RubyGems - libddwaf - Versions diffs - 1.0.12.0.0.beta1 → 1.0.14.1.0.beta2 - Mend

libddwaf 1.0.12.0.0.beta1 → 1.0.14.1.0.beta2

Files changed (7) hide show

checksums.yaml +4 -4
data/.github/workflows/package.yml +70 -3
data/.github/workflows/test.yml +24 -0
data/lib/datadog/security/waf/version.rb +2 -3
data/lib/datadog/security/waf.rb +35 -27
data/libddwaf.gemspec +2 -2
metadata +10 -13

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 149b110d2839d0a87023bcb956689ecc5a65c366080979a7fbdd458a59f2f928
-  data.tar.gz: 8d5181f1cb4e98ed8aa065a948480de18a032f5a7c31f084b936e6b10800d81b
+  metadata.gz: da5262e02876806999ce83838b67075a41513db863ae2e2516ed5a899a9ce80b
+  data.tar.gz: 451b6cfcaa9bd3c76a5937d4a41f3ec76a4476b574312806635835f5e4a6aa43
 SHA512:
-  metadata.gz: 83006f3f968659cd4701f87469bd8b570bb1f245282b4a2c037a45f2e7b71bd3f4def34cba9ace7eefdd2eb0d0ba269b9d0c1301920610bd8ad0d97138413f45
-  data.tar.gz: 31dc16a314fd59ccafb97ad828e9ac8ddfadda8b44e412f9067ae982328e5582b5d6b66e24f9d992231b0f494949b9d2cee4ce09177a3af51488d5f5c9dc304f
+  metadata.gz: 79607138388c2584af5b81da69ac349184470cc7eb702d2a2a3301e6aa0764b39fca3d537c781a99a3b2d4574df51c1a15d81557f29e4f2d96061cd7232db380
+  data.tar.gz: 9831bcce3b6f4b7e3f53bb872fcf90443b13cce267d7a4fe765f0639d582633977ae7cd7d1f46523255b6e6069e6d4c54a697b126035ec44cc39c73879ff646f

data/.github/workflows/package.yml CHANGED Viewed

@@ -3,7 +3,34 @@ on:
   - push
 jobs:
-  package:
+  package-ruby:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-20.04
+            cpu: x86_64
+            platform: ruby
+    name: Build package (${{ matrix.platform }})
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install Linux build tools
+        if: ${{ startsWith(matrix.os, 'ubuntu-') }}
+        run: sudo apt-get install -y ruby ruby-bundler
+      - name: Bundle
+        run: |
+          bundle install
+      - name: Build package
+        run: |
+          bundle exec rake build
+      - name: Upload gem
+        uses: actions/upload-artifact@v2
+        with:
+          name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
+          path: pkg
+  package-binary:
     strategy:
       fail-fast: false
       matrix:
@@ -45,8 +72,48 @@ jobs:
         with:
           name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
           path: pkg
+  test-ruby:
+    needs: package-ruby
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-20.04
+            cpu: x86_64
+            platform: ruby
+            image: ruby:2.6
+            qemu: amd64
+            libc: gnu
+    name: Test package (${{ matrix.platform }}-${{ matrix.libc }})
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Enable ${{ matrix.qemu }} platform
+        id: qemu
+        if: ${{ matrix.cpu != 'amd64' }}
+        run: |
+          docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
+          echo "::set-output name=platforms::$(cat platforms.json)"
+      - name: Start container
+        id: container
+        run: |
+          echo ${{ matrix.image }} > container_image
+          docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
+          docker exec -w "${PWD}" $(cat container_id) uname -a
+          echo "::set-output name=id::$(cat container_id)"
+      - uses: actions/download-artifact@v2
+        with:
+          name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
+          path: pkg
+      - name: List artifact files
+        run: find .
+        working-directory: pkg
+      - name: Install gem
+        run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
+      - name: Run smoke test
+        run: |
+          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -e 'begin require "libddwaf"; rescue LoadError => e; puts e.message; else fail "loaded when it should not"; end'
   test-linux:
-    needs: package
+    needs: package-binary
     strategy:
       fail-fast: false
       matrix:
@@ -107,7 +174,7 @@ jobs:
         run: |
           docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::Security::WAF::LibDDWAF::Version.new; Datadog::Security::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
   test-darwin:
-    needs: package
+    needs: package-binary
     strategy:
       fail-fast: false
       matrix:

