libddwaf 1.0.13.0.0.beta1 → 1.0.14.2.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/package.yml +2 -2
- data/.github/workflows/test.yml +4 -4
- data/lib/datadog/appsec/waf/version.rb +11 -0
- data/lib/datadog/{security → appsec}/waf.rb +53 -45
- data/lib/libddwaf.rb +1 -1
- data/libddwaf.gemspec +4 -4
- metadata +8 -11
- data/lib/datadog/security/waf/version.rb +0 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7b29660223d4cbaa2ae55fa533ab6f4b5693f9a398b8eaeb5591f44185a9dde3
|
4
|
+
data.tar.gz: 8a49e7b4b1c300b24383045bb6186d2bb82e7865b0b42e6eea56ea08078d923d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0d1b055dad77321607a85b4c9cdf363dc9720c0a68545243f71d76c0f673c8f2ddddd0df10e3b8a48496e33e67b620e5a88b0d880b1686b7847d1da1388f4c13
|
7
|
+
data.tar.gz: 7246775ac2c4fbe7336efdd4e4a3e278b739725e054865f8ad7200289f8f10de368a8caa0b324d05b5018fecf8f56c5a585e0308786006ae0de5c8e7a9b64c2e
|
@@ -172,7 +172,7 @@ jobs:
|
|
172
172
|
run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
|
173
173
|
- name: Run smoke test
|
174
174
|
run: |
|
175
|
-
docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::
|
175
|
+
docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'v = Datadog::AppSec::WAF::LibDDWAF::Version.new; Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
|
176
176
|
test-darwin:
|
177
177
|
needs: package-binary
|
178
178
|
strategy:
|
@@ -199,4 +199,4 @@ jobs:
|
|
199
199
|
run: gem install --verbose pkg/*.gem
|
200
200
|
- name: Run smoke test
|
201
201
|
run: |
|
202
|
-
ruby -r 'libddwaf' -e 'v = Datadog::
|
202
|
+
ruby -r 'libddwaf' -e 'v = Datadog::AppSec::WAF::LibDDWAF::Version.new; Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version(v); p [v[:major], v[:minor], v[:patch]]'
|
data/.github/workflows/test.yml
CHANGED
@@ -11,13 +11,13 @@ jobs:
|
|
11
11
|
- os: ubuntu-20.04
|
12
12
|
cpu: x86_64
|
13
13
|
platform: x86_64-linux
|
14
|
-
image: ruby:3.1
|
14
|
+
image: ruby:3.1
|
15
15
|
qemu: amd64
|
16
16
|
libc: gnu
|
17
17
|
- os: ubuntu-20.04
|
18
18
|
cpu: aarch64
|
19
19
|
platform: aarch64-linux
|
20
|
-
image: ruby:3.1
|
20
|
+
image: ruby:3.1
|
21
21
|
qemu: arm64
|
22
22
|
libc: gnu
|
23
23
|
- os: ubuntu-20.04
|
@@ -89,13 +89,13 @@ jobs:
|
|
89
89
|
- os: ubuntu-20.04
|
90
90
|
cpu: x86_64
|
91
91
|
platform: x86_64-linux
|
92
|
-
image: ruby:3.1-
|
92
|
+
image: ruby:3.1-alpine
|
93
93
|
qemu: amd64
|
94
94
|
libc: musl
|
95
95
|
- os: ubuntu-20.04
|
96
96
|
cpu: aarch64
|
97
97
|
platform: aarch64-linux
|
98
|
-
image: ruby:3.1-
|
98
|
+
image: ruby:3.1-alpine
|
99
99
|
qemu: arm64
|
100
100
|
libc: musl
|
101
101
|
- os: ubuntu-20.04
|
@@ -1,9 +1,9 @@
|
|
1
1
|
require 'ffi'
|
2
2
|
require 'json'
|
3
|
-
require 'datadog/
|
3
|
+
require 'datadog/appsec/waf/version'
|
4
4
|
|
5
5
|
module Datadog
|
6
|
-
module
|
6
|
+
module AppSec
|
7
7
|
module WAF
|
8
8
|
module LibDDWAF
|
9
9
|
class Error < StandardError; end
|
@@ -15,10 +15,10 @@ module Datadog
|
|
15
15
|
os_name = java.lang.System.get_property('os.name')
|
16
16
|
|
17
17
|
os = case os_name
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
18
|
+
when /linux/i then 'linux'
|
19
|
+
when /mac/i then 'darwin'
|
20
|
+
