Skip to content

xss_match_statement for and_statement #124

New issue
New issue
Open
Open
xss_match_statement for and_statement#124
@gustavo-guerra-compasso

Description

@gustavo-guerra-compasso
gustavo-guerra-compasso
opened on Oct 6, 2023

What is the current behavior?
the module does not work with rule xss_match_statement inside and_statement.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.

this the terraform code I am using:
default = [
{
name = "allow-svg-upload-modalities"
priority = "0"

  action = "allow"

  and_statement = {
    statements = [
      {
        geo_match_statement = {
          country_codes = ["NL", "GB", "US"]
        }
      },
      {
        xss_match_statement = {
          field_to_match = {
            body = {
              oversize_handling = "MATCH"
            }
          }
          priority = 0
          type     = "NONE"
        }
      },
      {
        regex_match_statement = {
          regex_string = "\\/path\\/(.*)\\/settings"
          field_to_match = {
            uri_path = "{}"
          }
          priority = 0
          type     = "NONE"
        }
      }
    ]
  }

  visibility_config = {
    cloudwatch_metrics_enabled = false
    metric_name                = "allow-svg-upload-modalities"
    sampled_requests_enabled   = true
  }
}

]

What is the expected behavior?
Be able to create xss_match_statement rules for and_statements.

Software versions?
4.6.1 but it seem that the current version (5.1.2) has the same problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions