protected makeRules()

in typescript/waf/waf-regional.ts [19:115]

• 82 lines of code
• 2 McCabe index (conditional complexity)

  protected makeRules(listOfRules: listOfRules[] = []) {
    var rules: wafv2.CfnRuleGroup.RuleProperty[] = [];

    for (const r of listOfRules) {
      var stateProp: wafv2.CfnWebACL.StatementProperty = {
        managedRuleGroupStatement: {
          name: r['name'],
          vendorName: "AWS",
        }
      };
      var overrideAction: wafv2.CfnWebACL.OverrideActionProperty = { none: {} }

      var rule: wafv2.CfnRuleGroup.RuleProperty = {
        name: r['name'],
        priority: r['priority'],
        // @ts-expect-error Property 'overrideAction' does not exist on type 'CfnRuleGroup.RuleProperty'
        overrideAction: overrideAction,
        statement: stateProp,
        visibilityConfig: {
          sampledRequestsEnabled: true,
          cloudWatchMetricsEnabled: true,
          metricName: r['name']
        },
      };
      rules.push(rule);
    };

    // Allowed country list
    var ruleGeoMatch: wafv2.CfnWebACL.RuleProperty = {
      name: 'GeoMatch',
      priority: 0,
      action: {
        block: {} // To disable, change to *count*
      },
      statement: {
        notStatement: {
          statement: {
            geoMatchStatement: {
              // Block connection if source not in the below country list
              countryCodes: [
                "AR", // Argentina
                "BO", // Bolivia
                "BR", // Brazil
                "CL", // Chile
                "CO", // Colombia
                "EC", // Ecuador
                "FK", // Falkland Islands
                "GF", // French Guiana
                "GY", // Guiana
                "GY", // Guyana
                "PY", // Paraguay
                "PE", // Peru
                "SR", // Suriname
                "UY", // Uruguay
                "VE", // Venezuela
              ]
            }
          }
        }
      },
      visibilityConfig: {
        sampledRequestsEnabled: true,
        cloudWatchMetricsEnabled: true,
        metricName: 'GeoMatch'
      }
    }; // GeoMatch
    rules.push(ruleGeoMatch);

    /**
     * The rate limit is the maximum number of requests from a
     * single IP address that are allowed in a five-minute period.
     * This value is continually evaluated,
     * and requests will be blocked once this limit is reached.
     * The IP address is automatically unblocked after it falls below the limit.
     */
    var ruleLimitRequests100: wafv2.CfnWebACL.RuleProperty = {
      name: 'LimitRequests100',
      priority: 1,
      action: {
        block: {} // To disable, change to *count*
      },
      statement: {
        rateBasedStatement: {
          limit: 100,
          aggregateKeyType: "IP"
        }
      },
      visibilityConfig: {
        sampledRequestsEnabled: true,
        cloudWatchMetricsEnabled: true,
        metricName: 'LimitRequests100'
      }
    }; // limit requests to 100
    rules.push(ruleLimitRequests100);

    return rules;
  } // function makeRules