{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.WAFV2.Types.Statement
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.WAFV2.Types.Statement where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import {-# SOURCE #-} Amazonka.WAFV2.Types.AndStatement
import Amazonka.WAFV2.Types.ByteMatchStatement
import Amazonka.WAFV2.Types.GeoMatchStatement
import Amazonka.WAFV2.Types.IPSetReferenceStatement
import Amazonka.WAFV2.Types.LabelMatchStatement
import {-# SOURCE #-} Amazonka.WAFV2.Types.ManagedRuleGroupStatement
import {-# SOURCE #-} Amazonka.WAFV2.Types.NotStatement
import {-# SOURCE #-} Amazonka.WAFV2.Types.OrStatement
import {-# SOURCE #-} Amazonka.WAFV2.Types.RateBasedStatement
import Amazonka.WAFV2.Types.RegexMatchStatement
import Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement
import Amazonka.WAFV2.Types.RuleGroupReferenceStatement
import Amazonka.WAFV2.Types.SizeConstraintStatement
import Amazonka.WAFV2.Types.SqliMatchStatement
import Amazonka.WAFV2.Types.XssMatchStatement

-- | The processing guidance for a Rule, used by WAF to determine whether a
-- web request matches the rule.
--
-- For example specifications, see the examples section of CreateWebACL.
--
-- /See:/ 'newStatement' smart constructor.
data Statement = Statement'
  { -- | A logical rule statement used to combine other rule statements with AND
    -- logic. You provide more than one Statement within the @AndStatement@.
    Statement -> Maybe AndStatement
andStatement :: Prelude.Maybe AndStatement,
    -- | A rule statement that defines a string match search for WAF to apply to
    -- web requests. The byte match statement provides the bytes to search for,
    -- the location in requests that you want WAF to search, and other
    -- settings. The bytes to search for are typically a string that
    -- corresponds with ASCII characters. In the WAF console and the developer
    -- guide, this is called a string match statement.
    Statement -> Maybe ByteMatchStatement
byteMatchStatement :: Prelude.Maybe ByteMatchStatement,
    -- | A rule statement that labels web requests by country and region and that
    -- matches against web requests based on country code. A geo match rule
    -- labels every request that it inspects regardless of whether it finds a
    -- match.
    --
    -- -   To manage requests only by country, you can use this statement by
    --     itself and specify the countries that you want to match against in
    --     the @CountryCodes@ array.
    --
    -- -   Otherwise, configure your geo match rule with Count action so that
    --     it only labels requests. Then, add one or more label match rules to
    --     run after the geo match rule and configure them to match against the
    --     geographic labels and handle the requests as needed.
    --
    -- WAF labels requests using the alpha-2 country and region codes from the
    -- International Organization for Standardization (ISO) 3166 standard. WAF
    -- determines the codes using either the IP address in the web request
    -- origin or, if you specify it, the address in the geo match
    -- @ForwardedIPConfig@.
    --
    -- If you use the web request origin, the label formats are
    -- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
    -- @awswaf:clientip:geo:country:\<ISO country code>@.
    --
    -- If you use a forwarded IP address, the label formats are
    -- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
    -- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
    --
    -- For additional details, see
    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
    -- in the
    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
    Statement -> Maybe GeoMatchStatement
geoMatchStatement :: Prelude.Maybe GeoMatchStatement,
    -- | A rule statement used to detect web requests coming from particular IP
    -- addresses or address ranges. To use this, create an IPSet that specifies
    -- the addresses you want to detect, then use the ARN of that set in this
    -- statement. To create an IP set, see CreateIPSet.
    --
    -- Each IP set rule statement references an IP set. You create and maintain
    -- the set independent of your rules. This allows you to use the single set
    -- in multiple rules. When you update the referenced set, WAF automatically
    -- updates all rules that reference it.
    Statement -> Maybe IPSetReferenceStatement
iPSetReferenceStatement :: Prelude.Maybe IPSetReferenceStatement,
    -- | A rule statement to match against labels that have been added to the web
    -- request by rules that have already run in the web ACL.
    --
    -- The label match statement provides the label or namespace string to
    -- search for. The label string can represent a part or all of the fully
    -- qualified label name that had been added to the web request. Fully
    -- qualified labels have a prefix, optional namespaces, and label name. The
    -- prefix identifies the rule group or web ACL context of the rule that
    -- added the label. If you do not provide the fully qualified name in your
    -- label match string, WAF performs the search for labels that were added
    -- in the same context as the label match statement.
    Statement -> Maybe LabelMatchStatement
labelMatchStatement :: Prelude.Maybe LabelMatchStatement,
    -- | A rule statement used to run the rules that are defined in a managed
    -- rule group. To use this, provide the vendor name and the name of the
    -- rule group in this statement. You can retrieve the required names by
    -- calling ListAvailableManagedRuleGroups.
    --
    -- You cannot nest a @ManagedRuleGroupStatement@, for example for use
    -- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
    -- top-level statement within a rule.
    --
    -- You are charged additional fees when you use the WAF Bot Control managed
    -- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
    -- account takeover prevention (ATP) managed rule group
    -- @AWSManagedRulesATPRuleSet@. For more information, see
    -- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
    Statement -> Maybe ManagedRuleGroupStatement
managedRuleGroupStatement :: Prelude.Maybe ManagedRuleGroupStatement,
    -- | A logical rule statement used to negate the results of another rule
    -- statement. You provide one Statement within the @NotStatement@.
    Statement -> Maybe NotStatement
notStatement :: Prelude.Maybe NotStatement,
    -- | A logical rule statement used to combine other rule statements with OR
    -- logic. You provide more than one Statement within the @OrStatement@.
    Statement -> Maybe OrStatement
orStatement :: Prelude.Maybe OrStatement,
    -- | A rate-based rule tracks the rate of requests for each originating IP
