdk.IResolvable; - /** - * An array of `ResourceType` objects. - * - * Use this only to specify multiple resource types. To specify a single resource type, use `ResourceType` . - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-resourcetypelist - */ - readonly resourceTypeList?: Array; - /** - * The type of resource protected by or in scope of the policy. - * - * This is in the format shown in the [AWS Resource Types Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) . To apply this policy to multiple resource types, specify a resource type of `ResourceTypeList` and then specify the resource types in a `ResourceTypeList` . - * - * The following are valid resource types for each Firewall Manager policy type: - * - * - AWS WAF Classic - `AWS::ApiGateway::Stage` , `AWS::CloudFront::Distribution` , and `AWS::ElasticLoadBalancingV2::LoadBalancer` . - * - AWS WAF - `AWS::ApiGateway::Stage` , `AWS::ElasticLoadBalancingV2::LoadBalancer` , and `AWS::CloudFront::Distribution` . - * - DNS Firewall, AWS Network Firewall , and third-party firewall - `AWS::EC2::VPC` . - * - AWS Shield Advanced - `AWS::ElasticLoadBalancingV2::LoadBalancer` , `AWS::ElasticLoadBalancing::LoadBalancer` , `AWS::EC2::EIP` , and `AWS::CloudFront::Distribution` . - * - Security group content audit - `AWS::EC2::SecurityGroup` , `AWS::EC2::NetworkInterface` , and `AWS::EC2::Instance` . - * - Security group usage audit - `AWS::EC2::SecurityGroup` . - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-resourcetype - */ - readonly resourceType?: string; - /** - * The name of the AWS Firewall Manager policy. - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-policyname - */ - readonly policyName: string; - /** - * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. - * - * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. - * - * You can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` . - * - * You can specify account IDs, OUs, or a combination: - * - * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . - * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-includemap - */ - readonly includeMap?: fms.CfnPolicy.IEMapProperty; - /** - * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. - * - * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. - * - * You can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` . - * - * You can specify account IDs, OUs, or a combination: - * - * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . - * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-excludemap - */ - readonly excludeMap?: fms.CfnPolicy.IEMapProperty; - /** - * Used only when tags are specified in the `ResourceTags` property. - * - * If this property is `True` , resources with the specified tags are not in scope of the policy. If it's `False` , only resources with the specified tags are in scope of the policy. - * - * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-excluderesourcetags - */ - readonly excludeResourceTags: boolean; -} -/** - * The type of resource protected by or in scope of the policy. To apply this policy to multiple resource types, specify a resource type of ResourceTypeList and then specify the resource types in a ResourceTypeList. - */ -export type WebAclType = - | "AWS::ElasticLoadBalancingV2::LoadBalancer" - | "AWS::CloudFront::Distribution" - | "AWS::ApiGatewayV2::Api" - | "AWS::ApiGateway::Stage"; -// | "AWS::Cognito::UserPool" | "AWS::AppSync::GraphQLApi" - waiting for support if you need a GraphQLApi Firewall just use an ApiGateway:Stage Firewall - -/** - * Interface for Prerequisites Stacks in the Firewall Factory - */ -export interface Prerequisites { - readonly General: { - /** - * Defines a Prefix which will be added to all resources. - */ - readonly Prefix: string; - }; - /** - * Will add a Lambda function to the prerequisite stack that sends notifications when new versions and updates to a AWS ManagedRuleGroup appear in messengers (Slack/Teams). - */ - readonly Information?: { - WebhookSopsFile: string; - }; - - /** - * Will add a StepFunction which is indentifying and sending information about unutilized WAFs to messengers (Slack/Teams). - */ - readonly UnutilizedWafs?: { - /** - * Define a Schedule for the StepFunction. The ScheduleExpression is a cron expression that specifies when the rule is triggered. - */ - ScheduleExpression: events.Schedule; - /** - * Define a Sops File for the Webhook URL with the Slack or Teams Webhook URL. - * https://github.com/dbsystel/cdk-sops-secrets - */ - WebhookSopsFile: string; - /** - * Define a Regex to skip WAFs with specific names - */ - SkipWafRegexString?: string; - /** - * Define a Cross Account Role Name for the Lambda which is identifying unutilized WAFs in the managed accounts. - */ - CrossAccountRoleName: string; - }; - /** - * Will add a Lambda function to prerequisite Stack that send notifications about potential DDoS activity for protected resources to messengers (Slack/Teams) - * This feature, coupled with [AWS Shield Advanced](https://aws.amazon.com/shield/). - */ - readonly DdosNotifications?: { - /** - * Define a Sops File for the Webhook URL with the Slack or Teams Webhook URL. - * https://github.com/dbsystel/cdk-sops-secrets - */ - WebhookSopsFile: string; - }; - readonly Logging?: { - readonly BucketProperties?: { - /** - * A name for the bucket. Allowed Pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ - */ - readonly BucketName?: string; - /** - * Define if a KMS Key for the bucket will be created. - */ - readonly KmsEncryptionKey: boolean; - /** - * Will add Object Lock (write-once-read-many (WORM)) to the S3 Bucket (Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.) - */ - readonly ObjectLock?: { - readonly Days: number; - readonly Mode: "GOVERNANCE" | "COMPLIANCE"; - }; - }; - /** - * Define if a KMS Key for Kinesis FireHose will be created. - */ - readonly FireHoseKey?: { - /** - * Define if a Alias for the KMS Key - */ - readonly KeyAlias: string; - }; - /** - * Defines access to a central security account. Please specify a account ID such as 123456789012.This is necessary if you want to use a different account for all your firewalls. - */ - readonly CrossAccountIdforPermissions?: string; - readonly Athena?: { - /** - * Define a Athena Table for the Firewall Logs will be created. - */ - readonly TableName: string; - /** - * Define a Athena DatabaseName where the Table will be created. - */ - readonly DatabaseName?: string; - /** - * Define a AWS Regions where FMS WAFs will be created. This value is used to create Index for regions on Athena Table. - * If this value is not set, the Index will be created for all AWS Regions using [public region parameter](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-global-infrastructure.html). - */ - readonly Regions?: string; - }; - }; - - readonly Grafana?: { - /** - * S3 Bucket where the FMS Logs are beeing stored. Allowed Pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ - */ - readonly BucketName?: string; - /* - * Specify the KMS Key for the S3 Bucket - if its KMS Encrypted - */ - readonly BucketKmsKey?: string; - /** - * Firewall Manager Delegated Admin Account Id - * @TJS-pattern "^[0-9]{12}$" - */ - readonly DelegatedAdminAccountId?: string; - /* - * Specify the Athena Table Name for the FMS Logs - */ - readonly FmsLogsAthenaTable: string; - /* - * Specify the Athena Database Name for the FMS Logs - */ - readonly FmsLogAthenaDatabase: string; - /* - * Specify the Time Window in Days for the FMS Logs to be Queried - This will be used to create the Athena View for Grafana - */ - readonly TimeWindow: number; - }; -} -/** - * S3 Object Lock provides two retention modes: - - Governance mode - - Compliance mode - */ -export enum ObjectLockMode { - GOVERNANCE = "GOVERNANCE", - COMPLIANCE = "COMPLIANCE", -} - -/** - * Represents all AWS Regions - */ -export type RegionString = - | "us-west-2" - | "us-west-1" - | "us-east-2" - | "us-east-1" - | "ap-south-1" - | "ap-northeast-2" - | "ap-northeast-1" - | "ap-southeast-1" - | "ap-southeast-2" - | "ca-central-1" - | "cn-north-1" - | "eu-central-1" - | "eu-west-1" - | "eu-west-2" - | "eu-west-3" - | "sa-east-1" - | "us-gov-west-1" - | "ap-east-1" - | "ap-southeast-3" - | "ap-northeast-3" - | "eu-south-1" - | "eu-north-1" - | "me-south-1"; - -/** - * Represents Region Codes for all AWS Regions - */ -export enum PriceRegions { - "us-west-2" = "US West (Oregon)", - "us-west-1" = "US West (N. California)", - "us-east-2" = "US East (Ohio)", - "us-east-1" = "US East (N. Virginia)", - "ap-south-1" = "Asia Pacific (Mumbai)", - "ap-northeast-2" = "Asia Pacific (Seoul)", - "ap-northeast-1" = "Asia Pacific (Tokyo)", - "ap-southeast-1" = "Asia Pacific (Singapore)", - "ap-southeast-2" = "Asia Pacific (Sydney)", - "ca-central-1" = "Canada (Central)", - "cn-north-1" = "China (Beijing)", - "eu-central-1" = "EU (Frankfurt)", - "eu-west-1" = "EU (Ireland)", - "eu-west-2" = "EU (London)", - "eu-west-3" = "EU (Paris)", - "sa-east-1" = "South America (São Paulo)", - "us-gov-west-1" = "AWS GovCloud (US)", - "ap-east-1" = "Asia Pacific (Hong Kong)", - "ap-southeast-3" = "Asia Pacific (Jakarta)", - "ap-northeast-3" = "Asia Pacific (Osaka)", - "eu-south-1" = "Europe (Milan)", - "eu-north-1" = "Europe (Stockholm)", - "me-south-1" = "Middle East (Bahrain)", -} - -/** - * A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to the block action. - */ -export type CustomResponseBodies = { - [key: string]: { - /** - * @TJS-pattern [\s\S]* - */ - Content: string; - /** - * AWS WAF Content Type - * - * The type of content in the payload that you are defining in the Content string. - * - * @see https://docs.aws.amazon.com/waf/latest/APIReference/API_CustomResponseBody.html - */ - ContentType: fwmEnums.CustomResponseBodiesContentType; - }; -}; - -/** - * Defines a Set of Custom Rules and AWS ManagedRulesGroups. - */ -export interface RuleGroupSet { - CustomResponseBodies?: CustomResponseBodies; - CustomRules?: Rule[]; - ManagedRuleGroups?: ManagedRuleGroup[]; -} - -/** - * The regex above matches both IPv4 and IPv6 in CIDR notation, e.g. 123.4.3.0/32 - * @TJS-pattern (?:^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}\/(3[0-2]|[12]?[0-9])$)|(?:^(?:(?:[a-fA-F\d]{1,4}:){7}(?:[a-fA-F\d]{1,4}|:)|(?:[a-fA-F\d]{1,4}:){6}(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|:[a-fA-F\d]{1,4}|:)|(?:[a-fA-F\d]{1,4}:){5}(?::(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,2}|:)|(?:[a-fA-F\d]{1,4}:){4}(?:(?::[a-fA-F\d]{1,4}){0,1}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,3}|:)|(?:[a-fA-F\d]{1,4}:){3}(?:(?::[a-fA-F\d]{1,4}){0,2}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,4}|:)|(?:[a-fA-F\d]{1,4}:){2}(?:(?::[a-fA-F\d]{1,4}){0,3}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,5}|:)|(?:[a-fA-F\d]{1,4}:){1}(?:(?::[a-fA-F\d]{1,4}){0,4}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,6}|:)|(?::(?:(?::[a-fA-F\d]{1,4}){0,5}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,7}|:)))(?:%[0-9a-zA-Z]{1,})?\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$) - */ -export type IPAddress = string; - -export interface IPAddressWithDescription { - description: string; - /** - * Defines a Ip Address - IPv4 and IPv6 in CIDR notation, e.g. 123.4.3.0/32 - */ - ip: IPAddress; -} - -/** - * Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. - */ -export interface IPSet { - /** - * @TJS-pattern ^[a-zA-Z0-9]+$ - */ - name: string; // This name will be used as a CloudFormation logical ID, so it can't have a already used name and must be alphanumeric - /* - * @TJS-pattern ^[a-zA-Z0-9=:#@/\-,.][a-zA-Z0-9+=:#@/\-,.\s]+[a-zA-Z0-9+=:#@/\-,.]{1,256}$ - */ - description?: string; - /** - * Defines an Array of Ip Address - IPv4 and IPv6 in CIDR notation, e.g. 123.4.3.0/32 or IpAddress with Description - */ - addresses: Array; - /** - * Defines the IP address version of the set. Valid Values are IPV4 and IPV6. - */ - ipAddressVersion: "IPV4" | "IPV6"; - /** - * Defines Array of Tags to be added to the IPSet - * More info: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html - */ - tags?: CfnTag[]; -} - -/** - * The RegexPatternSet specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a@]dB[o0]t. You can then configure AWS WAF to reject those requests. - */ -export interface RegexPatternSet { - /** - * @TJS-pattern ^[a-zA-Z0-9]+$ - */ - name: string; // This name will be used as a CloudFormation logical ID, so it can't have a already used name and must be alphanumeric - /* - * @TJS-pattern ^[\w+=:#@\/\-,\.][\w+=:#@\/\-,\.\s]+[\w+=:#@\/\-,\.]$ - */ - description?: string; - /** - * Defines an Array of Regular Expressions - */ - regularExpressionList: string[]; - /** - * Defines Array of Tags to be added to the RegexPatternSet - * More info: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html - */ - tags?: CfnTag[]; -} - -/** - * Represents all AWS ManagedRuleGroups which are not versioned - */ -export const NONEVERSIONEDMANAGEDRULEGRPOUP = [ - "AWSManagedRulesBotControlRuleSet", - "AWSManagedRulesATPRuleSet", - "AWSManagedRulesACFPRuleSet", - "AWSManagedRulesAmazonIpReputationList", - "AWSManagedRulesAnonymousIpList", -]; diff --git a/lib/types/config/autoUpdatedManagedIpSets.ts b/lib/types/config/autoUpdatedManagedIpSets.ts new file mode 100644 index 00000000..4faf395b --- /dev/null +++ b/lib/types/config/autoUpdatedManagedIpSets.ts @@ -0,0 +1,93 @@ +import { CfnTag } from "aws-cdk-lib"; +import { AWSRegion } from "../enums/"; +import * as events from "aws-cdk-lib/aws-events"; +import { IPAddressVersion } from "@aws-sdk/client-wafv2"; + +/** + * Interface for AutoUpdatedManagedIpSets Stacks in the Firewall Factory + */ +export interface AutoUpdatedManagedIpSetsConfig { + readonly General: { + /** + * Defines a Prefix which will be added to all resources. + */ + readonly Prefix: string; + }; + ManagedIpSets: ManagedIpSet[]; + } +/** + * Defines a Set of Custom Rules and AWS ManagedRulesGroups. + */ +export interface ManagedIpSet { + /** + * @TJS-pattern ^[a-zA-Z0-9]+$ + */ + name: string; // This name will be used as a CloudFormation logical ID, so it can't have a already used name and must be alphanumeric + /* + * @TJS-pattern ^[a-zA-Z0-9=:#@/\-,.][a-zA-Z0-9+=:#@/\-,.\s]+[a-zA-Z0-9+=:#@/\-,.]{1,256}$ + */ + description?: string; + /** + * Defines the IP address version of the set. Valid Values are IPV4 and IPV6. + */ + ipAddressVersion: IPAddressVersion; + /** + * Defines Array of Tags to be added to the IPSet + * More info: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html + */ + tags?: CfnTag[]; + /** + * Defines the Schedule how often the IPSet will be updated + * More info: https://docs.aws.amazon.com/eventbridge/latest/userguide/scheduled-events.html + */ + updateSchedule: events.Schedule; + /** + * Defines the Locations where the IPSet will be updated from + */ + cidrLocations: CidrLocation[]; + /** + * Defines the Region where the IPSet will be deployed + */ + region: AWSRegion, + /** + * Defines the Scope of the IPSet + */ + scope: "REGIONAL" | "CLOUDFRONT"; + } + +export interface CidrLocation { + /** + * Defines the URL where the File containing CIDR will be downloaded from + */ + downloadUrl: string; + /** + * Defines the Type of the Output of the File + */ + outputType: "JSON"; + /** + * Defines the Regex to search for the File on the Url + */ + downloadSearchRegexOnUrl: RegExp; + /** + * Defines where to extract the CIDRs from the File + */ + OutputInformation: OutputInformation; + +} + +export interface OutputInformation { + /** + * Define the key where the CIDR should be extracted from + */ + outputTargetKey: string; + /** + * Define the key that must be met for a specified value + */ + outputConditionKey: string; + /** + * Define the value that must be met for the conditionKey + */ + outputConditionValue: string; +} + +export type JSONValue = string | number | boolean | { [x: string]: JSONValue } | Array; \ No newline at end of file diff --git a/lib/types/config/index.ts b/lib/types/config/index.ts new file mode 100644 index 00000000..34e11cb5 --- /dev/null +++ b/lib/types/config/index.ts @@ -0,0 +1,5 @@ +export * from "./autoUpdatedManagedIpSets"; +export * from "./waf"; +export * from "./shield"; +export * from "./prerequisites"; +export * from "./runtime"; \ No newline at end of file diff --git a/lib/types/config/prerequisites.ts b/lib/types/config/prerequisites.ts new file mode 100644 index 00000000..88ff3bc3 --- /dev/null +++ b/lib/types/config/prerequisites.ts @@ -0,0 +1,127 @@ +import { aws_events as events} from "aws-cdk-lib"; +/** + * Interface for Prerequisites Stacks in the Firewall Factory + */ +export interface PrerequisitesConfig { + readonly General: { + /** + * Defines a Prefix which will be added to all resources. + */ + readonly Prefix: string; + }; + /** + * Will add a Lambda function to the prerequisite stack that sends notifications when new versions and updates to a AWS ManagedRuleGroup appear in messengers (Slack/Teams). + */ + readonly Information?: { + WebhookSopsFile: string; + }; + + /** + * Will add a StepFunction which is indentifying and sending information about unutilized WAFs to messengers (Slack/Teams). + */ + readonly UnutilizedWafs?: { + /** + * Define a Schedule for the StepFunction. The ScheduleExpression is a cron expression that specifies when the rule is triggered. + */ + ScheduleExpression: events.Schedule; + /** + * Define a Sops File for the Webhook URL with the Slack or Teams Webhook URL. + * https://github.com/dbsystel/cdk-sops-secrets + */ + WebhookSopsFile: string; + /** + * Define a Regex to skip WAFs with specific names + */ + SkipWafRegexString?: string; + /** + * Define a Cross Account Role Name for the Lambda which is identifying unutilized WAFs in the managed accounts. + */ + CrossAccountRoleName: string; + }; + /** + * Will add a Lambda function to prerequisite Stack that send notifications about potential DDoS activity for protected resources to messengers (Slack/Teams) + * This feature, coupled with [AWS Shield Advanced](https://aws.amazon.com/shield/). + */ + readonly DdosNotifications?: { + /** + * Define a Sops File for the Webhook URL with the Slack or Teams Webhook URL. + * https://github.com/dbsystel/cdk-sops-secrets + */ + WebhookSopsFile: string; + }; + readonly Logging?: { + readonly BucketProperties?: { + /** + * A name for the bucket. Allowed Pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ + */ + readonly BucketName?: string; + /** + * Define if a KMS Key for the bucket will be created. + */ + readonly KmsEncryptionKey: boolean; + /** + * Will add Object Lock (write-once-read-many (WORM)) to the S3 Bucket (Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.) + */ + readonly ObjectLock?: { + readonly Days: number; + readonly Mode: "GOVERNANCE" | "COMPLIANCE"; + }; + }; + /** + * Define if a KMS Key for Kinesis FireHose will be created. + */ + readonly FireHoseKey?: { + /** + * Define if a Alias for the KMS Key + */ + readonly KeyAlias: string; + }; + /** + * Defines access to a central security account. Please specify a account ID such as 123456789012.This is necessary if you want to use a different account for all your firewalls. + */ + readonly CrossAccountIdforPermissions?: string; + readonly Athena?: { + /** + * Define a Athena Table for the Firewall Logs will be created. + */ + readonly TableName: string; + /** + * Define a Athena DatabaseName where the Table will be created. + */ + readonly DatabaseName?: string; + /** + * Define a AWS Regions where FMS WAFs will be created. This value is used to create Index for regions on Athena Table. + * If this value is not set, the Index will be created for all AWS Regions using [public region parameter](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-global-infrastructure.html). + */ + readonly Regions?: string; + }; + }; + + readonly Grafana?: { + /** + * S3 Bucket where the FMS Logs are beeing stored. Allowed Pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$ + */ + readonly BucketName?: string; + /* + * Specify the KMS Key for the S3 Bucket - if its KMS Encrypted + */ + readonly BucketKmsKey?: string; + /** + * Firewall Manager Delegated Admin Account Id + * @TJS-pattern "^[0-9]{12}$" + */ + readonly DelegatedAdminAccountId?: string; + /* + * Specify the Athena Table Name for the FMS Logs + */ + readonly FmsLogsAthenaTable: string; + /* + * Specify the Athena Database Name for the FMS Logs + */ + readonly FmsLogAthenaDatabase: string; + /* + * Specify the Time Window in Days for the FMS Logs to be Queried - This will be used to create the Athena View for Grafana + */ + readonly TimeWindow: number; + }; + } \ No newline at end of file diff --git a/lib/types/runtimeprops.ts b/lib/types/config/runtime.ts similarity index 97% rename from lib/types/runtimeprops.ts rename to lib/types/config/runtime.ts index 58d7c2c6..629f7af6 100644 --- a/lib/types/runtimeprops.ts +++ b/lib/types/config/runtime.ts @@ -1,7 +1,7 @@ /* * Interface for the runtime properties */ -export interface RuntimeProperties { +export interface RuntimeProps { GuidanceSummary: string[], Guidance: Guidance, PreProcess: ProcessProperties, @@ -59,4 +59,4 @@ export interface ProcessProperties { CustomRuleGroupCount: number, CustomCaptchaRuleCount: number -} \ No newline at end of file +} diff --git a/lib/types/config/shield.ts b/lib/types/config/shield.ts new file mode 100644 index 00000000..e4ec12c6 --- /dev/null +++ b/lib/types/config/shield.ts @@ -0,0 +1,123 @@ +import * as cdk from "aws-cdk-lib"; +import { aws_fms as fms } from "aws-cdk-lib"; +/** + * Interface for Shield Configuration in the Firewall Factory + */ +export interface ShieldConfig { + readonly General: { + /** + * Defines a Prefix which will be added to all resources. + */ + readonly Prefix: string; + /** + * Defines a Stage which will be added to all resources. + */ + readonly Stage: string; + /** + * Defines the selected logging option for the WAF. + */ + readonly LoggingConfiguration: "S3" | "Firehose"; + /** + * Define KMS Key to be used for Kinesis Firehose. + */ + readonly FireHoseKeyArn?: string; + /** + * Define Name of the S3 Bucket where the Firewall logs will be stored. + */ + readonly S3LoggingBucketName: string; + readonly DeployHash?: string; + /** + * Defines the domain(s) that can be checked to audit your WAF. + */ + readonly SecuredDomain: Array; + /** + * Defines whether to set up a dashboard for your firewall in the central security account. To use this feature, cross-account functionality must be enabled in CloudWatch. + */ + readonly CreateDashboard?: boolean; + }; + readonly WebAcl: { + /** + * Replace web ACLs that are currently associated with in-scope resources with the web ACLs created by this policy - Default is False + */ + readonly OverrideCustomerWebACLAssociation?: boolean; + }; + + defaultActionType: "ALLOW" | "DENY" | "COUNT" | "NONE"; + /** + * Indicates if the policy should be automatically applied to new resources. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-remediationenabled + */ + readonly remediationEnabled: boolean | cdk.IResolvable; + /** + * An array of `ResourceType` objects. + * + * Use this only to specify multiple resource types. To specify a single resource type, use `ResourceType` . + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-resourcetypelist + */ + readonly resourceTypeList?: Array; + /** + * The type of resource protected by or in scope of the policy. + * + * This is in the format shown in the [AWS Resource Types Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) . To apply this policy to multiple resource types, specify a resource type of `ResourceTypeList` and then specify the resource types in a `ResourceTypeList` . + * + * The following are valid resource types for each Firewall Manager policy type: + * + * - AWS WAF Classic - `AWS::ApiGateway::Stage` , `AWS::CloudFront::Distribution` , and `AWS::ElasticLoadBalancingV2::LoadBalancer` . + * - AWS WAF - `AWS::ApiGateway::Stage` , `AWS::ElasticLoadBalancingV2::LoadBalancer` , and `AWS::CloudFront::Distribution` . + * - DNS Firewall, AWS Network Firewall , and third-party firewall - `AWS::EC2::VPC` . + * - AWS Shield Advanced - `AWS::ElasticLoadBalancingV2::LoadBalancer` , `AWS::ElasticLoadBalancing::LoadBalancer` , `AWS::EC2::EIP` , and `AWS::CloudFront::Distribution` . + * - Security group content audit - `AWS::EC2::SecurityGroup` , `AWS::EC2::NetworkInterface` , and `AWS::EC2::Instance` . + * - Security group usage audit - `AWS::EC2::SecurityGroup` . + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-resourcetype + */ + readonly resourceType?: string; + /** + * The name of the AWS Firewall Manager policy. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-policyname + */ + readonly policyName: string; + /** + * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. + * + * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. + * + * You can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` . + * + * You can specify account IDs, OUs, or a combination: + * + * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . + * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . + * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-includemap + */ + readonly includeMap?: fms.CfnPolicy.IEMapProperty; + /** + * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. + * + * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. + * + * You can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` . + * + * You can specify account IDs, OUs, or a combination: + * + * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . + * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . + * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-excludemap + */ + readonly excludeMap?: fms.CfnPolicy.IEMapProperty; + /** + * Used only when tags are specified in the `ResourceTags` property. + * + * If this property is `True` , resources with the specified tags are not in scope of the policy. If it's `False` , only resources with the specified tags are in scope of the policy. + * + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html#cfn-fms-policy-excluderesourcetags + */ + readonly excludeResourceTags: boolean; + } \ No newline at end of file diff --git a/lib/types/config/waf.ts b/lib/types/config/waf.ts new file mode 100644 index 00000000..e79737ef --- /dev/null +++ b/lib/types/config/waf.ts @@ -0,0 +1,449 @@ +import { WebAclScope, WebAclTypeEnum, CustomResponseBodiesContentType} from "../enums/index"; +import { aws_fms as fms, CfnTag } from "aws-cdk-lib"; + +/** + * Settings for the AWS WAF policy (type WAFV2) that specifies rule groups to run first in the corresponding AWS WAF Web ACL and rule groups to run last in the Web ACL. + */ +export interface WafConfig { + readonly General: { + /** + * Defines a Prefix which will be added to all resources. + */ + readonly Prefix: string; + /** + * Defines a Stage which will be added to all resources. + */ + readonly Stage: string; + /** + * Defines the selected logging option for the WAF. + */ + readonly LoggingConfiguration: "S3" | "Firehose"; + /** + * Define KMS Key to be used for Kinesis Firehose. + */ + readonly FireHoseKeyArn?: string; + /** + * Define Name of the S3 Bucket where the Firewall logs will be stored. + */ + readonly S3LoggingBucketName: string; + readonly DeployHash?: string; + /** + * Defines the domain(s) that can be checked to audit your WAF. + */ + readonly SecuredDomain: Array; + /** + * Defines whether to set up a dashboard for your firewall in the central security account. To use this feature, cross-account functionality must be enabled in CloudWatch. + */ + readonly CreateDashboard?: boolean; + }; + + readonly WebAcl: { + /** + * Defines Name of your web application firewall. + */ + readonly Name: string; + /** + * Defines Description of your web application firewall. + */ + readonly Description?: string; + /** + * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include from the policy. + * + * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. + * + * This is used for the policy's `IncludeMap`. + * + * You can specify account IDs, OUs, or a combination: + * + * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . + * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . + * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . + * + * @struct + * @stability external + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html + */ + readonly IncludeMap: fms.CfnPolicy.IEMapProperty; + /** + * Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. + * + * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. + * + * This is used for the policy's `ExcludeMap`. + * + * You can specify account IDs, OUs, or a combination: + * + * - Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` . + * - Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` . + * - Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` . + * + * @struct + * @stability external + * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html + */ + readonly ExcludeMap?: fms.CfnPolicy.IEMapProperty; + /** + * Replace web ACLs that are currently associated with in-scope resources with the web ACLs created by this policy - Default is False + */ + readonly OverrideCustomerWebACLAssociation?: boolean; + /** + * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. + * A regional application can be + * - an Application Load Balancer (ALB), + * - an Amazon API Gateway REST API, + * - an AWS AppSync GraphQL API, + * - an Amazon Cognito user pool, + * - an AWS App Runner service, + * - or an AWS Verified Access instance. + * + * Valid Values are CLOUDFRONT and REGIONAL. + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html + */ + readonly Scope: WebAclScope | "CLOUDFRONT" | "REGIONAL"; + /** + * The type of resource protected by or in scope of the policy. To apply this policy to multiple resource types, specify a resource type of ResourceTypeList and then specify the resource types in a ResourceTypeList. + */ + readonly Type: WebAclTypeEnum | "ResourceTypeList" | WebAclType; + /** + * enum for supportd webacl types + */ + readonly TypeList?: WebAclTypeEnum[] | WebAclType[]; + /** + * An array of ResourceTag objects, used to explicitly include resources in the policy scope or explicitly exclude them. If this isn't set, then tags aren't used to modify policy scope. See also ExcludeResourceTags. + */ + readonly ResourceTags?: Array; + /** + * Used only when tags are specified in the ResourceTags property. If this property is True, resources with the specified tags are not in scope of the policy. If it's False, only resources with the specified tags are in scope of the policy. + */ + readonly ExcludeResourceTags?: boolean; + /** + * Indicates if the policy should be automatically applied to new resources. + */ + readonly RemediationEnabled?: boolean; + /** + * Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. + */ + readonly ResourcesCleanUp?: boolean; + /** + * Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. + */ + readonly IPSets?: IPSet[]; + /** + * The RegexPatternSet specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a@]dB[o0]t. You can then configure AWS WAF to reject those requests. + */ + readonly RegexPatternSets?: RegexPatternSet[]; + /** + * Defines a Set of Custom Rules and AWS ManagedRulesGroups. + */ + readonly PreProcess: RuleGroupSet; + /** + * Defines a Set of Custom Rules and AWS ManagedRulesGroups. + */ + readonly PostProcess: RuleGroupSet; + }; + } + +/** + * The type of resource protected by or in scope of the policy. To apply this policy to multiple resource types, specify a resource type of ResourceTypeList and then specify the resource types in a ResourceTypeList. + */ +export type WebAclType = +| "AWS::ElasticLoadBalancingV2::LoadBalancer" +| "AWS::CloudFront::Distribution" +| "AWS::ApiGatewayV2::Api" +| "AWS::ApiGateway::Stage"; +// | "AWS::Cognito::UserPool" | "AWS::AppSync::GraphQLApi" - waiting for support if you need a GraphQLApi Firewall just use an ApiGateway:Stage Firewall + +/** + * A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to the block action. + */ +export type CustomResponseBodies = { + [key: string]: { + /** + * @TJS-pattern [\s\S]* + */ + Content: string; + /** + * AWS WAF Content Type + * + * The type of content in the payload that you are defining in the Content string. + * + * @see https://docs.aws.amazon.com/waf/latest/APIReference/API_CustomResponseBody.html + */ + ContentType: CustomResponseBodiesContentType; + }; + }; + +/** + * Defines a Set of Custom Rules and AWS ManagedRulesGroups. + */ +export interface RuleGroupSet { + CustomResponseBodies?: CustomResponseBodies; + CustomRules?: Rule[]; + ManagedRuleGroups?: ManagedRuleGroup[]; + } + +/** + * The regex above matches both IPv4 and IPv6 in CIDR notation, e.g. 123.4.3.0/32 + * @TJS-pattern (?:^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}\/(3[0-2]|[12]?