libddwaf 1.0.14.2.1.beta1 → 1.3.0.1.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/datadog/appsec/waf/version.rb +2 -2
  3. data/lib/datadog/appsec/waf.rb +111 -28
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e0e9161c6e4b7bc71963dbdd1dccd97c39746e5eee90015a41f2d57cee377031
4
- data.tar.gz: 4781e93c1751034e1978a7feb0fe53dd7f8e1885fb9a5cd9d55e48744ee224f1
3
+ metadata.gz: f08099f754c71a8e53726a1630a854024e2f07f61eb4e97766a03d8cf577b5ba
4
+ data.tar.gz: be443d67e7ec09184360498e01b25e3820922df0bc3cb2c0c922e3f8e730b422
5
5
  SHA512:
6
- metadata.gz: '0847c77f7f0e4814cb87c195947d74f90143091a45f9c4fee2779552fb995c8753188397c8631373ddbd8e3c195fa8803b0ab52aa5b7414c19d6164bd88ea31f'
7
- data.tar.gz: 03d731a4309c4337008273bd6f8061ea0858e396d64a4f53f46d478f0d59a584c945d7087b1a62fbd51ba8b756fa29281c341ef4546a913dc52191e334af3dcb
6
+ metadata.gz: c0444eee4ac5ce5eb1b0f0116a65dc8a5b743bee9963cc93832904355340f2489a11805086e871cdd7bb928ba8a217aebdc3cff824b2f5c134daea8716a1863a
7
+ data.tar.gz: f01abfb200387bd70574f95285b9c9681ba1bafb43548d8abc522a3c63f5bcacd3738a8617b02b4949b8582ce67627f9f54fb04fced1b9b2c4e2ff342886ae04
data/lib/datadog/appsec/waf/version.rb CHANGED
@@ -2,8 +2,8 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = '1.0.14'
6
- STRING = "#{BASE_STRING}.2.1.beta1"
5
+ BASE_STRING = '1.3.0'
6
+ STRING = "#{BASE_STRING}.1.0.beta1"
7
7
  MINIMUM_RUBY_VERSION = '2.1'
8
8
  end
9
9
  end
data/lib/datadog/appsec/waf.rb CHANGED
@@ -6,7 +6,13 @@ module Datadog
6
6
  module AppSec
7
7
  module WAF
8
8
  module LibDDWAF
9
- class Error < StandardError; end
9
+ class Error < StandardError
10
+ attr_reader :ruleset_info
11
+
12
+ def initialize(msg, ruleset_info: nil)
13
+ @ruleset_info = ruleset_info
14
+ end
15
+ end
10
16
 
11
17
  extend ::FFI::Library
12
18
 
@@ -73,6 +79,25 @@ module Datadog
73
79
  :ddwaf_obj_map, 1 << 4
74
80
 
75
81
  typedef :pointer, :charptr
82
+ typedef :pointer, :charptrptr
83
+
84
+ class UInt32Ptr < ::FFI::Struct
85
+ layout :value, :uint32
86
+ end
87
+
88
+ typedef UInt32Ptr.by_ref, :uint32ptr
89
+
90
+ class UInt64Ptr < ::FFI::Struct
91
+ layout :value, :uint64
92
+ end
93
+
94
+ typedef UInt64Ptr.by_ref, :uint64ptr
95
+
96
+ class SizeTPtr < ::FFI::Struct
97
+ layout :value, :size_t
98
+ end
99
+
100
+ typedef SizeTPtr.by_ref, :sizeptr
76
101
 
77
102
  class ObjectValueUnion < ::FFI::Union
78
103
  layout :stringValue, :charptr,
@@ -91,6 +116,8 @@ module Datadog
91
116
 
92
117
  typedef Object.by_ref, :ddwaf_object
93
118
 
119
+ ## setters
120
+
94
121
  attach_function :ddwaf_object_invalid, [:ddwaf_object], :ddwaf_object
95
122
  attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
96
123
  attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
@@ -108,6 +135,19 @@ module Datadog
108
135
  attach_function :ddwaf_object_map_addl, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
109
136
  attach_function :ddwaf_object_map_addl_nc, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
110
137
 
138
+ ## getters
139
+
140
+ attach_function :ddwaf_object_type, [:ddwaf_object], DDWAF_OBJ_TYPE
141
+ attach_function :ddwaf_object_size, [:ddwaf_object], :uint64
142
+ attach_function :ddwaf_object_length, [:ddwaf_object], :size_t
143
+ attach_function :ddwaf_object_get_key, [:ddwaf_object, :sizeptr], :charptr
144
+ attach_function :ddwaf_object_get_string, [:ddwaf_object, :sizeptr], :charptr
145
+ attach_function :ddwaf_object_get_unsigned, [:ddwaf_object], :uint64
146
+ attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
147
+ attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
148
+
149
+ ## freeers
150
+
111
151
  ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
112
152
  ObjectNoFree = ::FFI::Pointer::NULL
113
153
 
