libddwaf 1.0.12.0.0.beta1 → 1.0.14.1.0.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/package.yml +70 -3
- data/.github/workflows/test.yml +24 -0
- data/lib/datadog/security/waf/version.rb +2 -3
- data/lib/datadog/security/waf.rb +35 -27
- data/libddwaf.gemspec +2 -2
- metadata +10 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: da5262e02876806999ce83838b67075a41513db863ae2e2516ed5a899a9ce80b
|
4
|
+
data.tar.gz: 451b6cfcaa9bd3c76a5937d4a41f3ec76a4476b574312806635835f5e4a6aa43
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 79607138388c2584af5b81da69ac349184470cc7eb702d2a2a3301e6aa0764b39fca3d537c781a99a3b2d4574df51c1a15d81557f29e4f2d96061cd7232db380
|
7
|
+
data.tar.gz: 9831bcce3b6f4b7e3f53bb872fcf90443b13cce267d7a4fe765f0639d582633977ae7cd7d1f46523255b6e6069e6d4c54a697b126035ec44cc39c73879ff646f
|
@@ -3,7 +3,34 @@ on:
|
|
3
3
|
- push
|
4
4
|
|
5
5
|
jobs:
|
6
|
-
package:
|
6
|
+
package-ruby:
|
7
|
+
strategy:
|
8
|
+
fail-fast: false
|
9
|
+
matrix:
|
10
|
+
include:
|
11
|
+
- os: ubuntu-20.04
|
12
|
+
cpu: x86_64
|
13
|
+
platform: ruby
|
14
|
+
name: Build package (${{ matrix.platform }})
|
15
|
+
runs-on: ${{ matrix.os }}
|
16
|
+
steps:
|
17
|
+
- name: Checkout
|
18
|
+
uses: actions/checkout@v2
|
19
|
+
- name: Install Linux build tools
|
20
|
+
if: ${{ startsWith(matrix.os, 'ubuntu-') }}
|
21
|
+
run: sudo apt-get install -y ruby ruby-bundler
|
22
|
+
- name: Bundle
|
23
|
+
run: |
|
24
|
+
bundle install
|
25
|
+
- name: Build package
|
26
|
+
run: |
|
27
|
+
bundle exec rake build
|
28
|
+
- name: Upload gem
|
29
|
+
uses: actions/upload-artifact@v2
|
30
|
+
with:
|
31
|
+
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
32
|
+
path: pkg
|
33
|
+
package-binary:
|
7
34
|
strategy:
|
8
35
|
fail-fast: false
|
9
36
|
matrix:
|
@@ -45,8 +72,48 @@ jobs:
|
|
45
72
|
with:
|
46
73
|
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
47
74
|
path: pkg
|
75
|
+
test-ruby:
|
76
|
+
needs: package-ruby
|
77
|
+
strategy:
|
78
|
+
fail-fast: false
|
79
|
+
matrix:
|
80
|
+
include:
|
81
|
+
- os: ubuntu-20.04
|
82
|
+
cpu: x86_64
|
83
|
+
platform: ruby
|
84
|
+
image: ruby:2.6
|
85
|
+
qemu: amd64
|
86
|
+
libc: gnu
|
87
|
+
name: Test package (${{ matrix.platform }}-${{ matrix.libc }})
|
88
|
+
runs-on: ${{ matrix.os }}
|
89
|
+
steps:
|
90
|
+
- name: Enable ${{ matrix.qemu }} platform
|
91
|
+
id: qemu
|
92
|
+
if: ${{ matrix.cpu != 'amd64' }}
|
93
|
+
run: |
|
94
|
+
docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
|
95
|
+
echo "::set-output name=platforms::$(cat platforms.json)"
|
96
|
+
- name: Start container
|
97
|
+
id: container
|
98
|
+
run: |
|
99
|
+
echo ${{ matrix.image }} > container_image
|
100
|
+
docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
|
101
|
+
docker exec -w "${PWD}" $(cat container_id) uname -a
|
102
|
+
echo "::set-output name=id::$(cat container_id)"
|
103
|
+
- uses: actions/download-artifact@v2
|
104
|
+
with:
|
105
|
+
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
106
|
+
path: pkg
|
107
|
+
- name: List artifact files
|
108
|
+
run: find .
