libddwaf 1.0.13.0.0.beta1 → 1.0.14.2.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/package.yml +2 -2
  3. data/.github/workflows/test.yml +4 -4
  4. data/lib/datadog/appsec/waf/version.rb +11 -0
  5. data/lib/datadog/{security → appsec}/waf.rb +53 -45
  6. data/lib/libddwaf.rb +1 -1
  7. data/libddwaf.gemspec +4 -4
  8. metadata +8 -11
  9. data/lib/datadog/security/waf/version.rb +0 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 02ee495cf1f3bca929d2c0a3afb73a9bfef8cf8115524bad227ce46436bef622
4
- data.tar.gz: f7dc161b2893d6f3734305b88ffc53c5932686231619d27591e5b6efbd6f1cb5
3
+ metadata.gz: 7b29660223d4cbaa2ae55fa533ab6f4b5693f9a398b8eaeb5591f44185a9dde3
4
+ data.tar.gz: 8a49e7b4b1c300b24383045bb6186d2bb82e7865b0b42e6eea56ea08078d923d
5
5
  SHA512:
6
- metadata.gz: 88ec57821ecd93d212bc5445a264532905e5959be6156a67daa949fdf51499d86bb5aeffa9130f88edfb2135823b5346cd5368d843490304d1c46968df7a5a87
7
- data.tar.gz: 83e4017745d6b85f3a2b6a71d915cd897b893a4a1dff261b8c86a9ccab2446c59767fa96487e7820e7e6e6d7975e472033f4eb543e5b5bf832897017999b3721
6
+ metadata.gz: 0d1b055dad77321607a85b4c9cdf363dc9720c0a68545243f71d76c0f673c8f2ddddd0df10e3b8a48496e33e67b620e5a88b0d880b1686b7847d1da1388f4c13
7
+ data.tar.gz: 7246775ac2c4fbe7336efdd4e4a3e278b739725e054865f8ad7200289f8f10de368a8caa0b324d05b5018fecf8f56c5a585e0308786006ae0de5c8e7a9b64c2e
data/.github/workflows/package.yml CHANGED
@@ -172,7 +172,7 @@ jobs:
172
172
  run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
173
173
  - name: Run smoke test
174
174
  run: |
175
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::Security::WAF::LibDDWAF::Version.new; Datadog::Security::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
175
+ docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::AppSec::WAF::LibDDWAF::Version.new; Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
176
176
  test-darwin:
177
177
  needs: package-binary
178
178
  strategy:
@@ -199,4 +199,4 @@ jobs:
199
199
  run: gem install --verbose pkg/*.gem
200
200
  - name: Run smoke test
201
201
  run: |
202
- ruby -r 'libddwaf' -e 'v = Datadog::Security::WAF::LibDDWAF::Version.new; Datadog::Security::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
202
+ ruby -r 'libddwaf' -e 'v = Datadog::AppSec::WAF::LibDDWAF::Version.new; Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
data/.github/workflows/test.yml CHANGED
@@ -11,13 +11,13 @@ jobs:
11
11
  - os: ubuntu-20.04
12
12
  cpu: x86_64
13
13
  platform: x86_64-linux
14
- image: ruby:3.1-rc
14
+ image: ruby:3.1
15
15
  qemu: amd64
16
16
  libc: gnu
17
17
  - os: ubuntu-20.04
18
18
  cpu: aarch64
19
19
  platform: aarch64-linux
20
- image: ruby:3.1-rc
20
+ image: ruby:3.1
21
21
  qemu: arm64
22
22
  libc: gnu
23
23
  - os: ubuntu-20.04
@@ -89,13 +89,13 @@ jobs:
89
89
  - os: ubuntu-20.04
90
90
  cpu: x86_64
91
91
  platform: x86_64-linux
92
- image: ruby:3.1-rc-alpine
92
+ image: ruby:3.1-alpine
93
93
  qemu: amd64
94
94
  libc: musl
95
95
  - os: ubuntu-20.04
96
96
  cpu: aarch64
97
97
  platform: aarch64-linux
98
- image: ruby:3.1-rc-alpine
98
+ image: ruby:3.1-alpine
99
99
  qemu: arm64
100
100
  libc: musl
101
101
  - os: ubuntu-20.04
data/lib/datadog/appsec/waf/version.rb ADDED
@@ -0,0 +1,11 @@
1
+ module Datadog
2
+ module AppSec
3
+ module WAF
4
+ module VERSION
5
+ BASE_STRING = '1.0.14'
6
+ STRING = "#{BASE_STRING}.2.0.beta1"
7
+ MINIMUM_RUBY_VERSION = '2.1'
8
+ end
9
+ end
10
+ end
11
+ end
data/lib/datadog/{security → appsec}/waf.rb RENAMED
@@ -1,9 +1,9 @@
1
1
  require 'ffi'
2
2
  require 'json'
3
- require 'datadog/security/waf/version'
3
+ require 'datadog/appsec/waf/version'
4
4
 
