Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: appfwprofile_sqlinjection_binding #1172

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

janschumann
Copy link

@janschumann janschumann commented Jun 21, 2024

Updating binding fails.

Consider this resource:

resource "citrixadc_appfwprofile_sqlinjection_binding" "this" {
  name                 = citrixadc_appfwprofile.this.name
  sqlinjection         = "field"
  formactionurl_sql    = "https://example"
  as_scan_location_sql = "FORMFIELD"
  isregex_sql          = "NOTREGEX"
  as_value_type_sql    = "Keyword"
  as_value_expr_sql    = "example1"
  isvalueregex_sql     = "NOTREGEX"
  state                = "ENABLED"
}

After changing a value like this:

resource "citrixadc_appfwprofile_sqlinjection_binding" "this" {
  name                 = citrixadc_appfwprofile.this.name
  sqlinjection         = "field"
  formactionurl_sql    = "https://example"
  as_scan_location_sql = "FORMFIELD"
  isregex_sql          = "NOTREGEX"
  as_value_type_sql    = "Keyword"
  as_value_expr_sql    = "example2"
  isvalueregex_sql     = "NOTREGEX"
  state                = "ENABLED"
}

The update fails with

Error: [INFO] delete failed: 599 Netscaler specific error ({ "errorcode": 3130, "message": "No such SQLInjection check", "severity": "ERROR" })

Here is the nitro log for this update:

Command "unbind appfw profile appfw-profile-tf-tfi-fbt-smaragd-tcm-webcheck-htmlwaf -SQLInjection sqlinjection "
https://sqlinjection"
-location FORMFIELD -RuleType ALLOW" - Status "ERROR: No such SQLInjection check"

The problem is that in the delete process specifying the sqlinjection field is not sufficient for identifying the rule.

This PR adds fields to be able to apply the changes in the example above.

This may not be sufficient for all scenarios and also applies for other resources like appfwprofile_crosssitescripting_binding. We are currently testing those resources and will add more fixes accordingly.

@janschumann janschumann marked this pull request as draft June 21, 2024 08:32
@janschumann janschumann force-pushed the fix/wafprofile-binding branch from b7cc92d to 591c041 Compare June 21, 2024 08:34
Signed-off-by: Jan Schumann <[email protected]>
@janschumann janschumann force-pushed the fix/wafprofile-binding branch from 0699a11 to 59762f6 Compare June 21, 2024 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant