libddwaf 1.0.12.0.0.beta1 → 1.0.14.1.0.beta2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/package.yml +70 -3
- data/.github/workflows/test.yml +24 -0
- data/lib/datadog/security/waf/version.rb +2 -3
- data/lib/datadog/security/waf.rb +35 -27
- data/libddwaf.gemspec +2 -2
- metadata +10 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da5262e02876806999ce83838b67075a41513db863ae2e2516ed5a899a9ce80b
|
|
4
|
+
data.tar.gz: 451b6cfcaa9bd3c76a5937d4a41f3ec76a4476b574312806635835f5e4a6aa43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 79607138388c2584af5b81da69ac349184470cc7eb702d2a2a3301e6aa0764b39fca3d537c781a99a3b2d4574df51c1a15d81557f29e4f2d96061cd7232db380
|
|
7
|
+
data.tar.gz: 9831bcce3b6f4b7e3f53bb872fcf90443b13cce267d7a4fe765f0639d582633977ae7cd7d1f46523255b6e6069e6d4c54a697b126035ec44cc39c73879ff646f
|
|
@@ -3,7 +3,34 @@ on:
|
|
|
3
3
|
- push
|
|
4
4
|
|
|
5
5
|
jobs:
|
|
6
|
-
package:
|
|
6
|
+
package-ruby:
|
|
7
|
+
strategy:
|
|
8
|
+
fail-fast: false
|
|
9
|
+
matrix:
|
|
10
|
+
include:
|
|
11
|
+
- os: ubuntu-20.04
|
|
12
|
+
cpu: x86_64
|
|
13
|
+
platform: ruby
|
|
14
|
+
name: Build package (${{ matrix.platform }})
|
|
15
|
+
runs-on: ${{ matrix.os }}
|
|
16
|
+
steps:
|
|
17
|
+
- name: Checkout
|
|
18
|
+
uses: actions/checkout@v2
|
|
19
|
+
- name: Install Linux build tools
|
|
20
|
+
if: ${{ startsWith(matrix.os, 'ubuntu-') }}
|
|
21
|
+
run: sudo apt-get install -y ruby ruby-bundler
|
|
22
|
+
- name: Bundle
|
|
23
|
+
run: |
|
|
24
|
+
bundle install
|
|
25
|
+
- name: Build package
|
|
26
|
+
run: |
|
|
27
|
+
bundle exec rake build
|
|
28
|
+
- name: Upload gem
|
|
29
|
+
uses: actions/upload-artifact@v2
|
|
30
|
+
with:
|
|
31
|
+
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
|
32
|
+
path: pkg
|
|
33
|
+
package-binary:
|
|
7
34
|
strategy:
|
|
8
35
|
fail-fast: false
|
|
9
36
|
matrix:
|
|
@@ -45,8 +72,48 @@ jobs:
|
|
|
45
72
|
with:
|
|
46
73
|
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
|
47
74
|
path: pkg
|
|
75
|
+
test-ruby:
|
|
76
|
+
needs: package-ruby
|
|
77
|
+
strategy:
|
|
78
|
+
fail-fast: false
|
|
79
|
+
matrix:
|
|
80
|
+
include:
|
|
81
|
+
- os: ubuntu-20.04
|
|
82
|
+
cpu: x86_64
|
|
83
|
+
platform: ruby
|
|
84
|
+
image: ruby:2.6
|
|
85
|
+
qemu: amd64
|
|
86
|
+
libc: gnu
|
|
87
|
+
name: Test package (${{ matrix.platform }}-${{ matrix.libc }})
|
|
88
|
+
runs-on: ${{ matrix.os }}
|
|
89
|
+
steps:
|
|
90
|
+
- name: Enable ${{ matrix.qemu }} platform
|
|
91
|
+
id: qemu
|
|
92
|
+
if: ${{ matrix.cpu != 'amd64' }}
|
|
93
|
+
run: |
|
|
94
|
+
docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
|
|
95
|
+
echo "::set-output name=platforms::$(cat platforms.json)"
|
|
96
|
+
- name: Start container
|
|
97
|
+
id: container
|
|
98
|
+
run: |
|
|
99
|
+
echo ${{ matrix.image }} > container_image
|
|
100
|
+
docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
|
|
101
|
+
docker exec -w "${PWD}" $(cat container_id) uname -a
|
|
102
|
+
echo "::set-output name=id::$(cat container_id)"
|
|
103
|
+
- uses: actions/download-artifact@v2
|
|
104
|
+
with:
|
|
105
|
+
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
|
106
|
+
path: pkg
|
|
107
|
+
- name: List artifact files
|
|
108
|
+
run: find .
|
|
109
|
+
working-directory: pkg
|
|
110
|
+
- name: Install gem
|
|
111
|
+
run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
|
|
112
|
+
- name: Run smoke test
|
|
113
|
+
run: |
|
|
114
|
+
docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -e 'begin require "libddwaf"; rescue LoadError => e; puts e.message; else fail "loaded when it should not"; end'
|
|
48
115
|
test-linux:
|
|
49
|
-
needs: package
|
|
116
|
+
needs: package-binary
|
|
50
117
|
strategy:
|
|
51
118
|
fail-fast: false
|
|
52
119
|
matrix:
|
|
@@ -107,7 +174,7 @@ jobs:
|
|
|
107
174
|
run: |
|
|
108
175
|
docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::Security::WAF::LibDDWAF::Version.new; Datadog::Security::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
|
|
109
176
|
test-darwin:
|
|
110
|
-
needs: package
|
|
177
|
+
needs: package-binary
|
|
111
178
|
strategy:
|
|
112
179
|
fail-fast: false
|
|
113
180
|
matrix:
|
data/.github/workflows/test.yml
CHANGED
|
@@ -8,6 +8,18 @@ jobs:
|
|
|
8
8
|
fail-fast: false
|
|
9
9
|
matrix:
|
|
10
10
|
include:
|
|
11
|
+
- os: ubuntu-20.04
|
|
12
|
+
cpu: x86_64
|
|
13
|
+
platform: x86_64-linux
|
|
14
|
+
image: ruby:3.1
|
|
15
|
+
qemu: amd64
|
|
16
|
+
libc: gnu
|
|
17
|
+
- os: ubuntu-20.04
|
|
18
|
+
cpu: aarch64
|
|
19
|
+
platform: aarch64-linux
|
|
20
|
+
image: ruby:3.1
|
|
21
|
+
qemu: arm64
|
|
22
|
+
libc: gnu
|
|
11
23
|
- os: ubuntu-20.04
|
|
12
24
|
cpu: x86_64
|
|
13
25
|
platform: x86_64-linux
|
|
@@ -74,6 +86,18 @@ jobs:
|
|
|
74
86
|
image: ruby:2.1
|
|
75
87
|
qemu: amd64
|
|
76
88
|
libc: gnu
|
|
89
|
+
- os: ubuntu-20.04
|
|
90
|
+
cpu: x86_64
|
|
91
|
+
platform: x86_64-linux
|
|
92
|
+
image: ruby:3.1-alpine
|
|
93
|
+
qemu: amd64
|
|
94
|
+
libc: musl
|
|
95
|
+
- os: ubuntu-20.04
|
|
96
|
+
cpu: aarch64
|
|
97
|
+
platform: aarch64-linux
|
|
98
|
+
image: ruby:3.1-alpine
|
|
99
|
+
qemu: arm64
|
|
100
|
+
libc: musl
|
|
77
101
|
- os: ubuntu-20.04
|
|
78
102
|
cpu: x86_64
|
|
79
103
|
platform: x86_64-linux
|
|
@@ -2,10 +2,9 @@ module Datadog
|
|
|
2
2
|
module Security
|
|
3
3
|
module WAF
|
|
4
4
|
module VERSION
|
|
5
|
-
BASE_STRING = '1.0.
|
|
6
|
-
STRING = "#{BASE_STRING}.
