npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

rswaf-icx-converter

v0.6.2

Published

ICX to Security Exception Converter for RSWAF

Downloads

2

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

npmjsrscsnpmjsrscs

Keywords

Readme

ICX Policy to Security Exception Configurations Migration Tool.

Part of RSCS WAF extras.

Build Status Dependencies npm version Licence

Introduction

This tool does its best to convert ICX Exceptions from i-Suite v5 into Security Exception Configurations (RSWAF v6).

Under the wood, it use RSWAF API (low level XML API) to read ICX Policies and create/update Security Exception Configurations.

Prerequisites

Nodejs

A Windows or Linux machine with nodejs > v10 installed (bundled with npm i.e node package manager). This machine is supposed to be able to speak with a RSWAF Management Console (v6).

RSWAF dedicated API User

Create a user with Create/Read/Update/Delete authorization for the API, then use it using --waf-src-user and --was-src-pw command line options (or environment variables). Because this tool currently use the low level XML API, not the JSON one, the API Token auth method is not usable.

Install

npm install rswaf-icx-converter -g

Usage

> rswaf-icx-converter --help
rswaf-icx-converter v0.5.4

Usage with RSWAF v6:
rswaf-icx-converter --waf-src-url=https://1.2.3.4:3001/ --waf-src-user=admin --waf-src-pw=mypassword

Options:
--waf-src-url                      IP Address of RSWAF API
--waf-src-user                     Administrator username
--waf-src-pw                       Administrator password
--waf-src-api-key                  RSWAF v6 API Key (not yet implemented)
--icx                              Only convert ICX matching pattern
--icx-file                         Use an XML dump file rather than using the Management Console (unit tests)
--skip-duplicate                   Skip duplicated rule
--duplicate-multiple-hostname      Duplicate rules having multiple hostname condition, default true
--duplicate-match-any              Duplicate rules using Match ANY operator, default true
--duplicate-match-all-legacy       Duplicate rules using Match All Legacy operator, default true
--convert-disable-rules            Convert disabled rules, default false
--dump-icx                         Dump ICX policy (use --icx to spot one ICX)
--security-exception-file            Dump XML content of converted security exception configuration
--verbose                          Be verbose
------------------------------------------------------------
Environnement variables
WAF_SRC_URL        URL for RSWAF Webservices Administration
WAF_SRC_API_KEY    RSWAF API Key (not yet implemented)
WAF_SRC_USER       i-Suite Administrator Username
WAF_SRC_PW         i-Suite Administrator Password
> rswaf-icx-converter --waf-src-url=https://X.X.X.X:3001/ --waf-src-user=api --waf-src-pw=MYPASSWORD --duplicate-multiple-hostname --duplicate-match-any --skip-duplicate --verbose

More debug on windows

> set DEBUG=*:*
> rswaf-icx-converter --waf-src-url=https://X.X.X.X:3001/ --waf-src-user=api --waf-src-pw=MYPASSWORD --duplicate-multiple-hostname --duplicate-match-any --skip-duplicate --verbose

More debug on linux

> DEBUG=*:* && rswaf-icx-converter --waf-src-url=https://X.X.X.X:3001/ --waf-src-user=api --waf-src-pw=MYPASSWORD --duplicate-multiple-hostname --duplicate-match-any --skip-duplicate --verbose

workflow.xml

A workflow.xml file is written in the current directory. You can open this file then copy paste it's content into an empty workflow. Then associate this workflow to a tunnel, then apply the tunnel. If no error after the apply, you can consider that security exception configurations have been validated by "mod_workflow_config" process.

WARNING

  • Every security exception configurations matching --icx string in their names (or all configurations if --icx option not used) are emptied each time you trigger this tool.

Notes

  • The tool do NOT take care about attack technics versioning (thanks v6) while converting, security exceptions will always use the latest pattern available.
  • The tool can NOT (yet) test PCRE regular expression because javascript don't have a native support, that's why there is no regular expression validation while converting.
  • The tool will make your rule begin_with patterName rather than is patterName (so exceptions will match in both Normal or Strict ICX policies)

ICX anomalies detected

  • detect duplicate hostname conditions in a "match all" rule, use --duplicate-multiple-hostname=false to disable
  • detect match any rules, use --duplicate-match-any=false to disable
  • detect match all LEGACY rules, use --duplicate-match-all-legacy=false to disable
  • detect duplicated rules, use --skip-duplicate=false to disable
  • fix bad regular expression * rather than .*

Run tests

npm test