[FEATURE REQUEST]: Please enable the use of waf jsoncmdinjection attributes in resource citrixadc_appfwprofile #1282
Description
Description
Netscaler waf provides a security check for json waf called: JSON Command Injection. In terraform there is no action for that. For JSON SQL Injection there is a jsonsqlinjectionaction, even for xss. But not for JSON Command Injection.
So please enable he use of
- "jsoncmdinjectionaction": [
"block",
"log",
"stats"
], - "jsoncmdinjectiontype": "CMDSplCharANDKeyword",
- "jsoncmdinjectiongrammar": "OFF",
What's even more strange is that there is a resource called "citrixadc_appfwprofile_jsoncmdurl_binding" for json cmd relaxations, but there is no action for what to do in case of detecting json cmd injection. Strange.
@see: citrix case 101151846
Affected Resource(s) and/or Data Source(s)
citrixadc_appfwprofile https://registry.terraform.io/providers/citrix/citrixadc/latest/docs/resources/appfwprofile
Equivalent NetScaler CLI Command
set appfw profile appfw-profile-mtlsplayground-default-fbt-json -jSONcMDInjectionAction block,log,stats
set appfw profile appfw-profile-mtlsplayground-default-fbt-json -jSONCMDInjectionGrammar ON
set appfw profile appfw-profile-mtlsplayground-default-fbt-json -jSONCMDInjectionType CMDSplCharANDKeyword
Potential Terraform Configuration
References
@see: citrix case 101151846