{"id":20,"date":"2022-09-30T23:29:06","date_gmt":"2022-10-01T04:29:06","guid":{"rendered":"https:\/\/waratek.com\/?page_id=20"},"modified":"2022-10-31T16:39:37","modified_gmt":"2022-10-31T21:39:37","slug":"chapter-4-imperative-and-instant-security-as-code","status":"publish","type":"page","link":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/","title":{"rendered":"Chapter 4: Imperative and Instant Security-as-Code"},"content":{"rendered":"<p class=\"p1\">In the imperative approach, the SaC solution helps you prepare automation scripts that apply your security one specific step at a time.<\/p>\n<p class=\"p1\">Imperative rules require a higher level of domain experience with your applications. Still, the reward is more control over how you<span class=\"Apple-converted-space\">\u00a0<\/span>accomplish vulnerability remediation, which is ideal when you need to make small changes, optimize for a specific purpose, or account for software quirks.<\/p>\n<p class=\"p1\">Log4shell is an excellent example where following the recommended patching of removing the JNDI Lookup class can break some applications.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p class=\"p2\">Rather than completely removing the class, it\u2019s possible with imperative rules to specify specific conditions in your applications where you want the JNDI Lookup class to function but place constraints around what you expect from the outputs.<\/p>\n<p class=\"p2\">Below is an example imperative rule for CVE-2021-44228:<\/p>\n<pre class=\"p1\"><span class=\"s1\">app<\/span><span class=\"s2\">(<\/span>\"APACHE LOG4J - CVE-2021-44228 - v1.2, b2\"<span class=\"s2\">)<\/span><span class=\"s3\">:<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 <\/span><span class=\"s1\">requires<\/span>(version<span class=\"s3\">:<\/span> ARMR<span class=\"s3\">\/<\/span><span class=\"s4\">2.2<\/span>)\r\n<span class=\"s2\"><span class=\"Apple-converted-space\">\u00a0 \u00a0 <\/span><\/span><span class=\"s1\">patch<\/span><span class=\"s2\">(<\/span>\"CVE-2021-44228 :01\"<span class=\"s2\">)<\/span><span class=\"s3\">:<\/span>\r\n<span class=\"s2\"><span class=\"Apple-converted-space\">\u00a0 \u00a0 <\/span><\/span><span class=\"s1\">function<\/span><span class=\"s2\">(<\/span>\"org\/apache\/logging\/log4j\/core\/net\/JndiManager.lookup(Ljava\/lang\/String;)Ljava\/lang\/Object;\"<span class=\"s2\">,<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 <\/span>checksums<span class=\"s3\">:<\/span> [<span class=\"s5\">\"da55340ac1\"<\/span>,\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s5\">\"02c6120d62\"<\/span>,\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s5\">\"b04cf027e3\"<\/span>,\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s5\">\"d3ad3c6d00\"<\/span>,\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s5\">\"bb0462e72d\"<\/span>])\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s1\">entry<\/span>()\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s1\">code<\/span>(language<span class=\"s3\">:<\/span> java)<span class=\"s3\">:<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s3\">public void<\/span> <span class=\"s1\">patch<\/span>(<span class=\"s4\">JavaFrame<\/span> frame) {\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s4\">String<\/span> <span class=\"s6\">payload<\/span> <span class=\"s3\">=<\/span> <span class=\"s6\">frame<\/span>.<span class=\"s1\">loadStringVariable<\/span>(<span class=\"s4\">1<\/span>);\r\n<span class=\"s2\"><span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><\/span><span class=\"s1\">log<\/span><span class=\"s2\">(<\/span>\"Forcing JndiManager.lookup() to return 'null' due to CVE-2021-44228\"<span class=\"s2\">, <\/span><span class=\"s6\">payload<\/span><span class=\"s2\">)<\/span><span class=\"s3\">;<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s6\">frame<\/span>.<span class=\"s1\">returnObject<\/span>(<span class=\"s4\">null<\/span>)<span class=\"s3\">;<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span>}\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s3\">private static void<\/span> <span class=\"s1\">log<\/span>(<span class=\"s4\">String<\/span> msg, <span class=\"s4\">String<\/span> payload) {\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s4\">ArmrEvent<\/span> <span class=\"s6\">event<\/span> <span class=\"s3\">=<\/span> <span class=\"s4\">ArmrEvent<\/span>.<span class=\"s1\">load<\/span>(<span class=\"s5\">\"ALERT\"<\/span>, <span class=\"s5\">\"HIGH\"<\/span>)<span class=\"s3\">;<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s6\">event<\/span>.<span class=\"s1\">addExtension<\/span>(<span class=\"s5\">\"msg\"<\/span>, msg)<span class=\"s3\">;<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s6\">event<\/span>.<span class=\"s1\">addExtension<\/span>(<span class=\"s5\">\"payload\"<\/span>, payload)<span class=\"s3\">;<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><span class=\"s6\">event<\/span>.