fix for CustomBlockResponseBody not using base64 issue (#25350)

* bug fix

* Update ChangeLog.md

---------

Co-authored-by: Jingnan Xu <[email protected]>
Co-authored-by: NoriZC <[email protected]>

Author: 3 people

src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.cs

@@ -50,5 +50,12 @@ public void TestPolicyAction()
         {
             TestRunner.RunTestScript("Test-PolicyAction");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestCustomBlockResponseBody()
+        {
+            TestRunner.RunTestScript("Test-CustomBlockResponseBody");
+        }
     }
 }

src/FrontDoor/FrontDoor.Test/ScenarioTests/WebApplicationFireWallPolicyTests.ps1

@@ -174,3 +174,35 @@ function Test-PolicyAction
     Assert-True { $removed }
     Assert-ThrowsContains { Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName } "does not exist."
 }
+
+function Test-CustomBlockResponseBody
+{
+    $Name = getAssetName
+    $resourceGroup = TestSetup-CreateResourceGroup
+    $resourceGroupName = $resourceGroup.ResourceGroupName
+    $tags = @{"tag1" = "value1"; "tag2" = "value2"}
+    $matchCondition1 = New-AzFrontDoorWafMatchConditionObject -MatchVariable RequestHeader -OperatorProperty Contains -Selector "UserAgent" -MatchValue "WINDOWS" -Transform "Uppercase"
+    $customRule1 = New-AzFrontDoorWafCustomRuleObject -Name "Rule1" -RuleType MatchRule -MatchCondition $matchCondition1 -Action Block -Priority 2
+
+    # Create exclusion objects
+    $exclusionRule = New-AzFrontDoorWafManagedRuleExclusionObject -Variable QueryStringArgNames -Operator Equals -Selector "ExcludeInRule"
+    $exclusionGroup = New-AzFrontDoorWafManagedRuleExclusionObject -Variable QueryStringArgNames -Operator Equals -Selector "ExcludeInGroup"
+    $exclusionSet = New-AzFrontDoorWafManagedRuleExclusionObject -Variable QueryStringArgNames -Operator Equals -Selector "ExcludeInSet"
+
+    $ruleOverride = New-AzFrontDoorWafManagedRuleOverrideObject -RuleId "942100" -Action Log -Exclusion $exclusionRule
+    $override1 = New-AzFrontDoorWafRuleGroupOverrideObject -RuleGroupName SQLI -ManagedRuleOverride $ruleOverride -Exclusion $exclusionGroup
+    $managedRule1 = New-AzFrontDoorWafManagedRuleObject -Type DefaultRuleSet -Version "1.0" -RuleGroupOverride $override1 -Exclusion $exclusionSet
+    $managedRule2 = New-AzFrontDoorWafManagedRuleObject -Type BotProtection -Version "preview-0.1"
+
+    New-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName -Sku Premium_AzureFrontDoor -Customrule $customRule1 -ManagedRule $managedRule1,$managedRule2 -EnabledState Enabled -Mode Prevention -RequestBodyCheck Disabled -CustomBlockResponseBody "<html><head><title>WAF Demo1</title></head><bodybgcolor=`"#FFB29Z`"><p><h1><strong>WAF Custom Response Page</strong></h1></p><p>Please contact us with the below reference ID: {{azure-ref}}<br></p></body></html>"
+
+    $afdWafPolicy = Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName
+    Assert-AreEqual $afdWafPolicy.CustomBlockResponseBody "<html><head><title>WAF Demo1</title></head><bodybgcolor=`"#FFB29Z`"><p><h1><strong>WAF Custom Response Page</strong></h1></p><p>Please contact us with the below reference ID: {{azure-ref}}<br></p></body></html>"
+
+    $afdWafPolicy.CustomBlockResponseBody = "<html><head><title>WAF Demo2</title></head><bodybgcolor=`"#FFB29Z`"><p><h1><strong>WAF Custom Response Page</strong></h1></p><p>Please contact us with the below reference ID: {{azure-ref}}<br></p></body></html>"
+    $afdWafPolicy | Update-AzFrontDoorWafPolicy
+
+    $retrievedPolicy = Get-AzFrontDoorWafPolicy -Name $Name -ResourceGroupName $resourceGroupName
+
+    Assert-AreEqual $retrievedPolicy.CustomBlockResponseBody "<html><head><title>WAF Demo2</title></head><bodybgcolor=`"#FFB29Z`"><p><h1><strong>WAF Custom Response Page</strong></h1></p><p>Please contact us with the below reference ID: {{azure-ref}}<br></p></body></html>"
+}

src/FrontDoor/FrontDoor.Test/SessionRecords/Microsoft.Azure.Commands.FrontDoor.Test.ScenarioTests.ScenarioTest.WebApplicationFireWallPolicyTests/TestCustomBlockResponseBody.json

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed a not converting from string to base in CustomBlockResponseBody bug in updating waf policy
 
 ## Version 1.11.0
 * Upgraded to api version 2024-02-01

src/FrontDoor/FrontDoor/ChangeLog.md

@@ -766,7 +766,7 @@ public static SdkFirewallPolicy ToSdkFirewallPolicy(this PSPolicy psPolicy)
                 {
                     EnabledState = psPolicy.PolicyEnabledState.ToString(),
                     Mode = psPolicy.PolicyMode,
-                    CustomBlockResponseBody = psPolicy.CustomBlockResponseBody,
+                    CustomBlockResponseBody = psPolicy.CustomBlockResponseBody == null ? psPolicy.CustomBlockResponseBody : Convert.ToBase64String(Encoding.UTF8.GetBytes(psPolicy.CustomBlockResponseBody)),
                     CustomBlockResponseStatusCode = psPolicy.CustomBlockResponseStatusCode,
                     RedirectUrl = psPolicy.RedirectUrl,
                     RequestBodyCheck = psPolicy.RequestBodyCheck?.ToString(),