5
5
  module Datadog
6
- module Security
6
+ module AppSec
7
7
  module WAF
8
8
  module LibDDWAF
9
9
  class Error < StandardError; end
@@ -15,10 +15,10 @@ module Datadog
15
15
  os_name = java.lang.System.get_property('os.name')
16
16
 
17
17
  os = case os_name
18
- when /linux/i then 'linux'
19
- when /mac/i then 'darwin'
20
- else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
21
- end
18
+ when /linux/i then 'linux'
19
+ when /mac/i then 'darwin'
20
+ else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
21
+ end
22
22
 
23
23
  return os
24
24
  end
@@ -46,7 +46,7 @@ module Datadog
46
46
  end
47
47
 
48
48
  def self.shared_lib_path
49
- File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::Security::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
49
+ File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
50
50
  end
51
51
 
52
52
  ffi_lib [shared_lib_path]
@@ -55,8 +55,8 @@ module Datadog
55
55
 
56
56
  class Version < ::FFI::Struct
57
57
  layout :major, :uint16,
58
- :minor, :uint16,
59
- :patch, :uint16
58
+ :minor, :uint16,
59
+ :patch, :uint16
60
60
  end
61
61
 
62
62
  typedef Version.by_ref, :ddwaf_version
@@ -76,17 +76,17 @@ module Datadog
76
76
 
77
77
  class ObjectValueUnion < ::FFI::Union
78
78
  layout :stringValue, :charptr,
79
- :uintValue, :uint64,
80
- :intValue, :int64,
81
- :array, :pointer
79
+ :uintValue, :uint64,
80
+ :intValue, :int64,
81
+ :array, :pointer
82
82
  end
83
83
 
84
84
  class Object < ::FFI::Struct
85
85
  layout :parameterName, :charptr,
86
- :parameterNameLength, :uint64,
87
- :valueUnion, ObjectValueUnion,
88
- :nbEntries, :uint64,
89
- :type, DDWAF_OBJ_TYPE
86
+ :parameterNameLength, :uint64,
87
+ :valueUnion, ObjectValueUnion,
88
+ :nbEntries, :uint64,
89
+ :type, DDWAF_OBJ_TYPE
90
90
  end
91
91
 
92
92
  typedef Object.by_ref, :ddwaf_object
@@ -118,8 +118,8 @@ module Datadog
118
118
 
119
119
  class Config < ::FFI::Struct
120
120
  layout :maxArrayLength, :uint64,
121
- :maxMapDepth, :uint64,
122
- :maxTimeStore, :uint64
121
+ :maxMapDepth, :uint64,
122
+ :maxTimeStore, :uint64
123
123
  end
124
124
 
125
125
  typedef Config.by_ref, :ddwaf_config
@@ -127,6 +127,8 @@ module Datadog
127
127
  attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
128
128
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
129
129
 
130
+ attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
131
+
130
132
  # running
131
133
 
132
134
  typedef :pointer, :ddwaf_context
@@ -136,7 +138,6 @@ module Datadog
136
138
  attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
137
139
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
138
140
 
139
-
140
141
  DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
141
142
  :ddwaf_err_invalid_object, -3,
142
143
  :ddwaf_err_invalid_argument, -2,
@@ -147,9 +148,9 @@ module Datadog
147
148
 