else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
|
21
|
+
end
|
22
22
|
|
23
23
|
return os
|
24
24
|
end
|
@@ -46,7 +46,7 @@ module Datadog
|
|
46
46
|
end
|
47
47
|
|
48
48
|
def self.shared_lib_path
|
49
|
-
File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::
|
49
|
+
File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
|
50
50
|
end
|
51
51
|
|
52
52
|
ffi_lib [shared_lib_path]
|
@@ -55,8 +55,8 @@ module Datadog
|
|
55
55
|
|
56
56
|
class Version < ::FFI::Struct
|
57
57
|
layout :major, :uint16,
|
58
|
-
|
59
|
-
|
58
|
+
:minor, :uint16,
|
59
|
+
:patch, :uint16
|
60
60
|
end
|
61
61
|
|
62
62
|
typedef Version.by_ref, :ddwaf_version
|
@@ -76,17 +76,17 @@ module Datadog
|
|
76
76
|
|
77
77
|
class ObjectValueUnion < ::FFI::Union
|
78
78
|
layout :stringValue, :charptr,
|
79
|
-
|
80
|
-
|
81
|
-
|
79
|
+
:uintValue, :uint64,
|
80
|
+
:intValue, :int64,
|
81
|
+
:array, :pointer
|
82
82
|
end
|
83
83
|
|
84
84
|
class Object < ::FFI::Struct
|
85
85
|
layout :parameterName, :charptr,
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
86
|
+
:parameterNameLength, :uint64,
|
87
|
+
:valueUnion, ObjectValueUnion,
|
88
|
+
:nbEntries, :uint64,
|
89
|
+
:type, DDWAF_OBJ_TYPE
|
90
90
|
end
|
91
91
|
|
92
92
|
typedef Object.by_ref, :ddwaf_object
|
@@ -118,8 +118,8 @@ module Datadog
|
|
118
118
|
|
119
119
|
class Config < ::FFI::Struct
|
120
120
|
layout :maxArrayLength, :uint64,
|
121
|
-
|
122
|
-
|
121
|
+
:maxMapDepth, :uint64,
|
122
|
+
:maxTimeStore, :uint64
|
123
123
|
end
|
124
124
|
|
125
125
|
typedef Config.by_ref, :ddwaf_config
|
@@ -127,6 +127,8 @@ module Datadog
|
|
127
127
|
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
|
128
128
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
129
129
|
|
130
|
+
attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
|
131
|
+
|
130
132
|
# running
|
131
133
|
|
132
134
|
typedef :pointer, :ddwaf_context
|
@@ -136,7 +138,6 @@ module Datadog
|
|
136
138
|
attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
|
137
139
|
attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
|
138
140
|
|
139
|
-
|
140
141
|
DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
|
141
142
|
:ddwaf_err_invalid_object, -3,
|
142
143
|
:ddwaf_err_invalid_argument, -2,
|
@@ -147,9 +148,9 @@ module Datadog
|
|
147
148
|
|
148
149
|
class Result < ::FFI::Struct
|
149
150
|
layout :action, DDWAF_RET_CODE,
|
150
|
-
|
151
|
-
|
152
|
-
|
151
|
+
:data, :string,
|
152
|
+
:perfData, :string,
|
153
|
+
:perfTotalRuntime, :uint32 # in us
|
153
154
|
end
|
154
155
|
|
155
156
|
typedef Result.by_ref, :ddwaf_result
|
@@ -161,11 +162,11 @@ module Datadog
|
|
161
162
|
# logging
|
162
163
|
|
163
164
|
DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
165
|
+
:ddwaf_log_debug,
|
166
|
+
:ddwaf_log_info,
|
167
|
+
:ddwaf_log_warn,
|
168
|
+
:ddwaf_log_error,
|
169
|
+
:ddwaf_log_off
|
169
170
|
|
170
171
|
callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
|
171
172
|
|
@@ -280,8 +281,8 @@ module Datadog
|
|
280
281
|
end
|
281
282
|
when :ddwaf_obj_map
|
282
283
|
(0...obj[:nbEntries]).each.with_object({}) do |i, h|
|
283
|
-
ptr = obj[:valueUnion][:array] + i * Datadog::
|
284
|
-
o = Datadog::
|
284
|
+
ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
|
285
|
+
o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
|
285
286
|
l = o[:parameterNameLength]
|
286
287
|
k = o[:parameterName].read_bytes(l)
|
287
288
|
v = object_to_ruby(LibDDWAF::Object.new(ptr))
|
@@ -295,7 +296,7 @@ module Datadog
|
|
295
296
|
logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
|
296
297
|
end
|
297
298
|
|
298
|
-
Datadog::
|
299
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
|
299
300
|
end
|
300
301
|
|
301
302
|
class Handle
|
@@ -306,12 +307,12 @@ module Datadog
|
|
306
307
|
DEFAULT_MAX_TIME_STORE = 0
|
307
308
|
|
308
309
|
def initialize(rule, config = {})
|
309
|
-
rule_obj = Datadog::
|
310
|
+
rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
|
310
311
|
if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
|
311
312
|
fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
|
312
313
|
end
|
313
314
|
|
314
|
-
config_obj = Datadog::
|
315
|
+
config_obj = Datadog::AppSec::WAF::LibDDWAF::Config.new
|
315
316
|
if config_obj.null?
|
316
317
|
fail LibDDWAF::Error, 'Could not create config struct'
|
317
318
|
end
|
@@ -320,19 +321,19 @@ module Datadog
|
|
320
321
|
config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
|
321
322
|
config_obj[:maxTimeStore] = config[:max_time_store] || DEFAULT_MAX_TIME_STORE
|
322
323
|
|
323
|
-
@handle_obj = Datadog::
|
324
|
+
@handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
|
324
325
|
if @handle_obj.null?
|
325
326
|
fail LibDDWAF::Error, 'Could not create handle'
|
326
327
|
end
|
327
328
|
|
328
329
|
ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
|
329
330
|
ensure
|
330
|
-
Datadog::
|
331
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
|
331
332
|
end
|
332
333
|
|
333
334
|
def self.finalizer(handle_obj)
|
334
335
|
proc do |object_id|
|
335
|
-
Datadog::
|
336
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
|
336
337
|
end
|
337
338
|
end
|
338
339
|
end
|
@@ -344,19 +345,24 @@ module Datadog
|
|
344
345
|
|
345
346
|
def initialize(handle)
|
346
347
|
handle_obj = handle.handle_obj
|
347
|
-
free_func = Datadog::
|
348
|
+
free_func = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
|
348
349
|
|
349
|
-
@context_obj = Datadog::
|
350
|
+
@context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
|
350
351
|
if @context_obj.null?
|
351
352
|
fail LibDDWAF::Error, 'Could not create context'
|
352
353
|
end
|
353
354
|
|
354
|
-
|
355
|
+
@input_objs = []
|
356
|
+
|
357
|
+
ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
|
355
358
|
end
|
356
359
|
|
357
|
-
def self.finalizer(context_obj)
|
360
|
+
def self.finalizer(context_obj, input_objs)
|
358
361
|
proc do |object_id|
|
359
|
-
|
362
|
+
input_objs.each do |input_obj|
|
363
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(input_obj)
|
364
|
+
end
|
365
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
|
360
366
|
end
|
361
367
|
end
|
362
368
|
|
@@ -372,17 +378,20 @@ module Datadog
|
|
372
378
|
}
|
373
379
|
|
374
380
|
def run(input, timeout = DEFAULT_TIMEOUT_US)
|
375
|
-
input_obj = Datadog::
|
381
|
+
input_obj = Datadog::AppSec::WAF.ruby_to_object(input)
|
376
382
|
if input_obj.null?