[0-9])$)|(?:^(?:(?:[a-fA-F\d]{1,4}:){7}(?:[a-fA-F\d]{1,4}|:)|(?:[a-fA-F\d]{1,4}:){6}(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|:[a-fA-F\d]{1,4}|:)|(?:[a-fA-F\d]{1,4}:){5}(?::(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,2}|:)|(?:[a-fA-F\d]{1,4}:){4}(?:(?::[a-fA-F\d]{1,4}){0,1}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,3}|:)|(?:[a-fA-F\d]{1,4}:){3}(?:(?::[a-fA-F\d]{1,4}){0,2}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,4}|:)|(?:[a-fA-F\d]{1,4}:){2}(?:(?::[a-fA-F\d]{1,4}){0,3}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,5}|:)|(?:[a-fA-F\d]{1,4}:){1}(?:(?::[a-fA-F\d]{1,4}){0,4}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,6}|:)|(?::(?:(?::[a-fA-F\d]{1,4}){0,5}:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}|(?::[a-fA-F\d]{1,4}){1,7}|:)))(?:%[0-9a-zA-Z]{1,})?\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$) + */ +export type IPAddress = string; + +export interface IPAddressWithDescription { + description: string; + /** + * Defines a Ip Address - IPv4 and IPv6 in CIDR notation, e.g. 123.4.3.0/32 + */ + ip: IPAddress; + } + +/** + * Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. + */ +export interface IPSet { + /** + * @TJS-pattern ^[a-zA-Z0-9]+$ + */ + name: string; // This name will be used as a CloudFormation logical ID, so it can't have a already used name and must be alphanumeric + /* + * @TJS-pattern ^[a-zA-Z0-9=:#@/\-,.][a-zA-Z0-9+=:#@/\-,.\s]+[a-zA-Z0-9+=:#@/\-,.]{1,256}$ + */ + description?: string; + /** + * Defines an Array of Ip Address - IPv4 and IPv6 in CIDR notation, e.g. 123.4.3.0/32 or IpAddress with Description + */ + addresses: Array; + /** + * Defines the IP address version of the set. Valid Values are IPV4 and IPV6. + */ + ipAddressVersion: "IPV4" | "IPV6"; + /** + * Defines Array of Tags to be added to the IPSet + * More info: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html + */ + tags?: CfnTag[]; + } + +/** + * The RegexPatternSet specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a@]dB[o0]t. You can then configure AWS WAF to reject those requests. + */ +export interface RegexPatternSet { + /** + * @TJS-pattern ^[a-zA-Z0-9]+$ + */ + name: string; // This name will be used as a CloudFormation logical ID, so it can't have a already used name and must be alphanumeric + /* + * @TJS-pattern ^[\w+=:#@\/\-,\.][\w+=:#@\/\-,\.\s]+[\w+=:#@\/\-,\.]$ + */ + description?: string; + /** + * Defines an Array of Regular Expressions + */ + regularExpressionList: string[]; + /** + * Defines Array of Tags to be added to the RegexPatternSet + * More info: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html + */ + tags?: CfnTag[]; + } + +/** + * Represents all AWS ManagedRuleGroups which are not versioned + */ +export const NONEVERSIONEDMANAGEDRULEGRPOUP = [ + "AWSManagedRulesBotControlRuleSet", + "AWSManagedRulesATPRuleSet", + "AWSManagedRulesACFPRuleSet", + "AWSManagedRulesAmazonIpReputationList", + "AWSManagedRulesAnonymousIpList", +]; + +/* eslint-disable @typescript-eslint/no-explicit-any */ +import { aws_wafv2 as waf } from "aws-cdk-lib"; +/* + * Interface for the CustomRequestHandling + */ +export interface CustomRequestHandling { + customRequestHandling?: { + insertHeaders: { + /** + * @TJS-pattern ^[a-zA-Z0-9._$-]+$ + */ + name: string, + /** + * @TJS-pattern .* + */ + value: string, + }[], + } +} + +/** + * Interface for the CustomResponse + */ +export interface CustomResponse { + customResponse?: { + responseCode: number, + + /** + * @TJS-pattern ^[\w\-]+$ + */ + customResponseBodyKey?: string, + responseHeaders?: { + /** + * @TJS-pattern ^[a-zA-Z0-9._$-]+$ + */ + name: string, + /** + * @TJS-pattern .* + */ + value: string, + }[], + } +} + +/** + * Interce for the WAF Action + */ +export interface Action { + block?: CustomResponse, + allow?: CustomRequestHandling, + count?: CustomRequestHandling, + captcha?: CustomRequestHandling, + challenge?: CustomRequestHandling +} + +/** + * Interface for the RuleActionOverrideProperty + */ +export interface RuleActionOverrideProperty { + name: string, + actionToUse: Action +} + +/** + * Type for the NameObject + */ +type NameObject = { + /** + * @TJS-pattern ^[0-9A-Za-z_\-:]+$ + */ + name: string +} + +/** + * Interface for the ManagedRuleGroup + */ +export interface ManagedRuleGroup extends waf.CfnWebACL.ManagedRuleGroupStatementProperty { + version?: string, + /** + * Will be automatically set using the [Check Capacity API](https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html). + */ + capacity?: number, + excludeRules?: NameObject[], + overrideAction?: { + type: "COUNT" | "NONE" + }, + ruleActionOverrides?: RuleActionOverrideProperty[], + versionEnabled?: boolean + /** + * Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet . See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html + */ + awsManagedRulesBotControlRuleSetProperty?: { inspectionLevel: "COMMON" | "TARGETED", enableMachineLearning: boolean}, + /** + * Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html + */ + awsManagedRulesACFPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesACFPRuleSetProperty, + /** + * Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html + */ + awsManagedRulesATPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesATPRuleSetProperty, + /** + * Enforce the [current Default version](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups-versioning.html) of the managed rule group to be retrieved using a Lambda Function. + */ + latestVersion?: boolean + enforceUpdate?:boolean +} + +/** + * Interface for the Rule + */ +export interface Rule { + name: string, + statement: waf.CfnWebACL.StatementProperty, + action: waf.CfnWebACL.RuleActionProperty, + visibilityConfig: waf.CfnWebACL.VisibilityConfigProperty, + captchaConfig?: waf.CfnWebACL.CaptchaConfigProperty, + ruleLabels?: waf.CfnWebACL.LabelProperty[], + /** + * Each rule in a web ACL and each rule in a rule group must have a unique priority setting to ensure proper rule execution. [More information about processing order of rules and rule groups in a web ACL](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-processing-order.html) + */ + priority: number, +} + +/** + * Interface for the ManagedServiceData + */ +export interface ManagedServiceData { + type: string, + defaultAction: { + type: "ALLOW" | "DENY" | "COUNT" | "NONE" + }, + preProcessRuleGroups: any, + postProcessRuleGroups: any, + overrideCustomerWebACLAssociation: boolean, + loggingConfiguration: { + logDestinationConfigs: string[] + } +} + +/** + * Interface for the ServiceDataManagedRuleGroup + */ +export interface ServiceDataManagedRuleGroup extends ServiceDataAbstactRuleGroup { + managedRuleGroupIdentifier: { + vendorName: string, + managedRuleGroupName: string, + version?: string | null, + versionEnabled?: boolean + }, + + excludeRules: any, + ruleGroupType: "ManagedRuleGroup", + ruleActionOverrides: RuleActionOverrideProperty[] | undefined, + awsManagedRulesBotControlRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesBotControlRuleSetProperty, + awsManagedRulesACFPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesACFPRuleSetProperty, + awsManagedRulesATPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesATPRuleSetProperty, +} + +/** + * Interface for the ServiceDataRuleGroup + */ +export interface ServiceDataRuleGroup extends ServiceDataAbstactRuleGroup { + ruleGroupType: "RuleGroup" +} + +/** + * Interface for the ServiceDataAbstactRuleGroup + */ +export interface ServiceDataAbstactRuleGroup { + overrideAction: { + type: "ALLOW" | "DENY" | "NONE" | "COUNT" + }, + ruleGroupArn?: string, + ruleGroupType: string +} + +/** + * Interface for the NotStatementProperty + */ +export interface NotStatementProperty { + statement: waf.CfnWebACL.StatementProperty; +} + +/** + * Interface for the SubVariables + */ +export interface SubVariables { + [key: string]: string; +} \ No newline at end of file diff --git a/lib/types/enums.ts b/lib/types/enums.ts deleted file mode 100644 index 15a6cec8..00000000 --- a/lib/types/enums.ts +++ /dev/null @@ -1,787 +0,0 @@ -/** - * These typescript enums used in aws firewall manager - * - * @see https://www.typescriptlang.org/docs/handbook/enums.html - * @see https://aws.amazon.com/en/firewall-manager/ - */ - -/** - * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. - * A regional application can be - * - an Application Load Balancer (ALB), - * - an Amazon API Gateway REST API, - * - an AWS AppSync GraphQL API, - * - an Amazon Cognito user pool, - * - an AWS App Runner service, - * - or an AWS Verified Access instance. - * - * Valid Values are CLOUDFRONT and REGIONAL. - * - * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html - */ -export enum WebAclScope { - CLOUDFRONT = "CLOUDFRONT", - REGIONAL = "REGIONAL" -} - -/** - * List of REGIONAL AWS Managed Rule Groups - * @see https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroups.html - * @see https://docs.aws.amazon.com/cli/latest/reference/wafv2/list-available-managed-rule-groups.html - * SDK command: - * Regional: - * aws wafv2 list-available-managed-rule-groups --scope REGIONAL |jq -r ".[] | .[] | .Name" - * Cloudfront - * aws wafv2 list-available-managed-rule-groups --scope REGIONAL --region=us-east-1|jq -r ".[] | .[] | .Name" - */ -export enum AwsManagedRules { - COMMON_RULE_SET = "AWSManagedRulesCommonRuleSet", - ADMIN_PROTECTION_RULE_SET = "AWSManagedRulesAdminProtectionRuleSet", - KNOWN_BAD_INPUTS_RULE_SET = "AWSManagedRulesKnownBadInputsRuleSet", - SQLI_RULE_SET = "AWSManagedRulesSQLiRuleSet", - LINUX_RULE_SET = "AWSManagedRulesLinuxRuleSet", - UNIX_RULE_SET = "AWSManagedRulesUnixRuleSet", - WINDOWS_RULE_SET = "AWSManagedRulesWindowsRuleSet", - PHP_RULE_SET = "AWSManagedRulesPHPRuleSet", - WORDPRESS_RULE_SET = "AWSManagedRulesWordPressRuleSet", - AMAZON_IP_REPUTATION_LIST = "AWSManagedRulesAmazonIpReputationList", - ANONYMOUS_IP_LIST = "AWSManagedRulesAnonymousIpList", - BOT_CONTROL_RULE_SET = "AWSManagedRulesBotControlRuleSet", - ATP_RULE_SET = "AWSManagedRulesATPRuleSet", - ACFP_RULE_SET = "AWSManagedRulesACFPRuleSet" -} - -/** - * Enum for Labels which are related to AWSManagedRulesATPRuleSet & AWSManagedRulesBotControlRuleSet - */ -export enum AwsManagedRulesGeneralLabels{ - ManagedTokenRejectedNotSolved = "awswaf:managed:token:rejected:not_solved", - ManagedTokenRejectedExpired = "awswaf:managed:token:rejected:expired", - ManagedTokenRejectedDomainMismatch = "awswaf:managed:token:rejected:domain_mismatch", - ManagedTokenRejectedInvalid = "awswaf:managed:token:rejected:invalid", - ManagedCaptchaRejected = "awswaf:managed:captcha:rejected", - ManagedCaptchaAccepted = "awswaf:managed:captcha:accepted", - ManagedCaptchaRejectedNotSolved = "awswaf:managed:captcha:rejected:not_solved", - ManagedCaptchaRejectedExpired = "awswaf:managed:captcha:rejected:expired", - ManagedCaptchaRejectedDomainMismatch = "awswaf:managed:captcha:rejected:domain_mismatch", - ManagedCaptchaRejectedInvalid = "awswaf:managed:captcha:rejected:invalid" -} - -/** - * Enum for AWSManagedRulesACFPRuleSet Rules - */ -export enum ACFP_RULE_SET_RULES { - UnsupportedCognitoIDP = "UnsupportedCognitoIDP", - AllRequests = "AllRequests", - RiskScoreHigh = "RiskScoreHigh", - SignalCredentialCompromised = "SignalCredentialCompromised", - SignalClientHumanInteractivityAbsentLow = "SignalClientHumanInteractivityAbsentLow", - AutomatedBrowser = "AutomatedBrowser", - BrowserInconsistency = "BrowserInconsistency", - VolumetricIpHigh = "VolumetricIpHigh", - VolumetricSessionHigh = "VolumetricSessionHigh", - AttributeUsernameTraversalHigh = "AttributeUsernameTraversalHigh", - VolumetricPhoneNumberHigh = "VolumetricPhoneNumberHigh", - VolumetricAddressHigh = "VolumetricAddressHigh", - VolumetricAddressLow = "VolumetricAddressLow", - VolumetricIPSuccessfulResponse = "VolumetricIPSuccessfulResponse", - VolumetricSessionSuccessfulResponse = "VolumetricSessionSuccessfulResponse", - VolumetricSessionTokenReuseIp = "VolumetricSessionTokenReuseIp", -} - -/** - * Enum for AWSManagedRulesACFPRuleSet Labels - */ -export enum ACFP_RULE_SET_LABELS { - UnsupportedCognitoIDP = "awswaf:managed:aws:acfp:unsupported:cognito_idp", - VolumetricSessionHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:high", - VolumetricSessionMedium ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:medium", - VolumetricSessionLow ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:low", - VolumetricSessionSessionFailedCreationResponseHigh = "awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:high", - VolumetricSessionSessionFailedCreationResponseMedium = "awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:medium", - VolumetricSessionSessionFailedCreationResponseLow = "awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:low", - VolumetricSessionSuccessfulResponseHigh = "awswaf:managed:aws:acfp:aggregate:volumetric:session:successful_creation_response:high", - VolumetricSessionSuccessfulResponseMedium = "awswaf:managed:aws:acfp:aggregate:volumetric:session:successful_creation_response:medium", - VolumetricSessionSuccessfulResponseLow = "awswaf:managed:aws:acfp:aggregate:volumetric:session:successful_creation_response:low", - VolumetricSessionFailedResponseHigh = " awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:high", - VolumetricSessionFailedResponseMedium = " awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:medium", - VolumetricSessionFailedResponseLow = " awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:low", - VolumetricSessionTokenReuseIp ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:token_reuse:ip", - VolumetricPhoneNumberHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:phone_number:high", - VolumetricPhoneNumberMedium ="awswaf:managed:aws:acfp:aggregate:volumetric:phone_number:medium", - VolumetricPhoneNumberLow ="awswaf:managed:aws:acfp:aggregate:volumetric:phone_number:low", - VolumetricCreationHigh = "awswaf:managed:aws:acfp:aggregate:volumetric:ip:creation:high", - VolumetricCreationMedium = "awswaf:managed:aws:acfp:aggregate:volumetric:ip:creation:medium", - VolumetricCreationLow ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:creation:low", - VolumetricIpSuccessFulCreationHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:successful_creation_response:high", - VolumetricIpSuccessFulCreationMedium="awswaf:managed:aws:acfp:aggregate:volumetric:ip:successful_creation_response:medium", - VolumetricIpSuccessFulCreationLow ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:successful_creation_response:low", - VolumetricIpFailedCreationHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:failed_creation_response:high", - VolumetricIpFailedCreationMedium="awswaf:managed:aws:acfp:aggregate:volumetric:ip:failed_creation_response:medium", - VolumetricIpFailedCreationLow ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:failed_creation_response:low", - VolumetricAddressHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:address:high", - VolumetricAddressMedium="awswaf:managed:aws:acfp:aggregate:volumetric:address:medium", - VolumetricAddressLow ="awswaf:managed:aws:acfp:aggregate:volumetric:address:low", - AttributeUsernameTraversalHigh ="awswaf:managed:aws:acfp:aggregate:attribute:username_traversal:creation:high", - AttributeUsernameTraversalMedium="awswaf:managed:aws:acfp:aggregate:attribute:username_traversal:creation:medium", - AttributeUsernameTraversalLow= "awswaf:managed:aws:acfp:aggregate:attribute:username_traversal:creation:low", - AutomatedBrowser ="awswaf:managed:aws:acfp:signal:automated_browser", - BrowserInconsistency ="awswaf:managed:aws:acfp:signal:browser_inconsistency", - SignalCredentialCompromised ="awswaf:managed:aws:acfp:signal:credential_compromised", - SignalMissingCredential ="awswaf:managed:aws:acfp:signal:missing_credential", - SignalCreationPage ="awswaf:managed:aws:acfp:signal:creation_page", - SignalRegistrationPage ="awswaf:managed:aws:acfp:signal:registration_page", - SignalFormDetected ="awswaf:managed:aws:acfp:signal:form_detected", - SignalClientHumanInteractivityAbsentHigh ="awswaf:managed:aws:acfp:signal:client:human_interactivity:high", - SignalClientHumanInteractivityAbsentMedium ="awswaf:managed:aws:acfp:signal:client:human_interactivity:medium", - SignalClientHumanInteractivityAbsentLow ="awswaf:managed:aws:acfp:signal:client:human_interactivity:low", - SignalClientHumanInteractivityInsufficientData ="awswaf:managed:aws:acfp:signal:client:human_interactivity:insufficient_data", - RiskScoreHigh ="awswaf:managed:aws:acfp:risk_score:high", - RiskScoreMedium ="awswaf:managed:aws:acfp:risk_score:medium", - RiskScoreLow ="awswaf:managed:aws:acfp:risk_score:low", - RiskScoreEvaluationFailed = "awswaf:managed:aws:acfp:risk_score:evaluation_failed", - RiskScoreContributorIpReputationHigh = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:high", - RiskScoreContributorIpReputationMedium = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:medium", - RiskScoreContributorIpReputationLow = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:low", - RiskScoreContributorIpReputationEvaluationFailed = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:evaluation_failed", - RiskScoreContributorStolenCredentialsCredentialPairHigh ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:high", - RiskScoreContributorStolenCredentialsCredentialPairMedium ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:medium", - RiskScoreContributorStolenCredentialsCredentialPairLow ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:low", - RiskScoreContributorStolenCredentialsCredentialPairEvaluationFailed ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:evaluation_failed", -} - -/** - * Enum for AWSManagedRulesATPRuleSet Rules - */ -export enum ATP_RULE_SET_RULES { - UnsupportedCognitoIDP = "UnsupportedCognitoIDP", - VolumetricIpHigh = "VolumetricIpHigh", - VolumetricSession = "VolumetricSession", - AttributeCompromisedCredentials = "AttributeCompromisedCredentials", - AttributeUsernameTraversal = "AttributeUsernameTraversal", - AttributePasswordTraversal = "AttributePasswordTraversal", - AttributeLongSession = "AttributeLongSession", - TokenRejected = "TokenRejected", - SignalMissingCredential = "SignalMissingCredential", -} - -/** - * Enum for AWSManagedRulesATPRuleSet Labels - */ -export enum ATP_RULE_SET_LABELS { - UnsupportedCognitoIDP = "awswaf:managed:aws:atp:unsupported:cognito_idp", - VolumetricIpHigh = "awswaf:managed:aws:atp:aggregate:volumetric:ip:high", - VolumetricIpMedium = "awswaf:managed:aws:atp:aggregate:volumetric:ip:medium", - VolumetricIpLow = "awswaf:managed:aws:atp:aggregate:volumetric:ip:low", - VolumemetricIpFailedLoginResponseHigh = "awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:high", - VolumemetricIpFailedLoginResponseMedium = "awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:medium", - VolumemetricIpFailedLoginResponseLow = "awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:low", - VolumemetricIpSuccessfulLoginResponse_high = "awswaf:managed:aws:atp:aggregate:volumetric:ip:successful_login_response:high", - VolumemetricIpSuccessfulLoginResponse_medium = "awswaf:managed:aws:atp:aggregate:volumetric:ip:successful_login_response:medium", - VolumemetricIpSuccessfulLoginResponse_low = "awswaf:managed:aws:atp:aggregate:volumetric:ip:successful_login_response:low", - VolumetricSession = "awswaf:managed:aws:atp:aggregate:volumetric:session", - VolumetricSessionFailedLoginResponseHigh = "awswaf:managed:aws:atp:aggregate:volumetric:session:failed_login_response:high", - VolumetricSessionFailedLoginResponseMedium = "awswaf:managed:aws:atp:aggregate:volumetric:session:failed_login_response:medium", - VolumetricSessionFailedLoginResponseLow = "awswaf:managed:aws:atp:aggregate:volumetric:session:failed_login_response:low", - VolumetricSessionSuccessfulLoginResponseHigh = "awswaf:managed:aws:atp:aggregate:volumetric:session:successful_login_response:high", - VolumetricSessionSuccessfulLoginResponseMedium = "awswaf:managed:aws:atp:aggregate:volumetric:session:successful_login_response:medium", - VolumetricSessionSuccessfulLoginResponseLow = "awswaf:managed:aws:atp:aggregate:volumetric:session:successful_login_response:low", - VolumetricSessiontokenReuseIp = "awswaf:managed:aws:atp:aggregate:volumetric:session:token_reuse:ip", - AttributeLongSession = "awswaf:managed:aws:atp:aggregate:attribute:long_session", - AttributeCompromisedCredentials = "awswaf:managed:aws:atp:aggregate:attribute:compromised_credentials", - AttributeUsernameTraversal = "awswaf:managed:aws:atp:aggregate:attribute:username_traversal", - AttributePasswordTraversal = "awswaf:managed:aws:atp:aggregate:attribute:password_traversal", - SignalMissingCompromised = "awswaf:managed:aws:atp:signal:credential_compromised", - SignalMissingCredential = "awswaf:managed:aws:atp:signal:missing_credential", - TokenRejected = "awswaf:managed:token:rejected", - TokenAccepted = "awswaf:managed:token:accepted", - TokenAbsent = "awswaf:managed:token:absent", - CaptchaAbsent = "awswaf:managed:captcha:absent", - SuspiciousTlsFingerprint= "awswaf:managed:aws:atp:aggregate:attribute:suspicious_tls_fingerprint" -} - - -/** - * Enum for AWSManagedRulesBotControlRuleSet Rules - */ -export enum BOT_CONTROL_RULE_SET_RULES { - CategoryAdvertising = "CategoryAdvertising", - CategoryArchiver = "CategoryArchiver", - CategoryContentFetcher = "CategoryContentFetcher", - CategoryEmailClient = "CategoryEmailClient", - CategoryHttpLibrary = "CategoryHttpLibrary", - CategoryLinkChecker = "CategoryLinkChecker", - CategoryMiscellaneous = "CategoryMiscellaneous", - CategoryMonitoring = "CategoryMonitoring", - CategoryScrapingFramework = "CategoryScrapingFramework", - CategorySearchEngine = "CategorySearchEngine", - CategorySecurity = "CategorySecurity", - CategorySeo = "CategorySeo", - CategorySocialMedia = "CategorySocialMedia", - CategoryAI = "CategoryAI", - SignalAutomatedBrowser = "SignalAutomatedBrowser", - SignalKnownBotDataCenter = "SignalKnownBotDataCenter", - SignalNonBrowserUserAgent = "SignalNonBrowserUserAgent", - TGT_VolumetricIpTokenAbsent = "TGT_VolumetricIpTokenAbsent", - TGT_VolumetricSession = "TGT_VolumetricSession", - TGT_SignalAutomatedBrowser = "TGT_SignalAutomatedBrowser", - TGT_SignalBrowserInconsistency = "TGT_SignalBrowserInconsistency", - TGT_TokenReuseIp = "TGT_TokenReuseIp", - TGT_ML_CoordinatedActivityMedium = "TGT_ML_CoordinatedActivityMedium", - TGT_ML_CoordinatedActivityHigh = "TGT_ML_CoordinatedActivityHigh", -} - -/** - * Enum for AWSManagedRulesBotControlRuleSet Labels - */ -export enum BOT_CONTROL_RULE_SET_LABELS { - CategoryAdvertising = "awswaf:managed:aws:bot-control:bot:category:advertising", - CategoryAi = "awswaf:managed:aws:bot-control:bot:category:ai", - CategoryArchiver = "awswaf:managed:aws:bot-control:bot:category:archiver", - CategoryContentFetcher = "awswaf:managed:aws:bot-control:bot:category:content_fetcher", - CategoryEmailClient = "awswaf:managed:aws:bot-control:bot:category:email_client", - CategoryHttpLibrary = "awswaf:managed:aws:bot-control:bot:category:http_library", - CategoryLinkChecker = "awswaf:managed:aws:bot-control:bot:category:link_checker", - CategoryMiscellaneous = "awswaf:managed:aws:bot-control:bot:category:miscellaneous", - CategoryMonitoring = "awswaf:managed:aws:bot-control:bot:category:monitoring", - CategoryScrapingFramework = "awswaf:managed:aws:bot-control:bot:category:scraping_framework", - CategorySearchEngine = "awswaf:managed:aws:bot-control:bot:category:search_engine", - CategorySecurity = "awswaf:managed:aws:bot-control:bot:category:security", - CategorySeo = "awswaf:managed:aws:bot-control:bot:category:seo", - CategorySocialMedia = "awswaf:managed:aws:bot-control:bot:category:social_media", - DeveloperPlatformVerified = "awswaf:managed:aws:bot-control:bot:developer_platform:verified", - NameAasaBot = "awswaf:managed:aws:bot-control:bot:name:aasa_bot", - NameAcunetix = "awswaf:managed:aws:bot-control:bot:name:acunetix", - NameAdidxbot = "awswaf:managed:aws:bot-control:bot:name:adidxbot", - NameAdmantx = "awswaf:managed:aws:bot-control:bot:name:admantx", - NameAhrefsbot = "awswaf:managed:aws:bot-control:bot:name:ahrefsbot", - NameAlexabot = "awswaf:managed:aws:bot-control:bot:name:alexabot", - NameAmazonAdbot = "awswaf:managed:aws:bot-control:bot:name:amazon_adbot", - NameAmazonbot = "awswaf:managed:aws:bot-control:bot:name:amazonbot", - NameApache = "awswaf:managed:aws:bot-control:bot:name:apache", - NameAppInsights = "awswaf:managed:aws:bot-control:bot:name:app_insights", - NameApplebot = "awswaf:managed:aws:bot-control:bot:name:applebot", - NameAxios = "awswaf:managed:aws:bot-control:bot:name:axios", - NameBaidu = "awswaf:managed:aws:bot-control:bot:name:baidu", - NameBarkrowler = "awswaf:managed:aws:bot-control:bot:name:barkrowler", - NameBingbot = "awswaf:managed:aws:bot-control:bot:name:bingbot", - NameBitly = "awswaf:managed:aws:bot-control:bot:name:bitly", - NameBlexbot = "awswaf:managed:aws:bot-control:bot:name:blexbot", - NameBomborabot = "awswaf:managed:aws:bot-control:bot:name:bomborabot", - NameBooko = "awswaf:managed:aws:bot-control:bot:name:booko", - NameBotify = "awswaf:managed:aws:bot-control:bot:name:botify", - NameBrandVerity = "awswaf:managed:aws:bot-control:bot:name:brand_verity", - NameBytespider = "awswaf:managed:aws:bot-control:bot:name:bytespider", - NameCcbot = "awswaf:managed:aws:bot-control:bot:name:ccbot", - NameChatgpt = "awswaf:managed:aws:bot-control:bot:name:chatgpt", - NameChatgptUser = "awswaf:managed:aws:bot-control:bot:name:chatgpt_user", - NameCheckmarkNetwork = "awswaf:managed:aws:bot-control:bot:name:checkmark_network", - NameChromeLighthouse = "awswaf:managed:aws:bot-control:bot:name:chrome_lighthouse", - NameClickagy = "awswaf:managed:aws:bot-control:bot:name:clickagy", - NameCliqzbot = "awswaf:managed:aws:bot-control:bot:name:cliqzbot", - NameCloudflare = "awswaf:managed:aws:bot-control:bot:name:cloudflare", - NameCoccoc = "awswaf:managed:aws:bot-control:bot:name:coccoc", - NameComodo = "awswaf:managed:aws:bot-control:bot:name:comodo", - NameCrawler4j = "awswaf:managed:aws:bot-control:bot:name:crawler4j", - NameCriteobot = "awswaf:managed:aws:bot-control:bot:name:criteobot", - NameCurl = "awswaf:managed:aws:bot-control:bot:name:curl", - NameCxensebot = "awswaf:managed:aws:bot-control:bot:name:cxensebot", - NameDatadogSyntheticMonitor = "awswaf:managed:aws:bot-control:bot:name:datadog_synthetic_monitor", - NameDataforseobot = "awswaf:managed:aws:bot-control:bot:name:dataforseobot", - NameDatanyze = "awswaf:managed:aws:bot-control:bot:name:datanyze", - NameDeepcrawl = "awswaf:managed:aws:bot-control:bot:name:deepcrawl", - NameDetectify = "awswaf:managed:aws:bot-control:bot:name:detectify", - NameDiscordbot = "awswaf:managed:aws:bot-control:bot:name:discordbot", - NameDocomo = "awswaf:managed:aws:bot-control:bot:name:docomo", - NameDotbot = "awswaf:managed:aws:bot-control:bot:name:dotbot", - NameDrupal = "awswaf:managed:aws:bot-control:bot:name:drupal", - NameDuckduckbot = "awswaf:managed:aws:bot-control:bot:name:duckduckbot", - NameDuckduckgoFaviconsBot = "awswaf:managed:aws:bot-control:bot:name:duckduckgo_favicons_bot", - NameEchoboxbot = "awswaf:managed:aws:bot-control:bot:name:echoboxbot", - NameEmbedly = "awswaf:managed:aws:bot-control:bot:name:embedly", - NameEzooms = "awswaf:managed:aws:bot-control:bot:name:ezooms", - NameFacebook = "awswaf:managed:aws:bot-control:bot:name:facebook", - NameFacebot = "awswaf:managed:aws:bot-control:bot:name:facebot", - NameFeedburner = "awswaf:managed:aws:bot-control:bot:name:feedburner", - NameFeedfinder = "awswaf:managed:aws:bot-control:bot:name:feedfinder", - NameFeedspot = "awswaf:managed:aws:bot-control:bot:name:feedspot", - NameFindlinks = "awswaf:managed:aws:bot-control:bot:name:findlinks", - NameFlipboard = "awswaf:managed:aws:bot-control:bot:name:flipboard", - NameFreshpingbot = "awswaf:managed:aws:bot-control:bot:name:freshpingbot", - NameGarlik = "awswaf:managed:aws:bot-control:bot:name:garlik", - NameGenieo = "awswaf:managed:aws:bot-control:bot:name:genieo", - NameGetintent = "awswaf:managed:aws:bot-control:bot:name:getintent", - NameGoHttp = "awswaf:managed:aws:bot-control:bot:name:go_http", - NameGoogleAdsbot = "awswaf:managed:aws:bot-control:bot:name:google_adsbot", - NameGoogleAdsense = "awswaf:managed:aws:bot-control:bot:name:google_adsense", - NameGoogleApis = "awswaf:managed:aws:bot-control:bot:name:google_apis", - NameGoogleAppEngine = "awswaf:managed:aws:bot-control:bot:name:google_app_engine", - NameGoogleAppsScript = "awswaf:managed:aws:bot-control:bot:name:google_apps_script", - NameGoogleAssociationService = "awswaf:managed:aws:bot-control:bot:name:google_association_service", - NameGoogleCommonCrawler = "awswaf:managed:aws:bot-control:bot:name:google_common_crawler", - NameGoogleFavicon = "awswaf:managed:aws:bot-control:bot:name:google_favicon", - NameGoogleFeedfetcher = "awswaf:managed:aws:bot-control:bot:name:google_feedfetcher", - NameGoogleImageproxy = "awswaf:managed:aws:bot-control:bot:name:google_imageproxy", - NameGoogleInspectionTool = "awswaf:managed:aws:bot-control:bot:name:google_inspection_tool", - NameGoogleMediapartners = "awswaf:managed:aws:bot-control:bot:name:google_mediapartners", - NameGoogleOther = "awswaf:managed:aws:bot-control:bot:name:google_other", - NameGooglePagerenderer = "awswaf:managed:aws:bot-control:bot:name:google_pagerenderer", - NameGooglePublisherCenter = "awswaf:managed:aws:bot-control:bot:name:google_publisher_center", - NameGoogleReadAloud = "awswaf:managed:aws:bot-control:bot:name:google_read_aloud", - NameGoogleSiteVerification = "awswaf:managed:aws:bot-control:bot:name:google_site_verification", - NameGoogleSpecialCaseCrawler = "awswaf:managed:aws:bot-control:bot:name:google_special_case_crawler", - NameGoogleStorebot = "awswaf:managed:aws:bot-control:bot:name:google_storebot", - NameGoogleUserTriggeredFetcher = "awswaf:managed:aws:bot-control:bot:name:google_user_triggered_fetcher", - NameGoogleWebPreview = "awswaf:managed:aws:bot-control:bot:name:google_web_preview", - NameGooglebot = "awswaf:managed:aws:bot-control:bot:name:googlebot", - NameGoogleweblight = "awswaf:managed:aws:bot-control:bot:name:googleweblight", - NameGptbot = "awswaf:managed:aws:bot-control:bot:name:gptbot", - NameGrapeshot = "awswaf:managed:aws:bot-control:bot:name:grapeshot", - NameGrub = "awswaf:managed:aws:bot-control:bot:name:grub", - NameGtmetrix = "awswaf:managed:aws:bot-control:bot:name:gtmetrix", - NameGuzzle = "awswaf:managed:aws:bot-control:bot:name:guzzle", - NameHarvester = "awswaf:managed:aws:bot-control:bot:name:harvester", - NameHatena = "awswaf:managed:aws:bot-control:bot:name:hatena", - NameHeritrix = "awswaf:managed:aws:bot-control:bot:name:heritrix", - NameHubspot = "awswaf:managed:aws:bot-control:bot:name:hubspot", - NameIchiro = "awswaf:managed:aws:bot-control:bot:name:ichiro", - NameIframely = "awswaf:managed:aws:bot-control:bot:name:iframely", - NameInternetArchive = "awswaf:managed:aws:bot-control:bot:name:internet_archive", - NameIsecbot = "awswaf:managed:aws:bot-control:bot:name:isecbot", - NameJakarta = "awswaf:managed:aws:bot-control:bot:name:jakarta", - NameJava = "awswaf:managed:aws:bot-control:bot:name:java", - NameJersey = "awswaf:managed:aws:bot-control:bot:name:jersey", - NameLibhttp = "awswaf:managed:aws:bot-control:bot:name:libhttp", - NameLibperl = "awswaf:managed:aws:bot-control:bot:name:libperl", - NameLinespider = "awswaf:managed:aws:bot-control:bot:name:Linespider", - Namelinespider = "awswaf:managed:aws:bot-control:bot:name:linespider", - NameLinguee = "awswaf:managed:aws:bot-control:bot:name:linguee", - NameLinkchecker = "awswaf:managed:aws:bot-control:bot:name:linkchecker", - NameLinkdex = "awswaf:managed:aws:bot-control:bot:name:linkdex", - NameLinkedin = "awswaf:managed:aws:bot-control:bot:name:linkedin", - NameLinklint = "awswaf:managed:aws:bot-control:bot:name:linklint", - NameLinkscan = "awswaf:managed:aws:bot-control:bot:name:linkscan", - NameLinkup = "awswaf:managed:aws:bot-control:bot:name:linkup", - NameLinkwalker = "awswaf:managed:aws:bot-control:bot:name:linkwalker", - NameLivelapbot = "awswaf:managed:aws:bot-control:bot:name:livelapbot", - NameLydia = "awswaf:managed:aws:bot-control:bot:name:lydia", - NameMagpie = "awswaf:managed:aws:bot-control:bot:name:magpie", - NameMailru = "awswaf:managed:aws:bot-control:bot:name:mailru", - NameMarfeel = "awswaf:managed:aws:bot-control:bot:name:marfeel", - NameMauibot = "awswaf:managed:aws:bot-control:bot:name:mauibot", - NameMaverick = "awswaf:managed:aws:bot-control:bot:name:maverick", - NameMediatoolkitbot = "awswaf:managed:aws:bot-control:bot:name:mediatoolkitbot", - NameMegaindex = "awswaf:managed:aws:bot-control:bot:name:megaindex", - NameMicrosoftPreview = "awswaf:managed:aws:bot-control:bot:name:microsoft_preview", - NameMiniflux = "awswaf:managed:aws:bot-control:bot:name:miniflux", - NameMixrankbot = "awswaf:managed:aws:bot-control:bot:name:mixrankbot", - NameMj12bot = "awswaf:managed:aws:bot-control:bot:name:mj12bot", - NameMoatbot = "awswaf:managed:aws:bot-control:bot:name:moatbot", - NameMojeek = "awswaf:managed:aws:bot-control:bot:name:mojeek", - NameMoodlebot = "awswaf:managed:aws:bot-control:bot:name:moodlebot", - NameMsnbot = "awswaf:managed:aws:bot-control:bot:name:msnbot", - NameNetvibes = "awswaf:managed:aws:bot-control:bot:name:netvibes", - NameNewrelicSyntheticMonitor = "awswaf:managed:aws:bot-control:bot:name:newrelic_synthetic_monitor", - NameNewspaper = "awswaf:managed:aws:bot-control:bot:name:newspaper", - NameNimbostratus = "awswaf:managed:aws:bot-control:bot:name:nimbostratus", - NameNode_fetch = "awswaf:managed:aws:bot-control:bot:name:node_fetch", - NameOkhttp = "awswaf:managed:aws:bot-control:bot:name:okhttp", - NameOutlook = "awswaf:managed:aws:bot-control:bot:name:outlook", - NamePandalytics = "awswaf:managed:aws:bot-control:bot:name:pandalytics", - NamePaperlibot = "awswaf:managed:aws:bot-control:bot:name:paperlibot", - NamePetalbot = "awswaf:managed:aws:bot-control:bot:name:petalbot", - NamePhpcrawl = "awswaf:managed:aws:bot-control:bot:name:phpcrawl", - NamePingability = "awswaf:managed:aws:bot-control:bot:name:pingability", - NamePingdom = "awswaf:managed:aws:bot-control:bot:name:pingdom", - NamePinterest = "awswaf:managed:aws:bot-control:bot:name:pinterest", - NamePocket = "awswaf:managed:aws:bot-control:bot:name:pocket", - NameProctorio = "awswaf:managed:aws:bot-control:bot:name:proctorio", - NameProximic = "awswaf:managed:aws:bot-control:bot:name:proximic", - NamePrtg = "awswaf:managed:aws:bot-control:bot:name:prtg", - NamePsbot = "awswaf:managed:aws:bot-control:bot:name:psbot", - NamePython = "awswaf:managed:aws:bot-control:bot:name:python", - NamePythonRequests = "awswaf:managed:aws:bot-control:bot:name:python_requests", - NamQwantify = "awswaf:managed:aws:bot-control:bot:name:qwantify", - NameRedditbot = "awswaf:managed:aws:bot-control:bot:name:redditbot", - NameRiddler = "awswaf:managed:aws:bot-control:bot:name:riddler", - NameRogerbot = "awswaf:managed:aws:bot-control:bot:name:rogerbot", - NameRoute53_health_check = "awswaf:managed:aws:bot-control:bot:name:route53_health_check", - NameRuby = "awswaf:managed:aws:bot-control:bot:name:ruby", - NameScrapy = "awswaf:managed:aws:bot-control:bot:name:scrapy", - NameSeekportbot = "awswaf:managed:aws:bot-control:bot:name:seekportbot", - NameSemanticscholarbot = "awswaf:managed:aws:bot-control:bot:name:semanticscholarbot", - NameSemrushbot = "awswaf:managed:aws:bot-control:bot:name:semrushbot", - NameSentibot = "awswaf:managed:aws:bot-control:bot:name:sentibot", - NameSerpstatbot = "awswaf:managed:aws:bot-control:bot:name:serpstatbot", - NameSimilarTech = "awswaf:managed:aws:bot-control:bot:name:similar_tech", - NameSiteImprove = "awswaf:managed:aws:bot-control:bot:name:site_improve", - NameSlackImages = "awswaf:managed:aws:bot-control:bot:name:slack_images", - NameSlackbot = "awswaf:managed:aws:bot-control:bot:name:slackbot", - NameSnapchat = "awswaf:managed:aws:bot-control:bot:name:snapchat", - NameSnoopy = "awswaf:managed:aws:bot-control:bot:name:snoopy", - NameSogou = "awswaf:managed:aws:bot-control:bot:name:sogou", - NameSteeler = "awswaf:managed:aws:bot-control:bot:name:steeler", - NameStudyPartner = "awswaf:managed:aws:bot-control:bot:name:study_partner", - NameSumologic = "awswaf:managed:aws:bot-control:bot:name:sumologic", - NameSuperfeedr = "awswaf:managed:aws:bot-control:bot:name:superfeedr", - NameTaboolabot = "awswaf:managed:aws:bot-control:bot:name:taboolabot", - NameTelegram = "awswaf:managed:aws:bot-control:bot:name:telegram", - NameTinEye = "awswaf:managed:aws:bot-control:bot:name:tin_eye", - NameTinyRss = "awswaf:managed:aws:bot-control:bot:name:tiny_rss", - NameTrendictionbot = "awswaf:managed:aws:bot-control:bot:name:trendictionbot", - NameTwitter = "awswaf:managed:aws:bot-control:bot:name:twitter", - NameUptimerobot = "awswaf:managed:aws:bot-control:bot:name:uptimerobot", - NameW3c = "awswaf:managed:aws:bot-control:bot:name:w3c", - NameW3cValidationServices = "awswaf:managed:aws:bot-control:bot:name:w3c_validation_services", - NameWappalyzer = "awswaf:managed:aws:bot-control:bot:name:wappalyzer", - NameWebCopier = "awswaf:managed:aws:bot-control:bot:name:web_copier", - NameWget = "awswaf:managed:aws:bot-control:bot:name:wget", - NameWhatsapp = "awswaf:managed:aws:bot-control:bot:name:whatsapp", - NameWordpressScanner = "awswaf:managed:aws:bot-control:bot:name:wordpress_scanner", - NameYacy = "awswaf:managed:aws:bot-control:bot:name:yacy", - NameYahoo = "awswaf:managed:aws:bot-control:bot:name:yahoo", - NameYahoo_mail = "awswaf:managed:aws:bot-control:bot:name:yahoo_mail", - NameYandexbot = "awswaf:managed:aws:bot-control:bot:name:yandexbot", - NameYanga = "awswaf:managed:aws:bot-control:bot:name:yanga", - NameZyborg = "awswaf:managed:aws:bot-control:bot:name:zyborg", - OrganizationGoogle = "awswaf:managed:aws:bot-control:bot:organization:google", - OrganizationMicrosoft = "awswaf:managed:aws:bot-control:bot:organization:microsoft", - Unverified = "awswaf:managed:aws:bot-control:bot:unverified", - UserTriggeredVerified = "awswaf:managed:aws:bot-control:bot:user_triggered:verified", - Verified = "awswaf:managed:aws:bot-control:bot:verified", - SignalAutomatedBrowser = "awswaf:managed:aws:bot-control:signal:automated_browser", - SignalKnownBotDataCenter = "awswaf:managed:aws:bot-control:signal:known_bot_data_center", - SignalNonBrowserHeader = "awswaf:managed:aws:bot-control:signal:non_browser_header", - SignalNonBrowserUserAgent = "awswaf:managed:aws:bot-control:signal:non_browser_user_agent", - TokenRejected = "awswaf:managed:token:rejected", - tokenAccepted = "awswaf:managed:token:accepted", - TokenAbsent = "awswaf:managed:token:absent", - TGT_ML_CoordinatedActivityMedium = "awswaf:managed:aws:bot-control:targeted:aggregate:coordinated_activity:medium", - TGT_ML_CoordinatedActivityHigh = "awswaf:managed:aws:bot-control:targeted:aggregate:coordinated_activity:high", - TGT_VolumetricIpTokenAbsent = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:ip:token_absent", - TGT_VolumetricSessionHigh = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:high", - TGT_VolumetricSessiosMedium = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:medium", - TGT_VolumetricSessionLow = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:low", - TGT_TokenReuseIp = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:token_reuse:ip", - TGT_SignalAutomatedBrowser = "awswaf:managed:aws:bot-control:targeted:signal:automated_browser", - TGT_SignalBrowserInconsistency = "awswaf:managed:aws:bot-control:targeted:signal:browser_inconsistency", - BrowserAutomationExtension = "awswaf:managed:aws:bot-control:targeted:signal:browser_automation_extension", - TGT_ML_CoordinatedActivityLow = "awswaf:managed:aws:bot-control:targeted:aggregate:coordinated_activity:low" -} - -/** - * Enum for AWSManagedRulesAnonymousIpList Rules - */ -export enum ANONYMOUS_IP_LIST_RULES { - AnonymousIPList = "AnonymousIPList", - HostingProviderIPList = "HostingProviderIPList" -} - -/** - * Enum for AWSManagedRulesAnonymousIpList Labels - */ -export enum ANONYMOUS_IP_LIST_LABELS { - AnonymousIPList = "awswaf:managed:aws:anonymous-ip-list:AnonymousIPList", - HostingProviderIPList = "awswaf:managed:aws:anonymous-ip-list:HostingProviderIPList", -} - - -/** - * Enum for AWSManagedRulesAmazonIpReputationList Rules - */ -export enum AMAZON_IpReputationLIST_RULES { - AWSManagedIPReputationList = "AWSManagedIPReputationList", - AWSManagedReconnaissanceList = "AWSManagedReconnaissanceList", - AWSManagedIPDDoSList = "AWSManagedIPDDoSList" -} - -/** - * Enum for AWSManagedRulesAmazonIpReputationList Labels - */ -export enum AMAZON_IpReputationLIST_LABELS { - AWSManagedIPDDoSList = "awswaf:managed:aws:amazon-ip-list:AWSManagedIPDDoSList", - AWSManagedIPReputationList = "awswaf:managed:aws:amazon-ip-list:AWSManagedIPReputationList", - AWSManagedReconnaissanceList = "awswaf:managed:aws:amazon-ip-list:AWSManagedReconnaissanceList", -} - -/** - * Enum for AWSManagedRulesWordPressRuleSet Rules - */ -export enum WORDPRESS_RULE_SET_RULES { - WordPressExploitableCommands_QUERYSTRING = "WordPressExploitableCommands_QUERYSTRING", - WordPressExploitablePaths_URIPATH = "WordPressExploitablePaths_URIPATH" -} - -/** - * Enum for AWSManagedRulesWordPressRuleSet Labels - */ -export enum WORDPRESS_RULE_SET_LABELS { - WordPressExploitableCommands_QUERYSTRING = "awswaf:managed:aws:wordpress-app:WordPressExploitableCommands_QUERYSTRING", - WordPressExploitablePaths_URIPATH = "awswaf:managed:aws:wordpress-app:WordPressExploitablePaths_URIPATH", -} - -/** - * Enum for AWSManagedRulesPHPRuleSet Rules - */ -export enum PHP_RULE_SET_RULES { - PHPHighRiskMethodsVariables_HEADER = "PHPHighRiskMethodsVariables_HEADER", - PHPHighRiskMethodsVariables_QUERYSTRING = "PHPHighRiskMethodsVariables_QUERYSTRING", - PHPHighRiskMethodsVariables_BODY = "PHPHighRiskMethodsVariables_BODY" -} - -/** - * Enum for AWSManagedRulesPHPRuleSet Labels - */ -export enum PHP_RULE_SET_LABELS { - PHPHighRiskMethodsVariables_HEADER = "awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Header", - PHPHighRiskMethodsVariables_QUERYSTRING = "awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_QueryString", - PHPHighRiskMethodsVariables_BODY = "awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Body", -} - -/** - * Enum for AWSManagedRulesWindowsRuleSet Rules - */ -export enum WINDOWS_RULE_SET_RULES { - WindowsShellCommands_COOKIE = "WindowsShellCommands_COOKIE", - WindowsShellCommands_QUERYARGUMENTS = "WindowsShellCommands_QUERYARGUMENTS", - WindowsShellCommands_BODY = "WindowsShellCommands_BODY", - PowerShellCommands_COOKIE = "PowerShellCommands_COOKIE", - PowerShellCommands_QUERYARGUMENTS = "PowerShellCommands_QUERYARGUMENTS", - PowerShellCommands_BODY = "PowerShellCommands_BODY" -} - -/** - * Enum for AWSManagedRulesWindowsRuleSet Labels - */ -export enum WINDOWS_RULE_SET_LABELS { - WindowsShellCommands_COOKIE = "awswaf:managed:aws:windows-os:WindowsShellCommands_Cookie", - WindowsShellCommands_BODY = "awswaf:managed:aws:windows-os:WindowsShellCommands_Body", - PowerShellCommands_COOKIE = "awswaf:managed:aws:windows-os:PowerShellCommands_Cookie", - WindowsShellCommands_QUERYARGUMENTS = "awswaf:managed:aws:windows-os:WindowsShellCommands_QueryArguments", - PowerShellCommands_QUERYARGUMENTS = "awswaf:managed:aws:windows-os:PowerShellCommands_QueryArguments", - PowerShellCommands_BODY = "awswaf:managed:aws:windows-os:PowerShellCommands_Body", -} - -/** - * Enum for AWSManagedRulesUnixRuleSet Rules - */ -export enum UNIX_RULE_SET_RULES { - UNIXShellCommandsVariables_QUERYARGUMENTS = "UNIXShellCommandsVariables_QUERYARGUMENTS", - UNIXShellCommandsVariables_BODY = "UNIXShellCommandsVariables_BODY", -} - -/** - * Enum for AWSManagedRulesUnixRuleSet Labels - */ -export enum UNIX_RULE_SET_LABELS { - UNIXShellCommandsVariables_BODY = "awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_Body", - UNIXShellCommandsVariables_QUERYARGUMENTS = "awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_QueryArguments", -} - -/** - * Enum for AWSManagedRulesLinuxRuleSet Rules - */ -export enum LINUX_RULE_SET_RULES { - LFI_URIPATH = "LFI_URIPATH", - LFI_QUERYSTRING = "LFI_QUERYSTRING", - LFI_HEADER = "LFI_HEADER", -} -/** - * Enum for AWSManagedRulesLinuxRuleSet Labels - */ -export enum LINUX_RULE_SET_LABELS { - LFI_QUERYSTRING = "awswaf:managed:aws:linux-os:LFI_QueryString", - LFI_URIPATH = "awswaf:managed:aws:linux-os:LFI_URIPath", - LFI_HEADER = "awswaf:managed:aws:linux-os:LFI_Header", -} - -/** - * Enum for AWSManagedRulesSQLiRuleSet Rules - */ -export enum SQLI_RULE_SET_RULES { - SQLiExtendedPatterns_QUERYARGUMENTS = "SQLiExtendedPatterns_QUERYARGUMENTS", - SQLi_QUERYARGUMENTS = "SQLi_QUERYARGUMENTS", - SQLiExtendedPatterns_BODY = "SQLiExtendedPatterns_BODY", - SQLi_BODY = "SQLi_BODY", - SQLi_COOKIE = "SQLi_COOKIE", - SQLi_URIPATH = "SQLi_URIPATH", - SQLi_URIPATH_RC_COUNT = "SQLi_URIPATH_RC_COUNT", - SQLi_COOKIE_RC_COUNT = "SQLi_COOKIE_RC_COUNT", - SQLi_BODY_RC_COUNT = "SQLi_BODY_RC_COUNT", - SQLi_QUERYARGUMENTS_RC_COUNT = "SQLi_QUERYARGUMENTS_RC_COUNT", - SQLiExtendedPatterns_QUERYARGUMENTS_RC_COUNT = "SQLiExtendedPatterns_QUERYARGUMENTS_RC_COUNT" -} -/** - * Enum for AWSManagedRulesSQLiRuleSet Labels - */ -export enum SQLI_RULE_SET_LABELS { - SQLi_URIPATH = "awswaf:managed:aws:sql-database:SQLi_URIPath", - SQLiExtendedPatterns_QUERYARGUMENTS = "awswaf:managed:aws:sql-database:SQLiExtendedPatterns_QueryArguments", - SQLi_QUERYARGUMENTS = "awswaf:managed:aws:sql-database:SQLi_QueryArguments", - SQLi_BODY = "awswaf:managed:aws:sql-database:SQLi_Body", - SQLi_COOKIE = "awswaf:managed:aws:sql-database:SQLi_Cookie", - SQLiExtendedPatterns_BODY = "awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Body", - SQLi_Cookie_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_Cookie_RC_COUNT", - SQLi_Body_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_Body_RC_COUNT", - SQLi_QueryArguments_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_QueryArguments_RC_COUNT", - SQLi_URIPath_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_URIPath_RC_COUNT", - SQLiExtendedPatterns_QueryArguments_RC_COUNT = "awswaf:managed:aws:sql-database:SQLiExtendedPatterns_QueryArguments_RC_COUNT" -} - -/** - * Enum for AWSManagedRulesKnownBadInputsRuleSet Rules - */ -export enum KNOWN_BAD_INPUTS_RULE_SET_RULES { - Log4JRCE_HEADER_RC_COUNT = "Log4JRCE_HEADER_RC_COUNT", - Log4JRCE_URIPATH_RC_COUNT = "Log4JRCE_URIPATH_RC_COUNT", - Log4JRCE_BODY_RC_COUNT = "Log4JRCE_BODY_RC_COUNT", - Log4JRCE_QUERYSTRING_RC_COUNT = "Log4JRCE_QUERYSTRING_RC_COUNT", - Host_localhost_HEADER_RC_COUNT = "Host_localhost_HEADER_RC_COUNT", - JavaDeserializationRCE_HEADER_RC_COUNT = "JavaDeserializationRCE_HEADER_RC_COUNT", - JavaDeserializationRCE_QUERYSTRING_RC_COUNT = "JavaDeserializationRCE_QUERYSTRING_RC_COUNT", - JavaDeserializationRCE_URIPATH_RC_COUNT = "JavaDeserializationRCE_URIPATH_RC_COUNT", - JavaDeserializationRCE_BODY_RC_COUNT = "JavaDeserializationRCE_BODY_RC_COUNT", - JavaDeserializationRCE_BODY = "JavaDeserializationRCE_BODY", - JavaDeserializationRCE_URIPATH = "JavaDeserializationRCE_URIPATH", - JavaDeserializationRCE_QUERYSTRING = "JavaDeserializationRCE_QUERYSTRING", - JavaDeserializationRCE_HEADER = "JavaDeserializationRCE_HEADER", - Host_localhost_HEADER = "Host_localhost_HEADER", - PROPFIND_METHOD = "PROPFIND_METHOD", - ExploitablePaths_URIPATH = "ExploitablePaths_URIPATH", - Log4JRCE_QUERYSTRING = "Log4JRCE_QUERYSTRING", - Log4JRCE_BODY = "Log4JRCE_BODY", - Log4JRCE_URIPATH = "Log4JRCE_URIPATH", - Log4JRCE_HEADER = "Log4JRCE_HEADER", -} - -/** - * Enum for AWSManagedRulesKnownBadInputsRuleSet Labels - */ -export enum KNOWN_BAD_INPUTS_RULE_SET_LABELS { - Host_localhost_HEADER_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Host_Localhost_Header_RC_COUNT", - JavaDeserializationRCE_QUERYSTRING_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_QueryString_RC_COUNT", - Log4JRCE_QUERYSTRING_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_QueryString_RC_COUNT", - Log4JRCE_BODY_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Body_RC_COUNT", - Log4JRCE_URIPATH = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_URIPath", - ExploitablePaths_URIPATH = "awswaf:managed:aws:known-bad-inputs:ExploitablePaths_URIPath", - JavaDeserializationRCE_BODY = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Body", - Log4JRCE_QUERYSTRING = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_QueryString", - Log4JRCE_URIPATH_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_URIPath_RC_COUNT", - PROPFIND_METHOD = "awswaf:managed:aws:known-bad-inputs:Propfind_Method", - JavaDeserializationRCE_BODY_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Body_RC_COUNT", - JavaDeserializationRCE_HEADER_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Header_RC_COUNT", - Log4JRCE_HEADER_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Header_RC_COUNT", - JavaDeserializationRCE_URIPATH = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_URIPath", - Host_localhost_HEADER = "awswaf:managed:aws:known-bad-inputs:Host_Localhost_Header", - JavaDeserializationRCE_QUERYSTRING = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_QueryString", - JavaDeserializationRCE_HEADER = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Header", - JavaDeserializationRCE_URIPATH_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_URIPath_RC_COUNT", - Log4JRCE_BODY = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Body", - Log4JRCE_HEADER = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Header", -} - -/** - * Enum for AWSManagedRulesCommonRuleSet Rules - */ -export enum COMMON_RULE_SET_RULES { - NoUserAgent_HEADER = "NoUserAgent_HEADER", - UserAgent_BadBots_HEADER = "UserAgent_BadBots_HEADER", - SizeRestrictions_QUERYSTRING = "SizeRestrictions_QUERYSTRING", - SizeRestrictions_Cookie_HEADER = "SizeRestrictions_Cookie_HEADER", - SizeRestrictions_BODY = "SizeRestrictions_BODY", - SizeRestrictions_URIPATH = "SizeRestrictions_URIPATH", - EC2MetaDataSSRF_BODY = "EC2MetaDataSSRF_BODY", - EC2MetaDataSSRF_COOKIE = "EC2MetaDataSSRF_COOKIE", - EC2MetaDataSSRF_URIPATH = "EC2MetaDataSSRF_URIPATH", - EC2MetaDataSSRF_QUERYARGUMENTS = "EC2MetaDataSSRF_QUERYARGUMENTS", - GenericLFI_BODY = "GenericLFI_BODY", - GenericLFI_QUERYARGUMENTS = "GenericLFI_QUERYARGUMENTS", - GenericLFI_URIPATH = "GenericLFI_URIPATH", - GenericRFI_BODY = "GenericRFI_BODY", - GenericRFI_QUERYARGUMENTS = "GenericRFI_QUERYARGUMENTS", - GenericRFI_URIPATH = "GenericRFI_URIPATH", - CrossSiteScripting_COOKIE = "CrossSiteScripting_COOKIE", - CrossSiteScripting_QUERYARGUMENTS = "CrossSiteScripting_QUERYARGUMENTS", - CrossSiteScripting_BODY = "CrossSiteScripting_BODY", - CrossSiteScripting_URIPATH = "CrossSiteScripting_URIPATH", - RestrictedExtensions_URIPATH = "RestrictedExtensions_URIPATH", - RestrictedExtensions_QUERYARGUMENTS = "RestrictedExtensions_QUERYARGUMENTS", -} - -/** - * Enum for AWSManagedRulesCommonRuleSet Labels - */ -export enum COMMON_RULE_SET_LABELS { - GenericLFI_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:GenericLFI_QueryArguments", - SizeRestrictions_Cookie_HEADER = "awswaf:managed:aws:core-rule-set:SizeRestrictions_Cookie_Header", - EC2MetaDataSSRF_URIPATH = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_URIPath", - NoUserAgent_HEADER = "awswaf:managed:aws:core-rule-set:NoUserAgent_Header", - EC2MetaDataSSRF_BODY = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_Body", - GenericLFI_URIPATH = "awswaf:managed:aws:core-rule-set:GenericLFI_URIPath", - GenericRFI_URIPATH = "awswaf:managed:aws:core-rule-set:GenericRFI_URIPath", - SizeRestrictions_QUERYSTRING = "awswaf:managed:aws:core-rule-set:SizeRestrictions_QueryString", - SizeRestrictions_BODY = "awswaf:managed:aws:core-rule-set:SizeRestrictions_Body", - GenericRFI_BODY = "awswaf:managed:aws:core-rule-set:GenericRFI_Body", - UserAgent_BadBots_HEADER = "awswaf:managed:aws:core-rule-set:BadBots_Header", - SizeRestrictions_URIPATH = "awswaf:managed:aws:core-rule-set:SizeRestrictions_URIPath", - GenericLFI_BODY = "awswaf:managed:aws:core-rule-set:GenericLFI_Body", - RestrictedExtensions_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:RestrictedExtensions_QueryArguments", - CrossSiteScripting_URIPATH = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_URIPath", - CrossSiteScripting_BODY = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body", - RestrictedExtensions_URIPATH = "awswaf:managed:aws:core-rule-set:RestrictedExtensions_URIPath", - EC2MetaDataSSRF_COOKIE = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_Cookie", - GenericRFI_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:GenericRFI_QueryArguments", - CrossSiteScripting_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_QueryArguments", - CrossSiteScripting_COOKIE = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Cookie", - EC2MetaDataSSRF_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_QueryArguments", - -} - -/** - * Enum for AWSManagedRulesAdminProtectionRuleSet Rules - */ -export enum ADMIN_PROTECTION_RULE_SET_RULES { - AdminProtection_URIPATH = "AdminProtection_URIPATH", -} - -/** - * Enum for AWSManagedRulesAdminProtectionRuleSet Labels - */ -export enum ADMIN_PROTECTION_RULE_SET_LABELS { - AdminProtection_URIPATH = "awswaf:managed:aws:admin-protection:AdminProtection_URIPath", -} - -/** - * AWS Managed roule Group Vendor - */ -export enum ManagedRuleGroupVendor { - AWS = "AWS" -} - -/** - * AWS WAF Content Type - * - * The type of content in the payload that you are defining in the Content string. - * - * @see https://docs.aws.amazon.com/waf/latest/APIReference/API_CustomResponseBody.html - */ -export enum CustomResponseBodiesContentType { - APPLICATION_JSON = "APPLICATION_JSON", - TEXT_HTML = "TEXT_HTML", - TEXT_PLAIN = "TEXT_PLAIN", -} - -/** - * enum for supported webacl types - * following types are waiting for support if you need a GraphQLApi Firewall just use an ApiGateway:Stage Firewall - * - "AWS::Cognito::UserPool" - * - "AWS::AppSync::GraphQLApi" - */ -export enum WebAclTypeEnum { - ELASTICLOADBALANCINGV2_LOADBALANCER = "AWS::ElasticLoadBalancingV2::LoadBalancer", - CLOUDFRONT_DISTRIBUTION = "AWS::CloudFront::Distribution", - APIGATEWAYV2_API = "AWS::ApiGatewayV2::Api", - APIGATEWAY_STAGE = "AWS::ApiGateway::Stage", - COGNITO_USERPOOL = "AWS::Cognito::UserPool", - APPSYNC_GRAPHQLAPI = "AWS::AppSync::GraphQLApi" -} \ No newline at end of file diff --git a/lib/types/enums/general.ts b/lib/types/enums/general.ts new file mode 100644 index 00000000..b21e03bb --- /dev/null +++ b/lib/types/enums/general.ts @@ -0,0 +1,56 @@ +/** + * Represents Enum for all AWS Regions + */ +export enum AWSRegion { + US_EAST_1 = "us-east-1", + US_EAST_2 = "us-east-2", + US_WEST_1 = "us-west-1", + US_WEST_2 = "us-west-2", + AF_SOUTH_1 = "af-south-1", + AP_EAST_1 = "ap-east-1", + AP_SOUTH_1 = "ap-south-1", + AP_NORTHEAST_1 = "ap-northeast-1", + AP_NORTHEAST_2 = "ap-northeast-2", + AP_NORTHEAST_3 = "ap-northeast-3", + AP_SOUTHEAST_1 = "ap-southeast-1", + AP_SOUTHEAST_2 = "ap-southeast-2", + CA_CENTRAL_1 = "ca-central-1", + CN_NORTH_1 = "cn-north-1", + CN_NORTHWEST_1 = "cn-northwest-1", + EU_CENTRAL_1 = "eu-central-1", + EU_WEST_1 = "eu-west-1", + EU_WEST_2 = "eu-west-2", + EU_WEST_3 = "eu-west-3", + EU_NORTH_1 = "eu-north-1", + EU_SOUTH_1 = "eu-south-1", + ME_SOUTH_1 = "me-south-1", + SA_EAST_1 = "sa-east-1" + } + +/** + * Represents all AWS Regions + */ +export type RegionString = + | "us-west-2" + | "us-west-1" + | "us-east-2" + | "us-east-1" + | "ap-south-1" + | "ap-northeast-2" + | "ap-northeast-1" + | "ap-southeast-1" + | "ap-southeast-2" + | "ca-central-1" + | "cn-north-1" + | "eu-central-1" + | "eu-west-1" + | "eu-west-2" + | "eu-west-3" + | "sa-east-1" + | "us-gov-west-1" + | "ap-east-1" + | "ap-southeast-3" + | "ap-northeast-3" + | "eu-south-1" + | "eu-north-1" + | "me-south-1"; \ No newline at end of file diff --git a/lib/types/enums/index.ts b/lib/types/enums/index.ts new file mode 100644 index 00000000..f2e32760 --- /dev/null +++ b/lib/types/enums/index.ts @@ -0,0 +1,4 @@ +export * from "./waf"; +export * from "./s3"; +export * from "./pricing"; +export * from "./general"; diff --git a/lib/types/enums/pricing.ts b/lib/types/enums/pricing.ts new file mode 100644 index 00000000..880911b1 --- /dev/null +++ b/lib/types/enums/pricing.ts @@ -0,0 +1,28 @@ +/** +* Represents Region Codes for all AWS Regions +*/ +export enum PriceRegions { + "us-west-2" = "US West (Oregon)", + "us-west-1" = "US West (N. California)", + "us-east-2" = "US East (Ohio)", + "us-east-1" = "US East (N. Virginia)", + "ap-south-1" = "Asia Pacific (Mumbai)", + "ap-northeast-2" = "Asia Pacific (Seoul)", + "ap-northeast-1" = "Asia Pacific (Tokyo)", + "ap-southeast-1" = "Asia Pacific (Singapore)", + "ap-southeast-2" = "Asia Pacific (Sydney)", + "ca-central-1" = "Canada (Central)", + "cn-north-1" = "China (Beijing)", + "eu-central-1" = "EU (Frankfurt)", + "eu-west-1" = "EU (Ireland)", + "eu-west-2" = "EU (London)", + "eu-west-3" = "EU (Paris)", + "sa-east-1" = "South America (São Paulo)", + "us-gov-west-1" = "AWS GovCloud (US)", + "ap-east-1" = "Asia Pacific (Hong Kong)", + "ap-southeast-3" = "Asia Pacific (Jakarta)", + "ap-northeast-3" = "Asia Pacific (Osaka)", + "eu-south-1" = "Europe (Milan)", + "eu-north-1" = "Europe (Stockholm)", + "me-south-1" = "Middle East (Bahrain)", + } \ No newline at end of file diff --git a/lib/types/enums/s3.ts b/lib/types/enums/s3.ts new file mode 100644 index 00000000..e0c44bf6 --- /dev/null +++ b/lib/types/enums/s3.ts @@ -0,0 +1,9 @@ +/** + * S3 Object Lock provides two retention modes: + - Governance mode + - Compliance mode + */ +export enum ObjectLockMode { + GOVERNANCE = "GOVERNANCE", + COMPLIANCE = "COMPLIANCE", + } \ No newline at end of file diff --git a/lib/types/enums/waf.ts b/lib/types/enums/waf.ts new file mode 100644 index 00000000..00cb46b1 --- /dev/null +++ b/lib/types/enums/waf.ts @@ -0,0 +1,787 @@ +/** + * These typescript enums used in aws firewall manager + * + * @see https://www.typescriptlang.org/docs/handbook/enums.html + * @see https://aws.amazon.com/en/firewall-manager/ + */ + +/** + * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. + * A regional application can be + * - an Application Load Balancer (ALB), + * - an Amazon API Gateway REST API, + * - an AWS AppSync GraphQL API, + * - an Amazon Cognito user pool, + * - an AWS App Runner service, + * - or an AWS Verified Access instance. + * + * Valid Values are CLOUDFRONT and REGIONAL. + * + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html + */ +export enum WebAclScope { + CLOUDFRONT = "CLOUDFRONT", + REGIONAL = "REGIONAL" + } + +/** + * List of REGIONAL AWS Managed Rule Groups + * @see https://docs.aws.amazon.com/waf/latest/APIReference/API_ListAvailableManagedRuleGroups.html + * @see https://docs.aws.amazon.com/cli/latest/reference/wafv2/list-available-managed-rule-groups.html + * SDK command: + * Regional: + * aws wafv2 list-available-managed-rule-groups --scope REGIONAL |jq -r ".[] | .[] | .Name" + * Cloudfront + * aws wafv2 list-available-managed-rule-groups --scope REGIONAL --region=us-east-1|jq -r ".[] | .