|
|
5
|
+
BASE_STRING = '1.0.14'
|
|
6
|
+
STRING = "#{BASE_STRING}.1.0.beta2"
|
|
7
7
|
MINIMUM_RUBY_VERSION = '2.1'
|
|
8
|
-
MAXIMUM_RUBY_VERSION = '3.1'
|
|
9
8
|
end
|
|
10
9
|
end
|
|
11
10
|
end
|
data/lib/datadog/security/waf.rb
CHANGED
|
@@ -15,10 +15,10 @@ module Datadog
|
|
|
15
15
|
os_name = java.lang.System.get_property('os.name')
|
|
16
16
|
|
|
17
17
|
os = case os_name
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
18
|
+
when /linux/i then 'linux'
|
|
19
|
+
when /mac/i then 'darwin'
|
|
20
|
+
else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
|
|
21
|
+
end
|
|
22
22
|
|
|
23
23
|
return os
|
|
24
24
|
end
|
|
@@ -55,8 +55,8 @@ module Datadog
|
|
|
55
55
|
|
|
56
56
|
class Version < ::FFI::Struct
|
|
57
57
|
layout :major, :uint16,
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
:minor, :uint16,
|
|
59
|
+
:patch, :uint16
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
typedef Version.by_ref, :ddwaf_version
|
|
@@ -76,17 +76,17 @@ module Datadog
|
|
|
76
76
|
|
|
77
77
|
class ObjectValueUnion < ::FFI::Union
|
|
78
78
|
layout :stringValue, :charptr,
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
79
|
+
:uintValue, :uint64,
|
|
80
|
+
:intValue, :int64,
|
|
81
|
+
:array, :pointer
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
class Object < ::FFI::Struct
|
|
85
85
|
layout :parameterName, :charptr,
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
86
|
+
:parameterNameLength, :uint64,
|
|
87
|
+
:valueUnion, ObjectValueUnion,
|
|
88
|
+
:nbEntries, :uint64,
|
|
89
|
+
:type, DDWAF_OBJ_TYPE
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
typedef Object.by_ref, :ddwaf_object
|
|
@@ -118,8 +118,8 @@ module Datadog
|
|
|
118
118
|
|
|
119
119
|
class Config < ::FFI::Struct
|
|
120
120
|
layout :maxArrayLength, :uint64,
|
|
121
|
-
|
|
122
|
-
|
|
121
|
+
:maxMapDepth, :uint64,
|
|
122
|
+
:maxTimeStore, :uint64
|
|
123
123
|
end
|
|
124
124
|
|
|
125
125
|
typedef Config.by_ref, :ddwaf_config
|
|
@@ -127,6 +127,8 @@ module Datadog
|
|
|
127
127
|
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
|
|
128
128
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
|
129
129
|
|
|
130
|
+
attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
|
|
131
|
+
|
|
130
132
|
# running
|
|
131
133
|
|
|
132
134
|
typedef :pointer, :ddwaf_context
|
|
@@ -136,7 +138,6 @@ module Datadog
|
|
|
136
138
|
attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
|
|
137
139
|
attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
|
|
138
140
|
|
|
139
|
-
|
|
140
141
|
DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
|
|
141
142
|
:ddwaf_err_invalid_object, -3,
|
|
142
143
|
:ddwaf_err_invalid_argument, -2,
|
|
@@ -147,9 +148,9 @@ module Datadog
|
|
|
147
148
|
|
|
148
149
|
class Result < ::FFI::Struct
|
|
149
150
|
layout :action, DDWAF_RET_CODE,
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
151
|
+
:data, :string,
|
|
152
|
+
:perfData, :string,
|
|
153
|
+
:perfTotalRuntime, :uint32 # in us
|
|
153
154
|
end
|
|
154
155
|
|
|
155
156
|
typedef Result.by_ref, :ddwaf_result
|
|
@@ -161,11 +162,11 @@ module Datadog
|
|
|
161
162
|
# logging
|
|
162
163
|
|
|
163
164
|
DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
165
|
+
:ddwaf_log_debug,
|
|
166
|
+
:ddwaf_log_info,
|
|
167
|
+
:ddwaf_log_warn,
|
|
168
|
+
:ddwaf_log_error,
|
|
169
|
+
:ddwaf_log_off
|
|
169
170
|
|
|
170
171
|
callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
|
|
171
172
|
|
|
