/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace WAF { namespace Model { /** *

This is AWS WAF Classic documentation. For more information, * see AWS * WAF Classic in the developer guide.

For the latest version of AWS * WAF, use the AWS WAFV2 API and see the AWS * WAF Developer Guide. With the latest version, AWS WAF has a single set of * endpoints for regional and global use.

Specifies the part of a * web request that you want AWS WAF to inspect for snippets of malicious SQL code * and, if you want AWS WAF to inspect a header, the name of the * header.

See Also:

AWS * API Reference

*/ class SqlInjectionMatchTuple { public: AWS_WAF_API SqlInjectionMatchTuple(); AWS_WAF_API SqlInjectionMatchTuple(Aws::Utils::Json::JsonView jsonValue); AWS_WAF_API SqlInjectionMatchTuple& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_WAF_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

Specifies where in a web request to look for snippets of malicious SQL * code.

*/ inline const FieldToMatch& GetFieldToMatch() const{ return m_fieldToMatch; } /** *

Specifies where in a web request to look for snippets of malicious SQL * code.

*/ inline bool FieldToMatchHasBeenSet() const { return m_fieldToMatchHasBeenSet; } /** *

Specifies where in a web request to look for snippets of malicious SQL * code.

*/ inline void SetFieldToMatch(const FieldToMatch& value) { m_fieldToMatchHasBeenSet = true; m_fieldToMatch = value; } /** *

Specifies where in a web request to look for snippets of malicious SQL * code.

*/ inline void SetFieldToMatch(FieldToMatch&& value) { m_fieldToMatchHasBeenSet = true; m_fieldToMatch = std::move(value); } /** *

Specifies where in a web request to look for snippets of malicious SQL * code.

*/ inline SqlInjectionMatchTuple& WithFieldToMatch(const FieldToMatch& value) { SetFieldToMatch(value); return *this;} /** *

Specifies where in a web request to look for snippets of malicious SQL * code.

*/ inline SqlInjectionMatchTuple& WithFieldToMatch(FieldToMatch&& value) { SetFieldToMatch(std::move(value)); return *this;} /** *

Text transformations eliminate some of the unusual formatting that attackers * use in web requests in an effort to bypass AWS WAF. If you specify a * transformation, AWS WAF performs the transformation on FieldToMatch * before inspecting it for a match.

You can only specify a single type of * TextTransformation.

CMD_LINE

When you're concerned that * attackers are injecting an operating system command line command and using * unusual formatting to disguise some or all of the command, use this option to * perform the following transformations:

  • Delete the following * characters: \ " ' ^

  • Delete spaces before the following * characters: / (

  • Replace the following characters with a space: * , ;

  • Replace multiple spaces with one space

  • *

    Convert uppercase letters (A-Z) to lowercase (a-z)

* COMPRESS_WHITE_SPACE

Use this option to replace the following * characters with a space character (decimal 32):

  • \f, formfeed, * decimal 12

  • \t, tab, decimal 9

  • \n, newline, * decimal 10

  • \r, carriage return, decimal 13

  • *

    \v, vertical tab, decimal 11

  • non-breaking space, decimal * 160

COMPRESS_WHITE_SPACE also replaces multiple * spaces with one space.

HTML_ENTITY_DECODE

Use this option * to replace HTML-encoded characters with unencoded characters. * HTML_ENTITY_DECODE performs the following operations:

  • *

    Replaces (ampersand)quot; with "

  • *

    Replaces (ampersand)nbsp; with a non-breaking space, decimal * 160

  • Replaces (ampersand)lt; with a "less than" * symbol

  • Replaces (ampersand)gt; with * >

  • Replaces characters that are represented in * hexadecimal format, (ampersand)#xhhhh;, with the corresponding * characters

  • Replaces characters that are represented in decimal * format, (ampersand)#nnnn;, with the corresponding characters

    *

LOWERCASE

Use this option to convert uppercase * letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this * option to decode a URL-encoded value.

NONE

Specify * NONE if you don't want to perform any text transformations.

*/ inline const TextTransformation& GetTextTransformation() const{ return m_textTransformation; } /** *

Text transformations eliminate some of the unusual formatting that attackers * use in web requests in an effort to bypass AWS WAF. If you specify a * transformation, AWS WAF performs the transformation on FieldToMatch * before inspecting it for a match.

You can only specify a single type of * TextTransformation.

CMD_LINE

When you're concerned that * attackers are injecting an operating system command line command and using * unusual formatting to disguise some or all of the command, use this option to * perform the following transformations:

  • Delete the following * characters: \ " ' ^

  • Delete spaces before the following * characters: / (

  • Replace the following characters with a space: * , ;

  • Replace multiple spaces with one space

  • *

    Convert uppercase letters (A-Z) to lowercase (a-z)

* COMPRESS_WHITE_SPACE

Use this option to replace the following * characters with a space character (decimal 32):

  • \f, formfeed, * decimal 12

  • \t, tab, decimal 9

  • \n, newline, * decimal 10

  • \r, carriage return, decimal 13

  • *

    \v, vertical tab, decimal 11

  • non-breaking space, decimal * 160

COMPRESS_WHITE_SPACE also replaces multiple * spaces with one space.