    -- address, and triggers the rule action when the rate exceeds a limit that
    -- you specify on the number of requests in any 5-minute time span. You can
    -- use this to put a temporary block on requests from an IP address that is
    -- sending excessive requests.
    --
    -- WAF tracks and manages web requests separately for each instance of a
    -- rate-based rule that you use. For example, if you provide the same
    -- rate-based rule settings in two web ACLs, each of the two rule
    -- statements represents a separate instance of the rate-based rule and
    -- gets its own tracking and management by WAF. If you define a rate-based
    -- rule inside a rule group, and then use that rule group in multiple
    -- places, each use creates a separate instance of the rate-based rule that
    -- gets its own tracking and management by WAF.
    --
    -- When the rule action triggers, WAF blocks additional requests from the
    -- IP address until the request rate falls below the limit.
    --
    -- You can optionally nest another statement inside the rate-based
    -- statement, to narrow the scope of the rule so that it only counts
    -- requests that match the nested statement. For example, based on recent
    -- requests that you have seen from an attacker, you might create a
    -- rate-based rule with a nested AND rule statement that contains the
    -- following nested statements:
    --
    -- -   An IP match statement with an IP set that specified the address
    --     192.0.2.44.
    --
    -- -   A string match statement that searches in the User-Agent header for
    --     the string BadBot.
    --
    -- In this rate-based rule, you also define a rate limit. For this example,
    -- the rate limit is 1,000. Requests that meet the criteria of both of the
    -- nested statements are counted. If the count exceeds 1,000 requests per
    -- five minutes, the rule action triggers. Requests that do not meet the
    -- criteria of both of the nested statements are not counted towards the
    -- rate limit and are not affected by this rule.
    --
    -- You cannot nest a @RateBasedStatement@ inside another statement, for
    -- example inside a @NotStatement@ or @OrStatement@. You can define a
    -- @RateBasedStatement@ inside a web ACL and inside a rule group.
    Statement -> Maybe RateBasedStatement
rateBasedStatement :: Prelude.Maybe RateBasedStatement,
    -- | A rule statement used to search web request components for a match
    -- against a single regular expression.
    Statement -> Maybe RegexMatchStatement
regexMatchStatement :: Prelude.Maybe RegexMatchStatement,
    -- | A rule statement used to search web request components for matches with
    -- regular expressions. To use this, create a RegexPatternSet that
    -- specifies the expressions that you want to detect, then use the ARN of
    -- that set in this statement. A web request matches the pattern set rule
    -- statement if the request component matches any of the patterns in the
    -- set. To create a regex pattern set, see CreateRegexPatternSet.
    --
    -- Each regex pattern set rule statement references a regex pattern set.
    -- You create and maintain the set independent of your rules. This allows
    -- you to use the single set in multiple rules. When you update the
    -- referenced set, WAF automatically updates all rules that reference it.
    Statement -> Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement :: Prelude.Maybe RegexPatternSetReferenceStatement,
    -- | A rule statement used to run the rules that are defined in a RuleGroup.
    -- To use this, create a rule group with your rules, then provide the ARN
    -- of the rule group in this statement.
    --
    -- You cannot nest a @RuleGroupReferenceStatement@, for example for use
    -- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
    -- reference statement at the top level inside a web ACL.
    Statement -> Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement :: Prelude.Maybe RuleGroupReferenceStatement,
    -- | A rule statement that compares a number of bytes against the size of a
    -- request component, using a comparison operator, such as greater than (>)
    -- or less than (\<). For example, you can use a size constraint statement
    -- to look for query strings that are longer than 100 bytes.
    --
    -- If you configure WAF to inspect the request body, WAF inspects only the
    -- first 8192 bytes (8 KB). If the request body for your web requests never
    -- exceeds 8192 bytes, you could use a size constraint statement to block
    -- requests that have a request body greater than 8192 bytes.
    --
    -- If you choose URI for the value of Part of the request to filter on, the
    -- slash (\/) in the URI counts as one character. For example, the URI
    -- @\/logo.jpg@ is nine characters long.
    Statement -> Maybe SizeConstraintStatement
sizeConstraintStatement :: Prelude.Maybe SizeConstraintStatement,
    -- | A rule statement that inspects for malicious SQL code. Attackers insert
    -- malicious SQL code into web requests to do things like modify your
    -- database or extract data from it.
    Statement -> Maybe SqliMatchStatement
sqliMatchStatement :: Prelude.Maybe SqliMatchStatement,
    -- | A rule statement that inspects for cross-site scripting (XSS) attacks.
    -- In XSS attacks, the attacker uses vulnerabilities in a benign website as
    -- a vehicle to inject malicious client-site scripts into other legitimate
    -- web browsers.
    Statement -> Maybe XssMatchStatement
xssMatchStatement :: Prelude.Maybe XssMatchStatement
  }
  deriving (Statement -> Statement -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Statement -> Statement -> Bool
$c/= :: Statement -> Statement -> Bool
== :: Statement -> Statement -> Bool
$c== :: Statement -> Statement -> Bool
Prelude.Eq, ReadPrec [Statement]
ReadPrec Statement
Int -> ReadS Statement
ReadS [Statement]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Statement]
$creadListPrec :: ReadPrec [Statement]
readPrec :: ReadPrec Statement
$creadPrec :: ReadPrec Statement
readList :: ReadS [Statement]
$creadList :: ReadS [Statement]
readsPrec :: Int -> ReadS Statement
$creadsPrec :: Int -> ReadS Statement
Prelude.Read, Int -> Statement -> ShowS
[Statement] -> ShowS
Statement -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Statement] -> ShowS
$cshowList :: [Statement] -> ShowS
show :: Statement -> String
$cshow :: Statement -> String
showsPrec :: Int -> Statement -> ShowS
$cshowsPrec :: Int -> Statement -> ShowS
Prelude.Show, forall x. Rep Statement x -> Statement
forall x. Statement -> Rep Statement x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Statement x -> Statement
$cfrom :: forall x. Statement -> Rep Statement x
Prelude.Generic)