[] | .Name" + */ +export enum AwsManagedRules { + COMMON_RULE_SET = "AWSManagedRulesCommonRuleSet", + ADMIN_PROTECTION_RULE_SET = "AWSManagedRulesAdminProtectionRuleSet", + KNOWN_BAD_INPUTS_RULE_SET = "AWSManagedRulesKnownBadInputsRuleSet", + SQLI_RULE_SET = "AWSManagedRulesSQLiRuleSet", + LINUX_RULE_SET = "AWSManagedRulesLinuxRuleSet", + UNIX_RULE_SET = "AWSManagedRulesUnixRuleSet", + WINDOWS_RULE_SET = "AWSManagedRulesWindowsRuleSet", + PHP_RULE_SET = "AWSManagedRulesPHPRuleSet", + WORDPRESS_RULE_SET = "AWSManagedRulesWordPressRuleSet", + AMAZON_IP_REPUTATION_LIST = "AWSManagedRulesAmazonIpReputationList", + ANONYMOUS_IP_LIST = "AWSManagedRulesAnonymousIpList", + BOT_CONTROL_RULE_SET = "AWSManagedRulesBotControlRuleSet", + ATP_RULE_SET = "AWSManagedRulesATPRuleSet", + ACFP_RULE_SET = "AWSManagedRulesACFPRuleSet" + } + +/** + * Enum for Labels which are related to AWSManagedRulesATPRuleSet & AWSManagedRulesBotControlRuleSet + */ +export enum AwsManagedRulesGeneralLabels{ + ManagedTokenRejectedNotSolved = "awswaf:managed:token:rejected:not_solved", + ManagedTokenRejectedExpired = "awswaf:managed:token:rejected:expired", + ManagedTokenRejectedDomainMismatch = "awswaf:managed:token:rejected:domain_mismatch", + ManagedTokenRejectedInvalid = "awswaf:managed:token:rejected:invalid", + ManagedCaptchaRejected = "awswaf:managed:captcha:rejected", + ManagedCaptchaAccepted = "awswaf:managed:captcha:accepted", + ManagedCaptchaRejectedNotSolved = "awswaf:managed:captcha:rejected:not_solved", + ManagedCaptchaRejectedExpired = "awswaf:managed:captcha:rejected:expired", + ManagedCaptchaRejectedDomainMismatch = "awswaf:managed:captcha:rejected:domain_mismatch", + ManagedCaptchaRejectedInvalid = "awswaf:managed:captcha:rejected:invalid" + } + +/** + * Enum for AWSManagedRulesACFPRuleSet Rules + */ +export enum ACFP_RULE_SET_RULES { + UnsupportedCognitoIDP = "UnsupportedCognitoIDP", + AllRequests = "AllRequests", + RiskScoreHigh = "RiskScoreHigh", + SignalCredentialCompromised = "SignalCredentialCompromised", + SignalClientHumanInteractivityAbsentLow = "SignalClientHumanInteractivityAbsentLow", + AutomatedBrowser = "AutomatedBrowser", + BrowserInconsistency = "BrowserInconsistency", + VolumetricIpHigh = "VolumetricIpHigh", + VolumetricSessionHigh = "VolumetricSessionHigh", + AttributeUsernameTraversalHigh = "AttributeUsernameTraversalHigh", + VolumetricPhoneNumberHigh = "VolumetricPhoneNumberHigh", + VolumetricAddressHigh = "VolumetricAddressHigh", + VolumetricAddressLow = "VolumetricAddressLow", + VolumetricIPSuccessfulResponse = "VolumetricIPSuccessfulResponse", + VolumetricSessionSuccessfulResponse = "VolumetricSessionSuccessfulResponse", + VolumetricSessionTokenReuseIp = "VolumetricSessionTokenReuseIp", + } + +/** + * Enum for AWSManagedRulesACFPRuleSet Labels + */ +export enum ACFP_RULE_SET_LABELS { + UnsupportedCognitoIDP = "awswaf:managed:aws:acfp:unsupported:cognito_idp", + VolumetricSessionHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:high", + VolumetricSessionMedium ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:medium", + VolumetricSessionLow ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:low", + VolumetricSessionSessionFailedCreationResponseHigh = "awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:high", + VolumetricSessionSessionFailedCreationResponseMedium = "awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:medium", + VolumetricSessionSessionFailedCreationResponseLow = "awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:low", + VolumetricSessionSuccessfulResponseHigh = "awswaf:managed:aws:acfp:aggregate:volumetric:session:successful_creation_response:high", + VolumetricSessionSuccessfulResponseMedium = "awswaf:managed:aws:acfp:aggregate:volumetric:session:successful_creation_response:medium", + VolumetricSessionSuccessfulResponseLow = "awswaf:managed:aws:acfp:aggregate:volumetric:session:successful_creation_response:low", + VolumetricSessionFailedResponseHigh = " awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:high", + VolumetricSessionFailedResponseMedium = " awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:medium", + VolumetricSessionFailedResponseLow = " awswaf:managed:aws:acfp:aggregate:volumetric:session:failed_creation_response:low", + VolumetricSessionTokenReuseIp ="awswaf:managed:aws:acfp:aggregate:volumetric:session:creation:token_reuse:ip", + VolumetricPhoneNumberHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:phone_number:high", + VolumetricPhoneNumberMedium ="awswaf:managed:aws:acfp:aggregate:volumetric:phone_number:medium", + VolumetricPhoneNumberLow ="awswaf:managed:aws:acfp:aggregate:volumetric:phone_number:low", + VolumetricCreationHigh = "awswaf:managed:aws:acfp:aggregate:volumetric:ip:creation:high", + VolumetricCreationMedium = "awswaf:managed:aws:acfp:aggregate:volumetric:ip:creation:medium", + VolumetricCreationLow ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:creation:low", + VolumetricIpSuccessFulCreationHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:successful_creation_response:high", + VolumetricIpSuccessFulCreationMedium="awswaf:managed:aws:acfp:aggregate:volumetric:ip:successful_creation_response:medium", + VolumetricIpSuccessFulCreationLow ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:successful_creation_response:low", + VolumetricIpFailedCreationHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:failed_creation_response:high", + VolumetricIpFailedCreationMedium="awswaf:managed:aws:acfp:aggregate:volumetric:ip:failed_creation_response:medium", + VolumetricIpFailedCreationLow ="awswaf:managed:aws:acfp:aggregate:volumetric:ip:failed_creation_response:low", + VolumetricAddressHigh ="awswaf:managed:aws:acfp:aggregate:volumetric:address:high", + VolumetricAddressMedium="awswaf:managed:aws:acfp:aggregate:volumetric:address:medium", + VolumetricAddressLow ="awswaf:managed:aws:acfp:aggregate:volumetric:address:low", + AttributeUsernameTraversalHigh ="awswaf:managed:aws:acfp:aggregate:attribute:username_traversal:creation:high", + AttributeUsernameTraversalMedium="awswaf:managed:aws:acfp:aggregate:attribute:username_traversal:creation:medium", + AttributeUsernameTraversalLow= "awswaf:managed:aws:acfp:aggregate:attribute:username_traversal:creation:low", + AutomatedBrowser ="awswaf:managed:aws:acfp:signal:automated_browser", + BrowserInconsistency ="awswaf:managed:aws:acfp:signal:browser_inconsistency", + SignalCredentialCompromised ="awswaf:managed:aws:acfp:signal:credential_compromised", + SignalMissingCredential ="awswaf:managed:aws:acfp:signal:missing_credential", + SignalCreationPage ="awswaf:managed:aws:acfp:signal:creation_page", + SignalRegistrationPage ="awswaf:managed:aws:acfp:signal:registration_page", + SignalFormDetected ="awswaf:managed:aws:acfp:signal:form_detected", + SignalClientHumanInteractivityAbsentHigh ="awswaf:managed:aws:acfp:signal:client:human_interactivity:high", + SignalClientHumanInteractivityAbsentMedium ="awswaf:managed:aws:acfp:signal:client:human_interactivity:medium", + SignalClientHumanInteractivityAbsentLow ="awswaf:managed:aws:acfp:signal:client:human_interactivity:low", + SignalClientHumanInteractivityInsufficientData ="awswaf:managed:aws:acfp:signal:client:human_interactivity:insufficient_data", + RiskScoreHigh ="awswaf:managed:aws:acfp:risk_score:high", + RiskScoreMedium ="awswaf:managed:aws:acfp:risk_score:medium", + RiskScoreLow ="awswaf:managed:aws:acfp:risk_score:low", + RiskScoreEvaluationFailed = "awswaf:managed:aws:acfp:risk_score:evaluation_failed", + RiskScoreContributorIpReputationHigh = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:high", + RiskScoreContributorIpReputationMedium = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:medium", + RiskScoreContributorIpReputationLow = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:low", + RiskScoreContributorIpReputationEvaluationFailed = "awswaf:managed:aws:acfp:risk_score:contributor:ip_reputation:evaluation_failed", + RiskScoreContributorStolenCredentialsCredentialPairHigh ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:high", + RiskScoreContributorStolenCredentialsCredentialPairMedium ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:medium", + RiskScoreContributorStolenCredentialsCredentialPairLow ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:low", + RiskScoreContributorStolenCredentialsCredentialPairEvaluationFailed ="awswaf:managed:aws:acfp:risk_score:contributor:stolen_credentials_credential_pair:evaluation_failed", + } + +/** + * Enum for AWSManagedRulesATPRuleSet Rules + */ +export enum ATP_RULE_SET_RULES { + UnsupportedCognitoIDP = "UnsupportedCognitoIDP", + VolumetricIpHigh = "VolumetricIpHigh", + VolumetricSession = "VolumetricSession", + AttributeCompromisedCredentials = "AttributeCompromisedCredentials", + AttributeUsernameTraversal = "AttributeUsernameTraversal", + AttributePasswordTraversal = "AttributePasswordTraversal", + AttributeLongSession = "AttributeLongSession", + TokenRejected = "TokenRejected", + SignalMissingCredential = "SignalMissingCredential", + } + +/** + * Enum for AWSManagedRulesATPRuleSet Labels + */ +export enum ATP_RULE_SET_LABELS { + UnsupportedCognitoIDP = "awswaf:managed:aws:atp:unsupported:cognito_idp", + VolumetricIpHigh = "awswaf:managed:aws:atp:aggregate:volumetric:ip:high", + VolumetricIpMedium = "awswaf:managed:aws:atp:aggregate:volumetric:ip:medium", + VolumetricIpLow = "awswaf:managed:aws:atp:aggregate:volumetric:ip:low", + VolumemetricIpFailedLoginResponseHigh = "awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:high", + VolumemetricIpFailedLoginResponseMedium = "awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:medium", + VolumemetricIpFailedLoginResponseLow = "awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:low", + VolumemetricIpSuccessfulLoginResponse_high = "awswaf:managed:aws:atp:aggregate:volumetric:ip:successful_login_response:high", + VolumemetricIpSuccessfulLoginResponse_medium = "awswaf:managed:aws:atp:aggregate:volumetric:ip:successful_login_response:medium", + VolumemetricIpSuccessfulLoginResponse_low = "awswaf:managed:aws:atp:aggregate:volumetric:ip:successful_login_response:low", + VolumetricSession = "awswaf:managed:aws:atp:aggregate:volumetric:session", + VolumetricSessionFailedLoginResponseHigh = "awswaf:managed:aws:atp:aggregate:volumetric:session:failed_login_response:high", + VolumetricSessionFailedLoginResponseMedium = "awswaf:managed:aws:atp:aggregate:volumetric:session:failed_login_response:medium", + VolumetricSessionFailedLoginResponseLow = "awswaf:managed:aws:atp:aggregate:volumetric:session:failed_login_response:low", + VolumetricSessionSuccessfulLoginResponseHigh = "awswaf:managed:aws:atp:aggregate:volumetric:session:successful_login_response:high", + VolumetricSessionSuccessfulLoginResponseMedium = "awswaf:managed:aws:atp:aggregate:volumetric:session:successful_login_response:medium", + VolumetricSessionSuccessfulLoginResponseLow = "awswaf:managed:aws:atp:aggregate:volumetric:session:successful_login_response:low", + VolumetricSessiontokenReuseIp = "awswaf:managed:aws:atp:aggregate:volumetric:session:token_reuse:ip", + AttributeLongSession = "awswaf:managed:aws:atp:aggregate:attribute:long_session", + AttributeCompromisedCredentials = "awswaf:managed:aws:atp:aggregate:attribute:compromised_credentials", + AttributeUsernameTraversal = "awswaf:managed:aws:atp:aggregate:attribute:username_traversal", + AttributePasswordTraversal = "awswaf:managed:aws:atp:aggregate:attribute:password_traversal", + SignalMissingCompromised = "awswaf:managed:aws:atp:signal:credential_compromised", + SignalMissingCredential = "awswaf:managed:aws:atp:signal:missing_credential", + TokenRejected = "awswaf:managed:token:rejected", + TokenAccepted = "awswaf:managed:token:accepted", + TokenAbsent = "awswaf:managed:token:absent", + CaptchaAbsent = "awswaf:managed:captcha:absent", + SuspiciousTlsFingerprint= "awswaf:managed:aws:atp:aggregate:attribute:suspicious_tls_fingerprint" + } + + +/** + * Enum for AWSManagedRulesBotControlRuleSet Rules + */ +export enum BOT_CONTROL_RULE_SET_RULES { + CategoryAdvertising = "CategoryAdvertising", + CategoryArchiver = "CategoryArchiver", + CategoryContentFetcher = "CategoryContentFetcher", + CategoryEmailClient = "CategoryEmailClient", + CategoryHttpLibrary = "CategoryHttpLibrary", + CategoryLinkChecker = "CategoryLinkChecker", + CategoryMiscellaneous = "CategoryMiscellaneous", + CategoryMonitoring = "CategoryMonitoring", + CategoryScrapingFramework = "CategoryScrapingFramework", + CategorySearchEngine = "CategorySearchEngine", + CategorySecurity = "CategorySecurity", + CategorySeo = "CategorySeo", + CategorySocialMedia = "CategorySocialMedia", + CategoryAI = "CategoryAI", + SignalAutomatedBrowser = "SignalAutomatedBrowser", + SignalKnownBotDataCenter = "SignalKnownBotDataCenter", + SignalNonBrowserUserAgent = "SignalNonBrowserUserAgent", + TGT_VolumetricIpTokenAbsent = "TGT_VolumetricIpTokenAbsent", + TGT_VolumetricSession = "TGT_VolumetricSession", + TGT_SignalAutomatedBrowser = "TGT_SignalAutomatedBrowser", + TGT_SignalBrowserInconsistency = "TGT_SignalBrowserInconsistency", + TGT_TokenReuseIp = "TGT_TokenReuseIp", + TGT_ML_CoordinatedActivityMedium = "TGT_ML_CoordinatedActivityMedium", + TGT_ML_CoordinatedActivityHigh = "TGT_ML_CoordinatedActivityHigh", + } + +/** + * Enum for AWSManagedRulesBotControlRuleSet Labels + */ +export enum BOT_CONTROL_RULE_SET_LABELS { + CategoryAdvertising = "awswaf:managed:aws:bot-control:bot:category:advertising", + CategoryAi = "awswaf:managed:aws:bot-control:bot:category:ai", + CategoryArchiver = "awswaf:managed:aws:bot-control:bot:category:archiver", + CategoryContentFetcher = "awswaf:managed:aws:bot-control:bot:category:content_fetcher", + CategoryEmailClient = "awswaf:managed:aws:bot-control:bot:category:email_client", + CategoryHttpLibrary = "awswaf:managed:aws:bot-control:bot:category:http_library", + CategoryLinkChecker = "awswaf:managed:aws:bot-control:bot:category:link_checker", + CategoryMiscellaneous = "awswaf:managed:aws:bot-control:bot:category:miscellaneous", + CategoryMonitoring = "awswaf:managed:aws:bot-control:bot:category:monitoring", + CategoryScrapingFramework = "awswaf:managed:aws:bot-control:bot:category:scraping_framework", + CategorySearchEngine = "awswaf:managed:aws:bot-control:bot:category:search_engine", + CategorySecurity = "awswaf:managed:aws:bot-control:bot:category:security", + CategorySeo = "awswaf:managed:aws:bot-control:bot:category:seo", + CategorySocialMedia = "awswaf:managed:aws:bot-control:bot:category:social_media", + DeveloperPlatformVerified = "awswaf:managed:aws:bot-control:bot:developer_platform:verified", + NameAasaBot = "awswaf:managed:aws:bot-control:bot:name:aasa_bot", + NameAcunetix = "awswaf:managed:aws:bot-control:bot:name:acunetix", + NameAdidxbot = "awswaf:managed:aws:bot-control:bot:name:adidxbot", + NameAdmantx = "awswaf:managed:aws:bot-control:bot:name:admantx", + NameAhrefsbot = "awswaf:managed:aws:bot-control:bot:name:ahrefsbot", + NameAlexabot = "awswaf:managed:aws:bot-control:bot:name:alexabot", + NameAmazonAdbot = "awswaf:managed:aws:bot-control:bot:name:amazon_adbot", + NameAmazonbot = "awswaf:managed:aws:bot-control:bot:name:amazonbot", + NameApache = "awswaf:managed:aws:bot-control:bot:name:apache", + NameAppInsights = "awswaf:managed:aws:bot-control:bot:name:app_insights", + NameApplebot = "awswaf:managed:aws:bot-control:bot:name:applebot", + NameAxios = "awswaf:managed:aws:bot-control:bot:name:axios", + NameBaidu = "awswaf:managed:aws:bot-control:bot:name:baidu", + NameBarkrowler = "awswaf:managed:aws:bot-control:bot:name:barkrowler", + NameBingbot = "awswaf:managed:aws:bot-control:bot:name:bingbot", + NameBitly = "awswaf:managed:aws:bot-control:bot:name:bitly", + NameBlexbot = "awswaf:managed:aws:bot-control:bot:name:blexbot", + NameBomborabot = "awswaf:managed:aws:bot-control:bot:name:bomborabot", + NameBooko = "awswaf:managed:aws:bot-control:bot:name:booko", + NameBotify = "awswaf:managed:aws:bot-control:bot:name:botify", + NameBrandVerity = "awswaf:managed:aws:bot-control:bot:name:brand_verity", + NameBytespider = "awswaf:managed:aws:bot-control:bot:name:bytespider", + NameCcbot = "awswaf:managed:aws:bot-control:bot:name:ccbot", + NameChatgpt = "awswaf:managed:aws:bot-control:bot:name:chatgpt", + NameChatgptUser = "awswaf:managed:aws:bot-control:bot:name:chatgpt_user", + NameCheckmarkNetwork = "awswaf:managed:aws:bot-control:bot:name:checkmark_network", + NameChromeLighthouse = "awswaf:managed:aws:bot-control:bot:name:chrome_lighthouse", + NameClickagy = "awswaf:managed:aws:bot-control:bot:name:clickagy", + NameCliqzbot = "awswaf:managed:aws:bot-control:bot:name:cliqzbot", + NameCloudflare = "awswaf:managed:aws:bot-control:bot:name:cloudflare", + NameCoccoc = "awswaf:managed:aws:bot-control:bot:name:coccoc", + NameComodo = "awswaf:managed:aws:bot-control:bot:name:comodo", + NameCrawler4j = "awswaf:managed:aws:bot-control:bot:name:crawler4j", + NameCriteobot = "awswaf:managed:aws:bot-control:bot:name:criteobot", + NameCurl = "awswaf:managed:aws:bot-control:bot:name:curl", + NameCxensebot = "awswaf:managed:aws:bot-control:bot:name:cxensebot", + NameDatadogSyntheticMonitor = "awswaf:managed:aws:bot-control:bot:name:datadog_synthetic_monitor", + NameDataforseobot = "awswaf:managed:aws:bot-control:bot:name:dataforseobot", + NameDatanyze = "awswaf:managed:aws:bot-control:bot:name:datanyze", + NameDeepcrawl = "awswaf:managed:aws:bot-control:bot:name:deepcrawl", + NameDetectify = "awswaf:managed:aws:bot-control:bot:name:detectify", + NameDiscordbot = "awswaf:managed:aws:bot-control:bot:name:discordbot", + NameDocomo = "awswaf:managed:aws:bot-control:bot:name:docomo", + NameDotbot = "awswaf:managed:aws:bot-control:bot:name:dotbot", + NameDrupal = "awswaf:managed:aws:bot-control:bot:name:drupal", + NameDuckduckbot = "awswaf:managed:aws:bot-control:bot:name:duckduckbot", + NameDuckduckgoFaviconsBot = "awswaf:managed:aws:bot-control:bot:name:duckduckgo_favicons_bot", + NameEchoboxbot = "awswaf:managed:aws:bot-control:bot:name:echoboxbot", + NameEmbedly = "awswaf:managed:aws:bot-control:bot:name:embedly", + NameEzooms = "awswaf:managed:aws:bot-control:bot:name:ezooms", + NameFacebook = "awswaf:managed:aws:bot-control:bot:name:facebook", + NameFacebot = "awswaf:managed:aws:bot-control:bot:name:facebot", + NameFeedburner = "awswaf:managed:aws:bot-control:bot:name:feedburner", + NameFeedfinder = "awswaf:managed:aws:bot-control:bot:name:feedfinder", + NameFeedspot = "awswaf:managed:aws:bot-control:bot:name:feedspot", + NameFindlinks = "awswaf:managed:aws:bot-control:bot:name:findlinks", + NameFlipboard = "awswaf:managed:aws:bot-control:bot:name:flipboard", + NameFreshpingbot = "awswaf:managed:aws:bot-control:bot:name:freshpingbot", + NameGarlik = "awswaf:managed:aws:bot-control:bot:name:garlik", + NameGenieo = "awswaf:managed:aws:bot-control:bot:name:genieo", + NameGetintent = "awswaf:managed:aws:bot-control:bot:name:getintent", + NameGoHttp = "awswaf:managed:aws:bot-control:bot:name:go_http", + NameGoogleAdsbot = "awswaf:managed:aws:bot-control:bot:name:google_adsbot", + NameGoogleAdsense = "awswaf:managed:aws:bot-control:bot:name:google_adsense", + NameGoogleApis = "awswaf:managed:aws:bot-control:bot:name:google_apis", + NameGoogleAppEngine = "awswaf:managed:aws:bot-control:bot:name:google_app_engine", + NameGoogleAppsScript = "awswaf:managed:aws:bot-control:bot:name:google_apps_script", + NameGoogleAssociationService = "awswaf:managed:aws:bot-control:bot:name:google_association_service", + NameGoogleCommonCrawler = "awswaf:managed:aws:bot-control:bot:name:google_common_crawler", + NameGoogleFavicon = "awswaf:managed:aws:bot-control:bot:name:google_favicon", + NameGoogleFeedfetcher = "awswaf:managed:aws:bot-control:bot:name:google_feedfetcher", + NameGoogleImageproxy = "awswaf:managed:aws:bot-control:bot:name:google_imageproxy", + NameGoogleInspectionTool = "awswaf:managed:aws:bot-control:bot:name:google_inspection_tool", + NameGoogleMediapartners = "awswaf:managed:aws:bot-control:bot:name:google_mediapartners", + NameGoogleOther = "awswaf:managed:aws:bot-control:bot:name:google_other", + NameGooglePagerenderer = "awswaf:managed:aws:bot-control:bot:name:google_pagerenderer", + NameGooglePublisherCenter = "awswaf:managed:aws:bot-control:bot:name:google_publisher_center", + NameGoogleReadAloud = "awswaf:managed:aws:bot-control:bot:name:google_read_aloud", + NameGoogleSiteVerification = "awswaf:managed:aws:bot-control:bot:name:google_site_verification", + NameGoogleSpecialCaseCrawler = "awswaf:managed:aws:bot-control:bot:name:google_special_case_crawler", + NameGoogleStorebot = "awswaf:managed:aws:bot-control:bot:name:google_storebot", + NameGoogleUserTriggeredFetcher = "awswaf:managed:aws:bot-control:bot:name:google_user_triggered_fetcher", + NameGoogleWebPreview = "awswaf:managed:aws:bot-control:bot:name:google_web_preview", + NameGooglebot = "awswaf:managed:aws:bot-control:bot:name:googlebot", + NameGoogleweblight = "awswaf:managed:aws:bot-control:bot:name:googleweblight", + NameGptbot = "awswaf:managed:aws:bot-control:bot:name:gptbot", + NameGrapeshot = "awswaf:managed:aws:bot-control:bot:name:grapeshot", + NameGrub = "awswaf:managed:aws:bot-control:bot:name:grub", + NameGtmetrix = "awswaf:managed:aws:bot-control:bot:name:gtmetrix", + NameGuzzle = "awswaf:managed:aws:bot-control:bot:name:guzzle", + NameHarvester = "awswaf:managed:aws:bot-control:bot:name:harvester", + NameHatena = "awswaf:managed:aws:bot-control:bot:name:hatena", + NameHeritrix = "awswaf:managed:aws:bot-control:bot:name:heritrix", + NameHubspot = "awswaf:managed:aws:bot-control:bot:name:hubspot", + NameIchiro = "awswaf:managed:aws:bot-control:bot:name:ichiro", + NameIframely = "awswaf:managed:aws:bot-control:bot:name:iframely", + NameInternetArchive = "awswaf:managed:aws:bot-control:bot:name:internet_archive", + NameIsecbot = "awswaf:managed:aws:bot-control:bot:name:isecbot", + NameJakarta = "awswaf:managed:aws:bot-control:bot:name:jakarta", + NameJava = "awswaf:managed:aws:bot-control:bot:name:java", + NameJersey = "awswaf:managed:aws:bot-control:bot:name:jersey", + NameLibhttp = "awswaf:managed:aws:bot-control:bot:name:libhttp", + NameLibperl = "awswaf:managed:aws:bot-control:bot:name:libperl", + NameLinespider = "awswaf:managed:aws:bot-control:bot:name:Linespider", + Namelinespider = "awswaf:managed:aws:bot-control:bot:name:linespider", + NameLinguee = "awswaf:managed:aws:bot-control:bot:name:linguee", + NameLinkchecker = "awswaf:managed:aws:bot-control:bot:name:linkchecker", + NameLinkdex = "awswaf:managed:aws:bot-control:bot:name:linkdex", + NameLinkedin = "awswaf:managed:aws:bot-control:bot:name:linkedin", + NameLinklint = "awswaf:managed:aws:bot-control:bot:name:linklint", + NameLinkscan = "awswaf:managed:aws:bot-control:bot:name:linkscan", + NameLinkup = "awswaf:managed:aws:bot-control:bot:name:linkup", + NameLinkwalker = "awswaf:managed:aws:bot-control:bot:name:linkwalker", + NameLivelapbot = "awswaf:managed:aws:bot-control:bot:name:livelapbot", + NameLydia = "awswaf:managed:aws:bot-control:bot:name:lydia", + NameMagpie = "awswaf:managed:aws:bot-control:bot:name:magpie", + NameMailru = "awswaf:managed:aws:bot-control:bot:name:mailru", + NameMarfeel = "awswaf:managed:aws:bot-control:bot:name:marfeel", + NameMauibot = "awswaf:managed:aws:bot-control:bot:name:mauibot", + NameMaverick = "awswaf:managed:aws:bot-control:bot:name:maverick", + NameMediatoolkitbot = "awswaf:managed:aws:bot-control:bot:name:mediatoolkitbot", + NameMegaindex = "awswaf:managed:aws:bot-control:bot:name:megaindex", + NameMicrosoftPreview = "awswaf:managed:aws:bot-control:bot:name:microsoft_preview", + NameMiniflux = "awswaf:managed:aws:bot-control:bot:name:miniflux", + NameMixrankbot = "awswaf:managed:aws:bot-control:bot:name:mixrankbot", + NameMj12bot = "awswaf:managed:aws:bot-control:bot:name:mj12bot", + NameMoatbot = "awswaf:managed:aws:bot-control:bot:name:moatbot", + NameMojeek = "awswaf:managed:aws:bot-control:bot:name:mojeek", + NameMoodlebot = "awswaf:managed:aws:bot-control:bot:name:moodlebot", + NameMsnbot = "awswaf:managed:aws:bot-control:bot:name:msnbot", + NameNetvibes = "awswaf:managed:aws:bot-control:bot:name:netvibes", + NameNewrelicSyntheticMonitor = "awswaf:managed:aws:bot-control:bot:name:newrelic_synthetic_monitor", + NameNewspaper = "awswaf:managed:aws:bot-control:bot:name:newspaper", + NameNimbostratus = "awswaf:managed:aws:bot-control:bot:name:nimbostratus", + NameNode_fetch = "awswaf:managed:aws:bot-control:bot:name:node_fetch", + NameOkhttp = "awswaf:managed:aws:bot-control:bot:name:okhttp", + NameOutlook = "awswaf:managed:aws:bot-control:bot:name:outlook", + NamePandalytics = "awswaf:managed:aws:bot-control:bot:name:pandalytics", + NamePaperlibot = "awswaf:managed:aws:bot-control:bot:name:paperlibot", + NamePetalbot = "awswaf:managed:aws:bot-control:bot:name:petalbot", + NamePhpcrawl = "awswaf:managed:aws:bot-control:bot:name:phpcrawl", + NamePingability = "awswaf:managed:aws:bot-control:bot:name:pingability", + NamePingdom = "awswaf:managed:aws:bot-control:bot:name:pingdom", + NamePinterest = "awswaf:managed:aws:bot-control:bot:name:pinterest", + NamePocket = "awswaf:managed:aws:bot-control:bot:name:pocket", + NameProctorio = "awswaf:managed:aws:bot-control:bot:name:proctorio", + NameProximic = "awswaf:managed:aws:bot-control:bot:name:proximic", + NamePrtg = "awswaf:managed:aws:bot-control:bot:name:prtg", + NamePsbot = "awswaf:managed:aws:bot-control:bot:name:psbot", + NamePython = "awswaf:managed:aws:bot-control:bot:name:python", + NamePythonRequests = "awswaf:managed:aws:bot-control:bot:name:python_requests", + NamQwantify = "awswaf:managed:aws:bot-control:bot:name:qwantify", + NameRedditbot = "awswaf:managed:aws:bot-control:bot:name:redditbot", + NameRiddler = "awswaf:managed:aws:bot-control:bot:name:riddler", + NameRogerbot = "awswaf:managed:aws:bot-control:bot:name:rogerbot", + NameRoute53_health_check = "awswaf:managed:aws:bot-control:bot:name:route53_health_check", + NameRuby = "awswaf:managed:aws:bot-control:bot:name:ruby", + NameScrapy = "awswaf:managed:aws:bot-control:bot:name:scrapy", + NameSeekportbot = "awswaf:managed:aws:bot-control:bot:name:seekportbot", + NameSemanticscholarbot = "awswaf:managed:aws:bot-control:bot:name:semanticscholarbot", + NameSemrushbot = "awswaf:managed:aws:bot-control:bot:name:semrushbot", + NameSentibot = "awswaf:managed:aws:bot-control:bot:name:sentibot", + NameSerpstatbot = "awswaf:managed:aws:bot-control:bot:name:serpstatbot", + NameSimilarTech = "awswaf:managed:aws:bot-control:bot:name:similar_tech", + NameSiteImprove = "awswaf:managed:aws:bot-control:bot:name:site_improve", + NameSlackImages = "awswaf:managed:aws:bot-control:bot:name:slack_images", + NameSlackbot = "awswaf:managed:aws:bot-control:bot:name:slackbot", + NameSnapchat = "awswaf:managed:aws:bot-control:bot:name:snapchat", + NameSnoopy = "awswaf:managed:aws:bot-control:bot:name:snoopy", + NameSogou = "awswaf:managed:aws:bot-control:bot:name:sogou", + NameSteeler = "awswaf:managed:aws:bot-control:bot:name:steeler", + NameStudyPartner = "awswaf:managed:aws:bot-control:bot:name:study_partner", + NameSumologic = "awswaf:managed:aws:bot-control:bot:name:sumologic", + NameSuperfeedr = "awswaf:managed:aws:bot-control:bot:name:superfeedr", + NameTaboolabot = "awswaf:managed:aws:bot-control:bot:name:taboolabot", + NameTelegram = "awswaf:managed:aws:bot-control:bot:name:telegram", + NameTinEye = "awswaf:managed:aws:bot-control:bot:name:tin_eye", + NameTinyRss = "awswaf:managed:aws:bot-control:bot:name:tiny_rss", + NameTrendictionbot = "awswaf:managed:aws:bot-control:bot:name:trendictionbot", + NameTwitter = "awswaf:managed:aws:bot-control:bot:name:twitter", + NameUptimerobot = "awswaf:managed:aws:bot-control:bot:name:uptimerobot", + NameW3c = "awswaf:managed:aws:bot-control:bot:name:w3c", + NameW3cValidationServices = "awswaf:managed:aws:bot-control:bot:name:w3c_validation_services", + NameWappalyzer = "awswaf:managed:aws:bot-control:bot:name:wappalyzer", + NameWebCopier = "awswaf:managed:aws:bot-control:bot:name:web_copier", + NameWget = "awswaf:managed:aws:bot-control:bot:name:wget", + NameWhatsapp = "awswaf:managed:aws:bot-control:bot:name:whatsapp", + NameWordpressScanner = "awswaf:managed:aws:bot-control:bot:name:wordpress_scanner", + NameYacy = "awswaf:managed:aws:bot-control:bot:name:yacy", + NameYahoo = "awswaf:managed:aws:bot-control:bot:name:yahoo", + NameYahoo_mail = "awswaf:managed:aws:bot-control:bot:name:yahoo_mail", + NameYandexbot = "awswaf:managed:aws:bot-control:bot:name:yandexbot", + NameYanga = "awswaf:managed:aws:bot-control:bot:name:yanga", + NameZyborg = "awswaf:managed:aws:bot-control:bot:name:zyborg", + OrganizationGoogle = "awswaf:managed:aws:bot-control:bot:organization:google", + OrganizationMicrosoft = "awswaf:managed:aws:bot-control:bot:organization:microsoft", + Unverified = "awswaf:managed:aws:bot-control:bot:unverified", + UserTriggeredVerified = "awswaf:managed:aws:bot-control:bot:user_triggered:verified", + Verified = "awswaf:managed:aws:bot-control:bot:verified", + SignalAutomatedBrowser = "awswaf:managed:aws:bot-control:signal:automated_browser", + SignalKnownBotDataCenter = "awswaf:managed:aws:bot-control:signal:known_bot_data_center", + SignalNonBrowserHeader = "awswaf:managed:aws:bot-control:signal:non_browser_header", + SignalNonBrowserUserAgent = "awswaf:managed:aws:bot-control:signal:non_browser_user_agent", + TokenRejected = "awswaf:managed:token:rejected", + tokenAccepted = "awswaf:managed:token:accepted", + TokenAbsent = "awswaf:managed:token:absent", + TGT_ML_CoordinatedActivityMedium = "awswaf:managed:aws:bot-control:targeted:aggregate:coordinated_activity:medium", + TGT_ML_CoordinatedActivityHigh = "awswaf:managed:aws:bot-control:targeted:aggregate:coordinated_activity:high", + TGT_VolumetricIpTokenAbsent = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:ip:token_absent", + TGT_VolumetricSessionHigh = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:high", + TGT_VolumetricSessiosMedium = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:medium", + TGT_VolumetricSessionLow = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:low", + TGT_TokenReuseIp = "awswaf:managed:aws:bot-control:targeted:aggregate:volumetric:session:token_reuse:ip", + TGT_SignalAutomatedBrowser = "awswaf:managed:aws:bot-control:targeted:signal:automated_browser", + TGT_SignalBrowserInconsistency = "awswaf:managed:aws:bot-control:targeted:signal:browser_inconsistency", + BrowserAutomationExtension = "awswaf:managed:aws:bot-control:targeted:signal:browser_automation_extension", + TGT_ML_CoordinatedActivityLow = "awswaf:managed:aws:bot-control:targeted:aggregate:coordinated_activity:low" + } + +/** + * Enum for AWSManagedRulesAnonymousIpList Rules + */ +export enum ANONYMOUS_IP_LIST_RULES { + AnonymousIPList = "AnonymousIPList", + HostingProviderIPList = "HostingProviderIPList" + } + +/** + * Enum for AWSManagedRulesAnonymousIpList Labels + */ +export enum ANONYMOUS_IP_LIST_LABELS { + AnonymousIPList = "awswaf:managed:aws:anonymous-ip-list:AnonymousIPList", + HostingProviderIPList = "awswaf:managed:aws:anonymous-ip-list:HostingProviderIPList", + } + + +/** + * Enum for AWSManagedRulesAmazonIpReputationList Rules + */ +export enum AMAZON_IpReputationLIST_RULES { + AWSManagedIPReputationList = "AWSManagedIPReputationList", + AWSManagedReconnaissanceList = "AWSManagedReconnaissanceList", + AWSManagedIPDDoSList = "AWSManagedIPDDoSList" + } + +/** + * Enum for