HTML_ENTITY_DECODE

Use this option * to replace HTML-encoded characters with unencoded characters. * HTML_ENTITY_DECODE performs the following operations:

  • *

    Replaces (ampersand)quot; with "

  • *

    Replaces (ampersand)nbsp; with a non-breaking space, decimal * 160

  • Replaces (ampersand)lt; with a "less than" * symbol

  • Replaces (ampersand)gt; with * >

  • Replaces characters that are represented in * hexadecimal format, (ampersand)#xhhhh;, with the corresponding * characters

  • Replaces characters that are represented in decimal * format, (ampersand)#nnnn;, with the corresponding characters

    *

LOWERCASE

Use this option to convert uppercase * letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this * option to decode a URL-encoded value.

NONE

Specify * NONE if you don't want to perform any text transformations.

*/ inline bool TextTransformationHasBeenSet() const { return m_textTransformationHasBeenSet; } /** *

Text transformations eliminate some of the unusual formatting that attackers * use in web requests in an effort to bypass AWS WAF. If you specify a * transformation, AWS WAF performs the transformation on FieldToMatch * before inspecting it for a match.

You can only specify a single type of * TextTransformation.

CMD_LINE

When you're concerned that * attackers are injecting an operating system command line command and using * unusual formatting to disguise some or all of the command, use this option to * perform the following transformations:

  • Delete the following * characters: \ " ' ^

  • Delete spaces before the following * characters: / (

  • Replace the following characters with a space: * , ;

  • Replace multiple spaces with one space

  • *

    Convert uppercase letters (A-Z) to lowercase (a-z)

* COMPRESS_WHITE_SPACE

Use this option to replace the following * characters with a space character (decimal 32):

  • \f, formfeed, * decimal 12

  • \t, tab, decimal 9

  • \n, newline, * decimal 10

  • \r, carriage return, decimal 13

  • *

    \v, vertical tab, decimal 11

  • non-breaking space, decimal * 160

COMPRESS_WHITE_SPACE also replaces multiple * spaces with one space.

HTML_ENTITY_DECODE

Use this option * to replace HTML-encoded characters with unencoded characters. * HTML_ENTITY_DECODE performs the following operations:

  • *

    Replaces (ampersand)quot; with "

  • *

    Replaces (ampersand)nbsp; with a non-breaking space, decimal * 160

  • Replaces (ampersand)lt; with a "less than" * symbol

  • Replaces (ampersand)gt; with * >

  • Replaces characters that are represented in * hexadecimal format, (ampersand)#xhhhh;, with the corresponding * characters

  • Replaces characters that are represented in decimal * format, (ampersand)#nnnn;, with the corresponding characters

    *

LOWERCASE

Use this option to convert uppercase * letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this * option to decode a URL-encoded value.

NONE

Specify * NONE if you don't want to perform any text transformations.

*/ inline void SetTextTransformation(const TextTransformation& value) { m_textTransformationHasBeenSet = true; m_textTransformation = value; } /** *

Text transformations eliminate some of the unusual formatting that attackers * use in web requests in an effort to bypass AWS WAF. If you specify a * transformation, AWS WAF performs the transformation on FieldToMatch * before inspecting it for a match.

You can only specify a single type of * TextTransformation.

CMD_LINE

When you're concerned that * attackers are injecting an operating system command line command and using * unusual formatting to disguise some or all of the command, use this option to * perform the following transformations:

  • Delete the following * characters: \ " ' ^

  • Delete spaces before the following * characters: / (

  • Replace the following characters with a space: * , ;

  • Replace multiple spaces with one space

  • *

    Convert uppercase letters (A-Z) to lowercase (a-z)

* COMPRESS_WHITE_SPACE

Use this option to replace the following * characters with a space character (decimal 32):

  • \f, formfeed, * decimal 12

  • \t, tab, decimal 9

  • \n, newline, * decimal 10

  • \r, carriage return, decimal 13

  • *

    \v, vertical tab, decimal 11

  • non-breaking space, decimal * 160

COMPRESS_WHITE_SPACE also replaces multiple * spaces with one space.

HTML_ENTITY_DECODE

Use this option * to replace HTML-encoded characters with unencoded characters. * HTML_ENTITY_DECODE performs the following operations:

  • *

    Replaces (ampersand)quot; with "

  • *

    Replaces (ampersand)nbsp; with a non-breaking space, decimal * 160

  • Replaces (ampersand)lt; with a "less than" * symbol

  • Replaces (ampersand)gt; with * >

  • Replaces characters that are represented in * hexadecimal format, (ampersand)#xhhhh;, with the corresponding * characters

  • Replaces characters that are represented in decimal * format, (ampersand)#nnnn;, with the corresponding characters

    *

LOWERCASE

Use this option to convert uppercase * letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this * option to decode a URL-encoded value.