-- |
-- Create a value of 'Statement' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'andStatement', 'statement_andStatement' - A logical rule statement used to combine other rule statements with AND
-- logic. You provide more than one Statement within the @AndStatement@.
--
-- 'byteMatchStatement', 'statement_byteMatchStatement' - A rule statement that defines a string match search for WAF to apply to
-- web requests. The byte match statement provides the bytes to search for,
-- the location in requests that you want WAF to search, and other
-- settings. The bytes to search for are typically a string that
-- corresponds with ASCII characters. In the WAF console and the developer
-- guide, this is called a string match statement.
--
-- 'geoMatchStatement', 'statement_geoMatchStatement' - A rule statement that labels web requests by country and region and that
-- matches against web requests based on country code. A geo match rule
-- labels every request that it inspects regardless of whether it finds a
-- match.
--
-- -   To manage requests only by country, you can use this statement by
--     itself and specify the countries that you want to match against in
--     the @CountryCodes@ array.
--
-- -   Otherwise, configure your geo match rule with Count action so that
--     it only labels requests. Then, add one or more label match rules to
--     run after the geo match rule and configure them to match against the
--     geographic labels and handle the requests as needed.
--
-- WAF labels requests using the alpha-2 country and region codes from the
-- International Organization for Standardization (ISO) 3166 standard. WAF
-- determines the codes using either the IP address in the web request
-- origin or, if you specify it, the address in the geo match
-- @ForwardedIPConfig@.
--
-- If you use the web request origin, the label formats are
-- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
-- @awswaf:clientip:geo:country:\<ISO country code>@.
--
-- If you use a forwarded IP address, the label formats are
-- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
-- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
--
-- For additional details, see
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
-- in the
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
--
-- 'iPSetReferenceStatement', 'statement_iPSetReferenceStatement' - A rule statement used to detect web requests coming from particular IP
-- addresses or address ranges. To use this, create an IPSet that specifies
-- the addresses you want to detect, then use the ARN of that set in this
-- statement. To create an IP set, see CreateIPSet.
--
-- Each IP set rule statement references an IP set. You create and maintain
-- the set independent of your rules. This allows you to use the single set
-- in multiple rules. When you update the referenced set, WAF automatically
-- updates all rules that reference it.
--
-- 'labelMatchStatement', 'statement_labelMatchStatement' - A rule statement to match against labels that have been added to the web
-- request by rules that have already run in the web ACL.
--
-- The label match statement provides the label or namespace string to
-- search for. The label string can represent a part or all of the fully
-- qualified label name that had been added to the web request. Fully
-- qualified labels have a prefix, optional namespaces, and label name. The
-- prefix identifies the rule group or web ACL context of the rule that
-- added the label. If you do not provide the fully qualified name in your
-- label match string, WAF performs the search for labels that were added
-- in the same context as the label match statement.
--
-- 'managedRuleGroupStatement', 'statement_managedRuleGroupStatement' - A rule statement used to run the rules that are defined in a managed
-- rule group. To use this, provide the vendor name and the name of the
-- rule group in this statement. You can retrieve the required names by
-- calling ListAvailableManagedRuleGroups.
--
-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
-- top-level statement within a rule.
--
-- You are charged additional fees when you use the WAF Bot Control managed
-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
-- account takeover prevention (ATP) managed rule group
-- @AWSManagedRulesATPRuleSet@. For more information, see
-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
--
-- 'notStatement', 'statement_notStatement' - A logical rule statement used to negate the results of another rule
-- statement. You provide one Statement within the @NotStatement@.
--
-- 'orStatement', 'statement_orStatement' - A logical rule statement used to combine other rule statements with OR
-- logic. You provide more than one Statement within the @OrStatement@.
--
-- 'rateBasedStatement', 'statement_rateBasedStatement' - A rate-based rule tracks the rate of requests for each originating IP
-- address, and triggers the rule action when the rate exceeds a limit that
-- you specify on the number of requests in any 5-minute time span. You can
-- use this to put a temporary block on requests from an IP address that is
-- sending excessive requests.
--
-- WAF tracks and manages web requests separately for each instance of a
-- rate-based rule that you use. For example, if you provide the same
-- rate-based rule settings in two web ACLs, each of the two rule
-- statements represents a separate instance of the rate-based rule and
-- gets its own tracking and management by WAF. If you define a rate-based
-- rule inside a rule group, and then use that rule group in multiple
-- places, each use creates a separate instance of the rate-based rule that
-- gets its own tracking and management by WAF.
--
-- When the rule action triggers, WAF blocks additional requests from the
-- IP address until the request rate falls below the limit.
--
-- You can optionally nest another statement inside the rate-based
-- statement, to narrow the scope of the rule so that it only counts
-- requests that match the nested statement. For example, based on recent
-- requests that you have seen from an attacker, you might create a
-- rate-based rule with a nested AND rule statement that contains the
-- following nested statements:
--
-- -   An IP match statement with an IP set that specified the address
--     192.0.2.44.
--
-- -   A string match statement that searches in the User-Agent header for
--     the string BadBot.
--
-- In this rate-based rule, you also define a rate limit. For this example,
-- the rate limit is 1,000. Requests that meet the criteria of both of the
-- nested statements are counted. If the count exceeds 1,000 requests per
-- five minutes, the rule action triggers. Requests that do not meet the
-- criteria of both of the nested statements are not counted towards the
-- rate limit and are not affected by this rule.
--
-- You cannot nest a @RateBasedStatement@ inside another statement, for
-- example inside a @NotStatement@ or @OrStatement@. You can define a
-- @RateBasedStatement@ inside a web ACL and inside a rule group.
--
-- 'regexMatchStatement', 'statement_regexMatchStatement' - A rule statement used to search web request components for a match
-- against a single regular expression.
--
-- 'regexPatternSetReferenceStatement', 'statement_regexPatternSetReferenceStatement' - A rule statement used to search web request components for matches with
-- regular expressions. To use this, create a RegexPatternSet that
-- specifies the expressions that you want to detect, then use the ARN of
-- that set in this statement. A web request matches the pattern set rule
-- statement if the request component matches any of the patterns in the
-- set. To create a regex pattern set, see CreateRegexPatternSet.
--
-- Each regex pattern set rule statement references a regex pattern set.
-- You create and maintain the set independent of your rules. This allows
-- you to use the single set in multiple rules. When you update the
-- referenced set, WAF automatically updates all rules that reference it.
--
-- 'ruleGroupReferenceStatement', 'statement_ruleGroupReferenceStatement' - A rule statement used to run the rules that are defined in a RuleGroup.
-- To use this, create a rule group with your rules, then provide the ARN
-- of the rule group in this statement.
--
-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
-- reference statement at the top level inside a web ACL.
--
-- 'sizeConstraintStatement', 'statement_sizeConstraintStatement' - A rule statement that compares a number of bytes against the size of a
-- request component, using a comparison operator, such as greater than (>)
-- or less than (\<). For example, you can use a size constraint statement
-- to look for query strings that are longer than 100 bytes.
--
-- If you configure WAF to inspect the request body, WAF inspects only the
-- first 8192 bytes (8 KB). If the request body for your web requests never
-- exceeds 8192 bytes, you could use a size constraint statement to block
-- requests that have a request body greater than 8192 bytes.
--
-- If you choose URI for the value of Part of the request to filter on, the
-- slash (\/) in the URI counts as one character. For example, the URI
-- @\/logo.jpg@ is nine characters long.
--
-- 'sqliMatchStatement', 'statement_sqliMatchStatement' - A rule statement that inspects for malicious SQL code. Attackers insert
-- malicious SQL code into web requests to do things like modify your
-- database or extract data from it.
--
-- 'xssMatchStatement', 'statement_xssMatchStatement' - A rule statement that inspects for cross-site scripting (XSS) attacks.
-- In XSS attacks, the attacker uses vulnerabilities in a benign website as
-- a vehicle to inject malicious client-site scripts into other legitimate
-- web browsers.
newStatement ::
  Statement
newStatement :: Statement
newStatement =
  Statement'
    { $sel:andStatement:Statement' :: Maybe AndStatement
andStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:byteMatchStatement:Statement' :: Maybe ByteMatchStatement
byteMatchStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:geoMatchStatement:Statement' :: Maybe GeoMatchStatement
geoMatchStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:iPSetReferenceStatement:Statement' :: Maybe IPSetReferenceStatement
iPSetReferenceStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:labelMatchStatement:Statement' :: Maybe LabelMatchStatement
labelMatchStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:managedRuleGroupStatement:Statement' :: Maybe ManagedRuleGroupStatement
managedRuleGroupStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:notStatement:Statement' :: Maybe NotStatement
notStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:orStatement:Statement' :: Maybe OrStatement
orStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:rateBasedStatement:Statement' :: Maybe RateBasedStatement
rateBasedStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:regexMatchStatement:Statement' :: Maybe RegexMatchStatement
regexMatchStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:regexPatternSetReferenceStatement:Statement' :: Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:ruleGroupReferenceStatement:Statement' :: Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:sizeConstraintStatement:Statement' :: Maybe SizeConstraintStatement
sizeConstraintStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:sqliMatchStatement:Statement' :: Maybe SqliMatchStatement
sqliMatchStatement = forall a. Maybe a
Prelude.Nothing,
      $sel:xssMatchStatement:Statement' :: Maybe XssMatchStatement
xssMatchStatement = forall a. Maybe a
Prelude.Nothing
    }

