nginxinc
diff --git a/‎analyze.go
Lines changed: 39 additions & 2255 deletions b/‎analyze.go
Lines changed: 39 additions & 2255 deletions
diff --git a/‎analyze_appProtectWAFv4_directives.go
Lines changed: 51 additions & 0 deletions b/‎analyze_appProtectWAFv4_directives.go
Lines changed: 51 additions & 0 deletions
diff --git a/‎analyze_appProtectWAFv5_directives.go
Lines changed: 51 additions & 0 deletions b/‎analyze_appProtectWAFv5_directives.go
Lines changed: 51 additions & 0 deletions
diff --git a/‎analyze_headersMore_directives.go
Lines changed: 36 additions & 0 deletions b/‎analyze_headersMore_directives.go
Lines changed: 36 additions & 0 deletions
@@ -0,0 +1,51 @@
+package crossplane
+
+// nginx app protect specific and global directives, inferred from
+// [https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#directives]
+
+//nolint:gochecknoglobals
+var appProtectWAFv4Directives = map[string][]uint{
+	"app_protect_compressed_requests_action": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_cookie_seed": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_cpu_thresholds": {
+		ngxHTTPMainConf | ngxConfTake2,
+	},
+	"app_protect_enable": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+	},
+	"app_protect_failure_mode_action": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_physical_memory_util_thresholds": {
+		ngxHTTPMainConf | ngxConfTake2,
+	},
+	"app_protect_policy_file": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+	},
+	"app_protect_reconnect_period_seconds": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_request_buffer_overflow_action": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_security_log_enable": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+	},
+	"app_protect_security_log": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+	},
+	"app_protect_user_defined_signatures": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+}
+
+// AppProtectWAFv4DirectivesMatchFn is a match function for parsing an NGINX config that contains the
+// App Protect v4 module.
+func AppProtectWAFv4DirectivesMatchFn(directive string) ([]uint, bool) {
+	masks, matched := appProtectWAFv4Directives[directive]
+	return masks, matched
+}
@@ -0,0 +1,51 @@
+package crossplane
+
+// nginx app protect specific and global directives, inferred from
+// [https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#directives]
+
+//nolint:gochecknoglobals
+var appProtectWAFv5Directives = map[string][]uint{
+	"app_protect_physical_memory_util_thresholds": {
+		ngxHTTPMainConf | ngxConfTake2,
+	},
+	"app_protect_cpu_thresholds": {
+		ngxHTTPMainConf | ngxConfTake2,
+	},
+	"app_protect_failure_mode_action": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_cookie_seed": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_request_buffer_overflow_action": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_reconnect_period_seconds": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_enforcer_address": {
+		ngxHTTPMainConf | ngxConfTake1,
+	},
+	"app_protect_enable": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+	},
+	"app_protect_policy_file": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+	},
+	"app_protect_security_log_enable": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+	},
+	"app_protect_security_log": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+	},
+	"app_protect_custom_log_attribute": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+	},
+}
+
+// AppProtectWAFv5DirectivesMatchFn is a match function for parsing an NGINX config that contains the
+// App Protect v5 module.
+func AppProtectWAFv5DirectivesMatchFn(directive string) ([]uint, bool) {
+	masks, matched := appProtectWAFv5Directives[directive]
+	return masks, matched
+}
@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) F5, Inc.
+ *
+ * This source code is licensed under the Apache License, Version 2.0 license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+// All the definitions are extracted from the source code
+// Each bit mask describes these behaviors:
+//   - how many arguments the directive can take
+//   - whether or not it is a block directive
+//   - whether this is a flag (takes one argument that's either "on" or "off")
+//   - which contexts it's allowed to be in
+
+package crossplane
+
+//nolint:gochecknoglobals
+var moduleHeadersMoreDirectives = map[string][]uint{
+	"more_clear_headers": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConf1More,
+	},
+	"more_clear_input_headers": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConf1More,
+	},
+	"more_set_headers": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConf1More,
+	},
+	"more_set_input_headers": {
+		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConf1More,
+	},
+}
+
+func HeadersMoreDirectivesMatchFn(directive string) ([]uint, bool) {
+	masks, matched := moduleHeadersMoreDirectives[directive]
+	return masks, matched
+}