|
377
383
|
fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
|
378
384
|
end
|
379
385
|
|
380
|
-
result_obj = Datadog::
|
386
|
+
result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
|
381
387
|
if result_obj.null?
|
382
388
|
fail LibDDWAF::Error, "Could not create result object"
|
383
389
|
end
|
384
390
|
|
385
|
-
|
391
|
+
# retain C objects in memory for subsequent calls to run
|
392
|
+
@input_objs << input_obj
|
393
|
+
|
394
|
+
code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
|
386
395
|
|
387
396
|
result = Result.new(
|
388
397
|
ACTION_MAP_OUT[result_obj[:action]],
|
@@ -393,8 +402,7 @@ module Datadog
|
|
393
402
|
|
394
403
|
[ACTION_MAP_OUT[code], result]
|
395
404
|
ensure
|
396
|
-
Datadog::
|
397
|
-
Datadog::Security::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
405
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
398
406
|
end
|
399
407
|
end
|
400
408
|
end
|
data/lib/libddwaf.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require 'datadog/
|
1
|
+
require 'datadog/appsec/waf'
|
data/libddwaf.gemspec
CHANGED
@@ -2,12 +2,12 @@
|
|
2
2
|
|
3
3
|
lib = File.expand_path('../lib', __FILE__)
|
4
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
-
require 'datadog/
|
5
|
+
require 'datadog/appsec/waf/version'
|
6
6
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
8
|
spec.name = 'libddwaf'
|
9
|
-
spec.version = Datadog::
|
10
|
-
spec.required_ruby_version = [">= #{Datadog::
|
9
|
+
spec.version = Datadog::AppSec::WAF::VERSION::STRING
|
10
|
+
spec.required_ruby_version = [">= #{Datadog::AppSec::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
|
11
11
|
spec.required_rubygems_version = '>= 2.0.0'
|
12
12
|
spec.authors = ['Datadog, Inc.']
|
13
13
|
spec.email = ['dev@datadoghq.com']
|
@@ -36,5 +36,5 @@ Gem::Specification.new do |spec|
|
|
36
36
|
end
|
37
37
|
spec.require_paths = ['lib']
|
38
38
|
|
39
|
-
spec.add_dependency 'ffi'
|
39
|
+
spec.add_dependency 'ffi', '~> 1.0'
|
40
40
|
end
|
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libddwaf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.14.2.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Datadog, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0'
|
19
|
+
version: '1.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '0'
|
26
|
+
version: '1.0'
|
27
27
|
description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
|
28
28
|
|
29
29
|
'
|
@@ -43,8 +43,8 @@ files:
|
|
43
43
|
- LICENSE.BSD3
|
44
44
|
- NOTICE
|
45
45
|
- README.md
|
46
|
-
- lib/datadog/
|
47
|
-
- lib/datadog/
|
46
|
+
- lib/datadog/appsec/waf.rb
|
47
|
+
- lib/datadog/appsec/waf/version.rb
|
48
48
|
- lib/libddwaf.rb
|
49
49
|
- libddwaf.gemspec
|
50
50
|
homepage: https://github.com/DataDog/libddwaf
|
@@ -61,9 +61,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
61
61
|
- - ">="
|
62
62
|
- !ruby/object:Gem::Version
|
63
63
|
version: '2.1'
|
64
|
-
- - "<"
|
65
|
-
- !ruby/object:Gem::Version
|
66
|
-
version: '3.2'
|
67
64
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
68
65
|
requirements:
|
69
66
|
- - ">="
|