-- | A logical rule statement used to combine other rule statements with AND
-- logic. You provide more than one Statement within the @AndStatement@.
statement_andStatement :: Lens.Lens' Statement (Prelude.Maybe AndStatement)
statement_andStatement :: Lens' Statement (Maybe AndStatement)
statement_andStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe AndStatement
andStatement :: Maybe AndStatement
$sel:andStatement:Statement' :: Statement -> Maybe AndStatement
andStatement} -> Maybe AndStatement
andStatement) (\s :: Statement
s@Statement' {} Maybe AndStatement
a -> Statement
s {$sel:andStatement:Statement' :: Maybe AndStatement
andStatement = Maybe AndStatement
a} :: Statement)

-- | A rule statement that defines a string match search for WAF to apply to
-- web requests. The byte match statement provides the bytes to search for,
-- the location in requests that you want WAF to search, and other
-- settings. The bytes to search for are typically a string that
-- corresponds with ASCII characters. In the WAF console and the developer
-- guide, this is called a string match statement.
statement_byteMatchStatement :: Lens.Lens' Statement (Prelude.Maybe ByteMatchStatement)
statement_byteMatchStatement :: Lens' Statement (Maybe ByteMatchStatement)
statement_byteMatchStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe ByteMatchStatement
byteMatchStatement :: Maybe ByteMatchStatement
$sel:byteMatchStatement:Statement' :: Statement -> Maybe ByteMatchStatement
byteMatchStatement} -> Maybe ByteMatchStatement
byteMatchStatement) (\s :: Statement
s@Statement' {} Maybe ByteMatchStatement
a -> Statement
s {$sel:byteMatchStatement:Statement' :: Maybe ByteMatchStatement
byteMatchStatement = Maybe ByteMatchStatement
a} :: Statement)

-- | A rule statement that labels web requests by country and region and that
-- matches against web requests based on country code. A geo match rule
-- labels every request that it inspects regardless of whether it finds a
-- match.
--
-- -   To manage requests only by country, you can use this statement by
--     itself and specify the countries that you want to match against in
--     the @CountryCodes@ array.
--
-- -   Otherwise, configure your geo match rule with Count action so that
--     it only labels requests. Then, add one or more label match rules to
--     run after the geo match rule and configure them to match against the
--     geographic labels and handle the requests as needed.
--
-- WAF labels requests using the alpha-2 country and region codes from the
-- International Organization for Standardization (ISO) 3166 standard. WAF
-- determines the codes using either the IP address in the web request
-- origin or, if you specify it, the address in the geo match
-- @ForwardedIPConfig@.
--
-- If you use the web request origin, the label formats are
-- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
-- @awswaf:clientip:geo:country:\<ISO country code>@.
--
-- If you use a forwarded IP address, the label formats are
-- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
-- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
--
-- For additional details, see
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
-- in the
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
statement_geoMatchStatement :: Lens.Lens' Statement (Prelude.Maybe GeoMatchStatement)
statement_geoMatchStatement :: Lens' Statement (Maybe GeoMatchStatement)
statement_geoMatchStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe GeoMatchStatement
geoMatchStatement :: Maybe GeoMatchStatement
$sel:geoMatchStatement:Statement' :: Statement -> Maybe GeoMatchStatement
geoMatchStatement} -> Maybe GeoMatchStatement
geoMatchStatement) (\s :: Statement
s@Statement' {} Maybe GeoMatchStatement
a -> Statement
s {$sel:geoMatchStatement:Statement' :: Maybe GeoMatchStatement
geoMatchStatement = Maybe GeoMatchStatement
a} :: Statement)

-- | A rule statement used to detect web requests coming from particular IP
-- addresses or address ranges. To use this, create an IPSet that specifies
-- the addresses you want to detect, then use the ARN of that set in this
-- statement. To create an IP set, see CreateIPSet.
--
-- Each IP set rule statement references an IP set. You create and maintain
-- the set independent of your rules. This allows you to use the single set
-- in multiple rules. When you update the referenced set, WAF automatically
-- updates all rules that reference it.
statement_iPSetReferenceStatement :: Lens.Lens' Statement (Prelude.Maybe IPSetReferenceStatement)
statement_iPSetReferenceStatement :: Lens' Statement (Maybe IPSetReferenceStatement)
statement_iPSetReferenceStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe IPSetReferenceStatement
iPSetReferenceStatement :: Maybe IPSetReferenceStatement
$sel:iPSetReferenceStatement:Statement' :: Statement -> Maybe IPSetReferenceStatement
iPSetReferenceStatement} -> Maybe IPSetReferenceStatement
iPSetReferenceStatement) (\s :: Statement
s@Statement' {} Maybe IPSetReferenceStatement
a -> Statement
s {$sel:iPSetReferenceStatement:Statement' :: Maybe IPSetReferenceStatement
iPSetReferenceStatement = Maybe IPSetReferenceStatement
a} :: Statement)