|
109
|
+
working-directory: pkg
|
110
|
+
- name: Install gem
|
111
|
+
run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
|
112
|
+
- name: Run smoke test
|
113
|
+
run: |
|
114
|
+
docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -e 'begin require "libddwaf"; rescue LoadError => e; puts e.message; else fail "loaded when it should not"; end'
|
48
115
|
test-linux:
|
49
|
-
needs: package
|
116
|
+
needs: package-binary
|
50
117
|
strategy:
|
51
118
|
fail-fast: false
|
52
119
|
matrix:
|
@@ -107,7 +174,7 @@ jobs:
|
|
107
174
|
run: |
|
108
175
|
docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::Security::WAF::LibDDWAF::Version.new; Datadog::Security::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
|
109
176
|
test-darwin:
|
110
|
-
needs: package
|
177
|
+
needs: package-binary
|
111
178
|
strategy:
|
112
179
|
fail-fast: false
|
113
180
|
matrix:
|
data/.github/workflows/test.yml
CHANGED
@@ -8,6 +8,18 @@ jobs:
|
|
8
8
|
fail-fast: false
|
9
9
|
matrix:
|
10
10
|
include:
|
11
|
+
- os: ubuntu-20.04
|
12
|
+
cpu: x86_64
|
13
|
+
platform: x86_64-linux
|
14
|
+
image: ruby:3.1
|
15
|
+
qemu: amd64
|
16
|
+
libc: gnu
|
17
|
+
- os: ubuntu-20.04
|
18
|
+
cpu: aarch64
|
19
|
+
platform: aarch64-linux
|
20
|
+
image: ruby:3.1
|
21
|
+
qemu: arm64
|
22
|
+
libc: gnu
|
11
23
|
- os: ubuntu-20.04
|
12
24
|
cpu: x86_64
|
13
25
|
platform: x86_64-linux
|
@@ -74,6 +86,18 @@ jobs:
|
|
74
86
|
image: ruby:2.1
|
75
87
|
qemu: amd64
|
76
88
|
libc: gnu
|
89
|
+
- os: ubuntu-20.04
|
90
|
+
cpu: x86_64
|
91
|
+
platform: x86_64-linux
|
92
|
+
image: ruby:3.1-alpine
|
93
|
+
qemu: amd64
|
94
|
+
libc: musl
|
95
|
+
- os: ubuntu-20.04
|
96
|
+
cpu: aarch64
|
97
|
+
platform: aarch64-linux
|
98
|
+
image: ruby:3.1-alpine
|
99
|
+
qemu: arm64
|
100
|
+
libc: musl
|
77
101
|
- os: ubuntu-20.04
|
78
102
|
cpu: x86_64
|
79
103
|
platform: x86_64-linux
|
@@ -2,10 +2,9 @@ module Datadog
|
|
2
2
|
module Security
|
3
3
|
module WAF
|
4
4
|
module VERSION
|
5
|
-
BASE_STRING = '1.0.
|
6
|
-
STRING = "#{BASE_STRING}.
|
5
|
+
BASE_STRING = '1.0.14'
|
6
|
+
STRING = "#{BASE_STRING}.1.0.beta2"
|
7
7
|
MINIMUM_RUBY_VERSION = '2.1'
|
8
|
-
MAXIMUM_RUBY_VERSION = '3.1'
|
9
8
|
end
|
10
9
|
end
|
11
10
|
end
|
data/lib/datadog/security/waf.rb
CHANGED
@@ -15,10 +15,10 @@ module Datadog
|
|
15
15
|
os_name = java.lang.System.get_property('os.name')
|
16
16
|
|
17
17
|
os = case os_name
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
18
|
+
when /linux/i then 'linux'
|
19
|
+
when /mac/i then 'darwin'
|
20
|
+
else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
|
21
|
+
end
|
22
22
|
|
23
23
|
return os
|
24
24
|
end
|
@@ -55,8 +55,8 @@ module Datadog
|
|
55
55
|
|
56
56
|
class Version < ::FFI::Struct
|
57
57
|
layout :major, :uint16,
|
58
|
-
|
59
|
-
|
58
|
+
:minor, :uint16,
|
59
|
+
:patch, :uint16
|
60
60
|
end
|
61
61
|
|
62
62
|
typedef Version.by_ref, :ddwaf_version
|
@@ -76,17 +76,17 @@ module Datadog
|
|
76
76
|
|
77
77
|
class ObjectValueUnion < ::FFI::Union
|
78
78
|
layout :stringValue, :charptr,
|
79
|
-
|
80
|
-
|
81
|
-
|
79
|
+
:uintValue, :uint64,
|
80
|
+
:intValue, :int64,
|
81
|
+
:array, :pointer
|
82
82
|
end
|
83
83
|
|
84
84
|
class Object < ::FFI::Struct
|
85
85
|
layout :parameterName, :charptr,
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
86
|
+
:parameterNameLength, :uint64,
|
87
|
+
:valueUnion, ObjectValueUnion,
|
88
|
+
:nbEntries, :uint64,
|
89
|
+
:type, DDWAF_OBJ_TYPE
|
90
90
|
end
|
91
91
|
|
92
92
|
typedef Object.by_ref, :ddwaf_object
|
@@ -118,8 +118,8 @@ module Datadog
|
|
118
118
|
|
119
119
|
class Config < ::FFI::Struct
|
120
120
|
layout :maxArrayLength, :uint64,
|
121
|
-
|
122
|
-
|
121
|
+
:maxMapDepth, :uint64,
|
122
|
+
:maxTimeStore, :uint64
|
123
123
|
end
|
124
124
|
|
125
125
|
typedef Config.by_ref, :ddwaf_config
|
@@ -127,6 +127,8 @@ module Datadog
|
|
127
127
|
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
|
128
128
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
129
129
|
|
130
|
+
attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
|
131
|
+
|
130
132
|
# running
|
131
133
|
|
132
134
|
typedef :pointer, :ddwaf_context
|
@@ -136,7 +138,6 @@ module Datadog
|
|
136
138
|
attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
|
137
139
|
attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
|
138
140
|
|
139
|
-
|
140
141
|
DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
|
141
142
|
:ddwaf_err_invalid_object, -3,
|
142
143
|
:ddwaf_err_invalid_argument, -2,
|
@@ -147,9 +148,9 @@ module Datadog
|
|
147
148
|
|
148
149
|
class Result < ::FFI::Struct
|
149
150
|
layout :action, DDWAF_RET_CODE,
|
150
|
-
|
151
|
-
|
152
|
-
|
151
|
+
:data, :string,
|
152
|
+
:perfData, :string,
|
153
|
+
:perfTotalRuntime, :uint32 # in us
|
153
154
|
end
|
154
155
|
|
155
156
|
typedef Result.by_ref, :ddwaf_result
|
@@ -161,11 +162,11 @@ module Datadog
|
|
161
162
|
# logging
|
162
163
|
|
163
164
|
DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
165
|
+
:ddwaf_log_debug,
|
166
|
+
:ddwaf_log_info,
|
167
|
+
:ddwaf_log_warn,
|
168
|
+
:ddwaf_log_error,
|
169
|
+
:ddwaf_log_off
|
169
170
|
|
170
171
|
callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
|
171
172
|
|
@@ -351,11 +352,16 @@ module Datadog
|
|
351
352
|
fail LibDDWAF::Error, 'Could not create context'
|
352
353
|
end
|
353
354
|
|
354
|
-
|
355
|
+
@input_objs = []
|
356
|
+
|
357
|
+
ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
|
355
358
|
end
|
356
359
|
|
357
|
-
def self.finalizer(context_obj)
|
360
|
+
def self.finalizer(context_obj, input_objs)
|
358
361
|
proc do |object_id|
|
362
|
+
input_objs.each do |input_obj|
|
363
|
+
Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj)
|
364
|
+
end
|
359
365
|
Datadog::Security::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
|
360
366
|
end
|
361
367
|
end
|
@@ -382,6 +388,9 @@ module Datadog
|
|
382
388
|
fail LibDDWAF::Error, "Could not create result object"
|
383
389
|
end
|
384
390
|
|
391
|
+
# retain C objects in memory for subsequent calls to run
|
392
|
+
@input_objs << input_obj
|
393
|
+
|
385
394
|
code = Datadog::Security::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
|
386
395
|
|
387
396
|
result = Result.new(
|
@@ -393,7 +402,6 @@ module Datadog
|
|
393
402
|
|
394
403
|
[ACTION_MAP_OUT[code], result]
|
395
404
|
ensure
|
396
|
-
Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj) if input_obj
|
397
405
|
Datadog::Security::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
398
406
|
end
|
399
407
|
end
|
data/libddwaf.gemspec
CHANGED
@@ -7,7 +7,7 @@ require 'datadog/security/waf/version'
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
8
|
spec.name = 'libddwaf'
|
9
9
|
spec.version = Datadog::Security::WAF::VERSION::STRING
|
10
|
-
spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}"
|
10
|
+
spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
|
11
11
|
spec.required_rubygems_version = '>= 2.0.0'
|
12
12
|
spec.authors = ['Datadog, Inc.']
|
13
13
|
spec.email = ['dev@datadoghq.com']
|
@@ -36,5 +36,5 @@ Gem::Specification.new do |spec|
|
|
36
36
|
end
|
37
37
|
spec.require_paths = ['lib']
|
38
38
|
|
39
|
-
spec.add_dependency 'ffi'
|
39
|
+
spec.add_dependency 'ffi', '~> 1.0'
|
40
40
|
end
|
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libddwaf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.14.1.0.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Datadog, Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0'
|
19
|
+
version: '1.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '0'
|
26
|
+
version: '1.0'
|
27
27
|
description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
|
28
28
|
|
29
29
|
'
|
@@ -52,7 +52,7 @@ licenses:
|
|
52
52
|
- BSD-3-Clause
|
53
53
|
metadata:
|
54
54
|
allowed_push_host: https://rubygems.org
|
55
|
-
post_install_message:
|
55
|
+
post_install_message:
|
56
56
|
rdoc_options: []
|
57
57
|
require_paths:
|
58
58
|
- lib
|
@@ -61,17 +61,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
61
61
|
- - ">="
|
62
62
|
- !ruby/object:Gem::Version
|
63
63
|
version: '2.1'
|
64
|
-
- - "<"
|
65
|
-
- !ruby/object:Gem::Version
|
66
|
-
version: '3.1'
|
67
64
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
68
65
|
requirements:
|
69
66
|
- - ">="
|
70
67
|
- !ruby/object:Gem::Version
|
71
68
|
version: 2.0.0
|
72
69
|
requirements: []
|
73
|
-
rubygems_version: 3.2
|
74
|
-
signing_key:
|
70
|
+
rubygems_version: 3.1.2
|
71
|
+
signing_key:
|
75
72
|
specification_version: 4
|
76
73
|
summary: Datadog WAF
|
77
74
|
test_files: []
|