libddwaf 1.0.14.1.0.beta1-x86_64-linux → 1.0.14.2.1.beta1-x86_64-linux
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/datadog/{security → appsec}/waf/version.rb +2 -3
- data/lib/datadog/{security → appsec}/waf.rb +23 -27
- data/lib/libddwaf.rb +1 -1
- metadata +8 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cbbad6a0fc8e957d7110a4b66d42d64e7dd3aade7116b442c38b8bf270b54c86
|
|
4
|
+
data.tar.gz: '0181b7399b0a59a4e14e455ad2737c8ec15820c7365913fae22e34679a5bfc22'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 493dec85beac29a1dbb4c0319177b09839248896d4f91f3478013031082858c6ea33aa9df5e6da3f5aa4ac2b822ed0168690c82b27076d27179ed9afa0559391
|
|
7
|
+
data.tar.gz: d89ee2e9c995ee60c4f52563c95dc313be90cd271f86efe4b614213829e65ea2d7e874e1a1b235f7fc6ac6df0503ade24ac5ed9d32cfcc307de341d67321bacc
|
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
module Datadog
|
|
2
|
-
module
|
|
2
|
+
module AppSec
|
|
3
3
|
module WAF
|
|
4
4
|
module VERSION
|
|
5
5
|
BASE_STRING = '1.0.14'
|
|
6
|
-
STRING = "#{BASE_STRING}.1.
|
|
6
|
+
STRING = "#{BASE_STRING}.2.1.beta1"
|
|
7
7
|
MINIMUM_RUBY_VERSION = '2.1'
|
|
8
|
-
MAXIMUM_RUBY_VERSION = '3.2'
|
|
9
8
|
end
|
|
10
9
|
end
|
|
11
10
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
require 'ffi'
|
|
2
2
|
require 'json'
|
|
3
|
-
require 'datadog/
|
|
3
|
+
require 'datadog/appsec/waf/version'
|
|
4
4
|
|
|
5
5
|
module Datadog
|
|
6
|
-
module
|
|
6
|
+
module AppSec
|
|
7
7
|
module WAF
|
|
8
8
|
module LibDDWAF
|
|
9
9
|
class Error < StandardError; end
|
|
@@ -46,7 +46,7 @@ module Datadog
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
def self.shared_lib_path
|
|
49
|
-
File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::
|
|
49
|
+
File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
ffi_lib [shared_lib_path]
|
|
@@ -127,6 +127,8 @@ module Datadog
|
|
|
127
127
|
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
|
|
128
128
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
|
129
129
|
|
|
130
|
+
attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
|
|
131
|
+
|
|
130
132
|
# running
|
|
131
133
|
|
|
132
134
|
typedef :pointer, :ddwaf_context
|
|
@@ -251,13 +253,7 @@ module Datadog
|
|
|
251
253
|
|
|
252
254
|
obj
|
|
253
255
|
else
|
|
254
|
-
|
|
255
|
-
res = LibDDWAF.ddwaf_object_invalid(obj)
|
|
256
|
-
if res.null?
|
|
257
|
-
fail LibDDWAF::Error, "Could not convert into object: #{val}"
|
|
258
|
-
end
|
|
259
|
-
|
|
260
|
-
obj
|
|
256
|
+
ruby_to_object(''.freeze)
|
|
261
257
|
end
|
|
262
258
|
end
|
|
263
259
|
|
|
@@ -279,8 +275,8 @@ module Datadog
|
|
|
279
275
|
end
|
|
280
276
|
when :ddwaf_obj_map
|
|
281
277
|
(0...obj[:nbEntries]).each.with_object({}) do |i, h|
|
|
282
|
-
ptr = obj[:valueUnion][:array] + i * Datadog::
|
|
283
|
-
o = Datadog::
|
|
278
|
+
ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
|
|
279
|
+
o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
|
|
284
280
|
l = o[:parameterNameLength]
|
|
285
281
|
k = o[:parameterName].read_bytes(l)
|
|
286
282
|
v = object_to_ruby(LibDDWAF::Object.new(ptr))
|
|
@@ -294,7 +290,7 @@ module Datadog
|
|
|
294
290
|
logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
|
|
295
291
|
end
|
|
296
292
|
|
|
297
|
-
Datadog::
|
|
293
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
|
|
298
294
|
end
|
|
299
295
|
|
|
300
296
|
class Handle
|
|
@@ -305,12 +301,12 @@ module Datadog
|
|
|
305
301
|
DEFAULT_MAX_TIME_STORE = 0
|
|
306
302
|
|
|
307
303
|
def initialize(rule, config = {})
|
|
308
|
-
rule_obj = Datadog::
|
|
304
|
+
rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
|
|
309
305
|
if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
|
|
310
306
|
fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
|
|
311
307
|
end
|
|
312
308
|
|
|
313
|
-
config_obj = Datadog::
|
|
309
|
+
config_obj = Datadog::AppSec::WAF::LibDDWAF::Config.new
|
|
314
310
|
if config_obj.null?
|
|
315
311
|
fail LibDDWAF::Error, 'Could not create config struct'
|
|
316
312
|
end
|
|
@@ -319,19 +315,19 @@ module Datadog
|
|
|
319
315
|
config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
|
|
320
316
|
config_obj[:maxTimeStore] = config[:max_time_store] || DEFAULT_MAX_TIME_STORE
|
|
321
317
|
|
|
322
|
-
@handle_obj = Datadog::
|
|
318
|
+
@handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
|
|
323
319
|
if @handle_obj.null?