-- | A rule statement to match against labels that have been added to the web
-- request by rules that have already run in the web ACL.
--
-- The label match statement provides the label or namespace string to
-- search for. The label string can represent a part or all of the fully
-- qualified label name that had been added to the web request. Fully
-- qualified labels have a prefix, optional namespaces, and label name. The
-- prefix identifies the rule group or web ACL context of the rule that
-- added the label. If you do not provide the fully qualified name in your
-- label match string, WAF performs the search for labels that were added
-- in the same context as the label match statement.
statement_labelMatchStatement :: Lens.Lens' Statement (Prelude.Maybe LabelMatchStatement)
statement_labelMatchStatement :: Lens' Statement (Maybe LabelMatchStatement)
statement_labelMatchStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe LabelMatchStatement
labelMatchStatement :: Maybe LabelMatchStatement
$sel:labelMatchStatement:Statement' :: Statement -> Maybe LabelMatchStatement
labelMatchStatement} -> Maybe LabelMatchStatement
labelMatchStatement) (\s :: Statement
s@Statement' {} Maybe LabelMatchStatement
a -> Statement
s {$sel:labelMatchStatement:Statement' :: Maybe LabelMatchStatement
labelMatchStatement = Maybe LabelMatchStatement
a} :: Statement)

-- | A rule statement used to run the rules that are defined in a managed
-- rule group. To use this, provide the vendor name and the name of the
-- rule group in this statement. You can retrieve the required names by
-- calling ListAvailableManagedRuleGroups.
--
-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
-- top-level statement within a rule.
--
-- You are charged additional fees when you use the WAF Bot Control managed
-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
-- account takeover prevention (ATP) managed rule group
-- @AWSManagedRulesATPRuleSet@. For more information, see
-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
statement_managedRuleGroupStatement :: Lens.Lens' Statement (Prelude.Maybe ManagedRuleGroupStatement)
statement_managedRuleGroupStatement :: Lens' Statement (Maybe ManagedRuleGroupStatement)
statement_managedRuleGroupStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe ManagedRuleGroupStatement
managedRuleGroupStatement :: Maybe ManagedRuleGroupStatement
$sel:managedRuleGroupStatement:Statement' :: Statement -> Maybe ManagedRuleGroupStatement
managedRuleGroupStatement} -> Maybe ManagedRuleGroupStatement
managedRuleGroupStatement) (\s :: Statement
s@Statement' {} Maybe ManagedRuleGroupStatement
a -> Statement
s {$sel:managedRuleGroupStatement:Statement' :: Maybe ManagedRuleGroupStatement
managedRuleGroupStatement = Maybe ManagedRuleGroupStatement
a} :: Statement)

-- | A logical rule statement used to negate the results of another rule
-- statement. You provide one Statement within the @NotStatement@.
statement_notStatement :: Lens.Lens' Statement (Prelude.Maybe NotStatement)
statement_notStatement :: Lens' Statement (Maybe NotStatement)
statement_notStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe NotStatement
notStatement :: Maybe NotStatement
$sel:notStatement:Statement' :: Statement -> Maybe NotStatement
notStatement} -> Maybe NotStatement
notStatement) (\s :: Statement
s@Statement' {} Maybe NotStatement
a -> Statement
s {$sel:notStatement:Statement' :: Maybe NotStatement
notStatement = Maybe NotStatement
a} :: Statement)

-- | A logical rule statement used to combine other rule statements with OR
-- logic. You provide more than one Statement within the @OrStatement@.
statement_orStatement :: Lens.Lens' Statement (Prelude.Maybe OrStatement)
statement_orStatement :: Lens' Statement (Maybe OrStatement)
statement_orStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe OrStatement
orStatement :: Maybe OrStatement
$sel:orStatement:Statement' :: Statement -> Maybe OrStatement
orStatement} -> Maybe OrStatement
orStatement) (\s :: Statement
s@Statement' {} Maybe OrStatement
a -> Statement
s {$sel:orStatement:Statement' :: Maybe OrStatement
orStatement = Maybe OrStatement
a} :: Statement)

-- | A rate-based rule tracks the rate of requests for each originating IP
-- address, and triggers the rule action when the rate exceeds a limit that
-- you specify on the number of requests in any 5-minute time span. You can
-- use this to put a temporary block on requests from an IP address that is
-- sending excessive requests.
--
-- WAF tracks and manages web requests separately for each instance of a
-- rate-based rule that you use. For example, if you provide the same
-- rate-based rule settings in two web ACLs, each of the two rule
-- statements represents a separate instance of the rate-based rule and
-- gets its own tracking and management by WAF. If you define a rate-based
-- rule inside a rule group, and then use that rule group in multiple
-- places, each use creates a separate instance of the rate-based rule that
-- gets its own tracking and management by WAF.
--
-- When the rule action triggers, WAF blocks additional requests from the
-- IP address until the request rate falls below the limit.
--
-- You can optionally nest another statement inside the rate-based
-- statement, to narrow the scope of the rule so that it only counts
-- requests that match the nested statement. For example, based on recent
-- requests that you have seen from an attacker, you might create a
-- rate-based rule with a nested AND rule statement that contains the
-- following nested statements:
--
-- -   An IP match statement with an IP set that specified the address
--     192.0.2.44.
--
-- -   A string match statement that searches in the User-Agent header for
--     the string BadBot.
--
-- In this rate-based rule, you also define a rate limit. For this example,
-- the rate limit is 1,000. Requests that meet the criteria of both of the
-- nested statements are counted. If the count exceeds 1,000 requests per
-- five minutes, the rule action triggers. Requests that do not meet the
-- criteria of both of the nested statements are not counted towards the
-- rate limit and are not affected by this rule.
--
-- You cannot nest a @RateBasedStatement@ inside another statement, for
-- example inside a @NotStatement@ or @OrStatement@. You can define a
-- @RateBasedStatement@ inside a web ACL and inside a rule group.
statement_rateBasedStatement :: Lens.Lens' Statement (Prelude.Maybe RateBasedStatement)
statement_rateBasedStatement :: Lens' Statement (Maybe RateBasedStatement)
statement_rateBasedStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe RateBasedStatement
rateBasedStatement :: Maybe RateBasedStatement
$sel:rateBasedStatement:Statement' :: Statement -> Maybe RateBasedStatement
rateBasedStatement} -> Maybe RateBasedStatement
rateBasedStatement) (\s :: Statement
s@Statement' {} Maybe RateBasedStatement
a -> Statement
s {$sel:rateBasedStatement:Statement' :: Maybe RateBasedStatement
rateBasedStatement = Maybe RateBasedStatement
a} :: Statement)