@@ -351,11 +352,16 @@ module Datadog
|
|
|
351
352
|
fail LibDDWAF::Error, 'Could not create context'
|
|
352
353
|
end
|
|
353
354
|
|
|
354
|
-
|
|
355
|
+
@input_objs = []
|
|
356
|
+
|
|
357
|
+
ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
|
|
355
358
|
end
|
|
356
359
|
|
|
357
|
-
def self.finalizer(context_obj)
|
|
360
|
+
def self.finalizer(context_obj, input_objs)
|
|
358
361
|
proc do |object_id|
|
|
362
|
+
input_objs.each do |input_obj|
|
|
363
|
+
Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj)
|
|
364
|
+
end
|
|
359
365
|
Datadog::Security::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
|
|
360
366
|
end
|
|
361
367
|
end
|
|
@@ -382,6 +388,9 @@ module Datadog
|
|
|
382
388
|
fail LibDDWAF::Error, "Could not create result object"
|
|
383
389
|
end
|
|
384
390
|
|
|
391
|
+
# retain C objects in memory for subsequent calls to run
|
|
392
|
+
@input_objs << input_obj
|
|
393
|
+
|
|
385
394
|
code = Datadog::Security::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
|
|
386
395
|
|
|
387
396
|
result = Result.new(
|
|
@@ -393,7 +402,6 @@ module Datadog
|
|
|
393
402
|
|
|
394
403
|
[ACTION_MAP_OUT[code], result]
|
|
395
404
|
ensure
|
|
396
|
-
Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj) if input_obj
|
|
397
405
|
Datadog::Security::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
|
398
406
|
end
|
|
399
407
|
end
|
data/libddwaf.gemspec
CHANGED
|
@@ -7,7 +7,7 @@ require 'datadog/security/waf/version'
|
|
|
7
7
|
Gem::Specification.new do |spec|
|
|
8
8
|
spec.name = 'libddwaf'
|
|
9
9
|
spec.version = Datadog::Security::WAF::VERSION::STRING
|
|
10
|
-
spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}"
|
|
10
|
+
spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
|
|
11
11
|
spec.required_rubygems_version = '>= 2.0.0'
|
|
12
12
|
spec.authors = ['Datadog, Inc.']
|
|
13
13
|
spec.email = ['dev@datadoghq.com']
|
|
@@ -36,5 +36,5 @@ Gem::Specification.new do |spec|
|
|
|
36
36
|
end
|
|
37
37
|
spec.require_paths = ['lib']
|
|
38
38
|
|
|
39
|
-
spec.add_dependency 'ffi'
|
|
39
|
+
spec.add_dependency 'ffi', '~> 1.0'
|
|
40
40
|
end
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libddwaf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.14.1.0.beta2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Datadog, Inc.
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
19
|
+
version: '1.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
26
|
+
version: '1.0'
|
|
27
27
|
description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
|
|
28
28
|
|
|
29
29
|
'
|
|
@@ -52,7 +52,7 @@ licenses:
|
|
|
52
52
|
- BSD-3-Clause
|
|
53
53
|
metadata:
|
|
54
54
|
allowed_push_host: https://rubygems.org
|
|
55
|
-
post_install_message:
|
|
55
|
+
post_install_message:
|
|
56
56
|
rdoc_options: []
|
|
57
57
|
require_paths:
|
|
58
58
|
- lib
|
|
@@ -61,17 +61,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
61
61
|
- - ">="
|
|
62
62
|
- !ruby/object:Gem::Version
|
|
63
63
|
version: '2.1'
|
|
64
|
-
- - "<"
|
|
65
|
-
- !ruby/object:Gem::Version
|
|
66
|
-
version: '3.1'
|
|
67
64
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
68
65
|
requirements:
|
|
69
66
|
- - ">="
|
|
70
67
|
- !ruby/object:Gem::Version
|
|
71
68
|
version: 2.0.0
|
|
72
69
|
requirements: []
|
|
73
|
-
rubygems_version: 3.2
|
|
74
|
-
signing_key:
|
|
70
|
+
rubygems_version: 3.1.2
|
|
71
|
+
signing_key:
|
|
75
72
|
specification_version: 4
|
|
76
73
|
summary: Datadog WAF
|
|
77
74
|
test_files: []
|