Migrate sdkv2

README.md

@@ -22,7 +22,7 @@ A Go library for interacting with
 * Manage triggers
 * Manage users
 * Manage the denylist
-* Switch the WAF/Scanner/Active Threat Verification modes
+* Switch the WAF/Active Threat Verification modes
 * Inquire found vulnerabilities
 
 ## Install

action.go

@@ -14,7 +14,7 @@ type (
 		RuleRead(ruleBody *ActionRead) (*ActionFetch, error)
 		HintCreate(ruleBody *ActionCreate) (*ActionCreateResp, error)
 		HintUpdateV3(ruleID int, hintBody *HintUpdateV3Params) (*ActionCreateResp, error)
-		RuleDelete(actionID int) error
+		ActionDelete(actionID int) error
 		HintDelete(hintbody *HintDelete) error
 	}
 
@@ -325,9 +325,9 @@ func (api *api) HintCreate(ruleBody *ActionCreate) (*ActionCreateResp, error) {
 	return &a, nil
 }
 
-// RuleDelete deletes the Rule defined by unique ID.
+// ActionDelete deletes the Action defined by unique ID.
 // API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) RuleDelete(actionID int) error {
+func (api *api) ActionDelete(actionID int) error {
 
 	uri := fmt.Sprintf("/v2/action/%d", actionID)
 	_, err := api.makeRequest(http.MethodDelete, uri, "rule", nil, nil)

allowlist.go

@@ -2,26 +2,22 @@ package wallarm
 
 type Allowlist interface {
 	AllowlistRead(clientID int) ([]IPRule, error)
-	AllowlistCreate(clientID int, params IPRuleCreationParams) error
-	AllowlistDelete(clientID int, ids []int) error
+	AllowlistCreate(clientID int, params AccessRuleCreateRequest) error
+	AllowlistDelete(clientID int, rules []AccessRuleDeleteEntry) error
 }
 
-// AllowlistRead requests the current allowlist for the future purposes.
-// It is going to respond with the list of IP addresses.
-// API reference: https://apiconsole.eu1.wallarm.com
+// AllowlistRead requests the current allowlist.
 func (api *api) AllowlistRead(clientID int) ([]IPRule, error) {
 	return api.IPListRead(AllowlistType, clientID)
 }
 
-// AllowlistCreate creates a allowlist in the Wallarm Cloud.
-// API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) AllowlistCreate(clientID int, params IPRuleCreationParams) error {
+// AllowlistCreate creates an allowlist entry in the Wallarm Cloud.
+func (api *api) AllowlistCreate(clientID int, params AccessRuleCreateRequest) error {
 	params.List = AllowlistType
 	return api.IPListCreate(clientID, params)
 }
 
-// AllowlistDelete deletes a allowlist for the client.
-// API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) AllowlistDelete(clientID int, ids []int) error {
-	return api.IPListDelete(AllowlistType, clientID, ids)
+// AllowlistDelete deletes allowlist entries for the client.
+func (api *api) AllowlistDelete(clientID int, rules []AccessRuleDeleteEntry) error {
+	return api.IPListDelete(clientID, rules)
 }

client.go

@@ -1,6 +1,10 @@
 package wallarm
 
-import "encoding/json"
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+)
 
 type (
 	// Client contains operations available on Client resource
@@ -12,14 +16,15 @@ type (
 
 	// ClientFields defines fields which are subject to update.
 	ClientFields struct {
+		Name                string `json:"name,omitempty"`
 		Enabled             bool   `json:"enabled,omitempty"`
 		AttackRecheckerMode string `json:"attack_rechecker_mode,omitempty"`
 	}
 
 	// ClientFilter is used for filtration.
 	// ID is a Client ID entity.
 	ClientFilter struct {
-		ID int `json:"id"`
+		ID int `json:"id,omitempty"`
 	}
 
 	// ClientCreate is a root object for updating.
@@ -47,6 +52,7 @@ type (
 		ClientFilter
 		Enabled bool   `json:"enabled,omitempty"`
 		Name    string `json:"name,omitempty"`
+		UUID    string `json:"uuid,omitempty"`
 	}
 
