libddwaf 1.0.13.0.0.beta1-x86_64-linux → 1.0.14.2.0.beta1-x86_64-linux

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/datadog/appsec/waf/version.rb +11 -0
  3. data/lib/datadog/{security → appsec}/waf.rb +53 -45
  4. data/lib/libddwaf.rb +1 -1
  5. data/vendor/libddwaf/{libddwaf-1.0.13-linux-x86_64 → libddwaf-1.0.14-linux-x86_64}/include/ddwaf.h +0 -0
  6. data/vendor/libddwaf/libddwaf-1.0.14-linux-x86_64/lib/libddwaf.so +0 -0
  7. metadata +10 -13
  8. data/lib/datadog/security/waf/version.rb +0 -12
  9. data/vendor/libddwaf/libddwaf-1.0.13-linux-x86_64/lib/libddwaf.so +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 622d720ffee7b06c4802b8ce3c7193682900d3ec70cbd87ae6368eec545dd7ea
4
- data.tar.gz: e9fcbddf1e9e4bf647c68c7d144a4fe67284ab6e6617abeef5bd605658a55a0c
3
+ metadata.gz: 659822366033074af5606727ca54c6407a12fcdc111ae1f86946f07e9a2491e5
4
+ data.tar.gz: a865f00c0760febd59cb0dadeca26c18ac7dff46cfff5a8f6d930cb8fa0c05be
5
5
  SHA512:
6
- metadata.gz: ae918e6a2539d47f9758380ec4ca2150980af916f6501ef4b3df8ccb98eb800fcea618b1445534e29bbc3df4557191609df33b0a630ae598426415a950fb927b
7
- data.tar.gz: f60104d69e160d299c5ecfb39acdfee4c8dbeb0f4c2e5dcb8f4264ce9e43608296983a673eaabff9b005ac8c59878ea91b88c6c314ad9cf033327ecce2525e41
6
+ metadata.gz: 7a17bb3548e9d1c6396334d976669f99a6700d0029c98c075689eb83c24b970f623fbdb1625c9aa77ce94bc9a8c2e2293523f2a93de124ce11ff13ba99480986
7
+ data.tar.gz: 6772a47fdf93dee1e077683ffdf8f9d952f4cf01c37b7549f5c654d24d1dc2680e61588d1f743194eb41ec5da8e94dfa404388c4fdfac76c9fe8d959f797db7b
data/lib/datadog/appsec/waf/version.rb ADDED
@@ -0,0 +1,11 @@
1
+ module Datadog
2
+ module AppSec
3
+ module WAF
4
+ module VERSION
5
+ BASE_STRING = '1.0.14'
6
+ STRING = "#{BASE_STRING}.2.0.beta1"
7
+ MINIMUM_RUBY_VERSION = '2.1'
8
+ end
9
+ end
10
+ end
11
+ end
data/lib/datadog/{security → appsec}/waf.rb RENAMED
@@ -1,9 +1,9 @@
1
1
  require 'ffi'
2
2
  require 'json'
3
- require 'datadog/security/waf/version'
3
+ require 'datadog/appsec/waf/version'
4
4
 
5
5
  module Datadog
6
- module Security
6
+ module AppSec
7
7
  module WAF
8
8
  module LibDDWAF
9
9
  class Error < StandardError; end
@@ -15,10 +15,10 @@ module Datadog
15
15
  os_name = java.lang.System.get_property('os.name')
16
16
 
17
17
  os = case os_name
18
- when /linux/i then 'linux'
19
- when /mac/i then 'darwin'
20
- else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
21
- end
18
+ when /linux/i then 'linux'
19
+ when /mac/i then 'darwin'
20
+ else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
21
+ end
22
22
 
23
23
  return os
24
24
  end
@@ -46,7 +46,7 @@ module Datadog
46
46
  end
47
47
 
48
48
  def self.shared_lib_path
49
- File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::Security::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
49
+ File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
50
50
  end
51
51
 
52
52
  ffi_lib [shared_lib_path]
@@ -55,8 +55,8 @@ module Datadog
55
55
 
56
56
  class Version < ::FFI::Struct
57
57
  layout :major, :uint16,
58
- :minor, :uint16,
59
- :patch, :uint16
58
+ :minor, :uint16,
59
+ :patch, :uint16
60
60
  end
61
61
 
62
62
  typedef Version.by_ref, :ddwaf_version
@@ -76,17 +76,17 @@ module Datadog
76
76
 
77
77
  class ObjectValueUnion < ::FFI::Union
78
78
  layout :stringValue, :charptr,
79
- :uintValue, :uint64,
80
- :intValue, :int64,
81
- :array, :pointer
79
+ :uintValue, :uint64,
80
+ :intValue, :int64,
81
+ :array, :pointer
82
82
  end
83
83
 