-- | A rule statement used to search web request components for a match
-- against a single regular expression.
statement_regexMatchStatement :: Lens.Lens' Statement (Prelude.Maybe RegexMatchStatement)
statement_regexMatchStatement :: Lens' Statement (Maybe RegexMatchStatement)
statement_regexMatchStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe RegexMatchStatement
regexMatchStatement :: Maybe RegexMatchStatement
$sel:regexMatchStatement:Statement' :: Statement -> Maybe RegexMatchStatement
regexMatchStatement} -> Maybe RegexMatchStatement
regexMatchStatement) (\s :: Statement
s@Statement' {} Maybe RegexMatchStatement
a -> Statement
s {$sel:regexMatchStatement:Statement' :: Maybe RegexMatchStatement
regexMatchStatement = Maybe RegexMatchStatement
a} :: Statement)

-- | A rule statement used to search web request components for matches with
-- regular expressions. To use this, create a RegexPatternSet that
-- specifies the expressions that you want to detect, then use the ARN of
-- that set in this statement. A web request matches the pattern set rule
-- statement if the request component matches any of the patterns in the
-- set. To create a regex pattern set, see CreateRegexPatternSet.
--
-- Each regex pattern set rule statement references a regex pattern set.
-- You create and maintain the set independent of your rules. This allows
-- you to use the single set in multiple rules. When you update the
-- referenced set, WAF automatically updates all rules that reference it.
statement_regexPatternSetReferenceStatement :: Lens.Lens' Statement (Prelude.Maybe RegexPatternSetReferenceStatement)
statement_regexPatternSetReferenceStatement :: Lens' Statement (Maybe RegexPatternSetReferenceStatement)
statement_regexPatternSetReferenceStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement :: Maybe RegexPatternSetReferenceStatement
$sel:regexPatternSetReferenceStatement:Statement' :: Statement -> Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement} -> Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement) (\s :: Statement
s@Statement' {} Maybe RegexPatternSetReferenceStatement
a -> Statement
s {$sel:regexPatternSetReferenceStatement:Statement' :: Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement = Maybe RegexPatternSetReferenceStatement
a} :: Statement)

-- | A rule statement used to run the rules that are defined in a RuleGroup.
-- To use this, create a rule group with your rules, then provide the ARN
-- of the rule group in this statement.
--
-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
-- reference statement at the top level inside a web ACL.
statement_ruleGroupReferenceStatement :: Lens.Lens' Statement (Prelude.Maybe RuleGroupReferenceStatement)
statement_ruleGroupReferenceStatement :: Lens' Statement (Maybe RuleGroupReferenceStatement)
statement_ruleGroupReferenceStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement :: Maybe RuleGroupReferenceStatement
$sel:ruleGroupReferenceStatement:Statement' :: Statement -> Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement} -> Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement) (\s :: Statement
s@Statement' {} Maybe RuleGroupReferenceStatement
a -> Statement
s {$sel:ruleGroupReferenceStatement:Statement' :: Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement = Maybe RuleGroupReferenceStatement
a} :: Statement)

-- | A rule statement that compares a number of bytes against the size of a
-- request component, using a comparison operator, such as greater than (>)
-- or less than (\<). For example, you can use a size constraint statement
-- to look for query strings that are longer than 100 bytes.
--
-- If you configure WAF to inspect the request body, WAF inspects only the
-- first 8192 bytes (8 KB). If the request body for your web requests never
-- exceeds 8192 bytes, you could use a size constraint statement to block
-- requests that have a request body greater than 8192 bytes.
--
-- If you choose URI for the value of Part of the request to filter on, the
-- slash (\/) in the URI counts as one character. For example, the URI
-- @\/logo.jpg@ is nine characters long.
statement_sizeConstraintStatement :: Lens.Lens' Statement (Prelude.Maybe SizeConstraintStatement)
statement_sizeConstraintStatement :: Lens' Statement (Maybe SizeConstraintStatement)
statement_sizeConstraintStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe SizeConstraintStatement
sizeConstraintStatement :: Maybe SizeConstraintStatement
$sel:sizeConstraintStatement:Statement' :: Statement -> Maybe SizeConstraintStatement
sizeConstraintStatement} -> Maybe SizeConstraintStatement
sizeConstraintStatement) (\s :: Statement
s@Statement' {} Maybe SizeConstraintStatement
a -> Statement
s {$sel:sizeConstraintStatement:Statement' :: Maybe SizeConstraintStatement
sizeConstraintStatement = Maybe SizeConstraintStatement
a} :: Statement)

-- | A rule statement that inspects for malicious SQL code. Attackers insert
-- malicious SQL code into web requests to do things like modify your
-- database or extract data from it.
statement_sqliMatchStatement :: Lens.Lens' Statement (Prelude.Maybe SqliMatchStatement)
statement_sqliMatchStatement :: Lens' Statement (Maybe SqliMatchStatement)
statement_sqliMatchStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe SqliMatchStatement
sqliMatchStatement :: Maybe SqliMatchStatement
$sel:sqliMatchStatement:Statement' :: Statement -> Maybe SqliMatchStatement
sqliMatchStatement} -> Maybe SqliMatchStatement
sqliMatchStatement) (\s :: Statement
s@Statement' {} Maybe SqliMatchStatement
a -> Statement
s {$sel:sqliMatchStatement:Statement' :: Maybe SqliMatchStatement
sqliMatchStatement = Maybe SqliMatchStatement
a} :: Statement)