AWSManagedRulesAmazonIpReputationList Labels + */ +export enum AMAZON_IpReputationLIST_LABELS { + AWSManagedIPDDoSList = "awswaf:managed:aws:amazon-ip-list:AWSManagedIPDDoSList", + AWSManagedIPReputationList = "awswaf:managed:aws:amazon-ip-list:AWSManagedIPReputationList", + AWSManagedReconnaissanceList = "awswaf:managed:aws:amazon-ip-list:AWSManagedReconnaissanceList", + } + +/** + * Enum for AWSManagedRulesWordPressRuleSet Rules + */ +export enum WORDPRESS_RULE_SET_RULES { + WordPressExploitableCommands_QUERYSTRING = "WordPressExploitableCommands_QUERYSTRING", + WordPressExploitablePaths_URIPATH = "WordPressExploitablePaths_URIPATH" + } + +/** + * Enum for AWSManagedRulesWordPressRuleSet Labels + */ +export enum WORDPRESS_RULE_SET_LABELS { + WordPressExploitableCommands_QUERYSTRING = "awswaf:managed:aws:wordpress-app:WordPressExploitableCommands_QUERYSTRING", + WordPressExploitablePaths_URIPATH = "awswaf:managed:aws:wordpress-app:WordPressExploitablePaths_URIPATH", + } + +/** + * Enum for AWSManagedRulesPHPRuleSet Rules + */ +export enum PHP_RULE_SET_RULES { + PHPHighRiskMethodsVariables_HEADER = "PHPHighRiskMethodsVariables_HEADER", + PHPHighRiskMethodsVariables_QUERYSTRING = "PHPHighRiskMethodsVariables_QUERYSTRING", + PHPHighRiskMethodsVariables_BODY = "PHPHighRiskMethodsVariables_BODY" + } + +/** + * Enum for AWSManagedRulesPHPRuleSet Labels + */ +export enum PHP_RULE_SET_LABELS { + PHPHighRiskMethodsVariables_HEADER = "awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Header", + PHPHighRiskMethodsVariables_QUERYSTRING = "awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_QueryString", + PHPHighRiskMethodsVariables_BODY = "awswaf:managed:aws:php-app:PHPHighRiskMethodsVariables_Body", + } + +/** + * Enum for AWSManagedRulesWindowsRuleSet Rules + */ +export enum WINDOWS_RULE_SET_RULES { + WindowsShellCommands_COOKIE = "WindowsShellCommands_COOKIE", + WindowsShellCommands_QUERYARGUMENTS = "WindowsShellCommands_QUERYARGUMENTS", + WindowsShellCommands_BODY = "WindowsShellCommands_BODY", + PowerShellCommands_COOKIE = "PowerShellCommands_COOKIE", + PowerShellCommands_QUERYARGUMENTS = "PowerShellCommands_QUERYARGUMENTS", + PowerShellCommands_BODY = "PowerShellCommands_BODY" + } + +/** + * Enum for AWSManagedRulesWindowsRuleSet Labels + */ +export enum WINDOWS_RULE_SET_LABELS { + WindowsShellCommands_COOKIE = "awswaf:managed:aws:windows-os:WindowsShellCommands_Cookie", + WindowsShellCommands_BODY = "awswaf:managed:aws:windows-os:WindowsShellCommands_Body", + PowerShellCommands_COOKIE = "awswaf:managed:aws:windows-os:PowerShellCommands_Cookie", + WindowsShellCommands_QUERYARGUMENTS = "awswaf:managed:aws:windows-os:WindowsShellCommands_QueryArguments", + PowerShellCommands_QUERYARGUMENTS = "awswaf:managed:aws:windows-os:PowerShellCommands_QueryArguments", + PowerShellCommands_BODY = "awswaf:managed:aws:windows-os:PowerShellCommands_Body", + } + +/** + * Enum for AWSManagedRulesUnixRuleSet Rules + */ +export enum UNIX_RULE_SET_RULES { + UNIXShellCommandsVariables_QUERYARGUMENTS = "UNIXShellCommandsVariables_QUERYARGUMENTS", + UNIXShellCommandsVariables_BODY = "UNIXShellCommandsVariables_BODY", + } + +/** + * Enum for AWSManagedRulesUnixRuleSet Labels + */ +export enum UNIX_RULE_SET_LABELS { + UNIXShellCommandsVariables_BODY = "awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_Body", + UNIXShellCommandsVariables_QUERYARGUMENTS = "awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_QueryArguments", + } + +/** + * Enum for AWSManagedRulesLinuxRuleSet Rules + */ +export enum LINUX_RULE_SET_RULES { + LFI_URIPATH = "LFI_URIPATH", + LFI_QUERYSTRING = "LFI_QUERYSTRING", + LFI_HEADER = "LFI_HEADER", + } + /** + * Enum for AWSManagedRulesLinuxRuleSet Labels + */ +export enum LINUX_RULE_SET_LABELS { + LFI_QUERYSTRING = "awswaf:managed:aws:linux-os:LFI_QueryString", + LFI_URIPATH = "awswaf:managed:aws:linux-os:LFI_URIPath", + LFI_HEADER = "awswaf:managed:aws:linux-os:LFI_Header", + } + +/** + * Enum for AWSManagedRulesSQLiRuleSet Rules + */ +export enum SQLI_RULE_SET_RULES { + SQLiExtendedPatterns_QUERYARGUMENTS = "SQLiExtendedPatterns_QUERYARGUMENTS", + SQLi_QUERYARGUMENTS = "SQLi_QUERYARGUMENTS", + SQLiExtendedPatterns_BODY = "SQLiExtendedPatterns_BODY", + SQLi_BODY = "SQLi_BODY", + SQLi_COOKIE = "SQLi_COOKIE", + SQLi_URIPATH = "SQLi_URIPATH", + SQLi_URIPATH_RC_COUNT = "SQLi_URIPATH_RC_COUNT", + SQLi_COOKIE_RC_COUNT = "SQLi_COOKIE_RC_COUNT", + SQLi_BODY_RC_COUNT = "SQLi_BODY_RC_COUNT", + SQLi_QUERYARGUMENTS_RC_COUNT = "SQLi_QUERYARGUMENTS_RC_COUNT", + SQLiExtendedPatterns_QUERYARGUMENTS_RC_COUNT = "SQLiExtendedPatterns_QUERYARGUMENTS_RC_COUNT" + } + /** + * Enum for AWSManagedRulesSQLiRuleSet Labels + */ +export enum SQLI_RULE_SET_LABELS { + SQLi_URIPATH = "awswaf:managed:aws:sql-database:SQLi_URIPath", + SQLiExtendedPatterns_QUERYARGUMENTS = "awswaf:managed:aws:sql-database:SQLiExtendedPatterns_QueryArguments", + SQLi_QUERYARGUMENTS = "awswaf:managed:aws:sql-database:SQLi_QueryArguments", + SQLi_BODY = "awswaf:managed:aws:sql-database:SQLi_Body", + SQLi_COOKIE = "awswaf:managed:aws:sql-database:SQLi_Cookie", + SQLiExtendedPatterns_BODY = "awswaf:managed:aws:sql-database:SQLiExtendedPatterns_Body", + SQLi_Cookie_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_Cookie_RC_COUNT", + SQLi_Body_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_Body_RC_COUNT", + SQLi_QueryArguments_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_QueryArguments_RC_COUNT", + SQLi_URIPath_RC_COUNT = "awswaf:managed:aws:sql-database:SQLi_URIPath_RC_COUNT", + SQLiExtendedPatterns_QueryArguments_RC_COUNT = "awswaf:managed:aws:sql-database:SQLiExtendedPatterns_QueryArguments_RC_COUNT" + } + +/** + * Enum for AWSManagedRulesKnownBadInputsRuleSet Rules + */ +export enum KNOWN_BAD_INPUTS_RULE_SET_RULES { + Log4JRCE_HEADER_RC_COUNT = "Log4JRCE_HEADER_RC_COUNT", + Log4JRCE_URIPATH_RC_COUNT = "Log4JRCE_URIPATH_RC_COUNT", + Log4JRCE_BODY_RC_COUNT = "Log4JRCE_BODY_RC_COUNT", + Log4JRCE_QUERYSTRING_RC_COUNT = "Log4JRCE_QUERYSTRING_RC_COUNT", + Host_localhost_HEADER_RC_COUNT = "Host_localhost_HEADER_RC_COUNT", + JavaDeserializationRCE_HEADER_RC_COUNT = "JavaDeserializationRCE_HEADER_RC_COUNT", + JavaDeserializationRCE_QUERYSTRING_RC_COUNT = "JavaDeserializationRCE_QUERYSTRING_RC_COUNT", + JavaDeserializationRCE_URIPATH_RC_COUNT = "JavaDeserializationRCE_URIPATH_RC_COUNT", + JavaDeserializationRCE_BODY_RC_COUNT = "JavaDeserializationRCE_BODY_RC_COUNT", + JavaDeserializationRCE_BODY = "JavaDeserializationRCE_BODY", + JavaDeserializationRCE_URIPATH = "JavaDeserializationRCE_URIPATH", + JavaDeserializationRCE_QUERYSTRING = "JavaDeserializationRCE_QUERYSTRING", + JavaDeserializationRCE_HEADER = "JavaDeserializationRCE_HEADER", + Host_localhost_HEADER = "Host_localhost_HEADER", + PROPFIND_METHOD = "PROPFIND_METHOD", + ExploitablePaths_URIPATH = "ExploitablePaths_URIPATH", + Log4JRCE_QUERYSTRING = "Log4JRCE_QUERYSTRING", + Log4JRCE_BODY = "Log4JRCE_BODY", + Log4JRCE_URIPATH = "Log4JRCE_URIPATH", + Log4JRCE_HEADER = "Log4JRCE_HEADER", + } + +/** + * Enum for AWSManagedRulesKnownBadInputsRuleSet Labels + */ +export enum KNOWN_BAD_INPUTS_RULE_SET_LABELS { + Host_localhost_HEADER_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Host_Localhost_Header_RC_COUNT", + JavaDeserializationRCE_QUERYSTRING_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_QueryString_RC_COUNT", + Log4JRCE_QUERYSTRING_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_QueryString_RC_COUNT", + Log4JRCE_BODY_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Body_RC_COUNT", + Log4JRCE_URIPATH = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_URIPath", + ExploitablePaths_URIPATH = "awswaf:managed:aws:known-bad-inputs:ExploitablePaths_URIPath", + JavaDeserializationRCE_BODY = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Body", + Log4JRCE_QUERYSTRING = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_QueryString", + Log4JRCE_URIPATH_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_URIPath_RC_COUNT", + PROPFIND_METHOD = "awswaf:managed:aws:known-bad-inputs:Propfind_Method", + JavaDeserializationRCE_BODY_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Body_RC_COUNT", + JavaDeserializationRCE_HEADER_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Header_RC_COUNT", + Log4JRCE_HEADER_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Header_RC_COUNT", + JavaDeserializationRCE_URIPATH = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_URIPath", + Host_localhost_HEADER = "awswaf:managed:aws:known-bad-inputs:Host_Localhost_Header", + JavaDeserializationRCE_QUERYSTRING = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_QueryString", + JavaDeserializationRCE_HEADER = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Header", + JavaDeserializationRCE_URIPATH_RC_COUNT = "awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_URIPath_RC_COUNT", + Log4JRCE_BODY = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Body", + Log4JRCE_HEADER = "awswaf:managed:aws:known-bad-inputs:Log4JRCE_Header", + } + +/** + * Enum for AWSManagedRulesCommonRuleSet Rules + */ +export enum COMMON_RULE_SET_RULES { + NoUserAgent_HEADER = "NoUserAgent_HEADER", + UserAgent_BadBots_HEADER = "UserAgent_BadBots_HEADER", + SizeRestrictions_QUERYSTRING = "SizeRestrictions_QUERYSTRING", + SizeRestrictions_Cookie_HEADER = "SizeRestrictions_Cookie_HEADER", + SizeRestrictions_BODY = "SizeRestrictions_BODY", + SizeRestrictions_URIPATH = "SizeRestrictions_URIPATH", + EC2MetaDataSSRF_BODY = "EC2MetaDataSSRF_BODY", + EC2MetaDataSSRF_COOKIE = "EC2MetaDataSSRF_COOKIE", + EC2MetaDataSSRF_URIPATH = "EC2MetaDataSSRF_URIPATH", + EC2MetaDataSSRF_QUERYARGUMENTS = "EC2MetaDataSSRF_QUERYARGUMENTS", + GenericLFI_BODY = "GenericLFI_BODY", + GenericLFI_QUERYARGUMENTS = "GenericLFI_QUERYARGUMENTS", + GenericLFI_URIPATH = "GenericLFI_URIPATH", + GenericRFI_BODY = "GenericRFI_BODY", + GenericRFI_QUERYARGUMENTS = "GenericRFI_QUERYARGUMENTS", + GenericRFI_URIPATH = "GenericRFI_URIPATH", + CrossSiteScripting_COOKIE = "CrossSiteScripting_COOKIE", + CrossSiteScripting_QUERYARGUMENTS = "CrossSiteScripting_QUERYARGUMENTS", + CrossSiteScripting_BODY = "CrossSiteScripting_BODY", + CrossSiteScripting_URIPATH = "CrossSiteScripting_URIPATH", + RestrictedExtensions_URIPATH = "RestrictedExtensions_URIPATH", + RestrictedExtensions_QUERYARGUMENTS = "RestrictedExtensions_QUERYARGUMENTS", + } + +/** + * Enum for AWSManagedRulesCommonRuleSet Labels + */ +export enum COMMON_RULE_SET_LABELS { + GenericLFI_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:GenericLFI_QueryArguments", + SizeRestrictions_Cookie_HEADER = "awswaf:managed:aws:core-rule-set:SizeRestrictions_Cookie_Header", + EC2MetaDataSSRF_URIPATH = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_URIPath", + NoUserAgent_HEADER = "awswaf:managed:aws:core-rule-set:NoUserAgent_Header", + EC2MetaDataSSRF_BODY = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_Body", + GenericLFI_URIPATH = "awswaf:managed:aws:core-rule-set:GenericLFI_URIPath", + GenericRFI_URIPATH = "awswaf:managed:aws:core-rule-set:GenericRFI_URIPath", + SizeRestrictions_QUERYSTRING = "awswaf:managed:aws:core-rule-set:SizeRestrictions_QueryString", + SizeRestrictions_BODY = "awswaf:managed:aws:core-rule-set:SizeRestrictions_Body", + GenericRFI_BODY = "awswaf:managed:aws:core-rule-set:GenericRFI_Body", + UserAgent_BadBots_HEADER = "awswaf:managed:aws:core-rule-set:BadBots_Header", + SizeRestrictions_URIPATH = "awswaf:managed:aws:core-rule-set:SizeRestrictions_URIPath", + GenericLFI_BODY = "awswaf:managed:aws:core-rule-set:GenericLFI_Body", + RestrictedExtensions_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:RestrictedExtensions_QueryArguments", + CrossSiteScripting_URIPATH = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_URIPath", + CrossSiteScripting_BODY = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body", + RestrictedExtensions_URIPATH = "awswaf:managed:aws:core-rule-set:RestrictedExtensions_URIPath", + EC2MetaDataSSRF_COOKIE = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_Cookie", + GenericRFI_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:GenericRFI_QueryArguments", + CrossSiteScripting_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_QueryArguments", + CrossSiteScripting_COOKIE = "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Cookie", + EC2MetaDataSSRF_QUERYARGUMENTS = "awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_QueryArguments", + + } + +/** + * Enum for AWSManagedRulesAdminProtectionRuleSet Rules + */ +export enum ADMIN_PROTECTION_RULE_SET_RULES { + AdminProtection_URIPATH = "AdminProtection_URIPATH", + } + +/** + * Enum for AWSManagedRulesAdminProtectionRuleSet Labels + */ +export enum ADMIN_PROTECTION_RULE_SET_LABELS { + AdminProtection_URIPATH = "awswaf:managed:aws:admin-protection:AdminProtection_URIPath", + } + +/** + * AWS Managed roule Group Vendor + */ +export enum ManagedRuleGroupVendor { + AWS = "AWS" + } + +/** + * AWS WAF Content Type + * + * The type of content in the payload that you are defining in the Content string. + * + * @see https://docs.aws.amazon.com/waf/latest/APIReference/API_CustomResponseBody.html + */ +export enum CustomResponseBodiesContentType { + APPLICATION_JSON = "APPLICATION_JSON", + TEXT_HTML = "TEXT_HTML", + TEXT_PLAIN = "TEXT_PLAIN", + } + +/** + * enum for supported webacl types + * following types are waiting for support if you need a GraphQLApi Firewall just use an ApiGateway:Stage Firewall + * - "AWS::Cognito::UserPool" + * - "AWS::AppSync::GraphQLApi" + */ +export enum WebAclTypeEnum { + ELASTICLOADBALANCINGV2_LOADBALANCER = "AWS::ElasticLoadBalancingV2::LoadBalancer", + CLOUDFRONT_DISTRIBUTION = "AWS::CloudFront::Distribution", + APIGATEWAYV2_API = "AWS::ApiGatewayV2::Api", + APIGATEWAY_STAGE = "AWS::ApiGateway::Stage", + COGNITO_USERPOOL = "AWS::Cognito::UserPool", + APPSYNC_GRAPHQLAPI = "AWS::AppSync::GraphQLApi" + } \ No newline at end of file diff --git a/lib/types/fms.ts b/lib/types/fms.ts deleted file mode 100644 index a1abe93f..00000000 --- a/lib/types/fms.ts +++ /dev/null @@ -1,189 +0,0 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -import { aws_wafv2 as waf } from "aws-cdk-lib"; -/* - * Interface for the CustomRequestHandling - */ -export interface CustomRequestHandling { - customRequestHandling?: { - insertHeaders: { - /** - * @TJS-pattern ^[a-zA-Z0-9._$-]+$ - */ - name: string, - /** - * @TJS-pattern .* - */ - value: string, - }[], - } -} - -/** - * Interface for the CustomResponse - */ -export interface CustomResponse { - customResponse?: { - responseCode: number, - - /** - * @TJS-pattern ^[\w\-]+$ - */ - customResponseBodyKey?: string, - responseHeaders?: { - /** - * @TJS-pattern ^[a-zA-Z0-9._$-]+$ - */ - name: string, - /** - * @TJS-pattern .* - */ - value: string, - }[], - } -} - -/** - * Interce for the WAF Action - */ -export interface Action { - block?: CustomResponse, - allow?: CustomRequestHandling, - count?: CustomRequestHandling, - captcha?: CustomRequestHandling, - challenge?: CustomRequestHandling -} - -/** - * Interface for the RuleActionOverrideProperty - */ -export interface RuleActionOverrideProperty { - name: string, - actionToUse: Action -} - -/** - * Type for the NameObject - */ -type NameObject = { - /** - * @TJS-pattern ^[0-9A-Za-z_\-:]+$ - */ - name: string -} - -/** - * Interface for the ManagedRuleGroup - */ -export interface ManagedRuleGroup extends waf.CfnWebACL.ManagedRuleGroupStatementProperty { - version?: string, - /** - * Will be automatically set using the [Check Capacity API](https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html). - */ - capacity?: number, - excludeRules?: NameObject[], - overrideAction?: { - type: "COUNT" | "NONE" - }, - ruleActionOverrides?: RuleActionOverrideProperty[], - versionEnabled?: boolean - /** - * Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet . See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html - */ - awsManagedRulesBotControlRuleSetProperty?: { inspectionLevel: "COMMON" | "TARGETED", enableMachineLearning: boolean}, - /** - * Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html - */ - awsManagedRulesACFPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesACFPRuleSetProperty, - /** - * Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html - */ - awsManagedRulesATPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesATPRuleSetProperty, - /** - * Enforce the [current Default version](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups-versioning.html) of the managed rule group to be retrieved using a Lambda Function. - */ - latestVersion?: boolean - enforceUpdate?:boolean -} - -/** - * Interface for the Rule - */ -export interface Rule { - name: string, - statement: waf.CfnWebACL.StatementProperty, - action: waf.CfnWebACL.RuleActionProperty, - visibilityConfig: waf.CfnWebACL.VisibilityConfigProperty, - captchaConfig?: waf.CfnWebACL.CaptchaConfigProperty, - ruleLabels?: waf.CfnWebACL.LabelProperty[], - /** - * Each rule in a web ACL and each rule in a rule group must have a unique priority setting to ensure proper rule execution. [More information about processing order of rules and rule groups in a web ACL](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-processing-order.html) - */ - priority: number, -} - -/** - * Interface for the ManagedServiceData - */ -export interface ManagedServiceData { - type: string, - defaultAction: { - type: "ALLOW" | "DENY" | "COUNT" | "NONE" - }, - preProcessRuleGroups: any, - postProcessRuleGroups: any, - overrideCustomerWebACLAssociation: boolean, - loggingConfiguration: { - logDestinationConfigs: string[] - } -} - -/** - * Interface for the ServiceDataManagedRuleGroup - */ -export interface ServiceDataManagedRuleGroup extends ServiceDataAbstactRuleGroup { - managedRuleGroupIdentifier: { - vendorName: string, - managedRuleGroupName: string, - version?: string | null, - versionEnabled?: boolean - }, - // eslint-disable-next-line @typescript-eslint/no-explicit-any - excludeRules: any, - ruleGroupType: "ManagedRuleGroup", - ruleActionOverrides: RuleActionOverrideProperty[] | undefined, - awsManagedRulesBotControlRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesBotControlRuleSetProperty, - awsManagedRulesACFPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesACFPRuleSetProperty, - awsManagedRulesATPRuleSetProperty?: waf.CfnWebACL.AWSManagedRulesATPRuleSetProperty, -} - -/** - * Interface for the ServiceDataRuleGroup - */ -export interface ServiceDataRuleGroup extends ServiceDataAbstactRuleGroup { - ruleGroupType: "RuleGroup" -} - -/** - * Interface for the ServiceDataAbstactRuleGroup - */ -export interface ServiceDataAbstactRuleGroup { - overrideAction: { - type: "ALLOW" | "DENY" | "NONE" | "COUNT" - }, - ruleGroupArn?: string, - ruleGroupType: string -} - -/** - * Interface for the NotStatementProperty - */ -export interface NotStatementProperty { - statement: waf.CfnWebACL.StatementProperty; -} - -/** - * Interface for the SubVariables - */ -export interface SubVariables { - [key: string]: string; -} \ No newline at end of file diff --git a/lib/types/index.ts b/lib/types/index.ts new file mode 100644 index 00000000..885f2a12 --- /dev/null +++ b/lib/types/index.ts @@ -0,0 +1,8 @@ +export * from "./config/index"; +export * from "./enums/index"; + + + + + + diff --git a/options.sh b/options.sh index 064caaa9..e94ab164 100755 --- a/options.sh +++ b/options.sh @@ -7,7 +7,7 @@ if [ -z "$STACK_NAME" ]; then choices=() # Options array - options=("PreRequisiteStack" "WAFStack" "ShieldAdvancedStack") + options=("PreRequisiteStack" "WAFStack" "ShieldAdvancedStack" "AutoUpdatedManagedIpSets") # Calculate the height (number of options + 5) height=$(( ${#options[@]} + 5 )) diff --git a/package-lock.json b/package-lock.json index 8d60c1fe..1383d070 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,35 +1,35 @@ { "name": "aws-firewall-factory", - "version": "4.5.1", + "version": "4.6.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "aws-firewall-factory", - "version": "4.5.1", + "version": "4.6.0", "hasInstallScript": true, "dependencies": { - "@aws-sdk/client-cloudformation": "3.637.0", - "@aws-sdk/client-cloudfront": "^3.637.0", - "@aws-sdk/client-cloudwatch": "3.637.0", - "@aws-sdk/client-config-service": "^3.637.0", - "@aws-sdk/client-ec2": "^3.641.0", - "@aws-sdk/client-fms": "3.637.0", - "@aws-sdk/client-iam": "3.637.0", - "@aws-sdk/client-pricing": "3.637.0", - "@aws-sdk/client-s3": "^3.637.0", - "@aws-sdk/client-secrets-manager": "^3.637.0", - "@aws-sdk/client-service-quotas": "3.637.0", - "@aws-sdk/client-shield": "3.637.0", - "@aws-sdk/client-ssm": "3.637.0", - "@aws-sdk/client-wafv2": "3.642.0", + "@aws-sdk/client-cloudformation": "^3.682.0", + "@aws-sdk/client-cloudfront": "^3.682.0", + "@aws-sdk/client-cloudwatch": "^3.682.0", + "@aws-sdk/client-config-service": "^3.682.0", + "@aws-sdk/client-ec2": "^3.682.0", + "@aws-sdk/client-fms": "^3.682.0", + "@aws-sdk/client-iam": "^3.682.0", + "@aws-sdk/client-pricing": "^3.682.0", + "@aws-sdk/client-s3": "^3.682.0", + "@aws-sdk/client-secrets-manager": "^3.682.0", + "@aws-sdk/client-service-quotas": "^3.682.0", + "@aws-sdk/client-shield": "^3.682.0", + "@aws-sdk/client-ssm": "^3.682.0", + "@aws-sdk/client-wafv2": "^3.682.0", "@aws-solutions-constructs/aws-eventbridge-stepfunctions": "^2.65.0", - "@babel/traverse": "^7.25.5", + "@babel/traverse": "^7.25.9", "@mhlabs/cfn-diagram": "^1.1.40", - "@slack/types": "^2.12.0", + "@slack/types": "^2.14.0", "@slack/webhook": "^7.0.3", - "@types/aws-lambda": "^8.10.143", - "@types/lodash": "4.17.7", + "@types/aws-lambda": "^8.10.145", + "@types/lodash": "^4.17.12", "@types/uuid": "^10.0.0", "adaptivecards": "3.0.4", "aws-cdk-lib": "^2.150.0", @@ -40,6 +40,7 @@ "constructs": "10.3.0", "i": "^0.3.7", "lodash": "4.17.21", + "neoip": "^3.0.1", "npm": "^10.8.2", "table": "^6.8.2", "typedoc-plugin-extras": "^3.1.0", @@ -49,12 +50,12 @@ "firewallfactory": "bin/aws-firewall-factory.js" }, "devDependencies": { - "@types/node": "^22.5.0", - "@typescript-eslint/eslint-plugin": "^8.3.0", - "@typescript-eslint/parser": "^8.3.0", - "@typescript-eslint/typescript-estree": "^8.3.0", - "aws-cdk": "2.154.1", - "eslint": "^8.57.0", + "@types/node": "^22.8.4", + "@typescript-eslint/eslint-plugin": "^8.12.2", + "@typescript-eslint/parser": "^8.12.2", + "@typescript-eslint/typescript-estree": "^8.12.2", + "aws-cdk": "2.150.0", + "eslint": "^8.57.1", "eslint-import-resolver-typescript": "^3.6.1", "eslint-plugin-import": "^2.29.1", "jest": "29.7.0", @@ -87,9 +88,10 @@ "integrity": "sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg==" }, "node_modules/@aws-cdk/asset-node-proxy-agent-v6": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz", - "integrity": "sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.1.0.tgz", + "integrity": "sha512-7bY3J8GCVxLupn/kNmpPc5VJz8grx+4RKfnnJiO1LG+uxkZfANZG3RMHhE+qQxxwkyQ9/MfPtTpf748UhR425A==", + "license": "Apache-2.0" }, "node_modules/@aws-cdk/integ-tests-alpha": { "version": "2.150.0-alpha.0", @@ -293,52 +295,53 @@ } }, "node_modules/@aws-sdk/client-cloudformation": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-cloudformation/-/client-cloudformation-3.637.0.tgz", - "integrity": "sha512-fjXVo7nDnp13yNq2xZywOuCC2x4Y4PLGN9fHyC4QTgoqmdieNoPVsFyVKUVhi79T0Emz+vd6AqmeuBbYeX/w6A==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-cloudformation/-/client-cloudformation-3.682.0.tgz", + "integrity": "sha512-RJVzgm9Q15yWnU4mFiHEO1M7k8d5ARgDhGkKSz5sE10dzG5vKockqkhgvwBgmwiAgkfnSkI/Bzx3/baBMm9BVQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", + "@types/uuid": "^9.0.1", "tslib": "^2.6.2", "uuid": "^9.0.1" }, @@ -346,6 +349,12 @@ "node": ">=16.0.0" } }, + "node_modules/@aws-sdk/client-cloudformation/node_modules/@types/uuid": { + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", + "license": "MIT" + }, "node_modules/@aws-sdk/client-cloudformation/node_modules/uuid": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", @@ -359,54 +368,54 @@ } }, "node_modules/@aws-sdk/client-cloudfront": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.637.0.tgz", - "integrity": "sha512-yuKqFTRlRHAA5mVds/ufO8n6ENcCFAW0D6nXldQcMOCXIuz1UQRE5qyEwajIdDGtFnyeZVf5fWRMx3ylWC7h0Q==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.682.0.tgz", + "integrity": "sha512-K4RXR+6mlQe4XEp+tBj0nkoiQ5yDPdef0StEfcJQ9NbwwJb2Vdm8ImeEkJjisPcc0h3D6NhaZHumYwWAKb3BpA==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@aws-sdk/xml-builder": "3.609.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@aws-sdk/xml-builder": "3.679.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", - "@smithy/util-stream": "^3.1.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", + "@smithy/util-stream": "^3.1.9", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", "tslib": "^2.6.2" }, "engines": { @@ -414,53 +423,53 @@ } }, "node_modules/@aws-sdk/client-cloudwatch": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-cloudwatch/-/client-cloudwatch-3.637.0.tgz", - "integrity": "sha512-S6UcU3vCKOAUVLCXTabyUMWAr1e1kHn7Hcy6VZ4sxxu5hQqbSGiety3vrjmPTALlV5rmhu3N+hlRZt2TRXwDRg==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-cloudwatch/-/client-cloudwatch-3.682.0.tgz", + "integrity": "sha512-wxAaD8Xu8vtIEDeMaRh67ie+QN54jbZKreihimi+LMoEL7s0Uf9+3zoVW0PG++m6KvSCWI03PE+YF470zOcQxg==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-compression": "^3.0.7", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-compression": "^3.0.12", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", "tslib": "^2.6.2" }, "engines": { @@ -468,50 +477,50 @@ } }, "node_modules/@aws-sdk/client-config-service": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.637.0.tgz", - "integrity": "sha512-BNOjZxl+YIrnv1qaik7oLeKoCSIRJ94gSZbjZEjCy5eu1rAt5PEIQffZE52VcKuk6Vu7CtNBhgOmqZI7Kdp26A==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.682.0.tgz", + "integrity": "sha512-6zCkiDtqYz3HRTQYCJ7JtmuGgZvsrREJmoJGaAguyUJ8XGMC1JdOLZigA2NyMcS3okhu6BgyULn38AfKGMMcKg==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -520,53 +529,54 @@ } }, "node_modules/@aws-sdk/client-ec2": { - "version": "3.641.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-ec2/-/client-ec2-3.641.0.tgz", - "integrity": "sha512-KS9kVXOrPxM6QO6Mo8b7YJ/ZLP/Zxdk8LcUonpnVclv3wTqtzc5xu+Cewnlv7cxcGce/h+qBPcW4sEOMOXIEvA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-ec2/-/client-ec2-3.682.0.tgz", + "integrity": "sha512-T40FbO87cuaZbxNHl+vE8llU7wLPlC7d/aRZ5sLVOIFAAy6OA3ipt3/IFYvRUnHdGkOk7jaIcEI3ZSueghEOMQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-sdk-ec2": "3.635.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-sdk-ec2": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", + "@types/uuid": "^9.0.1", "tslib": "^2.6.2", "uuid": "^9.0.1" }, @@ -574,6 +584,12 @@ "node": ">=16.0.0" } }, + "node_modules/@aws-sdk/client-ec2/node_modules/@types/uuid": { + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", + "license": "MIT" + }, "node_modules/@aws-sdk/client-ec2/node_modules/uuid": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", @@ -587,50 +603,50 @@ } }, "node_modules/@aws-sdk/client-fms": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-fms/-/client-fms-3.637.0.tgz", - "integrity": "sha512-3tjcF7NUYq2yaU7L0hiwcA2giNgEzkhHC/J2frCCHnoEaBl/MQgsrBtFIqNh7a7Fe25hVh/6Qlnpaaxpg5uJDw==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-fms/-/client-fms-3.682.0.tgz", + "integrity": "sha512-wUf/Y4EJDXxFHbp9wYQ2eCHyV9p5Ct1mNOrL7FMXqns/ZGQFpThDKAgqPOqb+PNy/6kWo2jV01kiHDPbY8m/jg==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -639,52 +655,52 @@ } }, "node_modules/@aws-sdk/client-iam": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-iam/-/client-iam-3.637.0.tgz", - "integrity": "sha512-mo1gCm3yayuiFPCQkY5i5wbL6jjgCprpAfeMP5zFOcDsr7BqX9ijTrRzK+dx0SwiTdRKOW6zJaDiWA1UZgb60A==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-iam/-/client-iam-3.682.0.tgz", + "integrity": "sha512-LS57hLT5mBRvg4tdy9G1N8KbeR5wzkI4ohFHyV1lmS0MpBxLlfnd2I4FSNuXcG8qPxn04Xlg1k95FGpRIu7x0A==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", "tslib": "^2.6.2" }, "engines": { @@ -692,50 +708,50 @@ } }, "node_modules/@aws-sdk/client-pricing": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-pricing/-/client-pricing-3.637.0.tgz", - "integrity": "sha512-8gh5YdeLvnyunSCby/0NQrINONIdMgfJJ/PXzASqDSQnNxqCBsnSNb2mVdYWpAM6ZjmPrU+XkwDRcTvO9N6cRg==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-pricing/-/client-pricing-3.682.0.tgz", + "integrity": "sha512-wl1DIE1pocUFVQUtlft9bSp/teSxy7MWU5bbpXi6J7J5PH+g3ss3OVwU/LGwyYfVkyEGYROKSjfAuyxCHD2kQQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -744,68 +760,68 @@ } }, "node_modules/@aws-sdk/client-s3": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.637.0.tgz", - "integrity": "sha512-y6UC94fsMvhKbf0dzfnjVP1HePeGjplfcYfilZU1COIJLyTkMcUv4XcT4I407CGIrvgEafONHkiC09ygqUauNA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.682.0.tgz", + "integrity": "sha512-gn8yPhOmExhqRENnR/vKvsbTw9jaRPbfNE8fQ2j91ejXhpj632QDNdobY8TxxPm2UEW2ISAVM55r2/UPl0YP1Q==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha1-browser": "5.2.0", "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-bucket-endpoint": "3.620.0", - "@aws-sdk/middleware-expect-continue": "3.620.0", - "@aws-sdk/middleware-flexible-checksums": "3.620.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-location-constraint": "3.609.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-sdk-s3": "3.635.0", - "@aws-sdk/middleware-ssec": "3.609.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/signature-v4-multi-region": "3.635.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@aws-sdk/xml-builder": "3.609.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/eventstream-serde-browser": "^3.0.6", - "@smithy/eventstream-serde-config-resolver": "^3.0.3", - "@smithy/eventstream-serde-node": "^3.0.5", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-blob-browser": "^3.1.2", - "@smithy/hash-node": "^3.0.3", - "@smithy/hash-stream-node": "^3.1.2", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/md5-js": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-bucket-endpoint": "3.679.0", + "@aws-sdk/middleware-expect-continue": "3.679.0", + "@aws-sdk/middleware-flexible-checksums": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-location-constraint": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-sdk-s3": "3.682.0", + "@aws-sdk/middleware-ssec": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/signature-v4-multi-region": "3.682.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@aws-sdk/xml-builder": "3.679.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/eventstream-serde-browser": "^3.0.10", + "@smithy/eventstream-serde-config-resolver": "^3.0.7", + "@smithy/eventstream-serde-node": "^3.0.9", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-blob-browser": "^3.1.6", + "@smithy/hash-node": "^3.0.7", + "@smithy/hash-stream-node": "^3.1.6", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/md5-js": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", - "@smithy/util-stream": "^3.1.