 	// ClientInfo is the response on the Client Read.
@@ -71,7 +77,6 @@ type (
 		SupportPlan      string   `json:"support_plan"`
 		DateFormat       string   `json:"date_format"`
 		BlockingType     string   `json:"blocking_type"`
-		ScannerMode      string   `json:"scanner_mode"`
 		QratorBlacklists bool     `json:"qrator_blacklists"`
 		Notifications    struct {
 			ReportDaily struct {
@@ -118,14 +123,6 @@ type (
 			} `json:"scope"`
 		} `json:"notifications"`
 		LastScan            interface{} `json:"last_scan"`
-		ScannerCluster      string      `json:"scanner_cluster"`
-		ScannerScopeCluster string      `json:"scanner_scope_cluster"`
-		ScannerState        struct {
-			LastScan      int         `json:"last_scan"`
-			LastVuln      int         `json:"last_vuln"`
-			LastVulnCheck interface{} `json:"last_vuln_check"`
-			LastWapi      interface{} `json:"last_wapi"`
-		} `json:"scanner_state"`
 		Language            string `json:"language"`
 		AttackRecheckerMode string `json:"attack_rechecker_mode"`
 		VulnRecheckerMode   string `json:"vuln_rechecker_mode"`
@@ -137,7 +134,6 @@ type (
 		CanEnableBlacklist  bool   `json:"can_enable_blacklist"`
 		BlacklistDisabledAt int    `json:"blacklist_disabled_at"`
 		HiddenVulns         bool   `json:"hidden_vulns"`
-		ScannerPriority     string `json:"scanner_priority"`
 	}
 )
 
@@ -158,7 +154,6 @@ func (api *api) ClientCreate(clientBody *ClientCreate) (*SingleClientInfo, error
 }
 
 // ClientUpdate changes client state.
-// It can be used with global Scanner, Attack Rechecker Statuses.
 // API reference: https://apiconsole.eu1.wallarm.com
 func (api *api) ClientUpdate(clientBody *ClientUpdate) (*ClientInfo, error) {
 
@@ -175,12 +170,11 @@ func (api *api) ClientUpdate(clientBody *ClientUpdate) (*ClientInfo, error) {
 }
 
 // ClientRead requests common info about the account.
-// There is info about Scanner, Attack Rechecker, and others.
 // API reference: https://apiconsole.eu1.wallarm.com
 func (api *api) ClientRead(clientBody *ClientRead) (*ClientInfo, error) {
 
 	uri := "/v1/objects/client"
-	respBody, err := api.makeRequest("POST", uri, "client", clientBody, nil)
+	respBody, err := api.makeRequest("GET", uri, "client", clientBody.toQuery(), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -190,3 +184,30 @@ func (api *api) ClientRead(clientBody *ClientRead) (*ClientInfo, error) {
 	}
 	return &c, nil
 }
+
+// toQuery converts the ClientRead filter to URL query parameters.
+// e.g. filter[id]=8649&limit=1&offset=0
+func (cr *ClientRead) toQuery() string {
+	v := url.Values{}
+	if cr.Filter != nil {
+		if cr.Filter.ID != 0 {
+			v.Set("filter[id]", fmt.Sprintf("%d", cr.Filter.ID))
+		}
+		if cr.Filter.Enabled {
+			v.Set("filter[enabled]", "true")
+		}
+		if cr.Filter.Name != "" {
+			v.Set("filter[name]", cr.Filter.Name)
+		}
+		if cr.Filter.UUID != "" {
+			v.Set("filter[uuid]", cr.Filter.UUID)
+		}
+	}
+	if cr.Limit > 0 {
+		v.Set("limit", fmt.Sprintf("%d", cr.Limit))
+	}
+	if cr.Offset > 0 {
+		v.Set("offset", fmt.Sprintf("%d", cr.Offset))
+	}
+	return v.Encode()
+}

config.go

@@ -45,12 +45,13 @@ type (
 		Vulnerability
 		Integration
 		Node
-		Scanner
 		Trigger
 		User
 		WallarmMode
+		OverlimitResSettings
 		RuleSettings
 		ApiSpec
+		CredentialStuffingConfigs
 		SecurityIssues
 		Hits
 	}