84
84
  class Object < ::FFI::Struct
85
85
  layout :parameterName, :charptr,
86
- :parameterNameLength, :uint64,
87
- :valueUnion, ObjectValueUnion,
88
- :nbEntries, :uint64,
89
- :type, DDWAF_OBJ_TYPE
86
+ :parameterNameLength, :uint64,
87
+ :valueUnion, ObjectValueUnion,
88
+ :nbEntries, :uint64,
89
+ :type, DDWAF_OBJ_TYPE
90
90
  end
91
91
 
92
92
  typedef Object.by_ref, :ddwaf_object
@@ -118,8 +118,8 @@ module Datadog
118
118
 
119
119
  class Config < ::FFI::Struct
120
120
  layout :maxArrayLength, :uint64,
121
- :maxMapDepth, :uint64,
122
- :maxTimeStore, :uint64
121
+ :maxMapDepth, :uint64,
122
+ :maxTimeStore, :uint64
123
123
  end
124
124
 
125
125
  typedef Config.by_ref, :ddwaf_config
@@ -127,6 +127,8 @@ module Datadog
127
127
  attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
128
128
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
129
129
 
130
+ attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
131
+
130
132
  # running
131
133
 
132
134
  typedef :pointer, :ddwaf_context
@@ -136,7 +138,6 @@ module Datadog
136
138
  attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
137
139
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
138
140
 
139
-
140
141
  DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
141
142
  :ddwaf_err_invalid_object, -3,
142
143
  :ddwaf_err_invalid_argument, -2,
@@ -147,9 +148,9 @@ module Datadog
147
148
 
148
149
  class Result < ::FFI::Struct
149
150
  layout :action, DDWAF_RET_CODE,
150
- :data, :string,
151
- :perfData, :string,
152
- :perfTotalRuntime, :uint32 # in us
151
+ :data, :string,
152
+ :perfData, :string,
153
+ :perfTotalRuntime, :uint32 # in us
153
154
  end
154
155
 
155
156
  typedef Result.by_ref, :ddwaf_result
@@ -161,11 +162,11 @@ module Datadog
161
162
  # logging
162
163
 
163
164
  DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
164
- :ddwaf_log_debug,
165
- :ddwaf_log_info,
166
- :ddwaf_log_warn,
167
- :ddwaf_log_error,
168
- :ddwaf_log_off
165
+ :ddwaf_log_debug,
166
+ :ddwaf_log_info,
167
+ :ddwaf_log_warn,
168
+ :ddwaf_log_error,
169
+ :ddwaf_log_off
169
170
 
170
171
  callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
171
172
 
@@ -280,8 +281,8 @@ module Datadog
280
281
  end
281
282
  when :ddwaf_obj_map
282
283
  (0...obj[:nbEntries]).each.with_object({}) do |i, h|
283
- ptr = obj[:valueUnion][:array] + i * Datadog::Security::WAF::LibDDWAF::Object.size
284
- o = Datadog::Security::WAF::LibDDWAF::Object.new(ptr)
284
+ ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
285
+ o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
285
286
  l = o[:parameterNameLength]
286
287
  k = o[:parameterName].read_bytes(l)
287
288
  v = object_to_ruby(LibDDWAF::Object.new(ptr))
@@ -295,7 +296,7 @@ module Datadog
295
296
  logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
296
297
  end
297
298
 
298
- Datadog::Security::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
299
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
299
300
  end
300
301
 
301
302
  class Handle
@@ -306,12 +307,12 @@ module Datadog
306
307
  DEFAULT_MAX_TIME_STORE = 0
307
308
 
308
309
  def initialize(rule, config = {})
309
- rule_obj = Datadog::Security::WAF.ruby_to_object(rule)
310
+ rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
310
311
  if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
311
312
  fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
312
313
  end
313
314
 
314
- config_obj = Datadog::Security::WAF::LibDDWAF::Config.new
315
+ config_obj = Datadog::AppSec::WAF::LibDDWAF::Config.new
315
316
  if config_obj.null?
316
317
  fail LibDDWAF::Error, 'Could not create config struct'
317
318
  end
@@ -320,19 +321,19 @@ module Datadog
320
321
  config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
321
322
  config_obj[:maxTimeStore] = config[:max_time_store] || DEFAULT_MAX_TIME_STORE
322
323
 
323
- @handle_obj = Datadog::Security::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
324
+ @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
324
325
  if @handle_obj.null?
325
326
  fail LibDDWAF::Error, 'Could not create handle'
326
327
  end
327
328
 
328
329
  ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
329
330
  ensure
330
- Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
331
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
331
332
  end
332
333
 