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", + "@smithy/util-stream": "^3.1.9", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", "tslib": "^2.6.2" }, "engines": { @@ -813,51 +829,52 @@ } }, "node_modules/@aws-sdk/client-secrets-manager": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-secrets-manager/-/client-secrets-manager-3.637.0.tgz", - "integrity": "sha512-4AEV+4yhaFYlnD90MbtOouqTyrPVmD8OeGotsjtWxgnVHk55Vd0/dIWVGjic0YCxH3SNdWqJJ9G8Vd93fWymVA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-secrets-manager/-/client-secrets-manager-3.682.0.tgz", + "integrity": "sha512-HViYeuDVtlZ59LmrzVJmZY8cNBsMNjcDOyNASUSqENkzF5PaL9J7co2Yqpz2pxoEG44i008KwBQzjJNYnYElHw==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", + "@types/uuid": "^9.0.1", "tslib": "^2.6.2", "uuid": "^9.0.1" }, @@ -865,6 +882,12 @@ "node": ">=16.0.0" } }, + "node_modules/@aws-sdk/client-secrets-manager/node_modules/@types/uuid": { + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", + "license": "MIT" + }, "node_modules/@aws-sdk/client-secrets-manager/node_modules/uuid": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", @@ -878,50 +901,50 @@ } }, "node_modules/@aws-sdk/client-service-quotas": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-service-quotas/-/client-service-quotas-3.637.0.tgz", - "integrity": "sha512-V5IIeuJKjhN+P/NkeTMD8m8nX/IYFzjrZrTjfFX/GwOGWMWNVpR6FdhW9oqD2Q/fCYOVZbq38igvwwYDsDiRMA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-service-quotas/-/client-service-quotas-3.682.0.tgz", + "integrity": "sha512-hHvBEijqwcjwJmJkGTMiuSSfTRu33Si6FCPeSQhrkXqV96uMGNmWemK56NpJfjb4B/eEa+XGsjpq0y8o4fWiTQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -930,50 +953,50 @@ } }, "node_modules/@aws-sdk/client-shield": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-shield/-/client-shield-3.637.0.tgz", - "integrity": "sha512-cHuNkBlf/p2+aDnXqwFRalhIPzL8dnU3G2nsdtYS2EKwi4Lla5gZ0BV6dk2RG1m07xBEu5bU7ukxs9x/BL1Ovg==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-shield/-/client-shield-3.682.0.tgz", + "integrity": "sha512-Aamd4GbPqAtQNuf9O0iLVsusJDeV8iBjECbBiZABM9vDSyn9lDGugPP+DWEVu2JQh9aZ/EKrpNGlu0GWN2PfSQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -982,52 +1005,53 @@ } }, "node_modules/@aws-sdk/client-ssm": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-ssm/-/client-ssm-3.637.0.tgz", - "integrity": "sha512-cr0/c95KpFIwoCCofXu1Em/Sw8SjIFCZ3X1ji2rW81QdLpw7icP01SMcRTbgtiKeN12fKZDXmrupkI6zhnG0MA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-ssm/-/client-ssm-3.682.0.tgz", + "integrity": "sha512-5KXlIfd4IKerUH7vs8tR+TzH2tvw9N86Z6S+dwJ5hPxCOHQODFcNW+uNYU5eywbmsAUTtFE5FMTUJbRzog6Miw==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", - "@smithy/util-waiter": "^3.1.2", + "@smithy/util-waiter": "^3.1.6", + "@types/uuid": "^9.0.1", "tslib": "^2.6.2", "uuid": "^9.0.1" }, @@ -1035,6 +1059,12 @@ "node": ">=16.0.0" } }, + "node_modules/@aws-sdk/client-ssm/node_modules/@types/uuid": { + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", + "license": "MIT" + }, "node_modules/@aws-sdk/client-ssm/node_modules/uuid": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", @@ -1048,47 +1078,47 @@ } }, "node_modules/@aws-sdk/client-sso": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.637.0.tgz", - "integrity": "sha512-+KjLvgX5yJYROWo3TQuwBJlHCY0zz9PsLuEolmXQn0BVK1L/m9GteZHtd+rEdAoDGBpE0Xqjy1oz5+SmtsaRUw==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.682.0.tgz", + "integrity": "sha512-PYH9RFUMYLFl66HSBq4tIx6fHViMLkhJHTYJoJONpBs+Td+NwVJ895AdLtDsBIhMS0YseCbPpuyjUCJgsUrwUw==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -1097,48 +1127,48 @@ } }, "node_modules/@aws-sdk/client-sso-oidc": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.637.0.tgz", - "integrity": "sha512-27bHALN6Qb6m6KZmPvRieJ/QRlj1lyac/GT2Rn5kJpre8Mpp+yxrtvp3h9PjNBty4lCeFEENfY4dGNSozBuBcw==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.682.0.tgz", + "integrity": "sha512-ZPZ7Y/r/w3nx/xpPzGSqSQsB090Xk5aZZOH+WBhTDn/pBEuim09BYXCLzvvxb7R7NnuoQdrTJiwimdJAhHl7ZQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -1146,53 +1176,53 @@ "node": ">=16.0.0" }, "peerDependencies": { - "@aws-sdk/client-sts": "^3.637.0" + "@aws-sdk/client-sts": "^3.682.0" } }, "node_modules/@aws-sdk/client-sts": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.637.0.tgz", - "integrity": "sha512-xUi7x4qDubtA8QREtlblPuAcn91GS/09YVEY/RwU7xCY0aqGuFwgszAANlha4OUIqva8oVj2WO4gJuG+iaSnhw==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.682.0.tgz", + "integrity": "sha512-xKuo4HksZ+F8m9DOfx/ZuWNhaPuqZFPwwy0xqcBT6sWH7OAuBjv/fnpOTzyQhpVTWddlf+ECtMAMrxjxuOExGQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -1201,50 +1231,50 @@ } }, "node_modules/@aws-sdk/client-wafv2": { - "version": "3.642.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-wafv2/-/client-wafv2-3.642.0.tgz", - "integrity": "sha512-lwWEQEiEFYEB/dfmeApIazHo9Q5vTeKOw8GE2rWQCWcc4MfjtHPND0HFLMvWGMvJ08BUCTvbav4WNsg5GofiRA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-wafv2/-/client-wafv2-3.682.0.tgz", + "integrity": "sha512-arBsixHUAURobWObo+Vrv+FPAtN2cJoXeaTEaM3qMJR/iV+3HPVzDYyiXMkc9IJwRUdtF+ygI7jvnu/f3AOY4Q==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/client-sso-oidc": "3.637.0", - "@aws-sdk/client-sts": "3.637.0", - "@aws-sdk/core": "3.635.0", - "@aws-sdk/credential-provider-node": "3.637.0", - "@aws-sdk/middleware-host-header": "3.620.0", - "@aws-sdk/middleware-logger": "3.609.0", - "@aws-sdk/middleware-recursion-detection": "3.620.0", - "@aws-sdk/middleware-user-agent": "3.637.0", - "@aws-sdk/region-config-resolver": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@aws-sdk/util-user-agent-browser": "3.609.0", - "@aws-sdk/util-user-agent-node": "3.614.0", - "@smithy/config-resolver": "^3.0.5", - "@smithy/core": "^2.4.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/hash-node": "^3.0.3", - "@smithy/invalid-dependency": "^3.0.3", - "@smithy/middleware-content-length": "^3.0.5", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@aws-sdk/client-sso-oidc": "3.682.0", + "@aws-sdk/client-sts": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-node": "3.682.0", + "@aws-sdk/middleware-host-header": "3.679.0", + "@aws-sdk/middleware-logger": "3.679.0", + "@aws-sdk/middleware-recursion-detection": "3.679.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/region-config-resolver": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@aws-sdk/util-user-agent-browser": "3.679.0", + "@aws-sdk/util-user-agent-node": "3.682.0", + "@smithy/config-resolver": "^3.0.9", + "@smithy/core": "^2.4.8", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/hash-node": "^3.0.7", + "@smithy/invalid-dependency": "^3.0.7", + "@smithy/middleware-content-length": "^3.0.9", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/middleware-retry": "^3.0.23", + "@smithy/middleware-serde": "^3.0.7", + "@smithy/middleware-stack": "^3.0.7", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/url-parser": "^3.0.7", "@smithy/util-base64": "^3.0.0", "@smithy/util-body-length-browser": "^3.0.0", "@smithy/util-body-length-node": "^3.0.0", - "@smithy/util-defaults-mode-browser": "^3.0.15", - "@smithy/util-defaults-mode-node": "^3.0.15", - "@smithy/util-endpoints": "^2.0.5", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/util-defaults-mode-browser": "^3.0.23", + "@smithy/util-defaults-mode-node": "^3.0.23", + "@smithy/util-endpoints": "^2.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-retry": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -1253,19 +1283,20 @@ } }, "node_modules/@aws-sdk/core": { - "version": "3.635.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.635.0.tgz", - "integrity": "sha512-i1x/E/sgA+liUE1XJ7rj1dhyXpAKO1UKFUcTTHXok2ARjWTvszHnSXMOsB77aPbmn0fUp1JTx2kHUAZ1LVt5Bg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.679.0.tgz", + "integrity": "sha512-CS6PWGX8l4v/xyvX8RtXnBisdCa5+URzKd0L6GvHChype9qKUVxO/Gg6N/y43Hvg7MNWJt9FBPNWIxUB+byJwg==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^2.4.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/property-provider": "^3.1.3", - "@smithy/protocol-http": "^4.1.0", - "@smithy/signature-v4": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/util-middleware": "^3.0.3", + "@aws-sdk/types": "3.679.0", + "@smithy/core": "^2.4.8", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/property-provider": "^3.1.7", + "@smithy/protocol-http": "^4.1.4", + "@smithy/signature-v4": "^4.2.0", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/util-middleware": "^3.0.7", "fast-xml-parser": "4.4.1", "tslib": "^2.6.2" }, @@ -1274,14 +1305,15 @@ } }, "node_modules/@aws-sdk/credential-provider-env": { - "version": "3.620.1", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.620.1.tgz", - "integrity": "sha512-ExuILJ2qLW5ZO+rgkNRj0xiAipKT16Rk77buvPP8csR7kkCflT/gXTyzRe/uzIiETTxM7tr8xuO9MP/DQXqkfg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.679.0.tgz", + "integrity": "sha512-EdlTYbzMm3G7VUNAMxr9S1nC1qUNqhKlAxFU8E7cKsAe8Bp29CD5HAs3POc56AVo9GC4yRIS+/mtlZSmrckzUA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/types": "^3.3.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/property-provider": "^3.1.7", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1289,19 +1321,20 @@ } }, "node_modules/@aws-sdk/credential-provider-http": { - "version": "3.635.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.635.0.tgz", - "integrity": "sha512-iJyRgEjOCQlBMXqtwPLIKYc7Bsc6nqjrZybdMDenPDa+kmLg7xh8LxHsu9088e+2/wtLicE34FsJJIfzu3L82g==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.679.0.tgz", + "integrity": "sha512-ZoKLubW5DqqV1/2a3TSn+9sSKg0T8SsYMt1JeirnuLJF0mCoYFUaWMyvxxKuxPoqvUsaycxKru4GkpJ10ltNBw==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/property-provider": "^3.1.3", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/util-stream": "^3.1.3", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/fetch-http-handler": "^3.2.9", + "@smithy/node-http-handler": "^3.2.4", + "@smithy/property-provider": "^3.1.7", + "@smithy/protocol-http": "^4.1.4", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", + "@smithy/util-stream": "^3.1.9", "tslib": "^2.6.2" }, "engines": { @@ -1309,47 +1342,48 @@ } }, "node_modules/@aws-sdk/credential-provider-ini": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.637.0.tgz", - "integrity": "sha512-h+PFCWfZ0Q3Dx84SppET/TFpcQHmxFW8/oV9ArEvMilw4EBN+IlxgbL0CnHwjHW64szcmrM0mbebjEfHf4FXmw==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.682.0.tgz", + "integrity": "sha512-6eqWeHdK6EegAxqDdiCi215nT3QZPwukgWAYuVxNfJ/5m0/P7fAzF+D5kKVgByUvGJEbq/FEL8Fw7OBe64AA+g==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/credential-provider-env": "3.620.1", - "@aws-sdk/credential-provider-http": "3.635.0", - "@aws-sdk/credential-provider-process": "3.620.1", - "@aws-sdk/credential-provider-sso": "3.637.0", - "@aws-sdk/credential-provider-web-identity": "3.621.0", - "@aws-sdk/types": "3.609.0", - "@smithy/credential-provider-imds": "^3.2.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/credential-provider-env": "3.679.0", + "@aws-sdk/credential-provider-http": "3.679.0", + "@aws-sdk/credential-provider-process": "3.679.0", + "@aws-sdk/credential-provider-sso": "3.682.0", + "@aws-sdk/credential-provider-web-identity": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/credential-provider-imds": "^3.2.4", + "@smithy/property-provider": "^3.1.7", + "@smithy/shared-ini-file-loader": "^3.1.8", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { "node": ">=16.0.0" }, "peerDependencies": { - "@aws-sdk/client-sts": "^3.637.0" + "@aws-sdk/client-sts": "^3.682.0" } }, "node_modules/@aws-sdk/credential-provider-node": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.637.0.tgz", - "integrity": "sha512-yoEhoxJJfs7sPVQ6Is939BDQJZpZCoUgKr/ySse4YKOZ24t4VqgHA6+wV7rYh+7IW24Rd91UTvEzSuHYTlxlNA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.682.0.tgz", + "integrity": "sha512-HSmDqZcBVZrTctHCT9m++vdlDfJ1ARI218qmZa+TZzzOFNpKWy6QyHMEra45GB9GnkkMmV6unoDSPMuN0AqcMg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/credential-provider-env": "3.620.1", - "@aws-sdk/credential-provider-http": "3.635.0", - "@aws-sdk/credential-provider-ini": "3.637.0", - "@aws-sdk/credential-provider-process": "3.620.1", - "@aws-sdk/credential-provider-sso": "3.637.0", - "@aws-sdk/credential-provider-web-identity": "3.621.0", - "@aws-sdk/types": "3.609.0", - "@smithy/credential-provider-imds": "^3.2.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/credential-provider-env": "3.679.0", + "@aws-sdk/credential-provider-http": "3.679.0", + "@aws-sdk/credential-provider-ini": "3.682.0", + "@aws-sdk/credential-provider-process": "3.679.0", + "@aws-sdk/credential-provider-sso": "3.682.0", + "@aws-sdk/credential-provider-web-identity": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/credential-provider-imds": "^3.2.4", + "@smithy/property-provider": "^3.1.7", + "@smithy/shared-ini-file-loader": "^3.1.8", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1357,15 +1391,16 @@ } }, "node_modules/@aws-sdk/credential-provider-process": { - "version": "3.620.1", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.620.1.tgz", - "integrity": "sha512-hWqFMidqLAkaV9G460+1at6qa9vySbjQKKc04p59OT7lZ5cO5VH5S4aI05e+m4j364MBROjjk2ugNvfNf/8ILg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.679.0.tgz", + "integrity": "sha512-u/p4TV8kQ0zJWDdZD4+vdQFTMhkDEJFws040Gm113VHa/Xo1SYOjbpvqeuFoz6VmM0bLvoOWjxB9MxnSQbwKpQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/property-provider": "^3.1.7", + "@smithy/shared-ini-file-loader": "^3.1.8", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1373,17 +1408,18 @@ } }, "node_modules/@aws-sdk/credential-provider-sso": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.637.0.tgz", - "integrity": "sha512-Mvz+h+e62/tl+dVikLafhv+qkZJ9RUb8l2YN/LeKMWkxQylPT83CPk9aimVhCV89zth1zpREArl97+3xsfgQvA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.682.0.tgz", + "integrity": "sha512-h7IH1VsWgV6YAJSWWV6y8uaRjGqLY3iBpGZlXuTH/c236NMLaNv+WqCBLeBxkFGUb2WeQ+FUPEJDCD69rgLIkg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/client-sso": "3.637.0", - "@aws-sdk/token-providers": "3.614.0", - "@aws-sdk/types": "3.609.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/client-sso": "3.682.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/token-providers": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/property-provider": "^3.1.7", + "@smithy/shared-ini-file-loader": "^3.1.8", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1391,34 +1427,35 @@ } }, "node_modules/@aws-sdk/credential-provider-web-identity": { - "version": "3.621.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.621.0.tgz", - "integrity": "sha512-w7ASSyfNvcx7+bYGep3VBgC3K6vEdLmlpjT7nSIHxxQf+WSdvy+HynwJosrpZax0sK5q0D1Jpn/5q+r5lwwW6w==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.679.0.tgz", + "integrity": "sha512-a74tLccVznXCaBefWPSysUcLXYJiSkeUmQGtalNgJ1vGkE36W5l/8czFiiowdWdKWz7+x6xf0w+Kjkjlj42Ung==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/types": "^3.3.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@smithy/property-provider": "^3.1.7", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { "node": ">=16.0.0" }, "peerDependencies": { - "@aws-sdk/client-sts": "^3.621.0" + "@aws-sdk/client-sts": "^3.679.0" } }, "node_modules/@aws-sdk/middleware-bucket-endpoint": { - "version": "3.620.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.620.0.tgz", - "integrity": "sha512-eGLL0W6L3HDb3OACyetZYOWpHJ+gLo0TehQKeQyy2G8vTYXqNTeqYhuI6up9HVjBzU9eQiULVQETmgQs7TFaRg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.679.0.tgz", + "integrity": "sha512-5EpiPhhGgnF+uJR4DzWUk6Lx3pOn9oM6JGXxeHsiynfoBfq7vHMleq+uABHHSQS+y7XzbyZ7x8tXNQlliMwOsg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-arn-parser": "3.568.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-arn-parser": "3.679.0", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/protocol-http": "^4.1.4", + "@smithy/types": "^3.5.0", "@smithy/util-config-provider": "^3.0.0", "tslib": "^2.6.2" }, @@ -1427,14 +1464,14 @@ } }, "node_modules/@aws-sdk/middleware-expect-continue": { - "version": "3.620.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.620.0.tgz", - "integrity": "sha512-QXeRFMLfyQ31nAHLbiTLtk0oHzG9QLMaof5jIfqcUwnOkO8YnQdeqzakrg1Alpy/VQ7aqzIi8qypkBe2KXZz0A==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.679.0.tgz", + "integrity": "sha512-nYsh9PdWrF4EahTRdXHGlNud82RPc508CNGdh1lAGfPU3tNveGfMBX3PcGBtPOse3p9ebNKRWVmUc9eXSjGvHA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/protocol-http": "^4.1.4", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1442,17 +1479,20 @@ } }, "node_modules/@aws-sdk/middleware-flexible-checksums": { - "version": "3.620.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.620.0.tgz", - "integrity": "sha512-ftz+NW7qka2sVuwnnO1IzBku5ccP+s5qZGeRTPgrKB7OzRW85gthvIo1vQR2w+OwHFk7WJbbhhWwbCbktnP4UA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.682.0.tgz", + "integrity": "sha512-5u1STth6iZUtAvPDO0NJVYKUX2EYKU7v84MYYaZ3O27HphRjFqDos0keL2KTnHn/KmMD68rM3yiUareWR8hnAQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/crc32": "5.2.0", "@aws-crypto/crc32c": "5.2.0", - "@aws-sdk/types": "3.609.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", "@smithy/is-array-buffer": "^3.0.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/protocol-http": "^4.1.4", + "@smithy/types": "^3.5.0", + "@smithy/util-middleware": "^3.0.7", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -1461,14 +1501,14 @@ } }, "node_modules/@aws-sdk/middleware-host-header": { - "version": "3.620.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.620.0.tgz", - "integrity": "sha512-VMtPEZwqYrII/oUkffYsNWY9PZ9xpNJpMgmyU0rlDQ25O1c0Hk3fJmZRe6pEkAJ0omD7kLrqGl1DUjQVxpd/Rg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.679.0.tgz", + "integrity": "sha512-y176HuQ8JRY3hGX8rQzHDSbCl9P5Ny9l16z4xmaiLo+Qfte7ee4Yr3yaAKd7GFoJ3/Mhud2XZ37fR015MfYl2w==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/protocol-http": "^4.1.4", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1476,12 +1516,13 @@ } }, "node_modules/@aws-sdk/middleware-location-constraint": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.609.0.tgz", - "integrity": "sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.679.0.tgz", + "integrity": "sha512-SA1C1D3XgoKTGxyNsOqd016ONpk46xJLWDgJUd00Zb21Ox5wYCoY6aDRKiaMRW+1VfCJdezs1Do3XLyIU9KxyA==", + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1489,13 +1530,13 @@ } }, "node_modules/@aws-sdk/middleware-logger": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.609.0.tgz", - "integrity": "sha512-S62U2dy4jMDhDFDK5gZ4VxFdWzCtLzwbYyFZx2uvPYTECkepLUfzLic2BHg2Qvtu4QjX+oGE3P/7fwaGIsGNuQ==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.679.0.tgz", + "integrity": "sha512-0vet8InEj7nvIvGKk+ch7bEF5SyZ7Us9U7YTEgXPrBNStKeRUsgwRm0ijPWWd0a3oz2okaEwXsFl7G/vI0XiEA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1503,14 +1544,14 @@ } }, "node_modules/@aws-sdk/middleware-recursion-detection": { - "version": "3.620.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.620.0.tgz", - "integrity": "sha512-nh91S7aGK3e/o1ck64sA/CyoFw+gAYj2BDOnoNa6ouyCrVJED96ZXWbhye/fz9SgmNUZR2g7GdVpiLpMKZoI5w==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.679.0.tgz", + "integrity": "sha512-sQoAZFsQiW/LL3DfKMYwBoGjYDEnMbA9WslWN8xneCmBAwKo6IcSksvYs23PP8XMIoBGe2I2J9BSr654XWygTQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/protocol-http": "^4.1.4", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1518,18 +1559,18 @@ } }, "node_modules/@aws-sdk/middleware-sdk-ec2": { - "version": "3.635.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-ec2/-/middleware-sdk-ec2-3.635.0.tgz", - "integrity": "sha512-XsHvRUOqTyIV9M9uKMBS/8Hd5pW8RNTo3vlouQy1RDON8/LynevZ+RN5bo22iKrtOPM4J5j0YAcntUopWb1ljg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-ec2/-/middleware-sdk-ec2-3.679.0.tgz", + "integrity": "sha512-29mxCB6avpcDluuLorL4Fd1QoawaqpGRPgiG2cDE29lwyg50WPNl3NOugvkcNxYqd3ZHHz4fpyPf/3qKCBmMMQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-format-url": "3.609.0", - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/signature-v4": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-format-url": "3.679.0", + "@smithy/middleware-endpoint": "^3.1.4", + "@smithy/protocol-http": "^4.1.4", + "@smithy/signature-v4": "^4.2.0", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1537,23 +1578,23 @@ } }, "node_modules/@aws-sdk/middleware-sdk-s3": { - "version": "3.635.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.635.0.tgz", - "integrity": "sha512-RLdYJPEV4JL/7NBoFUs7VlP90X++5FlJdxHz0DzCjmiD3qCviKy+Cym3qg1gBgHwucs5XisuClxDrGokhAdTQw==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.682.0.tgz", + "integrity": "sha512-Tqndx8elRD4xDR8f5Cng6jpZ/odcm1ZTOtGRFMzHgOCij4BeMf4+/+ecQScobcrAZpUTCUTCzaTvdCdJw8MYJA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "3.635.0", - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-arn-parser": "3.568.0", - "@smithy/core": "^2.4.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/signature-v4": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-arn-parser": "3.679.0", + "@smithy/core": "^2.4.8", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/protocol-http": "^4.1.4", + "@smithy/signature-v4": "^4.2.0", + "@smithy/smithy-client": "^3.4.0", + "@smithy/types": "^3.5.0", "@smithy/util-config-provider": "^3.0.0", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-stream": "^3.1.3", + "@smithy/util-middleware": "^3.0.7", + "@smithy/util-stream": "^3.1.9", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -1562,12 +1603,13 @@ } }, "node_modules/@aws-sdk/middleware-ssec": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.609.0.tgz", - "integrity": "sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.679.0.tgz", + "integrity": "sha512-4GNUxXbs1M71uFHRiCAZtN0/g23ogI9YjMe5isAuYMHXwDB3MhqF7usKf954mBP6tplvN44vYlbJ84faaLrTtg==", + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1575,15 +1617,17 @@ } }, "node_modules/@aws-sdk/middleware-user-agent": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.637.0.tgz", - "integrity": "sha512-EYo0NE9/da/OY8STDsK2LvM4kNa79DBsf4YVtaG4P5pZ615IeFsD8xOHZeuJmUrSMlVQ8ywPRX7WMucUybsKug==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.682.0.tgz", + "integrity": "sha512-7TyvYR9HdGH1/Nq0eeApUTM4izB6rExiw87khVYuJwZHr6FmvIL1FsOVFro/4WlXa0lg4LiYOm/8H8dHv+fXTg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@aws-sdk/util-endpoints": "3.637.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/core": "3.679.0", + "@aws-sdk/types": "3.679.0", + "@aws-sdk/util-endpoints": "3.679.0", + "@smithy/core": "^2.4.8", + "@smithy/protocol-http": "^4.1.4", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1591,16 +1635,16 @@ } }, "node_modules/@aws-sdk/region-config-resolver": { - "version": "3.614.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.614.0.tgz", - "integrity": "sha512-vDCeMXvic/LU0KFIUjpC3RiSTIkkvESsEfbVHiHH0YINfl8HnEqR5rj+L8+phsCeVg2+LmYwYxd5NRz4PHxt5g==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.679.0.tgz", + "integrity": "sha512-Ybx54P8Tg6KKq5ck7uwdjiKif7n/8g1x+V0V9uTjBjRWqaIgiqzXwKWoPj6NCNkE7tJNtqI4JrNxp/3S3HvmRw==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/types": "^3.5.0", "@smithy/util-config-provider": "^3.0.0", - "@smithy/util-middleware": "^3.0.3", + "@smithy/util-middleware": "^3.0.7", "tslib": "^2.6.2" }, "engines": { @@ -1608,16 +1652,16 @@ } }, "node_modules/@aws-sdk/signature-v4-multi-region": { - "version": "3.635.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.635.0.tgz", - "integrity": "sha512-J6QY4/invOkpogCHjSaDON1hF03viPpOnsrzVuCvJMmclS/iG62R4EY0wq1alYll0YmSdmKlpJwHMWwGtqK63Q==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.682.0.tgz", + "integrity": "sha512-y7RAQSCb9pH8wCX5We9UXfiqPVwBLLvSljhuXC31mibHmYaZnpNEwHiQlRNQPblyaNpiKnXXQ0H3Ns3FDyDYdQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/middleware-sdk-s3": "3.635.0", - "@aws-sdk/types": "3.609.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/signature-v4": "^4.1.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/middleware-sdk-s3": "3.682.0", + "@aws-sdk/types": "3.679.0", + "@smithy/protocol-http": "^4.1.4", + "@smithy/signature-v4": "^4.2.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1625,31 +1669,31 @@ } }, "node_modules/@aws-sdk/token-providers": { - "version": "3.614.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.614.0.tgz", - "integrity": "sha512-okItqyY6L9IHdxqs+Z116y5/nda7rHxLvROxtAJdLavWTYDydxrZstImNgGWTeVdmc0xX2gJCI77UYUTQWnhRw==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.679.0.tgz", + "integrity": "sha512-1/+Zso/x2jqgutKixYFQEGli0FELTgah6bm7aB+m2FAWH4Hz7+iMUsazg6nSWm714sG9G3h5u42Dmpvi9X6/hA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/property-provider": "^3.1.3", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/property-provider": "^3.1.7", + "@smithy/shared-ini-file-loader": "^3.1.8", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { "node": ">=16.0.0" }, "peerDependencies": { - "@aws-sdk/client-sso-oidc": "^3.614.0" + "@aws-sdk/client-sso-oidc": "^3.679.0" } }, "node_modules/@aws-sdk/types": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.609.0.tgz", - "integrity": "sha512-+Tqnh9w0h2LcrUsdXyT1F8mNhXz+tVYBtP19LpeEGntmvHwa2XzvLUCWpoIAIVsHp5+HdB2X9Sn0KAtmbFXc2Q==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.679.0.tgz", + "integrity": "sha512-NwVq8YvInxQdJ47+zz4fH3BRRLC6lL+WLkvr242PVBbUOLRyK/lkwHlfiKUoeVIMyK5NF+up6TRg71t/8Bny6Q==", "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1657,9 +1701,9 @@ } }, "node_modules/@aws-sdk/util-arn-parser": { - "version": "3.568.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", - "integrity": "sha512-XUKJWWo+KOB7fbnPP0+g/o5Ulku/X53t7i/h+sPHr5xxYTJJ9CYnbToo95mzxe7xWvkLrsNtJ8L+MnNn9INs2w==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.679.0.tgz", + "integrity": "sha512-CwzEbU8R8rq9bqUFryO50RFBlkfufV9UfMArHPWlo+lmsC+NlSluHQALoj6Jkq3zf5ppn1CN0c1DDLrEqdQUXg==", "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" @@ -1669,14 +1713,14 @@ } }, "node_modules/@aws-sdk/util-endpoints": { - "version": "3.637.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.637.0.tgz", - "integrity": "sha512-pAqOKUHeVWHEXXDIp/qoMk/6jyxIb6GGjnK1/f8dKHtKIEs4tKsnnL563gceEvdad53OPXIt86uoevCcCzmBnw==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.679.0.tgz", + "integrity": "sha512-YL6s4Y/1zC45OvddvgE139fjeWSKKPgLlnfrvhVL7alNyY9n7beR4uhoDpNrt5mI6sn9qiBF17790o+xLAXjjg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/types": "^3.3.0", - "@smithy/util-endpoints": "^2.0.5", + "@aws-sdk/types": "3.679.0", + "@smithy/types": "^3.5.0", + "@smithy/util-endpoints": "^2.1.3", "tslib": "^2.6.2" }, "engines": { @@ -1684,14 +1728,14 @@ } }, "node_modules/@aws-sdk/util-format-url": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-format-url/-/util-format-url-3.609.0.tgz", - "integrity": "sha512-fuk29BI/oLQlJ7pfm6iJ4gkEpHdavffAALZwXh9eaY1vQ0ip0aKfRTiNudPoJjyyahnz5yJ1HkmlcDitlzsOrQ==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-format-url/-/util-format-url-3.679.0.tgz", + "integrity": "sha512-pqV1b/hJ/kumtF8AwObJ7bsGgs/2zuAdZtalSD8Pu4jdjOji3IBwP79giAHyhVwoXaMjkpG3mG4ldn9CVtzZJA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/querystring-builder": "^3.0.3", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/querystring-builder": "^3.0.7", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1710,26 +1754,27 @@ } }, "node_modules/@aws-sdk/util-user-agent-browser": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.609.0.tgz", - "integrity": "sha512-fojPU+mNahzQ0YHYBsx0ZIhmMA96H+ZIZ665ObU9tl+SGdbLneVZVikGve+NmHTQwHzwkFsZYYnVKAkreJLAtA==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.679.0.tgz", + "integrity": "sha512-CusSm2bTBG1kFypcsqU8COhnYc6zltobsqs3nRrvYqYaOqtMnuE46K4XTWpnzKgwDejgZGOE+WYyprtAxrPvmQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/types": "^3.3.0", + "@aws-sdk/types": "3.679.0", + "@smithy/types": "^3.5.0", "bowser": "^2.11.0", "tslib": "^2.6.2" } }, "node_modules/@aws-sdk/util-user-agent-node": { - "version": "3.614.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.614.0.tgz", - "integrity": "sha512-15ElZT88peoHnq5TEoEtZwoXTXRxNrk60TZNdpl/TUBJ5oNJ9Dqb5Z4ryb8ofN6nm9aFf59GVAerFDz8iUoHBA==", + "version": "3.682.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.682.0.tgz", + "integrity": "sha512-so5s+j0gPoTS0HM4HPL+G0ajk0T6cQAg8JXzRgvyiQAxqie+zGCZAV3VuVeMNWMVbzsgZl0pYZaatPFTLG/AxA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.609.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/types": "^3.3.0", + "@aws-sdk/middleware-user-agent": "3.682.0", + "@aws-sdk/types": "3.679.0", + "@smithy/node-config-provider": "^3.1.8", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1745,11 +1790,12 @@ } }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.609.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.609.0.tgz", - "integrity": "sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==", + "version": "3.679.