credential_stuffing.go

@@ -0,0 +1,43 @@
+package wallarm
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+type (
+	// CredentialStuffingConfigs contains operations for reading credential stuffing configurations.
+	CredentialStuffingConfigs interface {
+		CredentialStuffingConfigsRead(clientID int) ([]ActionBody, error)
+	}
+
+	// CredentialStuffingConfigsResp is the response from
+	// GET /v4/clients/{clientID}/credential_stuffing/configs.
+	// Configs are split into "default" and "custom" buckets.
+	CredentialStuffingConfigsResp struct {
+		Status int `json:"status"`
+		Body   struct {
+			Default []ActionBody `json:"default"`
+			Custom  []ActionBody `json:"custom"`
+		} `json:"body"`
+	}
+)
+
+// CredentialStuffingConfigsRead fetches all credential stuffing configs for a client.
+// API: GET /v4/clients/{clientID}/credential_stuffing/configs
+func (api *api) CredentialStuffingConfigsRead(clientID int) ([]ActionBody, error) {
+	uri := fmt.Sprintf("/v4/clients/%d/credential_stuffing/configs", clientID)
+	respBody, err := api.makeRequest("GET", uri, "credential_stuffing", nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	var resp CredentialStuffingConfigsResp
+	if err = json.Unmarshal(respBody, &resp); err != nil {
+		return nil, fmt.Errorf("CredentialStuffingConfigsRead: failed to parse response: %w", err)
+	}
+	// Merge both buckets into a single slice.
+	configs := make([]ActionBody, 0, len(resp.Body.Default)+len(resp.Body.Custom))
+	configs = append(configs, resp.Body.Default...)
+	configs = append(configs, resp.Body.Custom...)
+	return configs, nil
+}

denylist.go

@@ -2,26 +2,22 @@ package wallarm
 
 type Denylist interface {
 	DenylistRead(clientID int) ([]IPRule, error)
-	DenylistCreate(clientID int, params IPRuleCreationParams) error
-	DenylistDelete(clientID int, ids []int) error
+	DenylistCreate(clientID int, params AccessRuleCreateRequest) error
+	DenylistDelete(clientID int, rules []AccessRuleDeleteEntry) error
 }
 
-// DenylistRead requests the current denylist for the future purposes.
-// It is going to respond with the list of IP addresses.
-// API reference: https://apiconsole.eu1.wallarm.com
+// DenylistRead requests the current denylist.
 func (api *api) DenylistRead(clientID int) ([]IPRule, error) {
 	return api.IPListRead(DenylistType, clientID)
 }
 
-// DenylistCreate creates a denylist in the Wallarm Cloud.
-// API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) DenylistCreate(clientID int, params IPRuleCreationParams) error {
+// DenylistCreate creates a denylist entry in the Wallarm Cloud.
+func (api *api) DenylistCreate(clientID int, params AccessRuleCreateRequest) error {
 	params.List = DenylistType
 	return api.IPListCreate(clientID, params)
 }
 
-// DenylistDelete deletes a denylist for the client.
-// API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) DenylistDelete(clientID int, ids []int) error {
-	return api.IPListDelete(DenylistType, clientID, ids)
+// DenylistDelete deletes denylist entries for the client.
+func (api *api) DenylistDelete(clientID int, rules []AccessRuleDeleteEntry) error {
+	return api.IPListDelete(clientID, rules)
 }

get_hits.go

@@ -36,7 +36,6 @@ type (
 		SecurityIssueID   *int            `json:"security_issue_id"`
 		NotExperimental   bool            `json:"!experimental"`
 		NotAasmEvent      bool            `json:"!aasm_event"`
-		NotWallarmScanner bool            `json:"!wallarm_scanner"`
 	}
 
 	// Hit represents a single detection event within a request.

graylist.go

@@ -2,26 +2,22 @@ package wallarm
 
 type Graylist interface {
 	GraylistRead(clientID int) ([]IPRule, error)
-	GraylistCreate(clientID int, params IPRuleCreationParams) error
-	GraylistDelete(clientID int, ids []int) error
+	GraylistCreate(clientID int, params AccessRuleCreateRequest) error
+	GraylistDelete(clientID int, rules []AccessRuleDeleteEntry) error
 }
 
-// GraylistRead requests the current graylist for the future purposes.
-// It is going to respond with the list of IP addresses.
-// API reference: https://apiconsole.eu1.wallarm.com
+// GraylistRead requests the current graylist.
 func (api *api) GraylistRead(clientID int) ([]IPRule, error) {
 	return api.IPListRead(GraylistType, clientID)
 }
 
-// GraylistCreate creates a graylist in the Wallarm Cloud.
-// API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) GraylistCreate(clientID int, params IPRuleCreationParams) error {
+// GraylistCreate creates a graylist entry in the Wallarm Cloud.
+func (api *api) GraylistCreate(clientID int, params AccessRuleCreateRequest) error {
 	params.List = GraylistType
 	return api.IPListCreate(clientID, params)
 }
 
-// GraylistDelete deletes a graylist for the client.
-// API reference: https://apiconsole.eu1.wallarm.com
-func (api *api) GraylistDelete(clientID int, ids []int) error {
-	return api.IPListDelete(GraylistType, clientID, ids)
+// GraylistDelete deletes graylist entries for the client.
+func (api *api) GraylistDelete(clientID int, rules []AccessRuleDeleteEntry) error {
+	return api.IPListDelete(clientID, rules)
 }