--- policy: /ce/ca/azure/application-gateway/gateway-waf-request-body-inspection logic: /ce/ca/azure/application-gateway/gateway-waf-request-body-inspection/prod.logic.yaml executionTime: 2026-06-06T12:03:32.969248618Z generationMs: 72 executionMs: 1096 rows: - id: '001' match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 199 actual: 199 conditionText: expected: CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT) actual: CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT) runtimeError: {} - id: '002' match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 299 actual: 299 conditionText: expected: CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT) actual: CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT) runtimeError: {} - id: '003' match: true status: expected: UNDETERMINED actual: UNDETERMINED conditionIndex: expected: 300 actual: 300 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/azure/application-gateway/gateway-waf-request-body-inspection/policy.yaml md5Hash: 46F35B851810FAB0E16CC80F347E036A content: | --- names: full: "Azure Application Gateway WAF policy Request body inspection property is not enabled" contextual: "Application Gateway WAF policy Request body inspection property is not enabled" description: "Enable request body inspection so that the Web Application Firewall evaluates the\ \ contents of HTTP message bodies for potential threats." type: COMPLIANCE_POLICY categories: - SECURITY frameworkMappings: - "/frameworks/cis-azure-v6.0.0/07/14" - "/frameworks/cloudaware/resource-security/threat-protection" - path: /ce/ca/azure/application-gateway/gateway-waf-request-body-inspection/prod.logic.yaml md5Hash: DB23C44A54CE3EA6FDFFFE0B5553D62A content: | --- inputType: "CA10__CaAzureApplicationGateway__c" testData: - file: "test-data.json" conditions: - status: "INCOMPLIANT" currentStateMessage: "The Application Gateway has a WAF policy with request body inspection disabled." remediationMessage: "Enable request body inspection in the WAF policy." check: RELATED_LIST_HAS: status: "INCOMPLIANT" relationshipName: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r" - status: "COMPLIANT" currentStateMessage: "The WAF Policy request body inspection is enabled." check: RELATED_LIST_HAS: status: "COMPLIANT" relationshipName: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r" otherwise: status: "UNDETERMINED" currentStateMessage: "The Application Gateway has a WAF policy without a populated requestBodyCheck setting." relatedLists: - relationshipName: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r" importExtracts: - file: /types/CA10Z1__CaAzureApplicationGatewayWafPolicy__c/object.extracts.yaml conditions: - status: "INCOMPLIANT" currentStateMessage: "The WAF policy has requestBodyCheck disabled." check: IS_EQUAL: left: EXTRACT: "CA10Z1__wafPolicy__r.caJsonBoolean__policySettingsRequestBodyCheck__c" right: BOOLEAN: false - status: "COMPLIANT" currentStateMessage: "The WAF policy has requestBodyCheck enabled." check: IS_EQUAL: left: EXTRACT: "CA10Z1__wafPolicy__r.caJsonBoolean__policySettingsRequestBodyCheck__c" right: BOOLEAN: true otherwise: status: "UNDETERMINED" currentStateMessage: "The WAF policy requestBodyCheck value is undetermined." - path: /ce/ca/azure/application-gateway/gateway-waf-request-body-inspection/test-data.json md5Hash: 2F8AC5E944ED3AEB229DF5C2712451BA content: | [ { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "199", "conditionText": "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-11-12T22:17:00Z" }, "CA10__disappearanceTime__c": null, "Id": "001", "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r": [ { "CA10Z1__disappearanceTime__c": null, "CA10Z1__wafPolicy__c": "waf001", "CA10Z1__wafPolicyId__c": "/subscriptions/resourcegroups/providers/microsoft.network/applicationgateway/001", "CA10Z1__applicationGateway__c": "001", "Id": "waflink001", "CA10Z1__wafPolicy__r": { "Id": "waf001", "CA10Z1__disappearanceTime__c": null, "CA10Z1__policySettings__c": "{\"state\":\"Enabled\",\"mode\":\"Prevention\",\"requestBodyCheck\":false,\"requestBodyInspectLimitInKB\":128,\"requestBodyEnforcement\":false,\"maxRequestBodySizeInKb\":128,\"fileUploadEnforcement\":false,\"fileUploadLimitInMb\":100}" } } ] }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "299", "conditionText": "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-11-12T22:17:00Z" }, "CA10__disappearanceTime__c": null, "Id": "002", "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r": [ { "CA10Z1__disappearanceTime__c": null, "CA10Z1__wafPolicy__c": "waf002", "CA10Z1__wafPolicyId__c": "/subscriptions/resourcegroups/providers/microsoft.network/applicationgateway/002", "CA10Z1__applicationGateway__c": "002", "Id": "waflink002", "CA10Z1__wafPolicy__r": { "Id": "waf002", "CA10Z1__disappearanceTime__c": null, "CA10Z1__policySettings__c": "{\"state\":\"Enabled\",\"mode\":\"Prevention\",\"requestBodyCheck\":true,\"requestBodyInspectLimitInKB\":128,\"requestBodyEnforcement\":true,\"maxRequestBodySizeInKb\":128,\"fileUploadEnforcement\":true,\"fileUploadLimitInMb\":100,\"jsChallengeCookieExpirationInMins\":30}" } } ] }, { "expectedResult": { "status": "UNDETERMINED", "conditionIndex": "300", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-11-12T22:17:00Z" }, "CA10__disappearanceTime__c": null, "Id": "003", "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r": [] } ] - path: /types/CA10Z1__CaAzureApplicationGatewayWafPolicy__c/object.extracts.yaml md5Hash: 1203B501EE9251441BCA934785DC7D22 content: "---\nextracts:\n# TEST\n - name: \"CA10Z1__name__c\"\n value:\n\ \ FIELD:\n path: \"CA10Z1__name__c\"\n\n# Nullable. Text.\n - name:\ \ \"CA10Z1__policySettings__c\"\n value:\n FIELD:\n path: \"\ CA10Z1__policySettings__c\"\n returnType: BYTES\n# Nullable.\n - name:\ \ \"caJsonFrom__policySettings__c\"\n value:\n JSON_FROM:\n arg:\n\ \ EXTRACT: \"CA10Z1__policySettings__c\"\n undeterminedIf:\n\ \ isInvalid: \"Policy Settings JSON is invalid\"\n# Number. RequestBodyCheck\ \ status.\n - name: \"caJsonBoolean__policySettingsRequestBodyCheck__c\"\n\ \ value: \n JSON_QUERY_BOOLEAN:\n arg: \n EXTRACT: \"\ caJsonFrom__policySettings__c\"\n expression: \"requestBodyCheck\"\n\ \ undeterminedIf: \n evaluationError: \"The JSON query has failed.\"\ \n resultTypeMismatch: \"The JSON query did not return a boolean type.\"\ \n# Nullable. Text.\n - name: \"CA10Z1__managedRulesDefinition__c\"\n value:\n\ \ FIELD:\n path: \"CA10Z1__managedRulesDefinition__c\"\n \ \ returnType: BYTES\n# Nullable.\n - name: \"caJsonFrom__managedRulesDefinition__c\"\ \n value:\n JSON_FROM:\n arg:\n EXTRACT: \"CA10Z1__managedRulesDefinition__c\"\ \n undeterminedIf:\n isInvalid: \"Managed Rules Definition JSON\ \ is invalid\"\n# Namber of \"MicrosoftBotManagerRuleSet\".\n - name: \"caJsonFrom__managedRulesDefinitionMicrosoftBotManagerRuleSetCount__c\"\ \n value: \n JSON_QUERY_NUMBER:\n arg: \n EXTRACT: \"\ caJsonFrom__managedRulesDefinition__c\"\n expression: \"length(managedRuleSets[?ruleSetType\ \ == 'Microsoft_BotManagerRuleSet'])\"\n undeterminedIf: \n \ \ evaluationError: \"The JSON query has failed.\"\n resultTypeMismatch:\ \ \"The JSON query did not return a number type.\"\n# Number of \"ruleGroupOverrides\"\ \n - name: \"caJsonFrom__managedRulesDefinitionMicrosoftBotManagerRuleSetRuleGroupOverridesCount__c\"\ \n value: \n JSON_QUERY_NUMBER:\n arg: \n EXTRACT: \"\ caJsonFrom__managedRulesDefinition__c\"\n expression: \"length(managedRuleSets[?ruleSetType\ \ == 'Microsoft_BotManagerRuleSet'].ruleGroupOverrides[])\"\n undeterminedIf:\ \ \n evaluationError: \"The JSON query has failed.