data/.github/workflows/test.yml CHANGED Viewed

@@ -8,6 +8,18 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-20.04
+            cpu: x86_64
+            platform: x86_64-linux
+            image: ruby:3.1
+            qemu: amd64
+            libc: gnu
+          - os: ubuntu-20.04
+            cpu: aarch64
+            platform: aarch64-linux
+            image: ruby:3.1
+            qemu: arm64
+            libc: gnu
           - os: ubuntu-20.04
             cpu: x86_64
             platform: x86_64-linux
@@ -74,6 +86,18 @@ jobs:
             image: ruby:2.1
             qemu: amd64
             libc: gnu
+          - os: ubuntu-20.04
+            cpu: x86_64
+            platform: x86_64-linux
+            image: ruby:3.1-alpine
+            qemu: amd64
+            libc: musl
+          - os: ubuntu-20.04
+            cpu: aarch64
+            platform: aarch64-linux
+            image: ruby:3.1-alpine
+            qemu: arm64
+            libc: musl
           - os: ubuntu-20.04
             cpu: x86_64
             platform: x86_64-linux

data/lib/datadog/security/waf/version.rb CHANGED Viewed

@@ -2,10 +2,9 @@ module Datadog
   module Security
     module WAF
       module VERSION
-        BASE_STRING = '1.0.12'
-        STRING = "#{BASE_STRING}.0.0.beta1"
+        BASE_STRING = '1.0.14'
+        STRING = "#{BASE_STRING}.1.0.beta2"
         MINIMUM_RUBY_VERSION = '2.1'
-        MAXIMUM_RUBY_VERSION = '3.1'
       end
     end
   end