333
334
  def self.finalizer(handle_obj)
334
335
  proc do |object_id|
335
- Datadog::Security::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
336
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
336
337
  end
337
338
  end
338
339
  end
@@ -344,19 +345,24 @@ module Datadog
344
345
 
345
346
  def initialize(handle)
346
347
  handle_obj = handle.handle_obj
347
- free_func = Datadog::Security::WAF::LibDDWAF::ObjectNoFree
348
+ free_func = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
348
349
 
349
- @context_obj = Datadog::Security::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
350
+ @context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
350
351
  if @context_obj.null?
351
352
  fail LibDDWAF::Error, 'Could not create context'
352
353
  end
353
354
 
354
- ObjectSpace.define_finalizer(self, Context.finalizer(context_obj))
355
+ @input_objs = []
356
+
357
+ ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
355
358
  end
356
359
 
357
- def self.finalizer(context_obj)
360
+ def self.finalizer(context_obj, input_objs)
358
361
  proc do |object_id|
359
- Datadog::Security::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
362
+ input_objs.each do |input_obj|
363
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(input_obj)
364
+ end
365
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
360
366
  end
361
367
  end
362
368
 
@@ -372,17 +378,20 @@ module Datadog
372
378
  }
373
379
 
374
380
  def run(input, timeout = DEFAULT_TIMEOUT_US)
375
- input_obj = Datadog::Security::WAF.ruby_to_object(input)
381
+ input_obj = Datadog::AppSec::WAF.ruby_to_object(input)
376
382
  if input_obj.null?
377
383
  fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
378
384
  end
379
385
 
380
- result_obj = Datadog::Security::WAF::LibDDWAF::Result.new
386
+ result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
381
387
  if result_obj.null?
382
388
  fail LibDDWAF::Error, "Could not create result object"
383
389
  end
384
390
 
385
- code = Datadog::Security::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
391
+ # retain C objects in memory for subsequent calls to run
392
+ @input_objs << input_obj
393
+
394
+ code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
386
395
 
387
396
  result = Result.new(
388
397
  ACTION_MAP_OUT[result_obj[:action]],
@@ -393,8 +402,7 @@ module Datadog
393
402
 
394
403
  [ACTION_MAP_OUT[code], result]
395
404
  ensure
396
- Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj) if input_obj
397
- Datadog::Security::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
405
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
398
406
  end
399
407
  end
400
408
  end
data/lib/libddwaf.rb CHANGED
@@ -1 +1 @@
1
- require 'datadog/security/waf'
1
+ require 'datadog/appsec/waf'
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.13.0.0.beta1
4
+ version: 1.0.14.2.0.beta1
5
5
  platform: x86_64-linux
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-23 00:00:00.000000000 Z
11
+ date: 2022-02-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: '1.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: '1.0'
27
27
  description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
28
28
 
29
29
  '
@@ -38,11 +38,11 @@ files:
38
38
  - LICENSE.Apache
39
39
  - LICENSE.BSD3
40
40
  - NOTICE
41
- - lib/datadog/security/waf.rb
42
- - lib/datadog/security/waf/version.rb
41
+ - lib/datadog/appsec/waf.rb
42
+ - lib/datadog/appsec/waf/version.rb
43
43
  - lib/libddwaf.rb
44
- - vendor/libddwaf/libddwaf-1.0.13-linux-x86_64/include/ddwaf.h
45
- - vendor/libddwaf/libddwaf-1.0.13-linux-x86_64/lib/libddwaf.so
44
+ - vendor/libddwaf/libddwaf-1.0.14-linux-x86_64/include/ddwaf.h
45
+ - vendor/libddwaf/libddwaf-1.0.14-linux-x86_64/lib/libddwaf.so
46
46
  homepage: https://github.com/DataDog/libddwaf
47
47
  licenses:
48
48
  - BSD-3-Clause
@@ -57,9 +57,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
57
57
  - - ">="
58
58
  - !ruby/object:Gem::Version
59
59
  version: '2.1'
60
- - - "<"
61
- - !ruby/object:Gem::Version
62
- version: '3.2'
63
60
  required_rubygems_version: !ruby/object:Gem::Requirement
64
61
  requirements:
65
62
  - - ">="
data/lib/datadog/security/waf/version.rb DELETED
@@ -1,12 +0,0 @@
1
- module Datadog
2
- module Security
3
- module WAF
4
- module VERSION
5
- BASE_STRING = '1.0.13'
6
- STRING = "#{BASE_STRING}.0.0.beta1"
7
- MINIMUM_RUBY_VERSION = '2.1'
8
- MAXIMUM_RUBY_VERSION = '3.2'
9
- end
10
- end
11
- end
12
- end