-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmetadata.go
More file actions
112 lines (89 loc) · 3 KB
/
metadata.go
File metadata and controls
112 lines (89 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package main
import (
"fmt"
"github.com/tidwall/gjson"
)
func ratePolicySearch(listID string, cfile []byte, cMap *ConfigurationMap) int {
var i int
// Rate Policies search
for _, name := range gjson.GetBytes(cfile, "ratePolicies").Array() {
nlc := name.Get("additionalMatchOptions.#(type==NetworkListCondition)")
cond := fmt.Sprintf("values.#(==%s)", listID)
present := nlc.Get(cond).Raw
if present != "" {
condition := "does not match"
if nlc.Get("positivematch").Bool() {
condition = "match"
}
rpObj := RatePolicy{
ID: name.Get("id").Int(),
Name: name.Get("name").String(),
Condition: condition,
}
cMap.RatePolicies = append(cMap.RatePolicies, rpObj)
i++
}
}
return i
}
func matchTargetSearch(listID string, cfile []byte, cMap *ConfigurationMap) int {
var i int
// Match Targets Search
for _, name := range gjson.GetBytes(cfile, "matchTargets.websiteTargets").Array() {
netListsPresent := name.Get("bypassNetworkLists")
if netListsPresent.Exists() {
cond := fmt.Sprintf("bypassNetworkLists.#(id==%s)", listID)
present := name.Get(cond).Raw
if present != "" {
mtObj := MatchTarget{
ID: name.Get("id").Int(),
Hostnames: name.Get("hostnames").Value(),
Paths: name.Get("filePaths").Value(),
NegativePathMatch: name.Get("isNegativePathMatch").Bool(),
SecurityPolicyID: name.Get("securityPolicy.policyId").String(),
Type: "bypass",
}
cMap.MatchTargets = append(cMap.MatchTargets, mtObj)
i++
}
}
}
return i
}
func networkListSearch(listID, listType, listAction string, ipGeoFirewallNode, spNode gjson.Result, cMap *ConfigurationMap) bool {
var found bool
searchString := fmt.Sprintf("%sControls.%sIPNetworkLists", listType, listAction)
networkList := ipGeoFirewallNode.Get(searchString)
if networkList.Exists() {
cond := fmt.Sprintf("networkList.#(==%s)", listID)
present := networkList.Get(cond).Raw
if present != "" {
spObj := SecurityPolicy{
ID: spNode.Get("id").String(),
Name: spNode.Get("name").String(),
Type: fmt.Sprintf("%sControls", listType),
Action: listAction,
}
cMap.Policies = append(cMap.Policies, spObj)
found = true
}
}
return found
}
func securityPolicySearch(listID string, cfile []byte, cMap *ConfigurationMap) int {
var i int
for _, name := range gjson.GetBytes(cfile, "securityPolicies").Array() {
var ipAllowedFound, ipBlockedFound, geoAllowedFound, geoBlockedFound bool
ipGeoFirewall := name.Get("ipGeoFirewall")
// IP
ipAllowedFound = networkListSearch(listID, "ip", "allowed", ipGeoFirewall, name, cMap)
ipBlockedFound = networkListSearch(listID, "ip", "blocked", ipGeoFirewall, name, cMap)
// Geo
geoAllowedFound = networkListSearch(listID, "geo", "allowed", ipGeoFirewall, name, cMap)
geoBlockedFound = networkListSearch(listID, "geo", "blocked", ipGeoFirewall, name, cMap)
if ipAllowedFound || ipBlockedFound || geoAllowedFound || geoBlockedFound {
i++
}
}
return i
}