search

cds-snc / scan-websites

On-demand scanning of websites for accessibility and security vulnerabilities/compliance / Analyse à la demande des sites Web pour les vulnérabilités/conformité en matière d'accessibilité et de sécurité
https://scan-websites.alpha.canada.ca
MIT License
12 stars 1 forks source link

fix: adding pattern for type/hash body payload #427

Closed ascheid closed 1 year ago

ascheid commented 1 year ago

Summary | Résumé

Requests with the type specified in the body payload to be ignored are causing an error 403. The waf is blocking the request because of no matching regex expression for that payload is expected.

github-actions[bot] commented 1 year ago

Plan for api

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_wafv2_regex_pattern_set.body_exclusions will be updated in-place ~ resource "aws_wafv2_regex_pattern_set" "body_exclusions" { id = "35866b36-01b1-4711-b2eb-c89eb3dd7275" name = "RequestBodyExclusions" tags = {} # (5 unchanged attributes hidden) + regular_expression { + regex_string = "^/scans/template/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}/scan/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}/type/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}$" } # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.axe-core-report-data.aws_s3_bucket.this, on .terraform/modules/axe-core-report-data/S3/main.tf line 7, in resource "aws_s3_bucket" "this": 7: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 33 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.scan_websites_certificate"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.api"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_rest_api.api"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_stage.api"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.api_access"] WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.api"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.api"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.api"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.api_cloudwatch"] WARN - plan.json - main - Missing Common Tags: ["aws_kms_key.scan-websites"] WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.api"] WARN - plan.json - main - Missing Common Tags: ["aws_security_group.api"] WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.axe-core-urls"] WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.critical"] WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.github-urls"] WARN - plan.json - main - Missing Common Tags: ["aws_sns_topic.warning"] WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.body_exclusions"] WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.google_auth_uri"] WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_web_acl.api_waf"] 36 tests, 17 passed, 19 warnings, 0 failures, 0 exceptions ```