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.679.0.tgz", + "integrity": "sha512-nPmhVZb39ty5bcQ7mAwtjezBcsBqTYZ9A2D9v/lE92KCLdu5RhSkPH7O71ZqbZx1mUSg9fAOxHPiG79U5VlpLQ==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.5.0", "tslib": "^2.6.2" }, "engines": { @@ -1772,7 +1818,7 @@ "constructs": "^10.0.0" } }, - "node_modules/@aws-solutions-constructs/core": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core": { "version": "2.65.0", "resolved": "https://registry.npmjs.org/@aws-solutions-constructs/core/-/core-2.65.0.tgz", "integrity": "sha512-HMXWwTKJlVh6pR1OXVREqpIMF7U6E0Ue+UlCs7+dbBV9fSq5d7gIoeo4XSPSiUgINVnp/veqsGR8Twe4Rvc13A==", @@ -1794,7 +1840,7 @@ "constructs": "^10.0.0" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/ansi-regex": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/ansi-regex": { "version": "5.0.1", "inBundle": true, "license": "MIT", @@ -1802,12 +1848,12 @@ "node": ">=8" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/aproba": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/aproba": { "version": "2.0.0", "inBundle": true, "license": "ISC" }, - "node_modules/@aws-solutions-constructs/core/node_modules/are-we-there-yet": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/are-we-there-yet": { "version": "4.0.2", "inBundle": true, "license": "ISC", @@ -1815,7 +1861,7 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/color-support": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/color-support": { "version": "1.1.3", "inBundle": true, "license": "ISC", @@ -1823,17 +1869,17 @@ "color-support": "bin.js" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/console-control-strings": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/console-control-strings": { "version": "1.1.0", "inBundle": true, "license": "ISC" }, - "node_modules/@aws-solutions-constructs/core/node_modules/deep-diff": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/deep-diff": { "version": "1.0.2", "inBundle": true, "license": "MIT" }, - "node_modules/@aws-solutions-constructs/core/node_modules/deepmerge": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/deepmerge": { "version": "4.3.1", "inBundle": true, "license": "MIT", @@ -1841,12 +1887,12 @@ "node": ">=0.10.0" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/emoji-regex": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/emoji-regex": { "version": "8.0.0", "inBundle": true, "license": "MIT" }, - "node_modules/@aws-solutions-constructs/core/node_modules/gauge": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/gauge": { "version": "5.0.2", "inBundle": true, "license": "ISC", @@ -1864,12 +1910,12 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/has-unicode": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/has-unicode": { "version": "2.0.1", "inBundle": true, "license": "ISC" }, - "node_modules/@aws-solutions-constructs/core/node_modules/is-fullwidth-code-point": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/is-fullwidth-code-point": { "version": "3.0.0", "inBundle": true, "license": "MIT", @@ -1877,7 +1923,7 @@ "node": ">=8" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/npmlog": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/npmlog": { "version": "7.0.1", "inBundle": true, "license": "ISC", @@ -1891,12 +1937,12 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/set-blocking": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/set-blocking": { "version": "2.0.0", "inBundle": true, "license": "ISC" }, - "node_modules/@aws-solutions-constructs/core/node_modules/signal-exit": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/signal-exit": { "version": "4.1.0", "inBundle": true, "license": "ISC", @@ -1907,7 +1953,7 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/string-width": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/string-width": { "version": "4.2.3", "inBundle": true, "license": "MIT", @@ -1920,7 +1966,7 @@ "node": ">=8" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/strip-ansi": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/strip-ansi": { "version": "6.0.1", "inBundle": true, "license": "MIT", @@ -1931,7 +1977,7 @@ "node": ">=8" } }, - "node_modules/@aws-solutions-constructs/core/node_modules/wide-align": { + "node_modules/@aws-solutions-constructs/aws-eventbridge-stepfunctions/node_modules/@aws-solutions-constructs/core/node_modules/wide-align": { "version": "1.1.5", "inBundle": true, "license": "ISC", @@ -1940,11 +1986,13 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.7.tgz", - "integrity": "sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA==", + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.0.tgz", + "integrity": "sha512-INCKxTtbXtcNbUZ3YXutwMpEleqttcswhAdee7dhuoVrD2cnuc3PqtERBtxkX5nziX9vnBL8WXmSGwv8CuPV6g==", + "license": "MIT", "dependencies": { - "@babel/highlight": "^7.24.7", + "@babel/helper-validator-identifier": "^7.25.9", + "js-tokens": "^4.0.0", "picocolors": "^1.0.0" }, "engines": { @@ -2000,15 +2048,16 @@ } }, "node_modules/@babel/generator": { - "version": "7.25.6", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.6.tgz", - "integrity": "sha512-VPC82gr1seXOpkjAAKoLhP50vx4vGNlF4msF64dSFq1P8RfB+QAuJWGHPXXPc8QyfVWwwB/TNNU4+ayZmHNbZw==", + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.0.tgz", + "integrity": "sha512-/AIkAmInnWwgEAJGQr9vY0c66Mj6kjkE2ZPB1PurTRaRAh3U+J45sAQMjQDJdh4WbR3l0x5xkimXBKyBXXAu2w==", "license": "MIT", "dependencies": { - "@babel/types": "^7.25.6", + "@babel/parser": "^7.26.0", + "@babel/types": "^7.26.0", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", - "jsesc": "^2.5.1" + "jsesc": "^3.0.2" }, "engines": { "node": ">=6.9.0" @@ -2118,18 +2167,19 @@ } }, "node_modules/@babel/helper-string-parser": { - "version": "7.24.8", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.8.tgz", - "integrity": "sha512-pO9KhhRcuUyGnJWwyEgnRJTSIZHiT+vMD0kPeD+so0l7mxkMT19g3pjY9GTnHySck/hDzq+dtW/4VgnMkippsQ==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz", + "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==", "license": "MIT", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz", - "integrity": "sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz", + "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==", + "license": "MIT", "engines": { "node": ">=6.9.0" } @@ -2156,27 +2206,13 @@ "node": ">=6.9.0" } }, - "node_modules/@babel/highlight": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.7.tgz", - "integrity": "sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw==", - "dependencies": { - "@babel/helper-validator-identifier": "^7.24.7", - "chalk": "^2.4.2", - "js-tokens": "^4.0.0", - "picocolors": "^1.0.0" - }, - "engines": { - "node": ">=6.9.0" - } - }, "node_modules/@babel/parser": { - "version": "7.25.6", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.6.tgz", - "integrity": "sha512-trGdfBdbD0l1ZPmcJ83eNxB9rbEax4ALFTF7fN386TMYbeCQbyme5cOEXQhbGXKebwGaB/J52w1mrklMcbgy6Q==", + "version": "7.26.1", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.1.tgz", + "integrity": "sha512-reoQYNiAJreZNsJzyrDNzFQ+IQ5JFiIzAHJg9bn94S3l+4++J7RsIhNMoB+lgP/9tpmiAQqspv+xfdxTSzREOw==", "license": "MIT", "dependencies": { - "@babel/types": "^7.25.6" + "@babel/types": "^7.26.0" }, "bin": { "parser": "bin/babel-parser.js" @@ -2363,30 +2399,30 @@ } }, "node_modules/@babel/template": { - "version": "7.25.0", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.0.tgz", - "integrity": "sha512-aOOgh1/5XzKvg1jvVz7AVrx2piJ2XBi227DHmbY6y+bM9H2FlN+IfecYu4Xl0cNiiVejlsCri89LUsbj8vJD9Q==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.9.tgz", + "integrity": "sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.24.7", - "@babel/parser": "^7.25.0", - "@babel/types": "^7.25.0" + "@babel/code-frame": "^7.25.9", + "@babel/parser": "^7.25.9", + "@babel/types": "^7.25.9" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.25.6", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.6.tgz", - "integrity": "sha512-9Vrcx5ZW6UwK5tvqsj0nGpp/XzqthkT0dqIc9g1AdtygFToNtTF67XzYS//dm+SAK9cp3B9R4ZO/46p63SCjlQ==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.9.tgz", + "integrity": "sha512-ZCuvfwOwlz/bawvAuvcj8rrithP2/N55Tzz342AkTvq4qaWbGfmCk/tKhNaV2cthijKrPAA8SRJV5WWe7IBMJw==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.24.7", - "@babel/generator": "^7.25.6", - "@babel/parser": "^7.25.6", - "@babel/template": "^7.25.0", - "@babel/types": "^7.25.6", + "@babel/code-frame": "^7.25.9", + "@babel/generator": "^7.25.9", + "@babel/parser": "^7.25.9", + "@babel/template": "^7.25.9", + "@babel/types": "^7.25.9", "debug": "^4.3.1", "globals": "^11.1.0" }, @@ -2395,14 +2431,13 @@ } }, "node_modules/@babel/types": { - "version": "7.25.6", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.6.tgz", - "integrity": "sha512-/l42B1qxpG6RdfYf343Uw1vmDjeNhneUXtzhojE7pDgfpEypmRhI6j1kr17XCVv4Cgl9HdAiQY2x0GwKm7rWCw==", + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.0.tgz", + "integrity": "sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA==", "license": "MIT", "dependencies": { - "@babel/helper-string-parser": "^7.24.8", - "@babel/helper-validator-identifier": "^7.24.7", - "to-fast-properties": "^2.0.0" + "@babel/helper-string-parser": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9" }, "engines": { "node": ">=6.9.0" @@ -2560,9 +2595,9 @@ } }, "node_modules/@eslint/js": { - "version": "8.57.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", - "integrity": "sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==", + "version": "8.57.1", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.1.tgz", + "integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==", "dev": true, "license": "MIT", "engines": { @@ -2570,14 +2605,14 @@ } }, "node_modules/@humanwhocodes/config-array": { - "version": "0.11.14", - "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", - "integrity": "sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==", + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz", + "integrity": "sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==", "deprecated": "Use @eslint/config-array instead", "dev": true, "license": "Apache-2.0", "dependencies": { - "@humanwhocodes/object-schema": "^2.0.2", + "@humanwhocodes/object-schema": "^2.0.3", "debug": "^4.3.1", "minimatch": "^3.0.5" }, @@ -3363,9 +3398,10 @@ } }, "node_modules/@slack/types": { - "version": "2.12.0", - "resolved": "https://registry.npmjs.org/@slack/types/-/types-2.12.0.tgz", - "integrity": "sha512-yFewzUomYZ2BYaGJidPuIgjoYj5wqPDmi7DLSaGIkf+rCi4YZ2Z3DaiYIbz7qb/PL2NmamWjCvB7e9ArI5HkKg==", + "version": "2.14.0", + "resolved": "https://registry.npmjs.org/@slack/types/-/types-2.14.0.tgz", + "integrity": "sha512-n0EGm7ENQRxlXbgKSrQZL69grzg1gHLAVd+GlRVQJ1NSORo0FrApR7wql/gaKdu2n4TO83Sq/AmeUOqD60aXUA==", + "license": "MIT", "engines": { "node": ">= 12.13.0", "npm": ">= 6.12.0" @@ -3387,11 +3423,12 @@ } }, "node_modules/@smithy/abort-controller": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.1.tgz", - "integrity": "sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.6.tgz", + "integrity": "sha512-0XuhuHQlEqbNQZp7QxxrFTdVWdwxch4vjxYgfInF91hZFkPxf9QDrdQka0KfxFMPqLNzSw0b95uGTrLliQUavQ==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3399,32 +3436,34 @@ } }, "node_modules/@smithy/chunked-blob-reader": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", - "integrity": "sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-4.0.0.tgz", + "integrity": "sha512-jSqRnZvkT4egkq/7b6/QRCNXmmYVcHwnJldqJ3IhVpQE2atObVJ137xmGeuGFhjFUr8gCEVAOKwSY79OvpbDaQ==", + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" } }, "node_modules/@smithy/chunked-blob-reader-native": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", - "integrity": "sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.1.tgz", + "integrity": "sha512-VEYtPvh5rs/xlyqpm5NRnfYLZn+q0SRPELbvBV+C/G7IQ+ouTuo+NKKa3ShG5OaFR8NYVMXls9hPYLTvIKKDrQ==", + "license": "Apache-2.0", "dependencies": { "@smithy/util-base64": "^3.0.0", "tslib": "^2.6.2" } }, "node_modules/@smithy/config-resolver": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.5.tgz", - "integrity": "sha512-SkW5LxfkSI1bUC74OtfBbdz+grQXYiPYolyu8VfpLIjEoN/sHVBlLeGXMQ1vX4ejkgfv6sxVbQJ32yF2cl1veA==", + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.10.tgz", + "integrity": "sha512-Uh0Sz9gdUuz538nvkPiyv1DZRX9+D15EKDtnQP5rYVAzM/dnYk3P8cg73jcxyOitPgT3mE3OVj7ky7sibzHWkw==", "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^3.1.4", - "@smithy/types": "^3.3.0", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/types": "^3.6.0", "@smithy/util-config-provider": "^3.0.0", - "@smithy/util-middleware": "^3.0.3", + "@smithy/util-middleware": "^3.0.8", "tslib": "^2.6.2" }, "engines": { @@ -3432,19 +3471,17 @@ } }, "node_modules/@smithy/core": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.4.0.tgz", - "integrity": "sha512-cHXq+FneIF/KJbt4q4pjN186+Jf4ZB0ZOqEaZMBhT79srEyGDDBV31NqBRBjazz8ppQ1bJbDJMY9ba5wKFV36w==", + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.5.1.tgz", + "integrity": "sha512-DujtuDA7BGEKExJ05W5OdxCoyekcKT3Rhg1ZGeiUWaz2BJIWXjZmsG/DIP4W48GHno7AQwRsaCb8NcBgH3QZpg==", "license": "Apache-2.0", "dependencies": { - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-retry": "^3.0.15", - "@smithy/middleware-serde": "^3.0.3", - "@smithy/protocol-http": "^4.1.0", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", + "@smithy/middleware-serde": "^3.0.8", + "@smithy/protocol-http": "^4.1.5", + "@smithy/types": "^3.6.0", "@smithy/util-body-length-browser": "^3.0.0", - "@smithy/util-middleware": "^3.0.3", + "@smithy/util-middleware": "^3.0.8", + "@smithy/util-stream": "^3.2.1", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -3453,15 +3490,15 @@ } }, "node_modules/@smithy/credential-provider-imds": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.0.tgz", - "integrity": "sha512-0SCIzgd8LYZ9EJxUjLXBmEKSZR/P/w6l7Rz/pab9culE/RWuqelAKGJvn5qUOl8BgX8Yj5HWM50A5hiB/RzsgA==", + "version": "3.2.5", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.5.tgz", + "integrity": "sha512-4FTQGAsuwqTzVMmiRVTn0RR9GrbRfkP0wfu/tXWVHd2LgNpTY0uglQpIScXK4NaEyXbB3JmZt8gfVqO50lP8wg==", "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^3.1.4", - "@smithy/property-provider": "^3.1.3", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/property-provider": "^3.1.8", + "@smithy/types": "^3.6.0", + "@smithy/url-parser": "^3.0.8", "tslib": "^2.6.2" }, "engines": { @@ -3469,25 +3506,25 @@ } }, "node_modules/@smithy/eventstream-codec": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.2.tgz", - "integrity": "sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.7.tgz", + "integrity": "sha512-kVSXScIiRN7q+s1x7BrQtZ1Aa9hvvP9FeCqCdBxv37GimIHgBCOnZ5Ip80HLt0DhnAKpiobFdGqTFgbaJNrazA==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/crc32": "5.2.0", - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "@smithy/util-hex-encoding": "^3.0.0", "tslib": "^2.6.2" } }, "node_modules/@smithy/eventstream-serde-browser": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.6.tgz", - "integrity": "sha512-2hM54UWQUOrki4BtsUI1WzmD13/SeaqT/AB3EUJKbcver/WgKNaiJ5y5F5XXuVe6UekffVzuUDrBZVAA3AWRpQ==", + "version": "3.0.11", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.11.tgz", + "integrity": "sha512-Pd1Wnq3CQ/v2SxRifDUihvpXzirJYbbtXfEnnLV/z0OGCTx/btVX74P86IgrZkjOydOASBGXdPpupYQI+iO/6A==", "license": "Apache-2.0", "dependencies": { - "@smithy/eventstream-serde-universal": "^3.0.5", - "@smithy/types": "^3.3.0", + "@smithy/eventstream-serde-universal": "^3.0.10", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3495,11 +3532,12 @@ } }, "node_modules/@smithy/eventstream-serde-config-resolver": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.3.tgz", - "integrity": "sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.8.tgz", + "integrity": "sha512-zkFIG2i1BLbfoGQnf1qEeMqX0h5qAznzaZmMVNnvPZz9J5AWBPkOMckZWPedGUPcVITacwIdQXoPcdIQq5FRcg==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3507,13 +3545,13 @@ } }, "node_modules/@smithy/eventstream-serde-node": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.5.tgz", - "integrity": "sha512-+upXvnHNyZP095s11jF5dhGw/Ihzqwl5G+/KtMnoQOpdfC3B5HYCcDVG9EmgkhJMXJlM64PyN5gjJl0uXFQehQ==", + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.10.tgz", + "integrity": "sha512-hjpU1tIsJ9qpcoZq9zGHBJPBOeBGYt+n8vfhDwnITPhEre6APrvqq/y3XMDEGUT2cWQ4ramNqBPRbx3qn55rhw==", "license": "Apache-2.0", "dependencies": { - "@smithy/eventstream-serde-universal": "^3.0.5", - "@smithy/types": "^3.3.0", + "@smithy/eventstream-serde-universal": "^3.0.10", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3521,13 +3559,13 @@ } }, "node_modules/@smithy/eventstream-serde-universal": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.5.tgz", - "integrity": "sha512-5u/nXbyoh1s4QxrvNre9V6vfyoLWuiVvvd5TlZjGThIikc3G+uNiG9uOTCWweSRjv1asdDIWK7nOmN7le4RYHQ==", + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.10.tgz", + "integrity": "sha512-ewG1GHbbqsFZ4asaq40KmxCmXO+AFSM1b+DcO2C03dyJj/ZH71CiTg853FSE/3SHK9q3jiYQIFjlGSwfxQ9kww==", "license": "Apache-2.0", "dependencies": { - "@smithy/eventstream-codec": "^3.1.2", - "@smithy/types": "^3.3.0", + "@smithy/eventstream-codec": "^3.1.7", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3535,35 +3573,37 @@ } }, "node_modules/@smithy/fetch-http-handler": { - "version": "3.2.4", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.4.tgz", - "integrity": "sha512-kBprh5Gs5h7ug4nBWZi1FZthdqSM+T7zMmsZxx0IBvWUn7dK3diz2SHn7Bs4dQGFDk8plDv375gzenDoNwrXjg==", + "version": "3.2.9", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.9.tgz", + "integrity": "sha512-hYNVQOqhFQ6vOpenifFME546f0GfJn2OiQ3M0FDmuUu8V/Uiwy2wej7ZXxFBNqdx0R5DZAqWM1l6VRhGz8oE6A==", "license": "Apache-2.0", "dependencies": { - "@smithy/protocol-http": "^4.1.0", - "@smithy/querystring-builder": "^3.0.3", - "@smithy/types": "^3.3.0", + "@smithy/protocol-http": "^4.1.4", + "@smithy/querystring-builder": "^3.0.7", + "@smithy/types": "^3.5.0", "@smithy/util-base64": "^3.0.0", "tslib": "^2.6.2" } }, "node_modules/@smithy/hash-blob-browser": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.2.tgz", - "integrity": "sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.7.tgz", + "integrity": "sha512-4yNlxVNJifPM5ThaA5HKnHkn7JhctFUHvcaz6YXxHlYOSIrzI6VKQPTN8Gs1iN5nqq9iFcwIR9THqchUCouIfg==", + "license": "Apache-2.0", "dependencies": { - "@smithy/chunked-blob-reader": "^3.0.0", - "@smithy/chunked-blob-reader-native": "^3.0.0", - "@smithy/types": "^3.3.0", + "@smithy/chunked-blob-reader": "^4.0.0", + "@smithy/chunked-blob-reader-native": "^3.0.1", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" } }, "node_modules/@smithy/hash-node": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.3.tgz", - "integrity": "sha512-2ctBXpPMG+B3BtWSGNnKELJ7SH9e4TNefJS0cd2eSkOOROeBnnVBnAy9LtJ8tY4vUEoe55N4CNPxzbWvR39iBw==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.8.tgz", + "integrity": "sha512-tlNQYbfpWXHimHqrvgo14DrMAgUBua/cNoz9fMYcDmYej7MAmUcjav/QKQbFc3NrcPxeJ7QClER4tWZmfwoPng==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "@smithy/util-buffer-from": "^3.0.0", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" @@ -3573,11 +3613,12 @@ } }, "node_modules/@smithy/hash-stream-node": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.2.tgz", - "integrity": "sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.7.tgz", + "integrity": "sha512-xMAsvJ3hLG63lsBVi1Hl6BBSfhd8/Qnp8fC06kjOpJvyyCEXdwHITa5Kvdsk6gaAXLhbZMhQMIGvgUbfnJDP6Q==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" }, @@ -3586,11 +3627,12 @@ } }, "node_modules/@smithy/invalid-dependency": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.3.tgz", - "integrity": "sha512-ID1eL/zpDULmHJbflb864k72/SNOZCADRc9i7Exq3RUNJw6raWUSlFEQ+3PX3EYs++bTxZB2dE9mEHTQLv61tw==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.8.tgz", + "integrity": "sha512-7Qynk6NWtTQhnGTTZwks++nJhQ1O54Mzi7fz4PqZOiYXb4Z1Flpb2yRvdALoggTS8xjtohWUM+RygOtB30YL3Q==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" } }, @@ -3606,27 +3648,29 @@ } }, "node_modules/@smithy/md5-js": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.3.tgz", - "integrity": "sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.8.tgz", + "integrity": "sha512-LwApfTK0OJ/tCyNUXqnWCKoE2b4rDSr4BJlDAVCkiWYeHESr+y+d5zlAanuLW6fnitVJRD/7d9/kN/ZM9Su4mA==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" } }, "node_modules/@smithy/middleware-compression": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/@smithy/middleware-compression/-/middleware-compression-3.0.7.tgz", - "integrity": "sha512-ide8RSj0HWHq8uGryx1PuhI/0p+xgrrG+atDBgmv1ScIVIBrH7hqk2cfXyZ3+zQYeD2z95iDn75U1BHwlSwhag==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@smithy/middleware-compression/-/middleware-compression-3.1.1.tgz", + "integrity": "sha512-4DTraaYI7sNO1JqJrWWWd8/rlwfffrEV2EmYBp6DEj6FCbX0AFp0BaWvC4TuJhJR8+wpjDwJ//sACpWR3Zoiew==", "license": "Apache-2.0", "dependencies": { + "@smithy/core": "^2.5.1", "@smithy/is-array-buffer": "^3.0.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/protocol-http": "^4.1.5", + "@smithy/types": "^3.6.0", "@smithy/util-config-provider": "^3.0.0", - "@smithy/util-middleware": "^3.0.3", + "@smithy/util-middleware": "^3.0.8", "@smithy/util-utf8": "^3.0.0", "fflate": "0.8.1", "tslib": "^2.6.2" @@ -3636,13 +3680,13 @@ } }, "node_modules/@smithy/middleware-content-length": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.5.tgz", - "integrity": "sha512-ILEzC2eyxx6ncej3zZSwMpB5RJ0zuqH7eMptxC4KN3f+v9bqT8ohssKbhNR78k/2tWW+KS5Spw+tbPF4Ejyqvw==", + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.10.tgz", + "integrity": "sha512-T4dIdCs1d/+/qMpwhJ1DzOhxCZjZHbHazEPJWdB4GDi2HjIZllVzeBEcdJUN0fomV8DURsgOyrbEUzg3vzTaOg==", "license": "Apache-2.0", "dependencies": { - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@smithy/protocol-http": "^4.1.5", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3650,17 +3694,18 @@ } }, "node_modules/@smithy/middleware-endpoint": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.1.0.tgz", - "integrity": "sha512-5y5aiKCEwg9TDPB4yFE7H6tYvGFf1OJHNczeY10/EFF8Ir8jZbNntQJxMWNfeQjC1mxPsaQ6mR9cvQbf+0YeMw==", + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.2.1.tgz", + "integrity": "sha512-wWO3xYmFm6WRW8VsEJ5oU6h7aosFXfszlz3Dj176pTij6o21oZnzkCLzShfmRaaCHDkBXWBdO0c4sQAvLFP6zA==", "license": "Apache-2.0", "dependencies": { - "@smithy/middleware-serde": "^3.0.3", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", - "@smithy/url-parser": "^3.0.3", - "@smithy/util-middleware": "^3.0.3", + "@smithy/core": "^2.5.1", + "@smithy/middleware-serde": "^3.0.8", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/shared-ini-file-loader": "^3.1.9", + "@smithy/types": "^3.6.0", + "@smithy/url-parser": "^3.0.8", + "@smithy/util-middleware": "^3.0.8", "tslib": "^2.6.2" }, "engines": { @@ -3668,18 +3713,18 @@ } }, "node_modules/@smithy/middleware-retry": { - "version": "3.0.15", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.15.tgz", - "integrity": "sha512-iTMedvNt1ApdvkaoE8aSDuwaoc+BhvHqttbA/FO4Ty+y/S5hW6Ci/CTScG7vam4RYJWZxdTElc3MEfHRVH6cgQ==", + "version": "3.0.25", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.25.tgz", + "integrity": "sha512-m1F70cPaMBML4HiTgCw5I+jFNtjgz5z5UdGnUbG37vw6kh4UvizFYjqJGHvicfgKMkDL6mXwyPp5mhZg02g5sg==", "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^3.1.4", - "@smithy/protocol-http": "^4.1.0", - "@smithy/service-error-classification": "^3.0.3", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", - "@smithy/util-middleware": "^3.0.3", - "@smithy/util-retry": "^3.0.3", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/protocol-http": "^4.1.5", + "@smithy/service-error-classification": "^3.0.8", + "@smithy/smithy-client": "^3.4.2", + "@smithy/types": "^3.6.0", + "@smithy/util-middleware": "^3.0.8", + "@smithy/util-retry": "^3.0.8", "tslib": "^2.6.2", "uuid": "^9.0.1" }, @@ -3700,11 +3745,12 @@ } }, "node_modules/@smithy/middleware-serde": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz", - "integrity": "sha512-puUbyJQBcg9eSErFXjKNiGILJGtiqmuuNKEYNYfUD57fUl4i9+mfmThtQhvFXU0hCVG0iEJhvQUipUf+/SsFdA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.8.tgz", + "integrity": "sha512-Xg2jK9Wc/1g/MBMP/EUn2DLspN8LNt+GMe7cgF+Ty3vl+Zvu+VeZU5nmhveU+H8pxyTsjrAkci8NqY6OuvZnjA==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3712,11 +3758,12 @@ } }, "node_modules/@smithy/middleware-stack": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.3.tgz", - "integrity": "sha512-r4klY9nFudB0r9UdSMaGSyjyQK5adUyPnQN/ZM6M75phTxOdnc/AhpvGD1fQUvgmqjQEBGCwpnPbDm8pH5PapA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.8.tgz", + "integrity": "sha512-d7ZuwvYgp1+3682Nx0MD3D/HtkmZd49N3JUndYWQXfRZrYEnCWYc8BHcNmVsPAp9gKvlurdg/mubE6b/rPS9MA==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3724,14 +3771,14 @@ } }, "node_modules/@smithy/node-config-provider": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.4.tgz", - "integrity": "sha512-YvnElQy8HR4vDcAjoy7Xkx9YT8xZP4cBXcbJSgm/kxmiQu08DwUwj8rkGnyoJTpfl/3xYHH+d8zE+eHqoDCSdQ==", + "version": "3.1.9", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.9.tgz", + "integrity": "sha512-qRHoah49QJ71eemjuS/WhUXB+mpNtwHRWQr77J/m40ewBVVwvo52kYAmb7iuaECgGTTcYxHS4Wmewfwy++ueew==", "license": "Apache-2.0", "dependencies": { - "@smithy/property-provider": "^3.1.3", - "@smithy/shared-ini-file-loader": "^3.1.4", - "@smithy/types": "^3.3.0", + "@smithy/property-provider": "^3.1.8", + "@smithy/shared-ini-file-loader": "^3.1.9", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3739,15 +3786,15 @@ } }, "node_modules/@smithy/node-http-handler": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.1.4.tgz", - "integrity": "sha512-+UmxgixgOr/yLsUxcEKGH0fMNVteJFGkmRltYFHnBMlogyFdpzn2CwqWmxOrfJELhV34v0WSlaqG1UtE1uXlJg==", + "version": "3.2.5", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.2.5.tgz", + "integrity": "sha512-PkOwPNeKdvX/jCpn0A8n9/TyoxjGZB8WVoJmm9YzsnAgggTj4CrjpRHlTQw7dlLZ320n1mY1y+nTRUDViKi/3w==", "license": "Apache-2.0", "dependencies": { - "@smithy/abort-controller": "^3.1.1", - "@smithy/protocol-http": "^4.1.0", - "@smithy/querystring-builder": "^3.0.3", - "@smithy/types": "^3.3.0", + "@smithy/abort-controller": "^3.1.6", + "@smithy/protocol-http": "^4.1.5", + "@smithy/querystring-builder": "^3.0.8", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3755,11 +3802,12 @@ } }, "node_modules/@smithy/property-provider": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.3.tgz", - "integrity": "sha512-zahyOVR9Q4PEoguJ/NrFP4O7SMAfYO1HLhB18M+q+Z4KFd4V2obiMnlVoUFzFLSPeVt1POyNWneHHrZaTMoc/g==", + "version": "3.1.8", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.8.tgz", + "integrity": "sha512-ukNUyo6rHmusG64lmkjFeXemwYuKge1BJ8CtpVKmrxQxc6rhUX0vebcptFA9MmrGsnLhwnnqeH83VTU9hwOpjA==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3767,12 +3815,12 @@ } }, "node_modules/@smithy/protocol-http": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.0.tgz", - "integrity": "sha512-dPVoHYQ2wcHooGXg3LQisa1hH0e4y0pAddPMeeUPipI1tEOqL6A4N0/G7abeq+K8wrwSgjk4C0wnD1XZpJm5aA==", + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.5.tgz", + "integrity": "sha512-hsjtwpIemmCkm3ZV5fd/T0bPIugW1gJXwZ/hpuVubt2hEUApIoUTrf6qIdh9MAWlw0vjMrA1ztJLAwtNaZogvg==", "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3780,11 +3828,12 @@ } }, "node_modules/@smithy/querystring-builder": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz", - "integrity": "sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.8.tgz", + "integrity": "sha512-btYxGVqFUARbUrN6VhL9c3dnSviIwBYD9Rz1jHuN1hgh28Fpv2xjU1HeCeDJX68xctz7r4l1PBnFhGg1WBBPuA==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "@smithy/util-uri-escape": "^3.0.0", "tslib": "^2.6.2" }, @@ -3793,11 +3842,12 @@ } }, "node_modules/@smithy/querystring-parser": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.3.tgz", - "integrity": "sha512-zahM1lQv2YjmznnfQsWbYojFe55l0SLG/988brlLv1i8z3dubloLF+75ATRsqPBboUXsW6I9CPGE5rQgLfY0vQ==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.8.tgz", + "integrity": "sha512-BtEk3FG7Ks64GAbt+JnKqwuobJNX8VmFLBsKIwWr1D60T426fGrV2L3YS5siOcUhhp6/Y6yhBw1PSPxA5p7qGg==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3805,23 +3855,24 @@ } }, "node_modules/@smithy/service-error-classification": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.3.tgz", - "integrity": "sha512-Jn39sSl8cim/VlkLsUhRFq/dKDnRUFlfRkvhOJaUbLBXUsLRLNf9WaxDv/z9BjuQ3A6k/qE8af1lsqcwm7+DaQ==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.8.tgz", + "integrity": "sha512-uEC/kCCFto83bz5ZzapcrgGqHOh/0r69sZ2ZuHlgoD5kYgXJEThCoTuw/y1Ub3cE7aaKdznb+jD9xRPIfIwD7g==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0" + "@smithy/types": "^3.6.0" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@smithy/shared-ini-file-loader": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.4.tgz", - "integrity": "sha512-qMxS4hBGB8FY2GQqshcRUy1K6k8aBWP5vwm8qKkCT3A9K2dawUwOIJfqh9Yste/Bl0J2lzosVyrXDj68kLcHXQ==", + "version": "3.1.9", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.9.tgz", + "integrity": "sha512-/+OsJRNtoRbtsX0UpSgWVxFZLsJHo/4sTr+kBg/J78sr7iC+tHeOvOJrS5hCpVQ6sWBbhWLp1UNiuMyZhE6pmA==", "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3829,16 +3880,16 @@ } }, "node_modules/@smithy/signature-v4": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.1.0.tgz", - "integrity": "sha512-aRryp2XNZeRcOtuJoxjydO6QTaVhxx/vjaR+gx7ZjaFgrgPRyZ3HCTbfwqYj6ZWEBHkCSUfcaymKPURaByukag==", + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.2.1.tgz", + "integrity": "sha512-NsV1jF4EvmO5wqmaSzlnTVetemBS3FZHdyc5CExbDljcyJCEEkJr8ANu2JvtNbVg/9MvKAWV44kTrGS+Pi4INg==", "license": "Apache-2.0", "dependencies": { "@smithy/is-array-buffer": "^3.0.0", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", + "@smithy/protocol-http": "^4.1.5", + "@smithy/types": "^3.6.0", "@smithy/util-hex-encoding": "^3.0.0", - "@smithy/util-middleware": "^3.0.3", + "@smithy/util-middleware": "^3.0.8", "@smithy/util-uri-escape": "^3.0.0", "@smithy/util-utf8": "^3.0.0", "tslib": "^2.6.2" @@ -3848,16 +3899,17 @@ } }, "node_modules/@smithy/smithy-client": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.2.0.tgz", - "integrity": "sha512-pDbtxs8WOhJLJSeaF/eAbPgXg4VVYFlRcL/zoNYA5WbG3wBL06CHtBSg53ppkttDpAJ/hdiede+xApip1CwSLw==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.4.2.tgz", + "integrity": "sha512-dxw1BDxJiY9/zI3cBqfVrInij6ShjpV4fmGHesGZZUiP9OSE/EVfdwdRz0PgvkEvrZHpsj2htRaHJfftE8giBA==", "license": "Apache-2.0", "dependencies": { - "@smithy/middleware-endpoint": "^3.1.0", - "@smithy/middleware-stack": "^3.0.3", - "@smithy/protocol-http": "^4.1.0", - "@smithy/types": "^3.3.0", - "@smithy/util-stream": "^3.1.3", + "@smithy/core": "^2.5.1", + "@smithy/middleware-endpoint": "^3.2.1", + "@smithy/middleware-stack": "^3.0.8", + "@smithy/protocol-http": "^4.1.5", + "@smithy/types": "^3.6.0", + "@smithy/util-stream": "^3.2.1", "tslib": "^2.6.2" }, "engines": { @@ -3865,9 +3917,10 @@ } }, "node_modules/@smithy/types": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.3.0.tgz", - "integrity": "sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA==", + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.6.0.tgz", + "integrity": "sha512-8VXK/KzOHefoC65yRgCn5vG1cysPJjHnOVt9d0ybFQSmJgQj152vMn4EkYhGuaOmnnZvCPav/KnYyE6/KsNZ2w==", + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -3876,12 +3929,13 @@ } }, "node_modules/@smithy/url-parser": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.3.tgz", - "integrity": "sha512-pw3VtZtX2rg+s6HMs6/+u9+hu6oY6U7IohGhVNnjbgKy86wcIsSZwgHrFR+t67Uyxvp4Xz3p3kGXXIpTNisq8A==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.8.tgz", + "integrity": "sha512-4FdOhwpTW7jtSFWm7SpfLGKIBC9ZaTKG5nBF0wK24aoQKQyDIKUw3+KFWCQ9maMzrgTJIuOvOnsV2lLGW5XjTg==", + "license": "Apache-2.0", "dependencies": { - "@smithy/querystring-parser": "^3.0.3", - "@smithy/types": "^3.3.0", + "@smithy/querystring-parser": "^3.0.8", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" } }, @@ -3941,14 +3995,14 @@ } }, "node_modules/@smithy/util-defaults-mode-browser": { - "version": "3.0.15", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.15.tgz", - "integrity": "sha512-FZ4Psa3vjp8kOXcd3HJOiDPBCWtiilLl57r0cnNtq/Ga9RSDrM5ERL6xt+tO43+2af6Pn5Yp92x2n5vPuduNfg==", + "version": "3.0.25", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.25.tgz", + "integrity": "sha512-fRw7zymjIDt6XxIsLwfJfYUfbGoO9CmCJk6rjJ/X5cd20+d2Is7xjU5Kt/AiDt6hX8DAf5dztmfP5O82gR9emA==", "license": "Apache-2.0", "dependencies": { - "@smithy/property-provider": "^3.1.3", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", + "@smithy/property-provider": "^3.1.8", + "@smithy/smithy-client": "^3.4.2", + "@smithy/types": "^3.6.0", "bowser": "^2.11.0", "tslib": "^2.6.2" }, @@ -3957,17 +4011,17 @@ } }, "node_modules/@smithy/util-defaults-mode-node": { - "version": "3.0.15", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.15.tgz", - "integrity": "sha512-KSyAAx2q6d0t6f/S4XB2+3+6aQacm3aLMhs9aLMqn18uYGUepbdssfogW5JQZpc6lXNBnp0tEnR5e9CEKmEd7A==", + "version": "3.0.25", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.25.tgz", + "integrity": "sha512-H3BSZdBDiVZGzt8TG51Pd2FvFO0PAx/A0mJ0EH8a13KJ6iUCdYnw/Dk/MdC1kTd0eUuUGisDFaxXVXo4HHFL1g==", "license": "Apache-2.0", "dependencies": { - "@smithy/config-resolver": "^3.0.5", - "@smithy/credential-provider-imds": "^3.2.0", - "@smithy/node-config-provider": "^3.1.4", - "@smithy/property-provider": "^3.1.3", - "@smithy/smithy-client": "^3.2.0", - "@smithy/types": "^3.3.0", + "@smithy/config-resolver": "^3.0.10", + "@smithy/credential-provider-imds": "^3.2.5", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/property-provider": "^3.1.8", + "@smithy/smithy-client": "^3.4.2", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -3975,13 +4029,13 @@ } }, "node_modules/@smithy/util-endpoints": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.5.tgz", - "integrity": "sha512-ReQP0BWihIE68OAblC/WQmDD40Gx+QY1Ez8mTdFMXpmjfxSyz2fVQu3A4zXRfQU9sZXtewk3GmhfOHswvX+eNg==", + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.1.4.tgz", + "integrity": "sha512-kPt8j4emm7rdMWQyL0F89o92q10gvCUa6sBkBtDJ7nV2+P7wpXczzOfoDJ49CKXe5CCqb8dc1W+ZdLlrKzSAnQ==", "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^3.1.4", - "@smithy/types": "^3.3.0", + "@smithy/node-config-provider": "^3.1.9", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -4000,11 +4054,12 @@ } }, "node_modules/@smithy/util-middleware": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.3.tgz", - "integrity": "sha512-l+StyYYK/eO3DlVPbU+4Bi06Jjal+PFLSMmlWM1BEwyLxZ3aKkf1ROnoIakfaA7mC6uw3ny7JBkau4Yc+5zfWw==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.8.tgz", + "integrity": "sha512-p7iYAPaQjoeM+AKABpYWeDdtwQNxasr4aXQEA/OmbOaug9V0odRVDy3Wx4ci8soljE/JXQo+abV0qZpW8NX0yA==", + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^3.3.0", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -4012,12 +4067,13 @@ } }, "node_modules/@smithy/util-retry": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.3.tgz", - "integrity": "sha512-AFw+hjpbtVApzpNDhbjNG5NA3kyoMs7vx0gsgmlJF4s+yz1Zlepde7J58zpIRIsdjc+emhpAITxA88qLkPF26w==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.8.tgz", + "integrity": "sha512-TCEhLnY581YJ+g1x0hapPz13JFqzmh/pMWL2KEFASC51qCfw3+Y47MrTmea4bUE5vsdxQ4F6/KFbUeSz22Q1ow==", + "license": "Apache-2.0", "dependencies": { - "@smithy/service-error-classification": "^3.0.3", - "@smithy/types": "^3.3.0", + "@smithy/service-error-classification": "^3.0.8", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -4025,14 +4081,14 @@ } }, "node_modules/@smithy/util-stream": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.1.3.tgz", - "integrity": "sha512-FIv/bRhIlAxC0U7xM1BCnF2aDRPq0UaelqBHkM2lsCp26mcBbgI0tCVTv+jGdsQLUmAMybua/bjDsSu8RQHbmw==", + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.2.1.tgz", + "integrity": "sha512-R3ufuzJRxSJbE58K9AEnL/uSZyVdHzud9wLS8tIbXclxKzoe09CRohj2xV8wpx5tj7ZbiJaKYcutMm1eYgz/0A==", "license": "Apache-2.0", "dependencies": { - "@smithy/fetch-http-handler": "^3.2.4", - "@smithy/node-http-handler": "^3.1.4", - "@smithy/types": "^3.3.0", + "@smithy/fetch-http-handler": "^4.0.0", + "@smithy/node-http-handler": "^3.2.5", + "@smithy/types": "^3.6.0", "@smithy/util-base64": "^3.0.0", "@smithy/util-buffer-from": "^3.0.0", "@smithy/util-hex-encoding": "^3.0.0", @@ -4043,6 +4099,19 @@ "node": ">=16.0.0" } }, + "node_modules/@smithy/util-stream/node_modules/@smithy/fetch-http-handler": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-4.0.0.tgz", + "integrity": "sha512-MLb1f5tbBO2X6K4lMEKJvxeLooyg7guq48C2zKr4qM7F2Gpkz4dc+hdSgu77pCJ76jVqFBjZczHYAs6dp15N+g==", + "license": "Apache-2.0", + "dependencies": { + "@smithy/protocol-http": "^4.1.5", + "@smithy/querystring-builder": "^3.0.8", + "@smithy/types": "^3.6.0", + "@smithy/util-base64": "^3.0.0", + "tslib": "^2.6.2" + } + }, "node_modules/@smithy/util-uri-escape": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", @@ -4067,12 +4136,13 @@ } }, "node_modules/@smithy/util-waiter": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.2.tgz", - "integrity": "sha512-4pP0EV3iTsexDx+8PPGAKCQpd/6hsQBaQhqWzU4hqKPHN5epPsxKbvUTIiYIHTxaKt6/kEaqPBpu/ufvfbrRzw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.7.tgz", + "integrity": "sha512-d5yGlQtmN/z5eoTtIYgkvOw27US2Ous4VycnXatyoImIF9tzlcpnKqQ/V7qhvJmb2p6xZne1NopCLakdTnkBBQ==", + "license": "Apache-2.0", "dependencies": { - "@smithy/abort-controller": "^3.1.1", - "@smithy/types": "^3.3.0", + "@smithy/abort-controller": "^3.1.6", + "@smithy/types": "^3.6.0", "tslib": "^2.6.2" }, "engines": { @@ -4112,9 +4182,9 @@ "dev": true }, "node_modules/@types/aws-lambda": { - "version": "8.10.143", - "resolved": "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.143.tgz", - "integrity": "sha512-u5vzlcR14ge/4pMTTMDQr3MF0wEe38B2F9o84uC4F43vN5DGTy63npRrB6jQhyt+C0lGv4ZfiRcRkqJoZuPnmg==", + "version": "8.10.145", + "resolved": "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.145.tgz", + "integrity": "sha512-dtByW6WiFk5W5Jfgz1VM+YPA21xMXTuSFoLYIDY0L44jDLLflVPtZkYuu3/YxpGcvjzKFBZLU+GyKjR0HOYtyw==", "license": "MIT" }, "node_modules/@types/babel__core": { @@ -4209,18 +4279,18 @@ "license": "MIT" }, "node_modules/@types/lodash": { - "version": "4.17.7", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.7.tgz", - "integrity": "sha512-8wTvZawATi/lsmNu10/j2hk1KEP0IvjubqPE3cu1Xz7xfXXt5oCq3SNUz4fMIP4XGF9Ky+Ue2tBA3hcS7LSBlA==", + "version": "4.17.12", + "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.12.tgz", + "integrity": "sha512-sviUmCE8AYdaF/KIHLDJBQgeYzPBI0vf/17NaYehBJfYD1j6/L95Slh07NlyK2iNyBNaEkb3En2jRt+a8y3xZQ==", "license": "MIT" }, "node_modules/@types/node": { - "version": "22.5.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.0.tgz", - "integrity": "sha512-DkFrJOe+rfdHTqqMg0bSNlGlQ85hSoh2TPzZyhHsXnMtligRWpxUySiyw8FY14ITt24HVCiQPWxS3KO/QlGmWg==", + "version": "22.8.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.8.4.tgz", + "integrity": "sha512-SpNNxkftTJOPk0oN+y2bIqurEXHTA2AOZ3EJDDKeJ5VzkvvORSvmQXGQarcOzWV1ac7DCaPBEdMDxBsM+d8jWw==", "license": "MIT", "dependencies": { - "undici-types": "~6.19.2" + "undici-types": "~6.19.8" } }, "node_modules/@types/stack-utils": { @@ -4257,17 +4327,17 @@ "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.3.0.tgz", - "integrity": "sha512-FLAIn63G5KH+adZosDYiutqkOkYEx0nvcwNNfJAf+c7Ae/H35qWwTYvPZUKFj5AS+WfHG/WJJfWnDnyNUlp8UA==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.12.2.tgz", + "integrity": "sha512-gQxbxM8mcxBwaEmWdtLCIGLfixBMHhQjBqR8sVWNTPpcj45WlYL2IObS/DNMLH1DBP0n8qz+aiiLTGfopPEebw==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.3.0", - "@typescript-eslint/type-utils": "8.3.0", - "@typescript-eslint/utils": "8.3.0", - "@typescript-eslint/visitor-keys": "8.3.0", + "@typescript-eslint/scope-manager": "8.12.2", + "@typescript-eslint/type-utils": "8.12.2", + "@typescript-eslint/utils": "8.12.2", + "@typescript-eslint/visitor-keys": "8.12.2", "graphemer": "^1.4.0", "ignore": "^5.3.1", "natural-compare": "^1.4.0", @@ -4291,16 +4361,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.3.0.tgz", - "integrity": "sha512-h53RhVyLu6AtpUzVCYLPhZGL5jzTD9fZL+SYf/+hYOx2bDkyQXztXSc4tbvKYHzfMXExMLiL9CWqJmVz6+78IQ==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.12.2.tgz", + "integrity": "sha512-MrvlXNfGPLH3Z+r7Tk+Z5moZAc0dzdVjTgUgwsdGweH7lydysQsnSww3nAmsq8blFuRD5VRlAr9YdEFw3e6PBw==", "dev": true, "license": "BSD-2-Clause", "dependencies": { - "@typescript-eslint/scope-manager": "8.3.0", - "@typescript-eslint/types": "8.3.0", - "@typescript-eslint/typescript-estree": "8.3.0", - "@typescript-eslint/visitor-keys": "8.3.0", + "@typescript-eslint/scope-manager": "8.12.2", + "@typescript-eslint/types": "8.12.2", + "@typescript-eslint/typescript-estree": "8.12.2", + "@typescript-eslint/visitor-keys": "8.12.2", "debug": "^4.3.4" }, "engines": { @@ -4320,14 +4390,14 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.3.0.tgz", - "integrity": "sha512-mz2X8WcN2nVu5Hodku+IR8GgCOl4C0G/Z1ruaWN4dgec64kDBabuXyPAr+/RgJtumv8EEkqIzf3X2U5DUKB2eg==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.12.2.tgz", + "integrity": "sha512-gPLpLtrj9aMHOvxJkSbDBmbRuYdtiEbnvO25bCMza3DhMjTQw0u7Y1M+YR5JPbMsXXnSPuCf5hfq0nEkQDL/JQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.3.0", - "@typescript-eslint/visitor-keys": "8.3.0" + "@typescript-eslint/types": "8.12.2", + "@typescript-eslint/visitor-keys": "8.12.2" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -4338,14 +4408,14 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.3.0.tgz", - "integrity": "sha512-wrV6qh//nLbfXZQoj32EXKmwHf4b7L+xXLrP3FZ0GOUU72gSvLjeWUl5J5Ue5IwRxIV1TfF73j/eaBapxx99Lg==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.12.2.tgz", + "integrity": "sha512-bwuU4TAogPI+1q/IJSKuD4shBLc/d2vGcRT588q+jzayQyjVK2X6v/fbR4InY2U2sgf8MEvVCqEWUzYzgBNcGQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/typescript-estree": "8.3.0", - "@typescript-eslint/utils": "8.3.0", + "@typescript-eslint/typescript-estree": "8.12.2", + "@typescript-eslint/utils": "8.12.2", "debug": "^4.3.4", "ts-api-utils": "^1.3.0" }, @@ -4363,9 +4433,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.3.0.tgz", - "integrity": "sha512-y6sSEeK+facMaAyixM36dQ5NVXTnKWunfD1Ft4xraYqxP0lC0POJmIaL/mw72CUMqjY9qfyVfXafMeaUj0noWw==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.12.2.tgz", + "integrity": "sha512-VwDwMF1SZ7wPBUZwmMdnDJ6sIFk4K4s+ALKLP6aIQsISkPv8jhiw65sAK6SuWODN/ix+m+HgbYDkH+zLjrzvOA==", "dev": true, "license": "MIT", "engines": { @@ -4377,14 +4447,14 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.3.0.tgz", - "integrity": "sha512-Mq7FTHl0R36EmWlCJWojIC1qn/ZWo2YiWYc1XVtasJ7FIgjo0MVv9rZWXEE7IK2CGrtwe1dVOxWwqXUdNgfRCA==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.12.2.tgz", + "integrity": "sha512-mME5MDwGe30Pq9zKPvyduyU86PH7aixwqYR2grTglAdB+AN8xXQ1vFGpYaUSJ5o5P/5znsSBeNcs5g5/2aQwow==", "dev": true, "license": "BSD-2-Clause", "dependencies": { - "@typescript-eslint/types": "8.3.0", - "@typescript-eslint/visitor-keys": "8.3.0", + "@typescript-eslint/types": "8.12.2", + "@typescript-eslint/visitor-keys": "8.12.2", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -4406,16 +4476,16 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.3.0.tgz", - "integrity": "sha512-F77WwqxIi/qGkIGOGXNBLV7nykwfjLsdauRB/DOFPdv6LTF3BHHkBpq81/b5iMPSF055oO2BiivDJV4ChvNtXA==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.12.2.tgz", + "integrity": "sha512-UTTuDIX3fkfAz6iSVa5rTuSfWIYZ6ATtEocQ/umkRSyC9O919lbZ8dcH7mysshrCdrAM03skJOEYaBugxN+M6A==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", - "@typescript-eslint/scope-manager": "8.3.0", - "@typescript-eslint/types": "8.3.0", - "@typescript-eslint/typescript-estree": "8.3.0" + "@typescript-eslint/scope-manager": "8.12.2", + "@typescript-eslint/types": "8.12.2", + "@typescript-eslint/typescript-estree": "8.12.2" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -4429,13 +4499,13 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.3.0.tgz", - "integrity": "sha512-RmZwrTbQ9QveF15m/Cl28n0LXD6ea2CjkhH5rQ55ewz3H24w+AMCJHPVYaZ8/0HoG8Z3cLLFFycRXxeO2tz9FA==", + "version": "8.12.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.12.2.tgz", + "integrity": "sha512-PChz8UaKQAVNHghsHcPyx1OMHoFRUEA7rJSK/mDhdq85bk+PLsUHUBqTQTFt18VJZbmxBovM65fezlheQRsSDA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.3.0", + "@typescript-eslint/types": "8.12.2", "eslint-visitor-keys": "^3.4.3" }, "engines": { @@ -4460,9 +4530,10 @@ "deprecated": "Use your platform's native atob() and btoa() methods instead" }, "node_modules/acorn": { - "version": "8.12.1", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz", - "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==", + "version": "8.14.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", + "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", + "license": "MIT", "bin": { "acorn": "bin/acorn" }, @@ -4512,6 +4583,7 @@ "version": "3.0.4", "resolved": "https://registry.npmjs.org/adaptivecards/-/adaptivecards-3.0.4.tgz", "integrity": "sha512-9gloqhEFpeinQta+UouODbVnGYKxGWRVK918pslhdx3lUyDJcOCfcX6mzDX3Csc47c5hnsNxKXNPtjs6wbazQQ==", + "license": "MIT", "peerDependencies": { "swiper": "^8.2.6" } @@ -4566,30 +4638,6 @@ "node": ">=8" } }, - "node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/ansi-styles/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/ansi-styles/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" - }, "node_modules/anymatch": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", @@ -4772,9 +4820,9 @@ } }, "node_modules/aws-cdk": { - "version": "2.154.1", - "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.154.1.tgz", - "integrity": "sha512-yJoLTo+fUHRLD4YQMt/QoOPgiT/daci4I5KcaDK8Cx2fWA0Z3h5U9+bWS3ah+8OeZ91fciNCwt6Yt/0p+cp2GQ==", + "version": "2.150.0", + "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.150.0.tgz", + "integrity": "sha512-leo4J70QrJp+SYm/87VuoOVfALsW11F7JpkAGu5TLL/qd2k/CbovZ8k9/3Ov+jCVsvAgdn9DeHL01Sn6hSl6Zg==", "dev": true, "license": "Apache-2.0", "bin": { @@ -5607,38 +5655,6 @@ "node": ">=10" } }, - "node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/chalk/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", - "engines": { - "node": ">=4" - } - }, - "node_modules/chalk/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/char-regex": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", @@ -6584,17 +6600,18 @@ } }, "node_modules/eslint": { - "version": "8.57.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", - "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", + "version": "8.57.1", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", + "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", + "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", "@eslint/eslintrc": "^2.1.4", - "@eslint/js": "8.57.0", - "@humanwhocodes/config-array": "^0.11.14", + "@eslint/js": "8.57.1", + "@humanwhocodes/config-array": "^0.13.0", "@humanwhocodes/module-importer": "^1.0.1", "@nodelib/fs.walk": "^1.2.8", "@ungap/structured-clone": "^1.2.0", @@ -9732,7 +9749,8 @@ "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", - "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" }, "node_modules/js-yaml": { "version": "3.14.1", @@ -9805,14 +9823,15 @@ } }, "node_modules/jsesc": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", - "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==", + "license": "MIT", "bin": { "jsesc": "bin/jsesc" }, "engines": { - "node": ">=4" + "node": ">=6" } }, "node_modules/json-buffer": { @@ -10223,6 +10242,12 @@ "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==", "dev": true }, + "node_modules/neoip": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/neoip/-/neoip-3.0.1.tgz", + "integrity": "sha512-yvMLOFvS7Tzthf9Ukl2/HrVzZqSjxm9PVOdAPLCt7pelDQ5WvJMIur1vNn3VXOL2tqrbzv6Vnal4PyoCrtRZPA==", + "license": "MIT" + }, "node_modules/next-tick": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", @@ -14011,14 +14036,6 @@ "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==", "dev": true }, - "node_modules/to-fast-properties": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", - "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==", - "engines": { - "node": ">=4" - } - }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", diff --git a/package.json b/package.json index 1a28afe4..7ea6040c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aws-firewall-factory", - "version": "4.5.1", + "version": "4.6.0", "bin": { "firewallfactory": "bin/aws-firewall-factory.js" }, @@ -13,12 +13,12 @@ "preinstall": "npx only-allow npm" }, "devDependencies": { - "@types/node": "^22.5.0", - "@typescript-eslint/eslint-plugin": "^8.3.0", - "@typescript-eslint/parser": "^8.3.0", - "@typescript-eslint/typescript-estree": "^8.3.0", - "aws-cdk": "2.154.1", - "eslint": "^8.57.0", + "@types/node": "^22.8.4", + "@typescript-eslint/eslint-plugin": "^8.12.2", + "@typescript-eslint/parser": "^8.12.2", + "@typescript-eslint/typescript-estree": "^8.12.2", + "aws-cdk": "2.150.0", + "eslint": "^8.57.1", "eslint-import-resolver-typescript": "^3.6.1", "eslint-plugin-import": "^2.29.1", "jest": "29.7.0", @@ -27,27 +27,27 @@ "typescript": "5.5.4" }, "dependencies": { - "@aws-sdk/client-cloudformation": "3.637.0", - "@aws-sdk/client-cloudfront": "^3.637.0", - "@aws-sdk/client-cloudwatch": "3.637.0", - "@aws-sdk/client-config-service": "^3.637.0", - "@aws-sdk/client-ec2": "^3.641.0", - "@aws-sdk/client-fms": "3.637.0", - "@aws-sdk/client-iam": "3.637.0", - "@aws-sdk/client-pricing": "3.637.0", - "@aws-sdk/client-s3": "^3.637.0", - "@aws-sdk/client-secrets-manager": "^3.637.0", - "@aws-sdk/client-service-quotas": "3.637.0", - "@aws-sdk/client-shield": "3.637.0", - "@aws-sdk/client-ssm": "3.637.0", - "@aws-sdk/client-wafv2": "3.642.0", + "@aws-sdk/client-cloudformation": "^3.682.0", + "@aws-sdk/client-cloudfront": "^3.682.0", + "@aws-sdk/client-cloudwatch": "^3.682.0", + "@aws-sdk/client-config-service": "^3.682.0", + "@aws-sdk/client-ec2": "^3.682.0", + "@aws-sdk/client-fms": "^3.682.0", + "@aws-sdk/client-iam": "^3.682.0", + "@aws-sdk/client-pricing": "^3.682.0", + "@aws-sdk/client-s3": "^3.682.0", + "@aws-sdk/client-secrets-manager": "^3.682.0", + "@aws-sdk/client-service-quotas": "^3.682.0", + "@aws-sdk/client-shield": "^3.682.0", + "@aws-sdk/client-ssm": "^3.682.0", + "@aws-sdk/client-wafv2": "^3.682.0", "@aws-solutions-constructs/aws-eventbridge-stepfunctions": "^2.65.0", - "@babel/traverse": "^7.25.5", + "@babel/traverse": "^7.25.9", "@mhlabs/cfn-diagram": "^1.1.40", - "@slack/types": "^2.12.0", + "@slack/types": "^2.14.0", "@slack/webhook": "^7.0.3", - "@types/aws-lambda": "^8.10.143", - "@types/lodash": "4.17.7", + "@types/aws-lambda": "^8.10.145", + "@types/lodash": "^4.17.12", "@types/uuid": "^10.0.0", "adaptivecards": "3.0.4", "aws-cdk-lib": "^2.150.0", @@ -58,6 +58,7 @@ "constructs": "10.3.0", "i": "^0.3.7", "lodash": "4.17.21", + "neoip": "^3.0.1", "npm": "^10.8.2", "table": "^6.8.2", "typedoc-plugin-extras": "^3.1.0", diff --git a/static/docs/README.md b/static/docs/README.md index 4f300239..88523ae4 100644 --- a/static/docs/README.md +++ b/static/docs/README.md @@ -42,6 +42,7 @@ All releases are tested prior to release using automated test workflows of sampl | WAF Deployment - IpSets | ![IpSets](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_ipSets.yml/badge.svg?branch=master) | | WAF Deployment - RegexPatternSets | ![regexPatternSets](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_regexPatternSets.yml/badge.svg?branch=master) | | WAF Deployment - RateBasedwithScopeDown | ![rateBasedwithScopeDown](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/waf_test_rateBasedwithScopeDown.yml/badge.svg?branch=master) | +| AutoUpdatedManagedIpSet - azureIpSet | ![azureIpSet](https://github.com/globaldatanet/aws-firewall-factory/actions/workflows/tests_autoUpdatedManagedIpSets.yml/badge.svg?branch=master) | ## 🏛️ Architecture ![Architecture](assets/aws-firewall-factory-architecture.png) diff --git a/tsconfig.eslint.json b/tsconfig.eslint.json deleted file mode 100644 index f5f8daa4..00000000 --- a/tsconfig.eslint.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "compilerOptions": { - "alwaysStrict": true, - "declaration": true, - "experimentalDecorators": true, - "inlineSourceMap": true, - "inlineSources": true, - "lib": [ - "es2019" - ], - "module": "CommonJS", - "noEmitOnError": false, - "noFallthroughCasesInSwitch": true, - "noImplicitAny": true, - "noImplicitReturns": true, - "noImplicitThis": true, - "noUnusedLocals": true, - "noUnusedParameters": true, - "resolveJsonModule": true, - "esModuleInterop": true, - "strict": true, - "strictNullChecks": true, - "strictPropertyInitialization": true, - "stripInternal": true, - "target": "ES2019", - }, - "include": [ - "./lib/**/*.ts", - "./bin/**/*.ts" - ], - "exclude": [ - "values/**/*.ts", - "cdk.out/**/*.ts", - "gotestwaf/**/*.ts" - ] -} diff --git a/typedoc.json b/typedoc.json index 97a36109..1793c99f 100644 --- a/typedoc.json +++ b/typedoc.json @@ -1,6 +1,6 @@ { "$schema": "https://typedoc.org/schema.json", - "entryPoints": ["lib/_shield-advanced/index.ts","lib/_waf/index.ts","lib/_prerequisites/index.ts","lib/types/config.ts", "lib/types/runtimeprops.ts", "lib/types/enums.ts", "lib/types/fms.ts", "node_modules/aws-cdk-lib/core/lib/cfn-tag.d.ts", "node_modules/aws-cdk-lib/core/lib/tag-manager.d.ts", "lib/constructs/shieldDashboard/index.ts", "lib/constructs/wafDashboard/index.ts", "lib/tools/helpers/index.ts"], + "entryPoints": ["lib/_shield-advanced/index.ts","lib/_waf/index.ts","lib/_autoUpdatedManagedIpSets/index.ts","lib/_prerequisites/index.ts","lib/types/index.ts", "node_modules/aws-cdk-lib/core/lib/cfn-tag.d.ts", "node_modules/aws-cdk-lib/core/lib/tag-manager.d.ts", "lib/constructs/shieldDashboard/index.ts", "lib/constructs/wafDashboard/index.ts", "lib/tools/helpers/index.ts"], "readme": "./static/docs/README.md", "customCss": "./static/docs/custom.css", "name": "AWS Firewall Factory", diff --git a/values/examples/ip-sets-managed-test.ts b/values/examples/ip-sets-managed-test.ts index e3e01359..4e8fe815 100644 --- a/values/examples/ip-sets-managed-test.ts +++ b/values/examples/ip-sets-managed-test.ts @@ -1,5 +1,5 @@ -import { wafConfig } from "../../lib/types/config"; -export const config: wafConfig = { +import { WafConfig } from "../../lib/types/config"; +export const config: WafConfig = { General: { Prefix: "aws-firewall-factory", Stage: "dev", diff --git a/values/examples/owasptop10.ts b/values/examples/owasptop10.ts index 6e1f6ce4..8e10b2ee 100644 --- a/values/examples/owasptop10.ts +++ b/values/examples/owasptop10.ts @@ -1,6 +1,6 @@ -import { wafConfig } from "../../lib/types/config"; -import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums"; -export const config: wafConfig = { +import { WafConfig } from "../../lib/types/config"; +import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums/waf"; +export const config: WafConfig = { General: { DeployHash: "", FireHoseKeyArn: "", diff --git a/values/examples/prequisites.ts b/values/examples/prequisites.ts index 1ef00fa8..8da946fc 100644 --- a/values/examples/prequisites.ts +++ b/values/examples/prequisites.ts @@ -1,5 +1,5 @@ -import { Prerequisites } from "../../lib/types/config"; -export const prequisites: Prerequisites = { +import { PrerequisitesConfig } from "../../lib/types/config"; +export const prequisites: PrerequisitesConfig = { General: { Prefix: "aws-firewall-factory1", }, diff --git a/values/index.ts b/values/index.ts index 7db96c5c..c1a3d7ac 100644 --- a/values/index.ts +++ b/values/index.ts @@ -1,15 +1,20 @@ -import {wafConfig, Prerequisites, ShieldConfig} from "../lib/types/config"; +import {WafConfig, ShieldConfig, PrerequisitesConfig, AutoUpdatedManagedIpSetsConfig} from "../lib/types/config"; import { owasptopTen, prequisites, ipSetsManagedTest, shieldConfigExample} from "./examples"; -import * as tests from "./tests"; -export const configs : { [key: string]: wafConfig } = { +import * as tests_waf from "./tests_waf"; +import * as tests_autoUpdatedManagedIpSets from "./tests_autoUpdatedManagedIpSets"; +export const configs : { [key: string]: WafConfig } = { owasptopTen, ipSetsManagedTest, - ...tests, + ...tests_waf, }; export const shieldConfigs : { [key: string]: ShieldConfig } = { shieldConfigExample }; -export const prereq : { [key: string]: Prerequisites } = { +export const prereq : { [key: string]: PrerequisitesConfig } = { prequisites, +}; + +export const autoUpdatedManagedIpSetsConfigs : { [key: string]: AutoUpdatedManagedIpSetsConfig } = { + ...tests_autoUpdatedManagedIpSets, }; \ No newline at end of file diff --git a/values/migrate.ts b/values/migrate.ts index 51a3a4f1..3ae3a5ef 100644 --- a/values/migrate.ts +++ b/values/migrate.ts @@ -9,7 +9,7 @@ import util from "util"; import fs from "fs"; import path from "path"; -import { wafConfig } from "../lib/types/config"; +import { WafConfig } from "../lib/types/config"; interface OldConfig { General: any, @@ -121,7 +121,7 @@ findFile(process.argv[2], ".").then((filePath) => { CustomRules: oldConfig.WebAcl.PostProcess.CustomRules ? toAwsCamel(oldConfig.WebAcl.PostProcess.CustomRules) : undefined } } - } as wafConfig; + } as WafConfig; let priority = 100; diff --git a/values/tests_autoUpdatedManagedIpSets/azureIpSet.ts b/values/tests_autoUpdatedManagedIpSets/azureIpSet.ts new file mode 100644 index 00000000..4977409e --- /dev/null +++ b/values/tests_autoUpdatedManagedIpSets/azureIpSet.ts @@ -0,0 +1,42 @@ +import { AutoUpdatedManagedIpSetsConfig } from "../../lib/types/config/index"; +import { AWSRegion } from "../../lib/types/enums/general"; +import * as events from "aws-cdk-lib/aws-events"; +import * as cdk from "aws-cdk-lib"; + +export const config: AutoUpdatedManagedIpSetsConfig = { + General: { + Prefix: "testcases", + }, + ManagedIpSets: [ + { + name: "entraid-ipaddresses", + description: "EntraID IP Addresses", + ipAddressVersion: "IPV4", + updateSchedule: events.Schedule.rate(cdk.Duration.days(1)), + cidrLocations: [ + { + downloadUrl: "https://www.microsoft.com/en-us/download/details.aspx?id=56519", + downloadSearchRegexOnUrl: /https:\/\/download\.microsoft\.com\/download\/[0-9A-Za-z]+\/[0-9A-Za-z]+\/[0-9A-Za-z]+\/[0-9A-Za-z-]+\/ServiceTags_Public_\d{8}\.json/, + outputType: "JSON", + OutputInformation: { + outputConditionKey: "systemService", + outputConditionValue: "AzureAD", + outputTargetKey: "addressPrefixes", + }, + }, + { + downloadUrl: "https://learn.microsoft.com/de-de/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide", + downloadSearchRegexOnUrl: /https:\/\/endpoints\.office\.com\/endpoints\/worldwide\?clientrequestid=[a-f0-9\-]{36}/, + outputType: "JSON", + OutputInformation: { + outputConditionKey: "serviceArea", + outputConditionValue: "Common", + outputTargetKey: "ips", + }, + }, + ], + region: AWSRegion.EU_CENTRAL_1, + scope: "REGIONAL", + }, + ], +}; diff --git a/values/tests_autoUpdatedManagedIpSets/index.ts b/values/tests_autoUpdatedManagedIpSets/index.ts new file mode 100644 index 00000000..c45d51ea --- /dev/null +++ b/values/tests_autoUpdatedManagedIpSets/index.ts @@ -0,0 +1 @@ +export { config as azureIpSet } from "./azureIpSet"; \ No newline at end of file diff --git a/values/tests/index.ts b/values/tests_waf/index.ts similarity index 100% rename from values/tests/index.ts rename to values/tests_waf/index.ts diff --git a/values/tests/ipSets.ts b/values/tests_waf/ipSets.ts similarity index 97% rename from values/tests/ipSets.ts rename to values/tests_waf/ipSets.ts index 32b54280..131ee3cb 100644 --- a/values/tests/ipSets.ts +++ b/values/tests_waf/ipSets.ts @@ -1,7 +1,7 @@ -import { wafConfig } from "../../lib/types/config"; -import * as fwmEnums from "../../lib/types/enums"; +import { WafConfig } from "../../lib/types/config"; +import {WebAclScope, WebAclTypeEnum} from "../../lib/types/enums/waf"; -export const config: wafConfig = { +export const config: WafConfig = { General: { Prefix: "testcases", Stage: "test", @@ -422,7 +422,7 @@ export const config: wafConfig = { ManagedRuleGroups: [], }, - Scope: fwmEnums.WebAclScope.REGIONAL, - Type: fwmEnums.WebAclTypeEnum.ELASTICLOADBALANCINGV2_LOADBALANCER + Scope: WebAclScope.REGIONAL, + Type: WebAclTypeEnum.ELASTICLOADBALANCINGV2_LOADBALANCER }, }; \ No newline at end of file diff --git a/values/tests/onlyManagedRuleGroups.ts b/values/tests_waf/onlyManagedRuleGroups.ts similarity index 92% rename from values/tests/onlyManagedRuleGroups.ts rename to values/tests_waf/onlyManagedRuleGroups.ts index f0d85b51..cc5395b5 100644 --- a/values/tests/onlyManagedRuleGroups.ts +++ b/values/tests_waf/onlyManagedRuleGroups.ts @@ -1,6 +1,6 @@ -import { wafConfig } from "../../lib/types/config"; -import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums"; -export const config: wafConfig = { +import { WafConfig } from "../../lib/types/config"; +import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum} from "../../lib/types/enums/waf"; +export const config: WafConfig = { General: { Prefix: "testcases", Stage: "test", diff --git a/values/tests/onlyManagedRuleGroupsWithExcludes.ts b/values/tests_waf/onlyManagedRuleGroupsWithExcludes.ts similarity index 91% rename from values/tests/onlyManagedRuleGroupsWithExcludes.ts rename to values/tests_waf/onlyManagedRuleGroupsWithExcludes.ts index 00c66e6a..4cae31f6 100644 --- a/values/tests/onlyManagedRuleGroupsWithExcludes.ts +++ b/values/tests_waf/onlyManagedRuleGroupsWithExcludes.ts @@ -1,6 +1,6 @@ -import { wafConfig } from "../../lib/types/config"; -import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum, COMMON_RULE_SET_RULES} from "../../lib/types/enums"; -export const config: wafConfig = { +import { WafConfig } from "../../lib/types/config"; +import {ManagedRuleGroupVendor, AwsManagedRules, WebAclScope, WebAclTypeEnum, COMMON_RULE_SET_RULES} from "../../lib/types/enums/waf"; +export const config: WafConfig = { General: { Prefix: "testcases", Stage: "test", diff --git a/values/tests/rateBasedwithScopeDown.ts b/values/tests_waf/rateBasedwithScopeDown.ts similarity index 96% rename from values/tests/rateBasedwithScopeDown.ts rename to values/tests_waf/rateBasedwithScopeDown.ts index 26955170..d4438c9e 100644 --- a/values/tests/rateBasedwithScopeDown.ts +++ b/values/tests_waf/rateBasedwithScopeDown.ts @@ -1,5 +1,5 @@ -import { wafConfig } from "../../lib/types/config"; -export const config: wafConfig = { +import { WafConfig } from "../../lib/types/config"; +export const config: WafConfig = { General: { Prefix: "testcases", Stage: "test", diff --git a/values/tests/regexPatternSets.ts b/values/tests_waf/regexPatternSets.ts similarity index 98% rename from values/tests/regexPatternSets.ts rename to values/tests_waf/regexPatternSets.ts index 43e0f33f..da21d3e2 100644 --- a/values/tests/regexPatternSets.ts +++ b/values/tests_waf/regexPatternSets.ts @@ -1,7 +1,7 @@ -import { wafConfig } from "../../lib/types/config"; -import * as fwmEnums from "../../lib/types/enums"; +import { WafConfig } from "../../lib/types/config"; +import {WebAclScope, WebAclTypeEnum} from "../../lib/types/enums/waf"; -export const config: wafConfig = { +export const config: WafConfig = { General: { Prefix: "testcases", Stage: "test", @@ -465,7 +465,7 @@ export const config: wafConfig = { ManagedRuleGroups: [], }, - Scope: fwmEnums.WebAclScope.REGIONAL, - Type: fwmEnums.WebAclTypeEnum.ELASTICLOADBALANCINGV2_LOADBALANCER + Scope: WebAclScope.REGIONAL, + Type: WebAclTypeEnum.ELASTICLOADBALANCINGV2_LOADBALANCER }, }; \ No newline at end of file