|
|
324
320
|
fail LibDDWAF::Error, 'Could not create handle'
|
|
325
321
|
end
|
|
326
322
|
|
|
327
323
|
ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
|
|
328
324
|
ensure
|
|
329
|
-
Datadog::
|
|
325
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
|
|
330
326
|
end
|
|
331
327
|
|
|
332
328
|
def self.finalizer(handle_obj)
|
|
333
329
|
proc do |object_id|
|
|
334
|
-
Datadog::
|
|
330
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
|
|
335
331
|
end
|
|
336
332
|
end
|
|
337
333
|
end
|
|
@@ -343,9 +339,9 @@ module Datadog
|
|
|
343
339
|
|
|
344
340
|
def initialize(handle)
|
|
345
341
|
handle_obj = handle.handle_obj
|
|
346
|
-
free_func = Datadog::
|
|
342
|
+
free_func = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
|
|
347
343
|
|
|
348
|
-
@context_obj = Datadog::
|
|
344
|
+
@context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
|
|
349
345
|
if @context_obj.null?
|
|
350
346
|
fail LibDDWAF::Error, 'Could not create context'
|
|
351
347
|
end
|
|
@@ -358,9 +354,9 @@ module Datadog
|
|
|
358
354
|
def self.finalizer(context_obj, input_objs)
|
|
359
355
|
proc do |object_id|
|
|
360
356
|
input_objs.each do |input_obj|
|
|
361
|
-
Datadog::
|
|
357
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(input_obj)
|
|
362
358
|
end
|
|
363
|
-
Datadog::
|
|
359
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
|
|
364
360
|
end
|
|
365
361
|
end
|
|
366
362
|
|
|
@@ -369,19 +365,19 @@ module Datadog
|
|
|
369
365
|
ddwaf_err_internal: :err_internal,
|
|
370
366
|
ddwaf_err_invalid_object: :err_invalid_object,
|
|
371
367
|
ddwaf_err_invalid_argument: :err_invalid_argument,
|
|
372
|
-
ddwaf_err_timeout: :
|
|
368
|
+
ddwaf_err_timeout: :err_timeout,
|
|
373
369
|
ddwaf_good: :good,
|
|
374
370
|
ddwaf_monitor: :monitor,
|
|
375
371
|
ddwaf_block: :block,
|
|
376
372
|
}
|
|
377
373
|
|
|
378
374
|
def run(input, timeout = DEFAULT_TIMEOUT_US)
|
|
379
|
-
input_obj = Datadog::
|
|
375
|
+
input_obj = Datadog::AppSec::WAF.ruby_to_object(input)
|
|
380
376
|
if input_obj.null?
|
|
381
377
|
fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
|
|
382
378
|
end
|
|
383
379
|
|
|
384
|
-
result_obj = Datadog::
|
|
380
|
+
result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
|
|
385
381
|
if result_obj.null?
|
|
386
382
|
fail LibDDWAF::Error, "Could not create result object"
|
|
387
383
|
end
|
|
@@ -389,7 +385,7 @@ module Datadog
|
|
|
389
385
|
# retain C objects in memory for subsequent calls to run
|
|
390
386
|
@input_objs << input_obj
|
|
391
387
|
|
|
392
|
-
code = Datadog::
|
|
388
|
+
code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
|
|
393
389
|
|
|
394
390
|
result = Result.new(
|
|
395
391
|
ACTION_MAP_OUT[result_obj[:action]],
|
|
@@ -400,7 +396,7 @@ module Datadog
|
|
|
400
396
|
|
|
401
397
|
[ACTION_MAP_OUT[code], result]
|
|
402
398
|
ensure
|
|
403
|
-
Datadog::
|
|
399
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
|
404
400
|
end
|
|
405
401
|
end
|
|
406
402
|
end
|
data/lib/libddwaf.rb
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
require 'datadog/
|
|
1
|
+
require 'datadog/appsec/waf'
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libddwaf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.14.1.
|
|
4
|
+
version: 1.0.14.2.1.beta1
|
|
5
5
|
platform: x86_64-linux
|
|
6
6
|
authors:
|
|
7
7
|
- Datadog, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-03-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
19
|
+
version: '1.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
26
|
+
version: '1.0'
|
|
27
27
|
description: 'libddwaf packages a WAF implementation in C++, exposed to Ruby
|
|
28
28
|
|
|
29
29
|
'
|
|
@@ -38,8 +38,8 @@ files:
|
|
|
38
38
|
- LICENSE.Apache
|
|
39
39
|
- LICENSE.BSD3
|
|
40
40
|
- NOTICE
|
|
41
|
-
- lib/datadog/
|
|
42
|
-
- lib/datadog/
|
|
41
|
+
- lib/datadog/appsec/waf.rb
|
|
42
|
+
- lib/datadog/appsec/waf/version.rb
|
|
43
43
|
- lib/libddwaf.rb
|
|
44
44
|
- vendor/libddwaf/libddwaf-1.0.14-linux-x86_64/include/ddwaf.h
|
|
45
45
|
- vendor/libddwaf/libddwaf-1.0.14-linux-x86_64/lib/libddwaf.so
|
|
@@ -57,9 +57,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
57
57
|
- - ">="
|
|
58
58
|
- !ruby/object:Gem::Version
|
|
59
59
|
version: '2.1'
|
|
60
|
-
- - "<"
|
|
61
|
-
- !ruby/object:Gem::Version
|
|
62
|
-
version: '3.2'
|
|
63
60
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
64
61
|
requirements:
|
|
65
62
|
- - ">="
|