From 534fc7c1254a89af5c330381fb1bc49927b7a8f2 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Wed, 2 Apr 2025 08:10:44 -0400 Subject: [PATCH 1/9] initial crd update --- .../bases/appprotect.f5.com_appolicies.yaml | 523 ++++++++++++++++++ deploy/crds-nap-waf.yaml | 523 ++++++++++++++++++ .../configuration/validation/appprotect.go | 1 + 3 files changed, 1047 insertions(+) diff --git a/config/crd/bases/appprotect.f5.com_appolicies.yaml b/config/crd/bases/appprotect.f5.com_appolicies.yaml index 4929c96247..079abc667c 100644 --- a/config/crd/bases/appprotect.f5.com_appolicies.yaml +++ b/config/crd/bases/appprotect.f5.com_appolicies.yaml @@ -552,6 +552,529 @@ spec: type: object description: type: string + disallowed-geolocations: + items: + properties: + $action: + enum: + - delete + type: string + countryCode: + enum: + - AF + - AX + - AL + - DZ + - AS + - AD + - AO + - AI + - A1 + - AQ + - AG + - AR + - AM + - AW + - AU + - AT + - AZ + - BS + - BH + - BD + - BB + - BY + - BE + - BZ + - BJ + - BM + - BT + - BO + - BA + - BW + - BV + - BR + - IO + - BN + - BG + - BF + - BI + - KH + - CM + - CA + - CV + - KY + - CF + - TD + - CL + - CN + - CX + - CC + - CO + - KM + - CG + - CD + - CK + - CR + - CI + - HR + - CU + - CY + - CZ + - DK + - DJ + - DM + - DO + - EC + - EG + - SV + - GQ + - ER + - EE + - ET + - FK + - FO + - FJ + - FI + - FR + - FX + - GF + - PF + - TF + - GA + - GM + - GE + - DE + - GH + - GI + - GR + - GL + - GD + - GP + - GU + - GT + - GG + - GN + - GW + - GY + - HT + - HM + - VA + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IQ + - IE + - IM + - IL + - IT + - JM + - JP + - JE + - JO + - KZ + - KE + - KI + - KP + - KR + - KW + - KG + - LA + - LV + - LB + - LS + - LR + - LY + - LI + - LT + - LU + - MO + - MK + - MG + - MW + - MY + - MV + - ML + - MT + - MH + - MQ + - MR + - MU + - YT + - MX + - FM + - MD + - MC + - MN + - ME + - MS + - MA + - MZ + - MM + - ZZ + - NA + - NR + - NP + - NL + - AN + - NC + - NZ + - NI + - NE + - NG + - NU + - NF + - MP + - NO + - OM + - ZZ + - PK + - PW + - PS + - PA + - PG + - PY + - PE + - PH + - PN + - PL + - PT + - PR + - QA + - RE + - RO + - RU + - RW + - BL + - SH + - KN + - LC + - MF + - PM + - VC + - WS + - SM + - ST + - A2 + - SA + - SN + - RS + - SC + - SL + - SG + - SK + - SI + - SB + - SO + - ZA + - GS + - ES + - LK + - SD + - SR + - SJ + - SZ + - SE + - CH + - SY + - TW + - TJ + - TZ + - TH + - TL + - TG + - TK + - TO + - TT + - TN + - TR + - TM + - TC + - TV + - UG + - UA + - AE + - GB + - US + - UM + - UY + - UZ + - VU + - VE + - VN + - VG + - VI + - WF + - EH + - YE + - ZM + - ZW + type: string + countryName: + enum: + - Afghanistan + - Aland Islands + - Albania + - Algeria + - American Samoa + - Andorra + - Angola + - Anguilla + - Anonymous Proxy + - Antarctica + - Antigua and Barbuda + - Argentina + - Armenia + - Aruba + - Australia + - Austria + - Azerbaijan + - Bahamas + - Bahrain + - Bangladesh + - Barbados + - Belarus + - Belgium + - Belize + - Benin + - Bermuda + - Bhutan + - Bolivia + - Bosnia and Herzegovina + - Botswana + - Bouvet Island + - Brazil + - British Indian Ocean Territory + - Brunei Darussalam + - Bulgaria + - Burkina Faso + - Burundi + - Cambodia + - Cameroon + - Canada + - Cape Verde + - Cayman Islands + - Central African Republic + - Chad + - Chile + - China + - Christmas Island + - Cocos (Keeling) Islands + - Colombia + - Comoros + - Congo + - Congo, The Democratic Republic of the + - Cook Islands + - Costa Rica + - Cote D'Ivoire + - Croatia + - Cuba + - Cyprus + - Czech Republic + - Denmark + - Djibouti + - Dominica + - Dominican Republic + - Ecuador + - Egypt + - El Salvador + - Equatorial Guinea + - Eritrea + - Estonia + - Ethiopia + - Falkland Islands (Malvinas) + - Faroe Islands + - Fiji + - Finland + - France + - France, Metropolitan + - French Guiana + - French Polynesia + - French Southern Territories + - Gabon + - Gambia + - Georgia + - Germany + - Ghana + - Gibraltar + - Greece + - Greenland + - Grenada + - Guadeloupe + - Guam + - Guatemala + - Guernsey + - Guinea + - Guinea-Bissau + - Guyana + - Haiti + - Heard Island and McDonald Islands + - Holy See (Vatican City State) + - Honduras + - Hong Kong + - Hungary + - Iceland + - India + - Indonesia + - Iran, Islamic Republic of + - Iraq + - Ireland + - Isle of Man + - Israel + - Italy + - Jamaica + - Japan + - Jersey + - Jordan + - Kazakhstan + - Kenya + - Kiribati + - Korea, Democratic People's Republic of + - Korea, Republic of + - Kuwait + - Kyrgyzstan + - Lao People's Democratic Republic + - Latvia + - Lebanon + - Lesotho + - Liberia + - Libyan Arab Jamahiriya + - Liechtenstein + - Lithuania + - Luxembourg + - Macau + - Macedonia + - Madagascar + - Malawi + - Malaysia + - Maldives + - Mali + - Malta + - Marshall Islands + - Martinique + - Mauritania + - Mauritius + - Mayotte + - Mexico + - Micronesia, Federated States of + - Moldova, Republic of + - Monaco + - Mongolia + - Montenegro + - Montserrat + - Morocco + - Mozambique + - Myanmar + - N/A + - Namibia + - Nauru + - Nepal + - Netherlands + - Netherlands Antilles + - New Caledonia + - New Zealand + - Nicaragua + - Niger + - Nigeria + - Niue + - Norfolk Island + - Northern Mariana Islands + - Norway + - Oman + - Other + - Pakistan + - Palau + - Palestinian Territory + - Panama + - Papua New Guinea + - Paraguay + - Peru + - Philippines + - Pitcairn Islands + - Poland + - Portugal + - Puerto Rico + - Qatar + - Reunion + - Romania + - Russian Federation + - Rwanda + - Saint Barthelemy + - Saint Helena + - Saint Kitts and Nevis + - Saint Lucia + - Saint Martin + - Saint Pierre and Miquelon + - Saint Vincent and the Grenadines + - Samoa + - San Marino + - Sao Tome and Principe + - Satellite Provider + - Saudi Arabia + - Senegal + - Serbia + - Seychelles + - Sierra Leone + - Singapore + - Slovakia + - Slovenia + - Solomon Islands + - Somalia + - South Africa + - South Georgia and the South Sandwich Islands + - Spain + - Sri Lanka + - Sudan + - Suriname + - Svalbard and Jan Mayen + - Swaziland + - Sweden + - Switzerland + - Syrian Arab Republic + - Taiwan + - Tajikistan + - Tanzania, United Republic of + - Thailand + - Timor-Leste + - Togo + - Tokelau + - Tonga + - Trinidad and Tobago + - Tunisia + - Turkey + - Turkmenistan + - Turks and Caicos Islands + - Tuvalu + - Uganda + - Ukraine + - United Arab Emirates + - United Kingdom + - United States + - United States Minor Outlying Islands + - Uruguay + - Uzbekistan + - Vanuatu + - Venezuela + - Vietnam + - Virgin Islands, British + - Virgin Islands, U.S. + - Wallis and Futuna + - Western Sahara + - Yemen + - Zambia + - Zimbabwe + type: string + type: object + type: array + disallowedGeolocationReference: + properties: + link: + pattern: ^http + type: string + type: object enablePassiveMode: type: boolean enforcementMode: diff --git a/deploy/crds-nap-waf.yaml b/deploy/crds-nap-waf.yaml index 2548a69ce4..eab47eb0f3 100644 --- a/deploy/crds-nap-waf.yaml +++ b/deploy/crds-nap-waf.yaml @@ -636,6 +636,529 @@ spec: type: object description: type: string + disallowed-geolocations: + items: + properties: + $action: + enum: + - delete + type: string + countryCode: + enum: + - AF + - AX + - AL + - DZ + - AS + - AD + - AO + - AI + - A1 + - AQ + - AG + - AR + - AM + - AW + - AU + - AT + - AZ + - BS + - BH + - BD + - BB + - BY + - BE + - BZ + - BJ + - BM + - BT + - BO + - BA + - BW + - BV + - BR + - IO + - BN + - BG + - BF + - BI + - KH + - CM + - CA + - CV + - KY + - CF + - TD + - CL + - CN + - CX + - CC + - CO + - KM + - CG + - CD + - CK + - CR + - CI + - HR + - CU + - CY + - CZ + - DK + - DJ + - DM + - DO + - EC + - EG + - SV + - GQ + - ER + - EE + - ET + - FK + - FO + - FJ + - FI + - FR + - FX + - GF + - PF + - TF + - GA + - GM + - GE + - DE + - GH + - GI + - GR + - GL + - GD + - GP + - GU + - GT + - GG + - GN + - GW + - GY + - HT + - HM + - VA + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IQ + - IE + - IM + - IL + - IT + - JM + - JP + - JE + - JO + - KZ + - KE + - KI + - KP + - KR + - KW + - KG + - LA + - LV + - LB + - LS + - LR + - LY + - LI + - LT + - LU + - MO + - MK + - MG + - MW + - MY + - MV + - ML + - MT + - MH + - MQ + - MR + - MU + - YT + - MX + - FM + - MD + - MC + - MN + - ME + - MS + - MA + - MZ + - MM + - ZZ + - NA + - NR + - NP + - NL + - AN + - NC + - NZ + - NI + - NE + - NG + - NU + - NF + - MP + - NO + - OM + - ZZ + - PK + - PW + - PS + - PA + - PG + - PY + - PE + - PH + - PN + - PL + - PT + - PR + - QA + - RE + - RO + - RU + - RW + - BL + - SH + - KN + - LC + - MF + - PM + - VC + - WS + - SM + - ST + - A2 + - SA + - SN + - RS + - SC + - SL + - SG + - SK + - SI + - SB + - SO + - ZA + - GS + - ES + - LK + - SD + - SR + - SJ + - SZ + - SE + - CH + - SY + - TW + - TJ + - TZ + - TH + - TL + - TG + - TK + - TO + - TT + - TN + - TR + - TM + - TC + - TV + - UG + - UA + - AE + - GB + - US + - UM + - UY + - UZ + - VU + - VE + - VN + - VG + - VI + - WF + - EH + - YE + - ZM + - ZW + type: string + countryName: + enum: + - Afghanistan + - Aland Islands + - Albania + - Algeria + - American Samoa + - Andorra + - Angola + - Anguilla + - Anonymous Proxy + - Antarctica + - Antigua and Barbuda + - Argentina + - Armenia + - Aruba + - Australia + - Austria + - Azerbaijan + - Bahamas + - Bahrain + - Bangladesh + - Barbados + - Belarus + - Belgium + - Belize + - Benin + - Bermuda + - Bhutan + - Bolivia + - Bosnia and Herzegovina + - Botswana + - Bouvet Island + - Brazil + - British Indian Ocean Territory + - Brunei Darussalam + - Bulgaria + - Burkina Faso + - Burundi + - Cambodia + - Cameroon + - Canada + - Cape Verde + - Cayman Islands + - Central African Republic + - Chad + - Chile + - China + - Christmas Island + - Cocos (Keeling) Islands + - Colombia + - Comoros + - Congo + - Congo, The Democratic Republic of the + - Cook Islands + - Costa Rica + - Cote D'Ivoire + - Croatia + - Cuba + - Cyprus + - Czech Republic + - Denmark + - Djibouti + - Dominica + - Dominican Republic + - Ecuador + - Egypt + - El Salvador + - Equatorial Guinea + - Eritrea + - Estonia + - Ethiopia + - Falkland Islands (Malvinas) + - Faroe Islands + - Fiji + - Finland + - France + - France, Metropolitan + - French Guiana + - French Polynesia + - French Southern Territories + - Gabon + - Gambia + - Georgia + - Germany + - Ghana + - Gibraltar + - Greece + - Greenland + - Grenada + - Guadeloupe + - Guam + - Guatemala + - Guernsey + - Guinea + - Guinea-Bissau + - Guyana + - Haiti + - Heard Island and McDonald Islands + - Holy See (Vatican City State) + - Honduras + - Hong Kong + - Hungary + - Iceland + - India + - Indonesia + - Iran, Islamic Republic of + - Iraq + - Ireland + - Isle of Man + - Israel + - Italy + - Jamaica + - Japan + - Jersey + - Jordan + - Kazakhstan + - Kenya + - Kiribati + - Korea, Democratic People's Republic of + - Korea, Republic of + - Kuwait + - Kyrgyzstan + - Lao People's Democratic Republic + - Latvia + - Lebanon + - Lesotho + - Liberia + - Libyan Arab Jamahiriya + - Liechtenstein + - Lithuania + - Luxembourg + - Macau + - Macedonia + - Madagascar + - Malawi + - Malaysia + - Maldives + - Mali + - Malta + - Marshall Islands + - Martinique + - Mauritania + - Mauritius + - Mayotte + - Mexico + - Micronesia, Federated States of + - Moldova, Republic of + - Monaco + - Mongolia + - Montenegro + - Montserrat + - Morocco + - Mozambique + - Myanmar + - N/A + - Namibia + - Nauru + - Nepal + - Netherlands + - Netherlands Antilles + - New Caledonia + - New Zealand + - Nicaragua + - Niger + - Nigeria + - Niue + - Norfolk Island + - Northern Mariana Islands + - Norway + - Oman + - Other + - Pakistan + - Palau + - Palestinian Territory + - Panama + - Papua New Guinea + - Paraguay + - Peru + - Philippines + - Pitcairn Islands + - Poland + - Portugal + - Puerto Rico + - Qatar + - Reunion + - Romania + - Russian Federation + - Rwanda + - Saint Barthelemy + - Saint Helena + - Saint Kitts and Nevis + - Saint Lucia + - Saint Martin + - Saint Pierre and Miquelon + - Saint Vincent and the Grenadines + - Samoa + - San Marino + - Sao Tome and Principe + - Satellite Provider + - Saudi Arabia + - Senegal + - Serbia + - Seychelles + - Sierra Leone + - Singapore + - Slovakia + - Slovenia + - Solomon Islands + - Somalia + - South Africa + - South Georgia and the South Sandwich Islands + - Spain + - Sri Lanka + - Sudan + - Suriname + - Svalbard and Jan Mayen + - Swaziland + - Sweden + - Switzerland + - Syrian Arab Republic + - Taiwan + - Tajikistan + - Tanzania, United Republic of + - Thailand + - Timor-Leste + - Togo + - Tokelau + - Tonga + - Trinidad and Tobago + - Tunisia + - Turkey + - Turkmenistan + - Turks and Caicos Islands + - Tuvalu + - Uganda + - Ukraine + - United Arab Emirates + - United Kingdom + - United States + - United States Minor Outlying Islands + - Uruguay + - Uzbekistan + - Vanuatu + - Venezuela + - Vietnam + - Virgin Islands, British + - Virgin Islands, U.S. + - Wallis and Futuna + - Western Sahara + - Yemen + - Zambia + - Zimbabwe + type: string + type: object + type: array + disallowedGeolocationReference: + properties: + link: + pattern: ^http + type: string + type: object enablePassiveMode: type: boolean enforcementMode: diff --git a/pkg/apis/configuration/validation/appprotect.go b/pkg/apis/configuration/validation/appprotect.go index e908ccc15d..eb42693e3d 100644 --- a/pkg/apis/configuration/validation/appprotect.go +++ b/pkg/apis/configuration/validation/appprotect.go @@ -31,6 +31,7 @@ var appProtectPolicyExtRefs = [][]string{ {"spec", "policy", "headerReference"}, {"spec", "policy", "cookieReference"}, {"spec", "policy", "dataGuardReference"}, + {"spec", "policy", "disallowedGeolocationReference"}, {"spec", "policy", "filetypeReference"}, {"spec", "policy", "methodReference"}, {"spec", "policy", "generalReference"}, From a7a855ef9761fdcea2d2cb5a62ec4a876187f150 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Thu, 3 Apr 2025 08:58:08 -0400 Subject: [PATCH 2/9] using make update-crds to update from bases --- config/crd/bases/appprotect.f5.com_appolicies.yaml | 2 +- deploy/crds-nap-waf.yaml | 4 ++-- deploy/crds.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/crd/bases/appprotect.f5.com_appolicies.yaml b/config/crd/bases/appprotect.f5.com_appolicies.yaml index 079abc667c..b7030571ca 100644 --- a/config/crd/bases/appprotect.f5.com_appolicies.yaml +++ b/config/crd/bases/appprotect.f5.com_appolicies.yaml @@ -557,7 +557,7 @@ spec: properties: $action: enum: - - delete + - delete type: string countryCode: enum: diff --git a/deploy/crds-nap-waf.yaml b/deploy/crds-nap-waf.yaml index eab47eb0f3..edc0b32f0c 100644 --- a/deploy/crds-nap-waf.yaml +++ b/deploy/crds-nap-waf.yaml @@ -641,7 +641,7 @@ spec: properties: $action: enum: - - delete + - delete type: string countryCode: enum: @@ -812,7 +812,7 @@ spec: - NU - NF - MP - - NO + - "NO" - OM - ZZ - PK diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 960ccbf925..22d3328aeb 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -347,7 +347,7 @@ spec: properties: default: description: sets the rate limit in this