148
149
  class Result < ::FFI::Struct
149
150
  layout :action, DDWAF_RET_CODE,
150
- :data, :string,
151
- :perfData, :string,
152
- :perfTotalRuntime, :uint32 # in us
151
+ :data, :string,
152
+ :perfData, :string,
153
+ :perfTotalRuntime, :uint32 # in us
153
154
  end
154
155
 
155
156
  typedef Result.by_ref, :ddwaf_result
@@ -161,11 +162,11 @@ module Datadog
161
162
  # logging
162
163
 
163
164
  DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
164
- :ddwaf_log_debug,
165
- :ddwaf_log_info,
166
- :ddwaf_log_warn,
167
- :ddwaf_log_error,
168
- :ddwaf_log_off
165
+ :ddwaf_log_debug,
166
+ :ddwaf_log_info,
167
+ :ddwaf_log_warn,
168
+ :ddwaf_log_error,
169
+ :ddwaf_log_off
169
170
 
170
171
  callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
171
172
 
@@ -280,8 +281,8 @@ module Datadog
280
281
  end
281
282
  when :ddwaf_obj_map
282
283
  (0...obj[:nbEntries]).each.with_object({}) do |i, h|
283
- ptr = obj[:valueUnion][:array] + i * Datadog::Security::WAF::LibDDWAF::Object.size
284
- o = Datadog::Security::WAF::LibDDWAF::Object.new(ptr)
284
+ ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
285
+ o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
285
286
  l = o[:parameterNameLength]
286
287
  k = o[:parameterName].read_bytes(l)
287
288
  v = object_to_ruby(LibDDWAF::Object.new(ptr))
@@ -295,7 +296,7 @@ module Datadog
295
296
  logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
296
297
  end
297
298
 
298
- Datadog::Security::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
299
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
299
300
  end
300
301
 
301
302
  class Handle
@@ -306,12 +307,12 @@ module Datadog
306
307
  DEFAULT_MAX_TIME_STORE = 0
307
308
 
308
309
  def initialize(rule, config = {})
309
- rule_obj = Datadog::Security::WAF.ruby_to_object(rule)
310
+ rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
310
311
  if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
311
312
  fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
312
313
  end
313
314
 
314
- config_obj = Datadog::Security::WAF::LibDDWAF::Config.new
315
+ config_obj = Datadog::AppSec::WAF::LibDDWAF::Config.new
315
316
  if config_obj.null?
316
317
  fail LibDDWAF::Error, 'Could not create config struct'
317
318
  end
@@ -320,19 +321,19 @@ module Datadog
320
321
  config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
321
322
  config_obj[:maxTimeStore] = config[:max_time_store] || DEFAULT_MAX_TIME_STORE
322
323
 
323
- @handle_obj = Datadog::Security::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
324
+ @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
324
325
  if @handle_obj.null?
325
326
  fail LibDDWAF::Error, 'Could not create handle'
326
327
  end
327
328
 
328
329
  ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
329
330
  ensure
330
- Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
331
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
331
332
  end
332
333
 
333
334
  def self.finalizer(handle_obj)
334
335
  proc do |object_id|
335
- Datadog::Security::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
336
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
336
337
  end
337
338
  end
338
339
  end
@@ -344,19 +345,24 @@ module Datadog
344
345
 
345
346
  def initialize(handle)
346
347
  handle_obj = handle.handle_obj
347
- free_func = Datadog::Security::WAF::LibDDWAF::ObjectNoFree
348
+ free_func = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
348
349
 
349
- @context_obj = Datadog::Security::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
350
+ @context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
350
351
  if @context_obj.null?
351
352
  fail LibDDWAF::Error, 'Could not create context'
352
353
  end
353
354
 
354
- ObjectSpace.define_finalizer(self, Context.finalizer(context_obj))
355
+ @input_objs = []
356
+
357
+ ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
355
358
  end
356
359
 
357
- def self.finalizer(context_obj)
360
+ def self.finalizer(context_obj, input_objs)
358
361
  proc do |object_id|
359
- Datadog::Security::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
362
+ input_objs.each do |input_obj|
363
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(input_obj)
364
+ end
365
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
360
366
  end
361
367
  end
362
368
 
