wafredir/config.go

package main

import (
	"fmt"
	"net/url"
)

// config accepts a slice of type Redirect and returns an error
// it organizes the input data in a way that makes sense for FortiOS objects
// then outputs the configuration to stdout
func config(redirects []Redirect) error {

	// A map which contains the name of a redirect policy as the key, and a slice of strings as a value.
	// The value of the string is the name of the url-rewrite-rule which needs to be referenced by the redirect policy object in FortiOS
	redirectPolicies := make(map[string][]string)

	// Iterate over all redirects and output url-rewrite-rules

	fmt.Printf("\n\n------------------------ COPY BELOW THIS LINE ------------------------\n\n\n")
	fmt.Println("config waf url-rewrite url-rewrite-rule")
	for _, redirect := range redirects {

		// Parse the source URL string into a URL object so we can extract features
		sourceURL, err := url.Parse(redirect.sourceURL)
		if err != nil {
			return fmt.Errorf("unable to parse source URL '%s': %v", redirect.sourceURL, err)
		}

		var ruleName, action string
		if len(redirect.sourceURL) > 63 { // FortiOS only allows up to 63 characters.  There is potention for collission here.  TBD: Reduce and replace characters in the middle of string with '...' and show characters at the end of the URL to make differentiation easier for operators of the WAF
			ruleName = redirect.sourceURL[:62]
		} else {
			ruleName = redirect.sourceURL
		}

		if redirect.statusCode == 301 { //translate to fortiOS syntax
			action = "redirect-301"
		} else {
			action = "redirect"
		}

		// Output FortiOS configuration syntax
		fmt.Printf("edit \"%s\"\n", ruleName)
		fmt.Printf("set location %s\n", redirect.destinationURL)
		fmt.Printf("set action %s\n", action)
		fmt.Println("config match-condition")
		fmt.Println("edit 0")
		fmt.Println("set object http-url")
		fmt.Printf("set reg-exp %s$\n", sourceURL.Path)
		fmt.Println("set protocol-filter enable")
		fmt.Printf("set HTTP-protocol %s\n", sourceURL.Scheme)
		fmt.Println("next")
		fmt.Println("end")
		fmt.Println("next")

		// Add this rule to the slice inside the policy map.  This is used to organize data for creating the url-rewrite-policy configuration below
		redirectPolicies[sourceURL.Host] = append(redirectPolicies[sourceURL.Host], ruleName)
	}
	fmt.Println("end")

	// Output url-rewrite-policy configuration.
	// Iterate over values in the policy map and output the policy configuration
	fmt.Println("config waf url-rewrite url-rewrite-policy")
	for policyName, policyRules := range redirectPolicies {
		fmt.Printf("edit \"%s-redirects\"\n", policyName)
		fmt.Println("config rule")
		for _, ruleName := range policyRules {
			fmt.Println("edit 0")
			fmt.Printf("set url-rewrite-rule-name %s\n", ruleName)
			fmt.Println("next")
		}
		fmt.Println("end")
		fmt.Println("next")
	}
	fmt.Printf("end\n\n\n")

	return nil
}
initial commit 2020-05-30 02:03:03 +00:00			`package main`

			`import (`
			`"fmt"`
			`"net/url"`
			`)`

			`// config accepts a slice of type Redirect and returns an error`
Update comments 2020-05-30 20:10:56 +00:00			`// it organizes the input data in a way that makes sense for FortiOS objects`
initial commit 2020-05-30 02:03:03 +00:00			`// then outputs the configuration to stdout`
			`func config(redirects []Redirect) error {`

			`// A map which contains the name of a redirect policy as the key, and a slice of strings as a value.`
Update comments 2020-05-30 20:10:56 +00:00			`// The value of the string is the name of the url-rewrite-rule which needs to be referenced by the redirect policy object in FortiOS`
initial commit 2020-05-30 02:03:03 +00:00			`redirectPolicies := make(map[string][]string)`

