feat(#3343): Add data generator for WAF type

wazuh · Feb 7, 2023 · ee2f220 · ee2f220
1 parent a8e54d3
commit ee2f220
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 1 deletion.
diff --git a/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py b/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py
@@ -23,3 +23,4 @@
 # Bucket types
 CLOUD_TRAIL_TYPE = 'cloudtrail'
 VPC_FLOW_TYPE = 'vpcflow'
+WAF_TYPE = 'waf'
diff --git a/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py b/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py
@@ -155,10 +155,100 @@ def get_data_sample(self) -> str:
  return buffer.getvalue()
 
 
+class WAFDataGenerator(DataGenerator):
+ BASE_PATH = ''
+ BASE_FILE_NAME = "aws-waf-logs-delivery-stream-1-"
+
+ def get_filename(self, *args, **kwargs) -> str:
+ """Return the filename in the KMS format.
+
+ Example:
+ <prefix>/<year>/<month>/<day>
+
+ Returns:
+ str: Syntetic filename.
+ """
+ now = datetime.now()
+ path = join(self.BASE_PATH, now.strftime(cons.PATH_DATE_FORMAT))
+ name = f"{self.BASE_FILE_NAME}{now.strftime(cons.FILENAME_DATE_FORMAT)}{cons.JSON_EXT}"
+
+ return join(path, name)
+
+ def get_data_sample(self) -> str:
+ """Return a sample of data according to the cloudtrail format.
+
+ Returns:
+ ste: Syntetic data.
+ """
+ return json.dumps(
+ {
+ 'timestamp': 1576280412771,
+ 'formatVersion': 1,
+ 'webaclId': (
+ f"arn:aws:wafv2:ap-southeast-2:{cons.RANDOM_ACCOUNT_ID}:regional/"
+ 'webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE'
+ ),
+ 'terminatingRuleId': 'STMTest_SQLi_XSS',
+ 'terminatingRuleType': 'REGULAR',
+ 'action': 'BLOCK',
+ 'terminatingRuleMatchDetails': [
+ {
+ 'conditionType': 'SQL_INJECTION',
+ 'sensitivityLevel': 'HIGH',
+ 'location': 'HEADER',
+ 'matchedData': [
+ '10',
+ 'AND',
+ '1'
+ ]
+ }
+ ],
+ 'httpSourceName': '-',
+ 'httpSourceId': '-',
+ 'ruleGroupList': [],
+ 'rateBasedRuleList': [],
+ 'nonTerminatingMatchingRules': [],
+ 'httpRequest': {
+ 'clientIp': get_random_ip(),
+ 'country': 'AU',
+ 'headers': [
+ {
+ 'name': 'Host',
+ 'value': 'localhost:1989'
+ },
+ {
+ 'name': 'User-Agent',
+ 'value': 'curl/7.61.1'
+ },
+ {
+ 'name': 'Accept',
+ 'value': '*/*'
+ },
+ {
+ 'name': 'x-stm-test',
+ 'value': '10 AND 1=1'
+ }
+ ],
+ 'uri': '/myUri',
+ 'args': '',
+ 'httpVersion': 'HTTP/1.1',
+ 'httpMethod': 'GET',
+ 'requestId': 'rid'
+ },
+ 'labels': [
+ {
+ 'name': 'value'
+ }
+ ]
+ }
+ )
+
+
 # Maps bucket type with corresponding data generator
 buckets_data_mapping = {
  cons.CLOUD_TRAIL_TYPE: CloudTrailDataGenerator,
- cons.VPC_FLOW_TYPE: VPCDataGenerator
+ cons.VPC_FLOW_TYPE: VPCDataGenerator,
+ cons.WAF_TYPE: WAFDataGenerator,
 }