policy to be the - default if no conditions are met. In a group of policies + default if no conditions are met. In a group of policies with the same JWT condition, only one policy can be the default. type: boolean From f5be522df301885779d9956c0ba11ed569717f18 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Thu, 17 Apr 2025 07:26:32 -0400 Subject: [PATCH 3/9] start adding test structure --- .gitignore | 1 + .../data/ap-waf/disallowed-geolocations.yaml | 19 +++++++++++++++++++ .../appprotect/disallowed-geolocations.yaml | 19 +++++++++++++++++++ tests/suite/test_app_protect_waf_policies.py | 1 + 4 files changed, 40 insertions(+) create mode 100644 tests/data/ap-waf/disallowed-geolocations.yaml create mode 100644 tests/data/appprotect/disallowed-geolocations.yaml diff --git a/.gitignore b/.gitignore index d4235ebe69..01cd453fad 100644 --- a/.gitignore +++ b/.gitignore @@ -33,6 +33,7 @@ dist/ # NGINX Plus license files *.crt *.key +*.jwt # RHEL license rhel_license diff --git a/tests/data/ap-waf/disallowed-geolocations.yaml b/tests/data/ap-waf/disallowed-geolocations.yaml new file mode 100644 index 0000000000..026730eb7f --- /dev/null +++ b/tests/data/ap-waf/disallowed-geolocations.yaml @@ -0,0 +1,19 @@ +apiVersion: appprotect.f5.com/v1beta1 +kind: APPolicy +metadata: + name: disallowed-geolocations +spec: + policy: + applicationLanguage: utf-8 + blocking-settings: + violations: + - alarm: true + block: true + name: VIOL_GEOLOCATION + disallowed-geolocations: + - countryCode: IL + countryName: Israel + enforcementMode: blocking + name: disallowed-geolocations + template: + name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/disallowed-geolocations.yaml b/tests/data/appprotect/disallowed-geolocations.yaml new file mode 100644 index 0000000000..026730eb7f --- /dev/null +++ b/tests/data/appprotect/disallowed-geolocations.yaml @@ -0,0 +1,19 @@ +apiVersion: appprotect.f5.com/v1beta1 +kind: APPolicy +metadata: + name: disallowed-geolocations +spec: + policy: + applicationLanguage: utf-8 + blocking-settings: + violations: + - alarm: true + block: true + name: VIOL_GEOLOCATION + disallowed-geolocations: + - countryCode: IL + countryName: Israel + enforcementMode: blocking + name: disallowed-geolocations + template: + name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/suite/test_app_protect_waf_policies.py b/tests/suite/test_app_protect_waf_policies.py index 14bebba6cf..64f015b3e7 100644 --- a/tests/suite/test_app_protect_waf_policies.py +++ b/tests/suite/test_app_protect_waf_policies.py @@ -34,6 +34,7 @@ waf_subroute_vsr_src = f"{TEST_DATA}/ap-waf/virtual-server-route-waf-subroute.yaml" waf_pol_default_src = f"{TEST_DATA}/ap-waf/policies/waf-default.yaml" waf_pol_dataguard_src = f"{TEST_DATA}/ap-waf/policies/waf-dataguard.yaml" +waf_pol_disallowed_geolocations_src = f"{TEST_DATA}/ap-waf/policies/disallowed-geolocations.yaml" ap_policy_uds = "dataguard-alarm-uds" uds_crd_resource = f"{TEST_DATA}/ap-waf/ap-ic-uds.yaml" valid_resp_addr = "Server address:" From 27357c44d19b1faf1f72d57ea68f3a1fad127bb1 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Wed, 2 Apr 2025 08:10:44 -0400 Subject: [PATCH 4/9] initial crd update --- .../bases/appprotect.f5.com_appolicies.yaml | 523 ++++++++++++++++++ deploy/crds-nap-waf.yaml | 523 ++++++++++++++++++ .../configuration/validation/appprotect.go | 1 + 3 files changed, 1047 insertions(+) diff --git a/config/crd/bases/appprotect.f5.com_appolicies.yaml b/config/crd/bases/appprotect.f5.com_appolicies.yaml index 4929c96247..079abc667c 100644 --- a/config/crd/bases/appprotect.f5.com_appolicies.yaml +++ b/config/crd/bases/appprotect.f5.com_appolicies.yaml @@ -552,6 +552,529 @@ spec: type: object description: type: string + disallowed-geolocations: + items: + properties: + $action: + enum: + - delete + type: string + countryCode: + enum: + - AF + - AX + - AL + - DZ + - AS + - AD + - AO + - AI + - A1 + - AQ + - AG + - AR + - AM + - AW + - AU + - AT + - AZ + - BS + - BH + - BD + - BB + - BY + - BE + - BZ + - BJ + - BM + - BT + - BO + - BA + - BW + - BV + - BR + - IO + - BN + - BG + - BF + - BI + - KH + - CM + - CA + - CV + - KY + - CF + - TD + - CL + - CN + - CX + - CC + - CO + - KM + - CG + - CD + - CK + - CR + - CI + - HR + - CU + - CY + - CZ + - DK + - DJ + - DM + - DO + - EC + - EG + - SV + - GQ + - ER + - EE + - ET + - FK + - FO + - FJ + - FI + - FR + - FX + - GF + - PF + - TF + - GA + - GM + - GE + - DE + - GH + - GI + - GR + - GL + - GD + - GP + - GU + - GT + - GG + - GN + - GW + - GY + - HT + - HM + - VA + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IQ + - IE + - IM + - IL + - IT + - JM + - JP + - JE + - JO + - KZ + - KE + - KI + - KP + - KR + - KW + - KG + - LA + - LV + - LB + - LS + - LR + - LY + - LI + - LT + - LU + - MO + - MK + - MG + - MW + - MY + - MV + - ML + - MT + - MH + - MQ + - MR + - MU + - YT + - MX + - FM + - MD + - MC + - MN + - ME + - MS + - MA + - MZ + - MM + - ZZ + - NA + - NR + - NP + - NL + - AN + - NC + - NZ + - NI + - NE + - NG + - NU + - NF + - MP + - NO + - OM + - ZZ + - PK + - PW + - PS + - PA + - PG + - PY + - PE + - PH + - PN + - PL + - PT + - PR + - QA + - RE + - RO + - RU + - RW + - BL + - SH + - KN + - LC + - MF + - PM + - VC + - WS + - SM + - ST + - A2 + - SA + - SN + - RS + - SC + - SL + - SG + - SK + - SI + - SB + - SO + - ZA + - GS + - ES + - LK + - SD + - SR + - SJ + - SZ + - SE + - CH + - SY + - TW + - TJ + - TZ + - TH + - TL + - TG + - TK + - TO + - TT + - TN + - TR + - TM + - TC + - TV + - UG + - UA + - AE + - GB + - US + - UM + - UY + - UZ + - VU + - VE + - VN + - VG + - VI + - WF + - EH + - YE + - ZM + - ZW + type: string + countryName: + enum: + - Afghanistan + - Aland Islands + - Albania + - Algeria + - American Samoa + - Andorra + - Angola + - Anguilla + - Anonymous Proxy + - Antarctica + - Antigua and Barbuda + - Argentina + - Armenia + - Aruba + - Australia + - Austria + - Azerbaijan + - Bahamas + - Bahrain + - Bangladesh + - Barbados + - Belarus + - Belgium + - Belize + - Benin + - Bermuda + - Bhutan + - Bolivia + - Bosnia and Herzegovina + - Botswana + - Bouvet Island + - Brazil + - British Indian Ocean Territory + - Brunei Darussalam + - Bulgaria + - Burkina Faso + - Burundi + - Cambodia + - Cameroon + - Canada + - Cape Verde + - Cayman Islands + - Central African Republic + - Chad + - Chile + - China + - Christmas Island + - Cocos (Keeling) Islands + - Colombia + - Comoros + - Congo + - Congo, The Democratic Republic of the + - Cook Islands + - Costa Rica + - Cote D'Ivoire + - Croatia + - Cuba + - Cyprus + - Czech Republic + - Denmark + - Djibouti + - Dominica + - Dominican Republic + - Ecuador + - Egypt + - El Salvador + - Equatorial Guinea + - Eritrea + - Estonia + - Ethiopia + - Falkland Islands (Malvinas) + - Faroe Islands + - Fiji + - Finland + - France + - France, Metropolitan + - French Guiana + - French Polynesia + - French Southern Territories + - Gabon + - Gambia + - Georgia + - Germany + - Ghana + - Gibraltar + - Greece + - Greenland + - Grenada + - Guadeloupe + - Guam + - Guatemala + - Guernsey + - Guinea + - Guinea-Bissau + - Guyana + - Haiti + - Heard Island and McDonald Islands + - Holy See (Vatican City State) + - Honduras + - Hong Kong + - Hungary + - Iceland + - India + - Indonesia + - Iran, Islamic Republic of + - Iraq + - Ireland + - Isle of Man + - Israel + - Italy + - Jamaica + - Japan + - Jersey + - Jordan + - Kazakhstan + - Kenya + - Kiribati + - Korea, Democratic People's Republic of + - Korea, Republic of + - Kuwait + - Kyrgyzstan + - Lao People's Democratic Republic + - Latvia + - Lebanon + - Lesotho + - Liberia + - Libyan Arab Jamahiriya + - Liechtenstein + - Lithuania + - Luxembourg + - Macau + - Macedonia + - Madagascar + - Malawi + - Malaysia + - Maldives + - Mali + - Malta + - Marshall Islands + - Martinique + - Mauritania + - Mauritius + - Mayotte + - Mexico + - Micronesia, Federated States of + - Moldova, Republic of + - Monaco + - Mongolia + - Montenegro + - Montserrat + - Morocco + - Mozambique + - Myanmar + - N/A + - Namibia + - Nauru + - Nepal + - Netherlands + - Netherlands Antilles + - New Caledonia + - New Zealand + - Nicaragua + - Niger + - Nigeria + - Niue + - Norfolk Island + - Northern Mariana Islands + - Norway + - Oman + - Other + - Pakistan + - Palau + - Palestinian Territory + - Panama + - Papua New Guinea + - Paraguay + - Peru + - Philippines + - Pitcairn Islands + - Poland + - Portugal + - Puerto Rico + - Qatar + - Reunion + - Romania + - Russian Federation + - Rwanda + - Saint Barthelemy + - Saint Helena + - Saint Kitts and Nevis + - Saint Lucia + - Saint Martin + - Saint Pierre and Miquelon + - Saint Vincent and the Grenadines + - Samoa + - San Marino + - Sao Tome and Principe + - Satellite Provider + - Saudi Arabia + - Senegal + - Serbia + - Seychelles + - Sierra Leone + - Singapore + - Slovakia + - Slovenia + - Solomon Islands + - Somalia + - South Africa + - South Georgia and the South Sandwich Islands + - Spain + - Sri Lanka + - Sudan + - Suriname + - Svalbard and Jan Mayen + - Swaziland + - Sweden + - Switzerland + - Syrian Arab Republic + - Taiwan + - Tajikistan + - Tanzania, United Republic of + - Thailand + - Timor-Leste + - Togo + - Tokelau + - Tonga + - Trinidad and Tobago + - Tunisia + - Turkey + - Turkmenistan + - Turks and Caicos Islands + - Tuvalu + - Uganda + - Ukraine + - United Arab Emirates + - United Kingdom + - United States + - United States Minor Outlying Islands + - Uruguay + - Uzbekistan + - Vanuatu + - Venezuela + - Vietnam + - Virgin Islands, British + - Virgin Islands, U.S. + - Wallis and Futuna + - Western Sahara + - Yemen + - Zambia + - Zimbabwe + type: string + type: object + type: array + disallowedGeolocationReference: + properties: + link: + pattern: ^http + type: string + type: object enablePassiveMode: type: boolean enforcementMode: diff --git a/deploy/crds-nap-waf.yaml b/deploy/crds-nap-waf.yaml index 2548a69ce4..eab47eb0f3 100644 --- a/deploy/crds-nap-waf.yaml +++ b/deploy/crds-nap-waf.yaml @@ -636,6 +636,529 @@ spec: type: object description: type: string + disallowed-geolocations: + items: + properties: + $action: + enum: + - delete + type: string + countryCode: + enum: + - AF + - AX + - AL + - DZ + - AS + - AD + - AO + - AI + - A1 + - AQ + - AG + - AR + - AM + - AW + - AU + - AT + - AZ + - BS + - BH + - BD + - BB + - BY + - BE + - BZ + - BJ + - BM + - BT + - BO + - BA + - BW + - BV + - BR + - IO + - BN + - BG + - BF + - BI + - KH + - CM + - CA + - CV + - KY + - CF + - TD + - CL + - CN + - CX + - CC + - CO + - KM + - CG + - CD + - CK + - CR + - CI + - HR + - CU + - CY + - CZ + - DK + - DJ + - DM + - DO + - EC + - EG + - SV + - GQ + - ER + - EE + - ET + - FK + - FO + - FJ + - FI + - FR + - FX + - GF + - PF + - TF + - GA + - GM + - GE + - DE + - GH + - GI + - GR + - GL + - GD + - GP + - GU + - GT + - GG + - GN + - GW + - GY + - HT + - HM + - VA + - HN + - HK + - HU + - IS + - IN + - ID + - IR + - IQ + - IE + - IM + - IL + - IT + - JM + - JP + - JE + - JO + - KZ + - KE + - KI + - KP + - KR + - KW + - KG + - LA + - LV + - LB + - LS + - LR + - LY + - LI + - LT + - LU + - MO + - MK + - MG + - MW + - MY + - MV + - ML + - MT + - MH + - MQ + - MR + - MU + - YT + - MX + - FM + - MD + - MC + - MN + - ME + - MS + - MA + - MZ + - MM + - ZZ + - NA + - NR + - NP + - NL + - AN + - NC + - NZ + - NI + - NE + - NG + - NU + - NF + - MP + - NO + - OM + - ZZ + - PK + - PW + - PS + - PA + - PG + - PY + - PE + - PH + - PN + - PL + - PT + - PR + - QA + - RE + - RO + - RU + - RW + - BL + - SH + - KN + - LC + - MF + - PM + - VC + - WS + - SM + - ST + - A2 + - SA + - SN + - RS + - SC + - SL + - SG + - SK + - SI + - SB + - SO + - ZA + - GS + - ES + - LK + - SD + - SR + - SJ + - SZ + - SE + - CH + - SY + - TW + - TJ + - TZ + - TH + - TL + - TG + - TK + - TO + - TT + - TN + - TR + - TM + - TC + - TV + - UG + - UA + - AE + - GB + - US + - UM + - UY + - UZ + - VU + - VE + - VN + - VG + - VI + - WF + - EH + - YE + - ZM + - ZW + type: string + countryName: + enum: + - Afghanistan + - Aland Islands + - Albania + - Algeria + - American Samoa + - Andorra + - Angola + - Anguilla + - Anonymous Proxy + - Antarctica + - Antigua and Barbuda + - Argentina + - Armenia + - Aruba + - Australia + - Austria + - Azerbaijan + - Bahamas + - Bahrain + - Bangladesh + - Barbados + - Belarus + - Belgium + - Belize + - Benin + - Bermuda + - Bhutan + - Bolivia + - Bosnia and Herzegovina + - Botswana + - Bouvet Island + - Brazil + - British Indian Ocean Territory + - Brunei Darussalam + - Bulgaria + - Burkina Faso + - Burundi + - Cambodia + - Cameroon + - Canada + - Cape Verde + - Cayman Islands + - Central African Republic + - Chad + - Chile + - China + - Christmas Island + - Cocos (Keeling) Islands + - Colombia + - Comoros + - Congo + - Congo, The Democratic Republic of the + - Cook Islands + - Costa Rica + - Cote D'Ivoire + - Croatia + - Cuba + - Cyprus + - Czech Republic + - Denmark + - Djibouti + - Dominica + - Dominican Republic + - Ecuador + - Egypt + - El Salvador + - Equatorial Guinea + - Eritrea + - Estonia + - Ethiopia + - Falkland Islands (Malvinas) + - Faroe Islands + - Fiji + - Finland + - France + - France, Metropolitan + - French Guiana + - French Polynesia + - French Southern Territories + - Gabon + - Gambia + - Georgia + - Germany + - Ghana + - Gibraltar + - Greece + - Greenland + - Grenada + - Guadeloupe + - Guam + - Guatemala + - Guernsey + - Guinea + - Guinea-Bissau + - Guyana + - Haiti + - Heard Island and McDonald Islands + - Holy See (Vatican City State) + - Honduras + - Hong Kong + - Hungary + - Iceland + - India + - Indonesia + - Iran, Islamic Republic of + - Iraq + - Ireland + - Isle of Man + - Israel + - Italy + - Jamaica + - Japan + - Jersey + - Jordan + - Kazakhstan + - Kenya + - Kiribati + - Korea, Democratic People's Republic of + - Korea, Republic of + - Kuwait + - Kyrgyzstan + - Lao People's Democratic Republic + - Latvia + - Lebanon + - Lesotho + - Liberia + - Libyan Arab Jamahiriya + - Liechtenstein + - Lithuania + - Luxembourg + - Macau + - Macedonia + - Madagascar + - Malawi + - Malaysia + - Maldives + - Mali + - Malta + - Marshall Islands + - Martinique + - Mauritania + - Mauritius + - Mayotte + - Mexico + - Micronesia, Federated States of + - Moldova, Republic of + - Monaco + - Mongolia + - Montenegro + - Montserrat + - Morocco + - Mozambique + - Myanmar + - N/A + - Namibia + - Nauru + - Nepal + - Netherlands + - Netherlands Antilles + - New Caledonia + - New Zealand + - Nicaragua + - Niger + - Nigeria + - Niue + - Norfolk Island + - Northern Mariana Islands + - Norway + - Oman + - Other + - Pakistan + - Palau + - Palestinian Territory + - Panama + - Papua New Guinea + - Paraguay + - Peru + - Philippines + - Pitcairn Islands + - Poland + - Portugal + - Puerto Rico + - Qatar + - Reunion + - Romania + - Russian Federation + - Rwanda + - Saint Barthelemy + - Saint Helena + - Saint Kitts and Nevis + - Saint Lucia + - Saint Martin + - Saint Pierre and Miquelon + - Saint Vincent and the Grenadines + - Samoa + - San Marino + - Sao Tome and Principe + - Satellite Provider + - Saudi Arabia + - Senegal + - Serbia + - Seychelles + - Sierra Leone + - Singapore + - Slovakia + - Slovenia + - Solomon Islands + - Somalia + - South Africa + - South Georgia and the South Sandwich Islands + - Spain + - Sri Lanka + - Sudan + - Suriname + - Svalbard and Jan Mayen + - Swaziland + - Sweden + - Switzerland + - Syrian Arab Republic + - Taiwan + - Tajikistan + - Tanzania, United Republic of + - Thailand + - Timor-Leste + - Togo + - Tokelau + - Tonga + - Trinidad and Tobago + - Tunisia + - Turkey + - Turkmenistan + - Turks and Caicos Islands + - Tuvalu + - Uganda + - Ukraine + - United Arab Emirates + - United Kingdom + - United States + - United States Minor Outlying Islands + - Uruguay + - Uzbekistan + - Vanuatu + - Venezuela + - Vietnam + - Virgin Islands, British + - Virgin Islands, U.S. + - Wallis and Futuna + - Western Sahara + - Yemen + - Zambia + - Zimbabwe + type: string + type: object + type: array + disallowedGeolocationReference: + properties: + link: + pattern: ^http + type: string + type: object enablePassiveMode: type: boolean enforcementMode: diff --git a/pkg/apis/configuration/validation/appprotect.go b/pkg/apis/configuration/validation/appprotect.go index e908ccc15d..eb42693e3d 100644 --- a/pkg/apis/configuration/validation/appprotect.go +++ b/pkg/apis/configuration/validation/appprotect.go @@ -31,6 +31,7 @@ var appProtectPolicyExtRefs = [][]string{ {"spec", "policy", "headerReference"}, {"spec", "policy", "cookieReference"}, {"spec", "policy", "dataGuardReference"}, + {"spec", "policy", "disallowedGeolocationReference"}, {"spec", "policy", "filetypeReference"}, {"spec", "policy", "methodReference"}, {"spec", "policy", "generalReference"}, From aee813d35e808e21200ae0fbb671dfc46423b888 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Thu, 3 Apr 2025 08:58:08 -0400 Subject: [PATCH 5/9] using make update-crds to update from bases --- .gitignore | 1 + config/crd/bases/appprotect.f5.com_appolicies.yaml | 2 +- deploy/crds-nap-waf.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8c72b05a9f..1bfe11490b 100644 --- a/.gitignore +++ b/.gitignore @@ -33,6 +33,7 @@ dist/ # NGINX Plus license files *.crt *.key +*.jwt # RHEL license rhel_license diff --git a/config/crd/bases/appprotect.f5.com_appolicies.yaml b/config/crd/bases/appprotect.f5.com_appolicies.yaml index 079abc667c..b7030571ca 100644 --- a/config/crd/bases/appprotect.f5.com_appolicies.yaml +++ b/config/crd/bases/appprotect.f5.com_appolicies.yaml @@ -557,7 +557,7 @@ spec: properties: $action: enum: - - delete + - delete type: string countryCode: enum: diff --git a/deploy/crds-nap-waf.yaml b/deploy/crds-nap-waf.yaml index eab47eb0f3..edc0b32f0c 100644 --- a/deploy/crds-nap-waf.yaml +++ b/deploy/crds-nap-waf.yaml @@ -641,7 +641,7 @@ spec: properties: $action: enum: - - delete + - delete type: string countryCode: enum: @@ -812,7 +812,7 @@ spec: - NU - NF - MP - - NO + - "NO" - OM - ZZ - PK From f383af2a3e42b41b58835de121541f344f5e9896 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Thu, 17 Apr 2025 07:26:32 -0400 Subject: [PATCH 6/9] start adding test structure --- .../data/ap-waf/disallowed-geolocations.yaml | 19 +++++++++++++++++++ .../appprotect/disallowed-geolocations.yaml | 19 +++++++++++++++++++ tests/suite/test_app_protect_waf_policies.py | 1 + 3 files changed, 39 insertions(+) create mode 100644 tests/data/ap-waf/disallowed-geolocations.yaml create mode 100644 tests/data/appprotect/disallowed-geolocations.yaml diff --git a/tests/data/ap-waf/disallowed-geolocations.yaml b/tests/data/ap-waf/disallowed-geolocations.yaml new file mode 100644 index 0000000000..026730eb7f --- /dev/null +++ b/tests/data/ap-waf/disallowed-geolocations.yaml @@ -0,0 +1,19 @@ +apiVersion: appprotect.f5.com/v1beta1 +kind: APPolicy +metadata: + name: disallowed-geolocations +spec: + policy: + applicationLanguage: utf-8 + blocking-settings: + violations: + - alarm: true + block: true + name: VIOL_GEOLOCATION + disallowed-geolocations: + - countryCode: IL + countryName: Israel + enforcementMode: blocking + name: disallowed-geolocations + template: + name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/disallowed-geolocations.yaml b/tests/data/appprotect/disallowed-geolocations.yaml new file mode 100644 index 0000000000..026730eb7f --- /dev/null +++ b/tests/data/appprotect/disallowed-geolocations.yaml @@ -0,0 +1,19 @@ +apiVersion: appprotect.f5.com/v1beta1 +kind: APPolicy +metadata: + name: disallowed-geolocations +spec: + policy: + applicationLanguage: utf-8 + blocking-settings: + violations: + - alarm: true + block: true + name: VIOL_GEOLOCATION + disallowed-geolocations: + - countryCode: IL + countryName: Israel + enforcementMode: blocking + name: disallowed-geolocations + template: + name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/suite/test_app_protect_waf_policies.py b/tests/suite/test_app_protect_waf_policies.py index 14bebba6cf..64f015b3e7 100644 --- a/tests/suite/test_app_protect_waf_policies.py +++ b/tests/suite/test_app_protect_waf_policies.py @@ -34,6 +34,7 @@ waf_subroute_vsr_src = f"{TEST_DATA}/ap-waf/virtual-server-route-waf-subroute.yaml" waf_pol_default_src = f"{TEST_DATA}/ap-waf/policies/waf-default.yaml" waf_pol_dataguard_src = f"{TEST_DATA}/ap-waf/policies/waf-dataguard.yaml" +waf_pol_disallowed_geolocations_src = f"{TEST_DATA}/ap-waf/policies/disallowed-geolocations.yaml" ap_policy_uds = "dataguard-alarm-uds" uds_crd_resource = f"{TEST_DATA}/ap-waf/ap-ic-uds.yaml" valid_resp_addr = "Server address:" From 2f6375061e4570b6dac2b0bdeebf10c63898288c Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Wed, 9 Jul 2025 08:33:51 -0400 Subject: [PATCH 7/9] Revert "start adding test structure" This reverts commit f5be522df301885779d9956c0ba11ed569717f18. --- .gitignore | 1 - .../data/ap-waf/disallowed-geolocations.yaml | 19 ------------------- .../appprotect/disallowed-geolocations.yaml | 19 ------------------- tests/suite/test_app_protect_waf_policies.py | 1 - 4 files changed, 40 deletions(-) delete mode 100644 tests/data/ap-waf/disallowed-geolocations.yaml delete mode 100644 tests/data/appprotect/disallowed-geolocations.yaml diff --git a/.gitignore b/.gitignore index 1bfe11490b..8c72b05a9f 100644 --- a/.gitignore +++ b/.gitignore @@ -33,7 +33,6 @@ dist/ # NGINX Plus license files *.crt *.key -*.jwt # RHEL license rhel_license diff --git a/tests/data/ap-waf/disallowed-geolocations.yaml b/tests/data/ap-waf/disallowed-geolocations.yaml deleted file mode 100644 index 026730eb7f..0000000000 --- a/tests/data/ap-waf/disallowed-geolocations.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: appprotect.f5.com/v1beta1 -kind: APPolicy -metadata: - name: disallowed-geolocations -spec: - policy: - applicationLanguage: utf-8 - blocking-settings: - violations: - - alarm: true - block: true - name: VIOL_GEOLOCATION - disallowed-geolocations: - - countryCode: IL - countryName: Israel - enforcementMode: blocking - name: disallowed-geolocations - template: - name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/data/appprotect/disallowed-geolocations.yaml b/tests/data/appprotect/disallowed-geolocations.yaml deleted file mode 100644 index 026730eb7f..0000000000 --- a/tests/data/appprotect/disallowed-geolocations.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: appprotect.f5.com/v1beta1 -kind: APPolicy -metadata: - name: disallowed-geolocations -spec: - policy: - applicationLanguage: utf-8 - blocking-settings: - violations: - - alarm: true - block: true - name: VIOL_GEOLOCATION - disallowed-geolocations: - - countryCode: IL - countryName: Israel - enforcementMode: blocking - name: disallowed-geolocations - template: - name: POLICY_TEMPLATE_NGINX_BASE diff --git a/tests/suite/test_app_protect_waf_policies.py b/tests/suite/test_app_protect_waf_policies.py index 64f015b3e7..14bebba6cf 100644 --- a/tests/suite/test_app_protect_waf_policies.py +++ b/tests/suite/test_app_protect_waf_policies.py @@ -34,7 +34,6 @@ waf_subroute_vsr_src = f"{TEST_DATA}/ap-waf/virtual-server-route-waf-subroute.yaml" waf_pol_default_src = f"{TEST_DATA}/ap-waf/policies/waf-default.yaml" waf_pol_dataguard_src = f"{TEST_DATA}/ap-waf/policies/waf-dataguard.yaml" -waf_pol_disallowed_geolocations_src = f"{TEST_DATA}/ap-waf/policies/disallowed-geolocations.yaml" ap_policy_uds = "dataguard-alarm-uds" uds_crd_resource = f"{TEST_DATA}/ap-waf/ap-ic-uds.yaml" valid_resp_addr = "Server address:" From d353cc5bc503129d9db5594833201b86947f0807 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Wed, 9 Jul 2025 08:34:52 -0400 Subject: [PATCH 8/9] gitignore jwt as a license file --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 8c72b05a9f..1bfe11490b 100644 --- a/.gitignore +++ b/.gitignore @@ -33,6 +33,7 @@ dist/ # NGINX Plus license files *.crt *.key +*.jwt # RHEL license rhel_license From 7716104aff32524bbf0de3ca7afa27859b40b363 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Wed, 9 Jul 2025 08:54:33 -0400 Subject: [PATCH 9/9] add VIOL_GEOLOCATION to allowed violations list --- config/crd/bases/appprotect.f5.com_appolicies.yaml | 1 + deploy/crds-nap-waf.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/config/crd/bases/appprotect.f5.com_appolicies.yaml b/config/crd/bases/appprotect.f5.com_appolicies.yaml index b7030571ca..82b28afa4e 100644 --- a/config/crd/bases/appprotect.f5.com_appolicies.yaml +++ b/config/crd/bases/appprotect.f5.com_appolicies.yaml @@ -195,6 +195,7 @@ spec: - VIOL_FILE_UPLOAD - VIOL_FILE_UPLOAD_IN_BODY - VIOL_FILETYPE + - VIOL_GEOLOCATION - VIOL_GRAPHQL_ERROR_RESPONSE - VIOL_GRAPHQL_FORMAT - VIOL_GRAPHQL_INTROSPECTION_QUERY diff --git a/deploy/crds-nap-waf.yaml b/deploy/crds-nap-waf.yaml index edc0b32f0c..32f09b7de2 100644 --- a/deploy/crds-nap-waf.yaml +++ b/deploy/crds-nap-waf.yaml @@ -279,6 +279,7 @@ spec: - VIOL_FILE_UPLOAD - VIOL_FILE_UPLOAD_IN_BODY - VIOL_FILETYPE + - VIOL_GEOLOCATION - VIOL_GRAPHQL_ERROR_RESPONSE - VIOL_GRAPHQL_FORMAT - VIOL_GRAPHQL_INTROSPECTION_QUERY