-- | A rule statement that inspects for cross-site scripting (XSS) attacks.
-- In XSS attacks, the attacker uses vulnerabilities in a benign website as
-- a vehicle to inject malicious client-site scripts into other legitimate
-- web browsers.
statement_xssMatchStatement :: Lens.Lens' Statement (Prelude.Maybe XssMatchStatement)
statement_xssMatchStatement :: Lens' Statement (Maybe XssMatchStatement)
statement_xssMatchStatement = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Statement' {Maybe XssMatchStatement
xssMatchStatement :: Maybe XssMatchStatement
$sel:xssMatchStatement:Statement' :: Statement -> Maybe XssMatchStatement
xssMatchStatement} -> Maybe XssMatchStatement
xssMatchStatement) (\s :: Statement
s@Statement' {} Maybe XssMatchStatement
a -> Statement
s {$sel:xssMatchStatement:Statement' :: Maybe XssMatchStatement
xssMatchStatement = Maybe XssMatchStatement
a} :: Statement)

instance Data.FromJSON Statement where
  parseJSON :: Value -> Parser Statement
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"Statement"
      ( \Object
x ->
          Maybe AndStatement
-> Maybe ByteMatchStatement
-> Maybe GeoMatchStatement
-> Maybe IPSetReferenceStatement
-> Maybe LabelMatchStatement
-> Maybe ManagedRuleGroupStatement
-> Maybe NotStatement
-> Maybe OrStatement
-> Maybe RateBasedStatement
-> Maybe RegexMatchStatement
-> Maybe RegexPatternSetReferenceStatement
-> Maybe RuleGroupReferenceStatement
-> Maybe SizeConstraintStatement
-> Maybe SqliMatchStatement
-> Maybe XssMatchStatement
-> Statement
Statement'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"AndStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ByteMatchStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"GeoMatchStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"IPSetReferenceStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"LabelMatchStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ManagedRuleGroupStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"NotStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"OrStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"RateBasedStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"RegexMatchStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"RegexPatternSetReferenceStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"RuleGroupReferenceStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"SizeConstraintStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"SqliMatchStatement")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"XssMatchStatement")
      )

instance Prelude.Hashable Statement where
  hashWithSalt :: Int -> Statement -> Int
hashWithSalt Int
_salt Statement' {Maybe AndStatement
Maybe GeoMatchStatement
Maybe IPSetReferenceStatement
Maybe LabelMatchStatement
Maybe ManagedRuleGroupStatement
Maybe NotStatement
Maybe OrStatement
Maybe RateBasedStatement
Maybe RuleGroupReferenceStatement
Maybe SqliMatchStatement
Maybe SizeConstraintStatement
Maybe RegexPatternSetReferenceStatement
Maybe RegexMatchStatement
Maybe ByteMatchStatement
Maybe XssMatchStatement
xssMatchStatement :: Maybe XssMatchStatement
sqliMatchStatement :: Maybe SqliMatchStatement
sizeConstraintStatement :: Maybe SizeConstraintStatement
ruleGroupReferenceStatement :: Maybe RuleGroupReferenceStatement
regexPatternSetReferenceStatement :: Maybe RegexPatternSetReferenceStatement
regexMatchStatement :: Maybe RegexMatchStatement
rateBasedStatement :: Maybe RateBasedStatement
orStatement :: Maybe OrStatement
notStatement :: Maybe NotStatement
managedRuleGroupStatement :: Maybe ManagedRuleGroupStatement
labelMatchStatement :: Maybe LabelMatchStatement
iPSetReferenceStatement :: Maybe IPSetReferenceStatement
geoMatchStatement :: Maybe GeoMatchStatement
byteMatchStatement :: Maybe ByteMatchStatement
andStatement :: Maybe AndStatement
$sel:xssMatchStatement:Statement' :: Statement -> Maybe XssMatchStatement
$sel:sqliMatchStatement:Statement' :: Statement -> Maybe SqliMatchStatement
$sel:sizeConstraintStatement:Statement' :: Statement -> Maybe SizeConstraintStatement
$sel:ruleGroupReferenceStatement:Statement' :: Statement -> Maybe RuleGroupReferenceStatement
$sel:regexPatternSetReferenceStatement:Statement' :: Statement -> Maybe RegexPatternSetReferenceStatement
$sel:regexMatchStatement:Statement' :: Statement -> Maybe RegexMatchStatement
$sel:rateBasedStatement:Statement' :: Statement -> Maybe RateBasedStatement
$sel:orStatement:Statement' :: Statement -> Maybe OrStatement
$sel:notStatement:Statement' :: Statement -> Maybe NotStatement
$sel:managedRuleGroupStatement:Statement' :: Statement -> Maybe ManagedRuleGroupStatement
$sel:labelMatchStatement:Statement' :: Statement -> Maybe LabelMatchStatement
$sel:iPSetReferenceStatement:Statement' :: Statement -> Maybe IPSetReferenceStatement
$sel:geoMatchStatement:Statement' :: Statement -> Maybe GeoMatchStatement
$sel:byteMatchStatement:Statement' :: Statement -> Maybe ByteMatchStatement
$sel:andStatement:Statement' :: Statement -> Maybe AndStatement
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe AndStatement
andStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe ByteMatchStatement
byteMatchStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe GeoMatchStatement
geoMatchStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe IPSetReferenceStatement
iPSetReferenceStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe LabelMatchStatement
labelMatchStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe ManagedRuleGroupStatement
managedRuleGroupStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe NotStatement
notStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe OrStatement
orStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe RateBasedStatement
rateBasedStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe RegexMatchStatement
regexMatchStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe SizeConstraintStatement
sizeConstraintStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe SqliMatchStatement
sqliMatchStatement
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe XssMatchStatement
xssMatchStatement