\"\n resultTypeMismatch:\ \ \"The JSON query did not return a number type.\" \n# Boolean. ruleGroupOverrides\ \ for ruleGroupName \"BadBots\" with state Disabled\n - name: \"caJsonFrom__managedRulesDefinitionMicrosoftBotManagerRuleSetRuleGroupOverridesBadBotsRulesDisabledExist__c\"\ \n value: \n JSON_QUERY_BOOLEAN:\n arg: \n EXTRACT:\ \ \"caJsonFrom__managedRulesDefinition__c\"\n expression: \"managedRuleSets[?ruleSetType\ \ == 'Microsoft_BotManagerRuleSet'].ruleGroupOverrides[] | contains([?ruleGroupName\ \ == 'BadBots'].rules[].state, 'Disabled')\"\n undeterminedIf: \n \ \ evaluationError: \"The JSON query has failed.\"\n resultTypeMismatch:\ \ \"The JSON query did not return a boolean type.\"\n" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "001", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "199", "conditionText" : "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT)", "runtimeError" : null } }, { "Id" : "002", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "299", "conditionText" : "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT)", "runtimeError" : null } }, { "Id" : "003", "expectedResult" : { "status" : "UNDETERMINED", "conditionIndex" : "300", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAzureApplicationGateway__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "Id" : "001" }, { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "Id" : "002" }, { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "Id" : "003" } ]; """; CREATE TEMP FUNCTION mock_CA10Z1__CaAzureAppGatewayWafPolicyLink__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "CA10Z1__wafPolicy__c" : "waf001", "CA10Z1__wafPolicyId__c" : "/subscriptions/resourcegroups/providers/microsoft.network/applicationgateway/001", "CA10Z1__applicationGateway__c" : "001", "Id" : "waflink001" }, { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "CA10Z1__wafPolicy__c" : "waf002", "CA10Z1__wafPolicyId__c" : "/subscriptions/resourcegroups/providers/microsoft.network/applicationgateway/002", "CA10Z1__applicationGateway__c" : "002", "Id" : "waflink002" } ]; """; CREATE TEMP FUNCTION mock_CA10Z1__CaAzureApplicationGatewayWafPolicy__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "Id" : "waf001", "CA10Z1__policySettings__c" : "{\"state\":\"Enabled\",\"mode\":\"Prevention\",\"requestBodyCheck\":false,\"requestBodyInspectLimitInKB\":128,\"requestBodyEnforcement\":false,\"maxRequestBodySizeInKb\":128,\"fileUploadEnforcement\":false,\"fileUploadLimitInMb\":100}" }, { "context" : { "snapshotTime" : new Date("2025-11-12T22:17:00Z") }, "Id" : "waf002", "CA10Z1__policySettings__c" : "{\"state\":\"Enabled\",\"mode\":\"Prevention\",\"requestBodyCheck\":true,\"requestBodyInspectLimitInKB\":128,\"requestBodyEnforcement\":true,\"maxRequestBodySizeInKb\":128,\"fileUploadEnforcement\":true,\"fileUploadLimitInMb\":100,\"jsChallengeCookieExpirationInMins\":30}" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAzureApplicationGateway__c( obj STRUCT< CA10__disappearanceTime__c TIMESTAMP, CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r ARRAY, CA10Z1__wafPolicy__c STRING, CA10Z1__wafPolicyId__c STRING, CA10Z1__applicationGateway__c STRING, Id STRING, result STRUCT >>, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From Azure [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c); if (obj.CA10__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_INCOMPLIANT2 = 0; if (obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r != null) { for (var i3 = 0; i3 < obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.length; i3++) { if (typeof(obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i3].status) !