Class: AWSCDK::WAFv2::CfnRuleGroup::SqliMatchStatementProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_rule_group.rb

Overview

A rule statement that inspects for malicious SQL code.

Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(field_to_match:, text_transformations:, sensitivity_level: nil) ⇒ SqliMatchStatementProperty

Returns a new instance of SqliMatchStatementProperty.

Parameters:



4022
4023
4024
4025
4026
4027
4028
4029
# File 'wa_fv2/cfn_rule_group.rb', line 4022

def initialize(field_to_match:, text_transformations:, sensitivity_level: nil)
  @field_to_match = field_to_match.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::FieldToMatchProperty.new(**field_to_match.transform_keys(&:to_sym)) : field_to_match
  Jsii::Type.check_type(@field_to_match, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuRmllbGRUb01hdGNoUHJvcGVydHkifV19fQ==")), "fieldToMatch")
  @text_transformations = text_transformations
  Jsii::Type.check_type(@text_transformations, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfd2FmdjIuQ2ZuUnVsZUdyb3VwLlRleHRUcmFuc2Zvcm1hdGlvblByb3BlcnR5In1dfX0sImtpbmQiOiJhcnJheSJ9fV19fQ==")), "textTransformations")
  @sensitivity_level = sensitivity_level
  Jsii::Type.check_type(@sensitivity_level, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sensitivityLevel") unless @sensitivity_level.nil?
end

Instance Attribute Details

#field_to_matchAWSCDK::IResolvable, AWSCDK::WAFv2::CfnRuleGroup::FieldToMatchProperty (readonly)

The part of the web request that you want AWS WAF to inspect.



4035
4036
4037
# File 'wa_fv2/cfn_rule_group.rb', line 4035

def field_to_match
  @field_to_match
end

#sensitivity_levelString? (readonly)

The sensitivity that you want AWS WAF to use to inspect for SQL injection attacks.

HIGH detects more attacks, but might generate more false positives, especially if your web requests frequently contain unusual strings. For information about identifying and mitigating false positives, see Testing and tuning in the AWS WAF Developer Guide .

LOW is generally a better choice for resources that already have other protections against SQL injection attacks or that have a low tolerance for false positives.

Default: LOW



4053
4054
4055
# File 'wa_fv2/cfn_rule_group.rb', line 4053

def sensitivity_level
  @sensitivity_level
end

#text_transformationsAWSCDK::IResolvable, Array<AWSCDK::IResolvable, AWSCDK::WAFv2::CfnRuleGroup::TextTransformationProperty> (readonly)

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.

If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by FieldToMatch , starting from the lowest priority setting, before inspecting the content for a match.



4042
4043
4044
# File 'wa_fv2/cfn_rule_group.rb', line 4042

def text_transformations
  @text_transformations
end

Class Method Details

.jsii_propertiesObject



4055
4056
4057
4058
4059
4060
4061
# File 'wa_fv2/cfn_rule_group.rb', line 4055

def self.jsii_properties
  {
    :field_to_match => "fieldToMatch",
    :text_transformations => "textTransformations",
    :sensitivity_level => "sensitivityLevel",
  }
end

Instance Method Details

#to_jsiiObject



4063
4064
4065
4066
4067
4068
4069
4070
4071
# File 'wa_fv2/cfn_rule_group.rb', line 4063

def to_jsii
  result = {}
  result.merge!({
    "fieldToMatch" => @field_to_match,
    "textTransformations" => @text_transformations,
    "sensitivityLevel" => @sensitivity_level,
  })
  result.compact
end