data/lib/datadog/security/waf.rb CHANGED Viewed

@@ -15,10 +15,10 @@ module Datadog
             os_name = java.lang.System.get_property('os.name')
             os = case os_name
-                when /linux/i then 'linux'
-                when /mac/i   then 'darwin'
-                else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
-                end
+                 when /linux/i then 'linux'
+                 when /mac/i   then 'darwin'
+                 else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
+                 end
             return os
           end
@@ -55,8 +55,8 @@ module Datadog
         class Version < ::FFI::Struct
           layout :major, :uint16,
-                :minor, :uint16,
-                :patch, :uint16
+                 :minor, :uint16,
+                 :patch, :uint16
         end
         typedef Version.by_ref, :ddwaf_version
@@ -76,17 +76,17 @@ module Datadog
         class ObjectValueUnion < ::FFI::Union
           layout :stringValue, :charptr,
-                :uintValue,   :uint64,
-                :intValue,    :int64,
-                :array,       :pointer
+                 :uintValue,   :uint64,
+                 :intValue,    :int64,
+                 :array,       :pointer
         end
         class Object < ::FFI::Struct
           layout :parameterName,       :charptr,
-                :parameterNameLength, :uint64,
-                :valueUnion,          ObjectValueUnion,
-                :nbEntries,           :uint64,
-                :type,                DDWAF_OBJ_TYPE
+                 :parameterNameLength, :uint64,
+                 :valueUnion,          ObjectValueUnion,
+                 :nbEntries,           :uint64,
+                 :type,                DDWAF_OBJ_TYPE
         end
         typedef Object.by_ref, :ddwaf_object
@@ -118,8 +118,8 @@ module Datadog
         class Config < ::FFI::Struct
           layout :maxArrayLength, :uint64,
-                :maxMapDepth,    :uint64,
-                :maxTimeStore,   :uint64
+                 :maxMapDepth,    :uint64,
+                 :maxTimeStore,   :uint64
         end
         typedef Config.by_ref, :ddwaf_config
@@ -127,6 +127,8 @@ module Datadog
         attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
+        attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
         # running
         typedef :pointer, :ddwaf_context
@@ -136,7 +138,6 @@ module Datadog
         attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
         DDWAF_RET_CODE = enum :ddwaf_err_internal,         -4,
                               :ddwaf_err_invalid_object,   -3,
                               :ddwaf_err_invalid_argument, -2,
@@ -147,9 +148,9 @@ module Datadog
         class Result < ::FFI::Struct
           layout :action,           DDWAF_RET_CODE,
-                :data,             :string,
-                :perfData,         :string,
-                :perfTotalRuntime, :uint32 # in us
+                 :data,             :string,
+                 :perfData,         :string,
+                 :perfTotalRuntime, :uint32 # in us
         end
         typedef Result.by_ref, :ddwaf_result
@@ -161,11 +162,11 @@ module Datadog
         # logging
         DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
-                              :ddwaf_log_debug,
-                              :ddwaf_log_info,
-                              :ddwaf_log_warn,
-                              :ddwaf_log_error,
-                              :ddwaf_log_off
+                               :ddwaf_log_debug,
+                               :ddwaf_log_info,
+                               :ddwaf_log_warn,
+                               :ddwaf_log_error,
+                               :ddwaf_log_off
         callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
@@ -351,11 +352,16 @@ module Datadog
             fail LibDDWAF::Error, 'Could not create context'
           end
-          ObjectSpace.define_finalizer(self, Context.finalizer(context_obj))
+          @input_objs = []
+          ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
         end
-        def self.finalizer(context_obj)
+        def self.finalizer(context_obj, input_objs)
           proc do |object_id|
+            input_objs.each do |input_obj|
+              Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj)
+            end
             Datadog::Security::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
           end
         end
@@ -382,6 +388,9 @@ module Datadog
             fail LibDDWAF::Error, "Could not create result object"
           end
+          # retain C objects in memory for subsequent calls to run
+          @input_objs << input_obj
           code = Datadog::Security::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
           result = Result.new(
@@ -393,7 +402,6 @@ module Datadog
           [ACTION_MAP_OUT[code], result]
         ensure
-          Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj) if input_obj
           Datadog::Security::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
         end
       end

data/libddwaf.gemspec CHANGED Viewed

@@ -7,7 +7,7 @@ require 'datadog/security/waf/version'
 Gem::Specification.new do |spec|
   spec.name                  = 'libddwaf'
   spec.version               = Datadog::Security::WAF::VERSION::STRING
-  spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}", "< #{Datadog::Security::WAF::VERSION::MAXIMUM_RUBY_VERSION}"]
+  spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
   spec.required_rubygems_version = '>= 2.0.0'
   spec.authors               = ['Datadog, Inc.']
   spec.email                 = ['dev@datadoghq.com']
@@ -36,5 +36,5 @@ Gem::Specification.new do |spec|
     end
   spec.require_paths = ['lib']
-  spec.add_dependency 'ffi'
+  spec.add_dependency 'ffi', '~> 1.0'
 end

metadata CHANGED Viewed

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.0.12.0.0.beta1
+  version: 1.0.14.1.0.beta2
 platform: ruby
 authors:
 - Datadog, Inc.
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 1980-01-01 00:00:00.000000000 Z
+date: 2022-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
 description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
   '
@@ -52,7 +52,7 @@ licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -61,17 +61,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ">="
     - !ruby/object:Gem::Version
       version: '2.1'
-  - - "<"
-    - !ruby/object:Gem::Version
-      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.2.16
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Datadog WAF
 test_files: []