== 'undefined') { if (obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i3].status == 'INCOMPLIANT') { count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_INCOMPLIANT2 += obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i3].count; } } else { if (obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i3].result.status == 'INCOMPLIANT') { count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_INCOMPLIANT2 += 1; } } } } // condition[1], conditionIndex:[100..199] references1.push('Related list [CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r] ' + (count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_INCOMPLIANT2 > 0 ? 'has' : 'does not have') + ' objects in INCOMPLIANT status'); if (count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_INCOMPLIANT2 > 0) { return {status: 'INCOMPLIANT', conditionIndex: 199, conditionText: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(INCOMPLIANT)", currentStateMessage: "The Application Gateway has a WAF policy with request body inspection disabled.", currentStateReferences: references1.join('\n'), remediation: "Enable request body inspection in the WAF policy.", runtimeError: null}; } var count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_COMPLIANT4 = 0; if (obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r != null) { for (var i5 = 0; i5 < obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.length; i5++) { if (typeof(obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i5].status) !== 'undefined') { if (obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i5].status == 'COMPLIANT') { count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_COMPLIANT4 += obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i5].count; } } else { if (obj.CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r[i5].result.status == 'COMPLIANT') { count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_COMPLIANT4 += 1; } } } } // condition[2], conditionIndex:[200..299] if (count_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r_COMPLIANT4 > 0) { return {status: 'COMPLIANT', conditionIndex: 299, conditionText: "CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r.has(COMPLIANT)", currentStateMessage: "The WAF Policy request body inspection is enabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } return {status: 'UNDETERMINED', conditionIndex: 300, conditionText: "otherwise", currentStateMessage: "The Application Gateway has a WAF policy without a populated requestBodyCheck setting.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; CREATE TEMP FUNCTION process_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r( obj STRUCT< CA10Z1__disappearanceTime__c TIMESTAMP, CA10Z1__wafPolicy__r STRUCT< Id STRING, CA10Z1__disappearanceTime__c TIMESTAMP, CA10Z1__policySettings__c STRING >, CA10Z1__wafPolicy__c STRING, CA10Z1__wafPolicyId__c STRING, CA10Z1__applicationGateway__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js OPTIONS (library=['gs://compliance-platform-public/jmespath.min.js']) AS r""" var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From Azure [CA10Z1__disappearanceTime__c]: ' + obj.CA10Z1__disappearanceTime__c); if (obj.CA10Z1__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10Z1__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function extractChecked2() { if (TextLib.isEmpty(obj.CA10Z1__wafPolicyId__c)) { throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "extractCheck(obj.CA10Z1__wafPolicyId__c)", currentStateMessage: "Related object via CA10Z1__wafPolicyId__c has empty ID", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } if (TextLib.isEmpty(obj.CA10Z1__wafPolicy__c)) { throw new Error("UNDETERMINED condition:102", {cause: {status: 'UNDETERMINED', conditionIndex: 102, conditionText: "extractCheck(obj.CA10Z1__wafPolicy__c)", currentStateMessage: "Related object via CA10Z1__wafPolicy__c is not present", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } if (obj.CA10Z1__wafPolicy__r.CA10Z1__disappearanceTime__c != null) { throw new Error("UNDETERMINED condition:103", {cause: {status: 'UNDETERMINED', conditionIndex: 103, conditionText: "extractCheck(obj.CA10Z1__wafPolicy__r.CA10Z1__disappearanceTime__c)", currentStateMessage: "Related object via CA10Z1__wafPolicy__c is present, but deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return extract3.call(extract3); } function jsonQueryChecked4() { var input = extract6.call(extract6); var out; try { out = jmespath.search(input, 'requestBodyCheck'); if (out != null && typeof out != 'boolean') { throw new Error("UNDETERMINED condition:105", {cause: {status: 'UNDETERMINED', conditionIndex: 105, conditionText: "extract('caJsonFrom__policySettings__c').jsonQueryText('requestBodyCheck').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return a boolean type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:106", {cause: {status: 'UNDETERMINED', conditionIndex: 106, conditionText: "extract('caJsonFrom__policySettings__c').jsonQueryText('requestBodyCheck').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked7() { var input = extract9.call(extract9); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:104", {cause: {status: 'UNDETERMINED', conditionIndex: 104, conditionText: "extract('CA10Z1__policySettings__c').asJson().isInvalid()", currentStateMessage: "Policy Settings JSON is invalid", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function extract9() { if (!this.out) { this.out = obj.CA10Z1__wafPolicy__r.CA10Z1__policySettings__c; } return this.out; }; function extract6() { if (!this.out) { this.out = jsonChecked7(); } return this.out; }; function extract3() { if (!this.out) { this.out = jsonQueryChecked4(); } return this.out; }; references1.push('Policy Settings [obj.CA10Z1__wafPolicy__r.CA10Z1__policySettings__c]: ' + obj.CA10Z1__wafPolicy__r.CA10Z1__policySettings__c); try { if (extractChecked2() == false) { return {status: 'INCOMPLIANT', conditionIndex: 199, conditionText: "extract('CA10Z1__wafPolicy__r.caJsonBoolean__policySettingsRequestBodyCheck__c') == false", currentStateMessage: "The WAF policy has requestBodyCheck disabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } // condition[2], conditionIndex:[200..299] function extractChecked11() { if (TextLib.isEmpty(obj.CA10Z1__wafPolicyId__c)) { throw new Error("UNDETERMINED condition:201", {cause: {status: 'UNDETERMINED', conditionIndex: 201, conditionText: "extractCheck(obj.CA10Z1__wafPolicyId__c)", currentStateMessage: "Related object via CA10Z1__wafPolicyId__c has empty ID", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } if (TextLib.isEmpty(obj.CA10Z1__wafPolicy__c)) { throw new Error("UNDETERMINED condition:202", {cause: {status: 'UNDETERMINED', conditionIndex: 202, conditionText: "extractCheck(obj.CA10Z1__wafPolicy__c)", currentStateMessage: "Related object via CA10Z1__wafPolicy__c is not present", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } if (obj.CA10Z1__wafPolicy__r.CA10Z1__disappearanceTime__c != null) { throw new Error("UNDETERMINED condition:203", {cause: {status: 'UNDETERMINED', conditionIndex: 203, conditionText: "extractCheck(obj.CA10Z1__wafPolicy__r.CA10Z1__disappearanceTime__c)", currentStateMessage: "Related object via CA10Z1__wafPolicy__c is present, but deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return extract12.call(extract12); } function jsonQueryChecked13() { var input = extract15.call(extract15); var out; try { out = jmespath.search(input, 'requestBodyCheck'); if (out != null && typeof out != 'boolean') { throw new Error("UNDETERMINED condition:205", {cause: {status: 'UNDETERMINED', conditionIndex: 205, conditionText: "extract('caJsonFrom__policySettings__c').jsonQueryText('requestBodyCheck').isResultTypeMismatch()", currentStateMessage: "The JSON query did not return a boolean type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:206", {cause: {status: 'UNDETERMINED', conditionIndex: 206, conditionText: "extract('caJsonFrom__policySettings__c').jsonQueryText('requestBodyCheck').isEvaluationFailed()", currentStateMessage: "The JSON query has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked16() { var input = extract18.call(extract18); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:204", {cause: {status: 'UNDETERMINED', conditionIndex: 204, conditionText: "extract('CA10Z1__policySettings__c').asJson().isInvalid()", currentStateMessage: "Policy Settings JSON is invalid", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function extract18() { if (!this.out) { this.out = obj.CA10Z1__wafPolicy__r.CA10Z1__policySettings__c; } return this.out; }; function extract15() { if (!this.out) { this.out = jsonChecked16(); } return this.out; }; function extract12() { if (!this.out) { this.out = jsonQueryChecked13(); } return this.out; }; try { if (extractChecked11() == true) { return {status: 'COMPLIANT', conditionIndex: 299, conditionText: "extract('CA10Z1__wafPolicy__r.caJsonBoolean__policySettingsRequestBodyCheck__c') == true", currentStateMessage: "The WAF policy has requestBodyCheck enabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } return {status: 'UNDETERMINED', conditionIndex: 300, conditionText: "otherwise", currentStateMessage: "The WAF policy requestBodyCheck value is undetermined.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, `CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r`.arr AS CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r, sObject.Id AS Id, process_CA10__CaAzureApplicationGateway__c( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, `CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r`.arr AS CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r, sObject.Id AS Id ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAzureApplicationGateway__c()) AS sObject LEFT JOIN ( SELECT sObject.CA10Z1__applicationGateway__c, ARRAY_AGG( STRUCT( sObject.CA10Z1__disappearanceTime__c AS CA10Z1__disappearanceTime__c, STRUCT ( `CA10Z1__wafPolicy__r`.Id AS Id, `CA10Z1__wafPolicy__r`.CA10Z1__disappearanceTime__c AS CA10Z1__disappearanceTime__c, `CA10Z1__wafPolicy__r`.CA10Z1__policySettings__c AS CA10Z1__policySettings__c ) AS CA10Z1__wafPolicy__r, sObject.CA10Z1__wafPolicy__c AS CA10Z1__wafPolicy__c, sObject.CA10Z1__wafPolicyId__c AS CA10Z1__wafPolicyId__c, sObject.CA10Z1__applicationGateway__c AS CA10Z1__applicationGateway__c, sObject.Id AS Id, process_CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r( STRUCT( sObject.CA10Z1__disappearanceTime__c AS CA10Z1__disappearanceTime__c, STRUCT ( `CA10Z1__wafPolicy__r`.Id AS Id, `CA10Z1__wafPolicy__r`.CA10Z1__disappearanceTime__c AS CA10Z1__disappearanceTime__c, `CA10Z1__wafPolicy__r`.CA10Z1__policySettings__c AS CA10Z1__policySettings__c ) AS CA10Z1__wafPolicy__r, sObject.CA10Z1__wafPolicy__c AS CA10Z1__wafPolicy__c, sObject.CA10Z1__wafPolicyId__c AS CA10Z1__wafPolicyId__c, sObject.CA10Z1__applicationGateway__c AS CA10Z1__applicationGateway__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result ) ) AS arr FROM UNNEST(mock_CA10Z1__CaAzureAppGatewayWafPolicyLink__c()) AS sObject LEFT JOIN UNNEST(mock_CA10Z1__CaAzureApplicationGatewayWafPolicy__c()) AS `CA10Z1__wafPolicy__r` ON sObject.CA10Z1__wafPolicy__c = `CA10Z1__wafPolicy__r`.Id GROUP BY sObject.CA10Z1__applicationGateway__c ) AS `CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r` ON sObject.Id = `CA10Z1__Azure_App_Gateway_WAF_Policy_Links__r`.CA10Z1__applicationGateway__c ) sObject ON sObject.Id = expectedResult.Id;