			`// Iterate over all redirects and output url-rewrite-rules`

Update comments 2020-05-30 20:10:56 +00:00			`fmt.Printf("\n\n------------------------ COPY BELOW THIS LINE ------------------------\n\n\n")`
initial commit 2020-05-30 02:03:03 +00:00			`fmt.Println("config waf url-rewrite url-rewrite-rule")`
			`for _, redirect := range redirects {`
Update comments 2020-05-30 20:10:56 +00:00
			`// Parse the source URL string into a URL object so we can extract features`
initial commit 2020-05-30 02:03:03 +00:00			`sourceURL, err := url.Parse(redirect.sourceURL)`
			`if err != nil {`
Do not output errors in the middle of the config 2020-05-30 02:25:45 +00:00			`return fmt.Errorf("unable to parse source URL '%s': %v", redirect.sourceURL, err)`
initial commit 2020-05-30 02:03:03 +00:00			`}`

add support for redirect types in config 2020-05-30 03:00:52 +00:00			`var ruleName, action string`
Update comments 2020-05-30 20:10:56 +00:00			`if len(redirect.sourceURL) > 63 { // FortiOS only allows up to 63 characters. There is potention for collission here. TBD: Reduce and replace characters in the middle of string with '...' and show characters at the end of the URL to make differentiation easier for operators of the WAF`
workaround fortios max object name length 2020-05-30 02:32:50 +00:00			`ruleName = redirect.sourceURL[:62]`
			`} else {`
			`ruleName = redirect.sourceURL`
			`}`
add support for redirect types in config 2020-05-30 03:00:52 +00:00
			`if redirect.statusCode == 301 { //translate to fortiOS syntax`
			`action = "redirect-301"`
			`} else {`
			`action = "redirect"`
			`}`

Update comments 2020-05-30 20:10:56 +00:00			`// Output FortiOS configuration syntax`
typo in last commit 2020-05-30 02:39:22 +00:00			`fmt.Printf("edit \"%s\"\n", ruleName)`
initial commit 2020-05-30 02:03:03 +00:00			`fmt.Printf("set location %s\n", redirect.destinationURL)`
add support for redirect types in config 2020-05-30 03:00:52 +00:00			`fmt.Printf("set action %s\n", action)`
initial commit 2020-05-30 02:03:03 +00:00			`fmt.Println("config match-condition")`
			`fmt.Println("edit 0")`
			`fmt.Println("set object http-url")`
terminate regular expression in match condition 2020-05-30 03:59:47 +00:00			`fmt.Printf("set reg-exp %s$\n", sourceURL.Path)`
initial commit 2020-05-30 02:03:03 +00:00			`fmt.Println("set protocol-filter enable")`
			`fmt.Printf("set HTTP-protocol %s\n", sourceURL.Scheme)`
			`fmt.Println("next")`
			`fmt.Println("end")`
			`fmt.Println("next")`

Update comments 2020-05-30 20:10:56 +00:00			`// Add this rule to the slice inside the policy map. This is used to organize data for creating the url-rewrite-policy configuration below`
workaround fortios max object name length 2020-05-30 02:32:50 +00:00			`redirectPolicies[sourceURL.Host] = append(redirectPolicies[sourceURL.Host], ruleName)`
initial commit 2020-05-30 02:03:03 +00:00			`}`
			`fmt.Println("end")`

Update comments 2020-05-30 20:10:56 +00:00			`// Output url-rewrite-policy configuration.`
initial commit 2020-05-30 02:03:03 +00:00			`// Iterate over values in the policy map and output the policy configuration`
			`fmt.Println("config waf url-rewrite url-rewrite-policy")`
			`for policyName, policyRules := range redirectPolicies {`
Fix append to policy name, shouldn't be rule name 2020-05-30 02:44:53 +00:00			`fmt.Printf("edit \"%s-redirects\"\n", policyName)`
fix invalid fortiOS syntax in output 2020-05-30 02:47:34 +00:00			`fmt.Println("config rule")`
initial commit 2020-05-30 02:03:03 +00:00			`for _, ruleName := range policyRules {`
			`fmt.Println("edit 0")`
Fix append to policy name, shouldn't be rule name 2020-05-30 02:44:53 +00:00			`fmt.Printf("set url-rewrite-rule-name %s\n", ruleName)`
initial commit 2020-05-30 02:03:03 +00:00			`fmt.Println("next")`
			`}`
fix invalid fortiOS syntax in output 2020-05-30 02:47:34 +00:00			`fmt.Println("end")`
initial commit 2020-05-30 02:03:03 +00:00			`fmt.Println("next")`
			`}`
Update comments 2020-05-30 20:10:56 +00:00			`fmt.Printf("end\n\n\n")`
initial commit 2020-05-30 02:03:03 +00:00
			`return nil`
			`}`