@@ -372,17 +378,20 @@ module Datadog
372
378
  }
373
379
 
374
380
  def run(input, timeout = DEFAULT_TIMEOUT_US)
375
- input_obj = Datadog::Security::WAF.ruby_to_object(input)
381
+ input_obj = Datadog::AppSec::WAF.ruby_to_object(input)
376
382
  if input_obj.null?
377
383
  fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
378
384
  end
379
385
 
380
- result_obj = Datadog::Security::WAF::LibDDWAF::Result.new
386
+ result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
381
387
  if result_obj.null?
382
388
  fail LibDDWAF::Error, "Could not create result object"
383
389
  end
384
390
 
385
- code = Datadog::Security::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
391
+ # retain C objects in memory for subsequent calls to run
392
+ @input_objs << input_obj
393
+
394
+ code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
386
395
 
387
396
  result = Result.new(
388
397
  ACTION_MAP_OUT[result_obj[:action]],
@@ -393,8 +402,7 @@ module Datadog
393
402
 
394
403
  [ACTION_MAP_OUT[code], result]
395
404
  ensure
396
- Datadog::Security::WAF::LibDDWAF.ddwaf_object_free(input_obj) if input_obj
397
- Datadog::Security::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
405
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
398
406
  end
399
407
  end
400
408
  end
data/lib/libddwaf.rb CHANGED
@@ -1 +1 @@
1
- require 'datadog/security/waf'
1
+ require 'datadog/appsec/waf'
data/libddwaf.gemspec CHANGED
@@ -2,12 +2,12 @@
2
2
 
3
3
  lib = File.expand_path('../lib', __FILE__)
4
4
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
- require 'datadog/security/waf/version'
5
+ require 'datadog/appsec/waf/version'
6
6
 
7
7
  Gem::Specification.new do |spec|
8
8
  spec.name = 'libddwaf'
9
- spec.version = Datadog::Security::WAF::VERSION::STRING
10
- spec.required_ruby_version = [">= #{Datadog::Security::WAF::VERSION::MINIMUM_RUBY_VERSION}", "< #{Datadog::Security::WAF::VERSION::MAXIMUM_RUBY_VERSION}"]
9
+ spec.version = Datadog::AppSec::WAF::VERSION::STRING
10
+ spec.required_ruby_version = [">= #{Datadog::AppSec::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
11
11
  spec.required_rubygems_version = '>= 2.0.0'
12
12
  spec.authors = ['Datadog, Inc.']
13
13
  spec.email = ['dev@datadoghq.com']
@@ -36,5 +36,5 @@ Gem::Specification.new do |spec|
36
36
  end
37
37
  spec.require_paths = ['lib']
38
38
 
39
- spec.add_dependency 'ffi'
39
+ spec.add_dependency 'ffi', '~> 1.0'
40
40
  end
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.13.0.0.beta1
4
+ version: 1.0.14.2.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-23 00:00:00.000000000 Z
11
+ date: 2022-02-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: '1.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: '1.0'
27
27
  description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
28
28
 
29
29
  '
@@ -43,8 +43,8 @@ files:
43
43
  - LICENSE.BSD3
44
44
  - NOTICE
45
45
  - README.md
46
- - lib/datadog/security/waf.rb
47
- - lib/datadog/security/waf/version.rb
46
+ - lib/datadog/appsec/waf.rb
47
+ - lib/datadog/appsec/waf/version.rb
48
48
  - lib/libddwaf.rb
49
49
  - libddwaf.gemspec
50
50
  homepage: https://github.com/DataDog/libddwaf
@@ -61,9 +61,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
61
61
  - - ">="
62
62
  - !ruby/object:Gem::Version
63
63
  version: '2.1'
64
- - - "<"
65
- - !ruby/object:Gem::Version
66
- version: '3.2'
67
64
  required_rubygems_version: !ruby/object:Gem::Requirement
68
65
  requirements:
69
66
  - - ">="
data/lib/datadog/security/waf/version.rb DELETED
@@ -1,12 +0,0 @@
1
- module Datadog
2
- module Security
3
- module WAF
4
- module VERSION
5
- BASE_STRING = '1.0.13'
6
- STRING = "#{BASE_STRING}.0.0.beta1"
7
- MINIMUM_RUBY_VERSION = '2.1'
8
- MAXIMUM_RUBY_VERSION = '3.2'
9
- end
10
- end
11
- end
12
- end