I found the implementation for the web application firewall policy is removing hyphens despite them being a valid character.

Looking at #106 it seems like the name should have had the following

• dashes enabled
• hyphens, periods and underscores as part of the regex/validation regex.

The slug chosen also doesn't match the abbreviation example given in caf best practices list

suggested breaking change below.

{
    "name": "azurerm_web_application_firewall_policy",
    "min_length": 1,
    "max_length": 80,
    "validation_regex": "\"^[a-zA-Z0-9][a-zA-Z0-9-._]{0,78}[a-zA-Z0-9_]$\"",
    "scope": "global",
    "slug": "waf",
    "dashes": true,
    "lowercase": false,
    "regex": "\"[^0-9A-Za-z-._]\""
},