diff --git a/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py b/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py index af3230b4b8..eabd77757e 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py +++ b/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py @@ -23,3 +23,4 @@ # Bucket types CLOUD_TRAIL_TYPE = 'cloudtrail' VPC_FLOW_TYPE = 'vpcflow' +WAF_TYPE = 'waf' diff --git a/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py b/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py index 74e04dc64b..bc567e69f8 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py +++ b/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py @@ -155,10 +155,100 @@ def get_data_sample(self) -> str: return buffer.getvalue() +class WAFDataGenerator(DataGenerator): + BASE_PATH = '' + BASE_FILE_NAME = "aws-waf-logs-delivery-stream-1-" + + def get_filename(self, *args, **kwargs) -> str: + """Return the filename in the KMS format. + + Example: + /// + + Returns: + str: Syntetic filename. + """ + now = datetime.now() + path = join(self.BASE_PATH, now.strftime(cons.PATH_DATE_FORMAT)) + name = f"{self.BASE_FILE_NAME}{now.strftime(cons.FILENAME_DATE_FORMAT)}{cons.JSON_EXT}" + + return join(path, name) + + def get_data_sample(self) -> str: + """Return a sample of data according to the cloudtrail format. + + Returns: + ste: Syntetic data. + """ + return json.dumps( + { + 'timestamp': 1576280412771, + 'formatVersion': 1, + 'webaclId': ( + f"arn:aws:wafv2:ap-southeast-2:{cons.RANDOM_ACCOUNT_ID}:regional/" + 'webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE' + ), + 'terminatingRuleId': 'STMTest_SQLi_XSS', + 'terminatingRuleType': 'REGULAR', + 'action': 'BLOCK', + 'terminatingRuleMatchDetails': [ + { + 'conditionType': 'SQL_INJECTION', + 'sensitivityLevel': 'HIGH', + 'location': 'HEADER', + 'matchedData': [ + '10', + 'AND', + '1' + ] + } + ], + 'httpSourceName': '-', + 'httpSourceId': '-', + 'ruleGroupList': [], + 'rateBasedRuleList': [], + 'nonTerminatingMatchingRules': [], + 'httpRequest': { + 'clientIp': get_random_ip(), + 'country': 'AU', + 'headers': [ + { + 'name': 'Host', + 'value': 'localhost:1989' + }, + { + 'name': 'User-Agent', + 'value': 'curl/7.61.1' + }, + { + 'name': 'Accept', + 'value': '*/*' + }, + { + 'name': 'x-stm-test', + 'value': '10 AND 1=1' + } + ], + 'uri': '/myUri', + 'args': '', + 'httpVersion': 'HTTP/1.1', + 'httpMethod': 'GET', + 'requestId': 'rid' + }, + 'labels': [ + { + 'name': 'value' + } + ] + } + ) + + # Maps bucket type with corresponding data generator buckets_data_mapping = { cons.CLOUD_TRAIL_TYPE: CloudTrailDataGenerator, - cons.VPC_FLOW_TYPE: VPCDataGenerator + cons.VPC_FLOW_TYPE: VPCDataGenerator, + cons.WAF_TYPE: WAFDataGenerator, }