instance Prelude.NFData Statement where
  rnf :: Statement -> ()
rnf Statement' {Maybe AndStatement
Maybe GeoMatchStatement
Maybe IPSetReferenceStatement
Maybe LabelMatchStatement
Maybe ManagedRuleGroupStatement
Maybe NotStatement
Maybe OrStatement
Maybe RateBasedStatement
Maybe RuleGroupReferenceStatement
Maybe SqliMatchStatement
Maybe SizeConstraintStatement
Maybe RegexPatternSetReferenceStatement
Maybe RegexMatchStatement
Maybe ByteMatchStatement
Maybe XssMatchStatement
xssMatchStatement :: Maybe XssMatchStatement
sqliMatchStatement :: Maybe SqliMatchStatement
sizeConstraintStatement :: Maybe SizeConstraintStatement
ruleGroupReferenceStatement :: Maybe RuleGroupReferenceStatement
regexPatternSetReferenceStatement :: Maybe RegexPatternSetReferenceStatement
regexMatchStatement :: Maybe RegexMatchStatement
rateBasedStatement :: Maybe RateBasedStatement
orStatement :: Maybe OrStatement
notStatement :: Maybe NotStatement
managedRuleGroupStatement :: Maybe ManagedRuleGroupStatement
labelMatchStatement :: Maybe LabelMatchStatement
iPSetReferenceStatement :: Maybe IPSetReferenceStatement
geoMatchStatement :: Maybe GeoMatchStatement
byteMatchStatement :: Maybe ByteMatchStatement
andStatement :: Maybe AndStatement
$sel:xssMatchStatement:Statement' :: Statement -> Maybe XssMatchStatement
$sel:sqliMatchStatement:Statement' :: Statement -> Maybe SqliMatchStatement
$sel:sizeConstraintStatement:Statement' :: Statement -> Maybe SizeConstraintStatement
$sel:ruleGroupReferenceStatement:Statement' :: Statement -> Maybe RuleGroupReferenceStatement
$sel:regexPatternSetReferenceStatement:Statement' :: Statement -> Maybe RegexPatternSetReferenceStatement
$sel:regexMatchStatement:Statement' :: Statement -> Maybe RegexMatchStatement
$sel:rateBasedStatement:Statement' :: Statement -> Maybe RateBasedStatement
$sel:orStatement:Statement' :: Statement -> Maybe OrStatement
$sel:notStatement:Statement' :: Statement -> Maybe NotStatement
$sel:managedRuleGroupStatement:Statement' :: Statement -> Maybe ManagedRuleGroupStatement
$sel:labelMatchStatement:Statement' :: Statement -> Maybe LabelMatchStatement
$sel:iPSetReferenceStatement:Statement' :: Statement -> Maybe IPSetReferenceStatement
$sel:geoMatchStatement:Statement' :: Statement -> Maybe GeoMatchStatement
$sel:byteMatchStatement:Statement' :: Statement -> Maybe ByteMatchStatement
$sel:andStatement:Statement' :: Statement -> Maybe AndStatement
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe AndStatement
andStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe ByteMatchStatement
byteMatchStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe GeoMatchStatement
geoMatchStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe IPSetReferenceStatement
iPSetReferenceStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe LabelMatchStatement
labelMatchStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe ManagedRuleGroupStatement
managedRuleGroupStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe NotStatement
notStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe OrStatement
orStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe RateBasedStatement
rateBasedStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe RegexMatchStatement
regexMatchStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe SizeConstraintStatement
sizeConstraintStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe SqliMatchStatement
sqliMatchStatement
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe XssMatchStatement
xssMatchStatement

instance Data.ToJSON Statement where
  toJSON :: Statement -> Value
toJSON Statement' {Maybe AndStatement
Maybe GeoMatchStatement
Maybe IPSetReferenceStatement
Maybe LabelMatchStatement
Maybe ManagedRuleGroupStatement
Maybe NotStatement
Maybe OrStatement
Maybe RateBasedStatement
Maybe RuleGroupReferenceStatement
Maybe SqliMatchStatement
Maybe SizeConstraintStatement
Maybe RegexPatternSetReferenceStatement
Maybe RegexMatchStatement
Maybe ByteMatchStatement
Maybe XssMatchStatement
xssMatchStatement :: Maybe XssMatchStatement
sqliMatchStatement :: Maybe SqliMatchStatement
sizeConstraintStatement :: Maybe SizeConstraintStatement
ruleGroupReferenceStatement :: Maybe RuleGroupReferenceStatement
regexPatternSetReferenceStatement :: Maybe RegexPatternSetReferenceStatement
regexMatchStatement :: Maybe RegexMatchStatement
rateBasedStatement :: Maybe RateBasedStatement
orStatement :: Maybe OrStatement
notStatement :: Maybe NotStatement
managedRuleGroupStatement :: Maybe ManagedRuleGroupStatement
labelMatchStatement :: Maybe LabelMatchStatement
iPSetReferenceStatement :: Maybe IPSetReferenceStatement
geoMatchStatement :: Maybe GeoMatchStatement
byteMatchStatement :: Maybe ByteMatchStatement
andStatement :: Maybe AndStatement
$sel:xssMatchStatement:Statement' :: Statement -> Maybe XssMatchStatement
$sel:sqliMatchStatement:Statement' :: Statement -> Maybe SqliMatchStatement
$sel:sizeConstraintStatement:Statement' :: Statement -> Maybe SizeConstraintStatement
$sel:ruleGroupReferenceStatement:Statement' :: Statement -> Maybe RuleGroupReferenceStatement
$sel:regexPatternSetReferenceStatement:Statement' :: Statement -> Maybe RegexPatternSetReferenceStatement
$sel:regexMatchStatement:Statement' :: Statement -> Maybe RegexMatchStatement
$sel:rateBasedStatement:Statement' :: Statement -> Maybe RateBasedStatement
$sel:orStatement:Statement' :: Statement -> Maybe OrStatement
$sel:notStatement:Statement' :: Statement -> Maybe NotStatement
$sel:managedRuleGroupStatement:Statement' :: Statement -> Maybe ManagedRuleGroupStatement
$sel:labelMatchStatement:Statement' :: Statement -> Maybe LabelMatchStatement
$sel:iPSetReferenceStatement:Statement' :: Statement -> Maybe IPSetReferenceStatement
$sel:geoMatchStatement:Statement' :: Statement -> Maybe GeoMatchStatement
$sel:byteMatchStatement:Statement' :: Statement -> Maybe ByteMatchStatement
$sel:andStatement:Statement' :: Statement -> Maybe AndStatement
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"AndStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe AndStatement
andStatement,
            (Key
"ByteMatchStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe ByteMatchStatement
byteMatchStatement,
            (Key
"GeoMatchStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe GeoMatchStatement
geoMatchStatement,
            (Key
"IPSetReferenceStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe IPSetReferenceStatement
iPSetReferenceStatement,
            (Key
"LabelMatchStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe LabelMatchStatement
labelMatchStatement,
            (Key
"ManagedRuleGroupStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe ManagedRuleGroupStatement
managedRuleGroupStatement,
            (Key
"NotStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe NotStatement
notStatement,
            (Key
"OrStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe OrStatement
orStatement,
            (Key
"RateBasedStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RateBasedStatement
rateBasedStatement,
            (Key
"RegexMatchStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RegexMatchStatement
regexMatchStatement,
            (Key
"RegexPatternSetReferenceStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RegexPatternSetReferenceStatement
regexPatternSetReferenceStatement,
            (Key
"RuleGroupReferenceStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RuleGroupReferenceStatement
ruleGroupReferenceStatement,
            (Key
"SizeConstraintStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe SizeConstraintStatement
sizeConstraintStatement,
            (Key
"SqliMatchStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe SqliMatchStatement
sqliMatchStatement,
            (Key
"XssMatchStatement" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe XssMatchStatement
xssMatchStatement
          ]
      )