NONE

Specify * NONE if you don't want to perform any text transformations.

*/ inline void SetTextTransformation(TextTransformation&& value) { m_textTransformationHasBeenSet = true; m_textTransformation = std::move(value); } /** *

Text transformations eliminate some of the unusual formatting that attackers * use in web requests in an effort to bypass AWS WAF. If you specify a * transformation, AWS WAF performs the transformation on FieldToMatch * before inspecting it for a match.

You can only specify a single type of * TextTransformation.

CMD_LINE

When you're concerned that * attackers are injecting an operating system command line command and using * unusual formatting to disguise some or all of the command, use this option to * perform the following transformations:

  • Delete the following * characters: \ " ' ^

  • Delete spaces before the following * characters: / (

  • Replace the following characters with a space: * , ;

  • Replace multiple spaces with one space

  • *

    Convert uppercase letters (A-Z) to lowercase (a-z)

* COMPRESS_WHITE_SPACE

Use this option to replace the following * characters with a space character (decimal 32):

  • \f, formfeed, * decimal 12

  • \t, tab, decimal 9

  • \n, newline, * decimal 10

  • \r, carriage return, decimal 13

  • *

    \v, vertical tab, decimal 11

  • non-breaking space, decimal * 160

COMPRESS_WHITE_SPACE also replaces multiple * spaces with one space.

HTML_ENTITY_DECODE

Use this option * to replace HTML-encoded characters with unencoded characters. * HTML_ENTITY_DECODE performs the following operations:

  • *

    Replaces (ampersand)quot; with "

  • *

    Replaces (ampersand)nbsp; with a non-breaking space, decimal * 160

  • Replaces (ampersand)lt; with a "less than" * symbol

  • Replaces (ampersand)gt; with * >

  • Replaces characters that are represented in * hexadecimal format, (ampersand)#xhhhh;, with the corresponding * characters

  • Replaces characters that are represented in decimal * format, (ampersand)#nnnn;, with the corresponding characters

    *

LOWERCASE

Use this option to convert uppercase * letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this * option to decode a URL-encoded value.

NONE

Specify * NONE if you don't want to perform any text transformations.

*/ inline SqlInjectionMatchTuple& WithTextTransformation(const TextTransformation& value) { SetTextTransformation(value); return *this;} /** *

Text transformations eliminate some of the unusual formatting that attackers * use in web requests in an effort to bypass AWS WAF. If you specify a * transformation, AWS WAF performs the transformation on FieldToMatch * before inspecting it for a match.

You can only specify a single type of * TextTransformation.

CMD_LINE

When you're concerned that * attackers are injecting an operating system command line command and using * unusual formatting to disguise some or all of the command, use this option to * perform the following transformations:

  • Delete the following * characters: \ " ' ^

  • Delete spaces before the following * characters: / (

  • Replace the following characters with a space: * , ;

  • Replace multiple spaces with one space

  • *

    Convert uppercase letters (A-Z) to lowercase (a-z)

* COMPRESS_WHITE_SPACE

Use this option to replace the following * characters with a space character (decimal 32):

  • \f, formfeed, * decimal 12

  • \t, tab, decimal 9

  • \n, newline, * decimal 10

  • \r, carriage return, decimal 13

  • *

    \v, vertical tab, decimal 11

  • non-breaking space, decimal * 160

COMPRESS_WHITE_SPACE also replaces multiple * spaces with one space.

HTML_ENTITY_DECODE

Use this option * to replace HTML-encoded characters with unencoded characters. * HTML_ENTITY_DECODE performs the following operations:

  • *

    Replaces (ampersand)quot; with "

  • *

    Replaces (ampersand)nbsp; with a non-breaking space, decimal * 160

  • Replaces (ampersand)lt; with a "less than" * symbol

  • Replaces (ampersand)gt; with * >

  • Replaces characters that are represented in * hexadecimal format, (ampersand)#xhhhh;, with the corresponding * characters

  • Replaces characters that are represented in decimal * format, (ampersand)#nnnn;, with the corresponding characters

    *

LOWERCASE

Use this option to convert uppercase * letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this * option to decode a URL-encoded value.

NONE

Specify * NONE if you don't want to perform any text transformations.

*/ inline SqlInjectionMatchTuple& WithTextTransformation(TextTransformation&& value) { SetTextTransformation(std::move(value)); return *this;} private: FieldToMatch m_fieldToMatch; bool m_fieldToMatchHasBeenSet = false; TextTransformation m_textTransformation; bool m_textTransformationHasBeenSet = false; }; } // namespace Model } // namespace WAF } // namespace Aws