<span class=\"s1\">commit<\/span>()<span class=\"s3\">;<\/span>\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span>}\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 \u00a0 \u00a0 <\/span>endcode\r\n<span class=\"Apple-converted-space\">\u00a0 \u00a0 <\/span>endpatch\r\nendapp<\/pre>\n","protected":false},"excerpt":{"rendered":"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.","protected":false},"author":1,"featured_media":411,"parent":16,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"template-chapter.blade.php","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-20","page","type-page","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.7 (Yoast SEO v25.4) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Chapter 4: Imperative and Instant Security-as-Code | Waratek<\/title>\n<meta name=\"description\" content=\"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chapter 4: Imperative and Instant Security-as-Code | Waratek\" \/>\n<meta property=\"og:description\" content=\"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/\" \/>\n<meta property=\"og:site_name\" content=\"Waratek\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-31T21:39:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@waratek\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/\",\"url\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/\",\"name\":\"Chapter 4: Imperative and Instant Security-as-Code | Waratek\",\"isPartOf\":{\"@id\":\"https:\/\/waratek.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png\",\"datePublished\":\"2022-10-01T04:29:06+00:00\",\"dateModified\":\"2022-10-31T21:39:37+00:00\",\"description\":\"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.\",\"breadcrumb\":{\"@id\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#primaryimage\",\"url\":\"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png\",\"contentUrl\":\"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/waratek.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security-as-Code: How to with Modern Development\",\"item\":\"https:\/\/waratek.com\/security-as-code\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4: Imperative and Instant Security-as-Code\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/waratek.com\/#website\",\"url\":\"https:\/\/waratek.com\/\",\"name\":\"Waratek\",\"description\":\"Just another WordPress site\",\"publisher\":{\"@id\":\"https:\/\/waratek.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/waratek.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/waratek.com\/#organization\",\"name\":\"Waratek\",\"url\":\"https:\/\/waratek.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/waratek.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/logo-dark-small.png\",\"contentUrl\":\"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/logo-dark-small.png\",\"width\":150,\"height\":31,\"caption\":\"Waratek\"},\"image\":{\"@id\":\"https:\/\/waratek.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/waratek\",\"https:\/\/www.linkedin.com\/company\/waratek-ltd\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Chapter 4: Imperative and Instant Security-as-Code | Waratek","description":"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/","og_locale":"en_US","og_type":"article","og_title":"Chapter 4: Imperative and Instant Security-as-Code | Waratek","og_description":"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.","og_url":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/","og_site_name":"Waratek","article_modified_time":"2022-10-31T21:39:37+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@waratek","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/","url":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/","name":"Chapter 4: Imperative and Instant Security-as-Code | Waratek","isPartOf":{"@id":"https:\/\/waratek.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#primaryimage"},"image":{"@id":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#primaryimage"},"thumbnailUrl":"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png","datePublished":"2022-10-01T04:29:06+00:00","dateModified":"2022-10-31T21:39:37+00:00","description":"Imperative rules tell the machine how security should be done. Learn how to use imperative Security-as-Code rules to instantly remediate CVEs.","breadcrumb":{"@id":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#primaryimage","url":"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png","contentUrl":"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/imperative.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/waratek.com\/security-as-code\/chapter-4-imperative-and-instant-security-as-code\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/waratek.com\/"},{"@type":"ListItem","position":2,"name":"Security-as-Code: How to with Modern Development","item":"https:\/\/waratek.com\/security-as-code\/"},{"@type":"ListItem","position":3,"name":"Chapter 4: Imperative and Instant Security-as-Code"}]},{"@type":"WebSite","@id":"https:\/\/waratek.com\/#website","url":"https:\/\/waratek.com\/","name":"Waratek","description":"Just another WordPress site","publisher":{"@id":"https:\/\/waratek.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/waratek.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/waratek.com\/#organization","name":"Waratek","url":"https:\/\/waratek.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/waratek.com\/#\/schema\/logo\/image\/","url":"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/logo-dark-small.png","contentUrl":"https:\/\/waratek.com\/wp-content\/uploads\/2022\/10\/logo-dark-small.png","width":150,"height":31,"caption":"Waratek"},"image":{"@id":"https:\/\/waratek.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/waratek","https:\/\/www.linkedin.com\/company\/waratek-ltd"]}]}},"_links":{"self":[{"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/pages\/20","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/comments?post=20"}],"version-history":[{"count":0,"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/pages\/20\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/pages\/16"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/media\/411"}],"wp:attachment":[{"href":"https:\/\/waratek.com\/wp-json\/wp\/v2\/media?parent=20"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}