@@ -117,17 +157,39 @@ module Datadog
117
157
  typedef Object.by_ref, :ddwaf_rule
118
158
 
119
159
  class Config < ::FFI::Struct
120
- layout :maxArrayLength, :uint64,
121
- :maxMapDepth, :uint64,
122
- :maxTimeStore, :uint64
160
+ class Limits < ::FFI::Struct
161
+ layout :max_container_size, :uint32,
162
+ :max_container_depth, :uint32,
163
+ :max_string_length, :uint32
164
+ end
165
+
166
+ class Obfuscator < ::FFI::Struct
167
+ layout :key_regex, :pointer, # :charptr
168
+ :value_regex, :pointer # :charptr
169
+ end
170
+
171
+ layout :limits, Limits,
172
+ :obfuscator, Obfuscator
123
173
  end
124
174
 
125
175
  typedef Config.by_ref, :ddwaf_config
126
176
 
127
- attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
177
+ class RuleSetInfo < ::FFI::Struct
178
+ layout :loaded, :uint16,
179
+ :failed, :uint16,
180
+ :errors, Object,
181
+ :version, :string
182
+ end
183
+
184
+ typedef RuleSetInfo.by_ref, :ddwaf_ruleset_info
185
+ RuleSetInfoNone = Datadog::AppSec::WAF::LibDDWAF::RuleSetInfo.new(::FFI::Pointer::NULL)
186
+
187
+ attach_function :ddwaf_ruleset_info_free, [:ddwaf_ruleset_info], :void
188
+
189
+ attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
128
190
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
129
191
 
130
- attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
192
+ attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
131
193
 
132
194
  # running
133
195
 
@@ -138,19 +200,17 @@ module Datadog
138
200
  attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
139
201
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
140
202
 
141
- DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
142
- :ddwaf_err_invalid_object, -3,
143
- :ddwaf_err_invalid_argument, -2,
144
- :ddwaf_err_timeout, -1,
203
+ DDWAF_RET_CODE = enum :ddwaf_err_internal, -3,
204
+ :ddwaf_err_invalid_object, -2,
205
+ :ddwaf_err_invalid_argument, -1,
145
206
  :ddwaf_good, 0,
146
207
  :ddwaf_monitor, 1,
147
208
  :ddwaf_block, 2
148
209
 
149
210
  class Result < ::FFI::Struct
150
- layout :action, DDWAF_RET_CODE,
211
+ layout :timeout, :bool,
151
212
  :data, :string,
152
- :perfData, :string,
153
- :perfTotalRuntime, :uint32 # in us
213
+ :total_runtime, :uint64
154
214
  end
155
215
 
156
216
  typedef Result.by_ref, :ddwaf_result
@@ -287,7 +347,7 @@ module Datadog
287
347
 
288
348
  def self.logger=(logger)
289
349
  @log_cb = proc do |level, func, file, line, message, len|
290
- logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
350
+ logger.debug { { level: level, func: func, file: file, line: line, message: message.read_bytes(len) }.inspect }
291
351
  end
292
352
 
293
353
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
@@ -296,11 +356,13 @@ module Datadog
296
356
  class Handle
297
357
  attr_reader :handle_obj
298
358
 
299
- DEFAULT_MAX_ARRAY_LENGTH = 0
300
- DEFAULT_MAX_MAP_DEPTH = 0
301
- DEFAULT_MAX_TIME_STORE = 0
359
+ DEFAULT_MAX_CONTAINER_SIZE = 0
360
+ DEFAULT_MAX_CONTAINER_DEPTH = 0
361
+ DEFAULT_MAX_STRING_LENGTH = 0
302
362
 
303
- def initialize(rule, config = {})
363
+ attr_reader :ruleset_info
364
+
365
+ def initialize(rule, limits: {}, obfuscator: {})
304
366
  rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
305
367
  if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
306
368
  fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
@@ -311,17 +373,30 @@ module Datadog
311
373
  fail LibDDWAF::Error, 'Could not create config struct'
312
374
  end
313
375
 
314
- config_obj[:maxArrayLength] = config[:max_array_length] || DEFAULT_MAX_ARRAY_LENGTH
315
- config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
316
- config_obj[:maxTimeStore] = config[:max_time_store] || DEFAULT_MAX_TIME_STORE
376
+ config_obj[:limits][:max_container_size] = limits[:max_container_size] || DEFAULT_MAX_CONTAINER_SIZE
377
+ config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || DEFAULT_MAX_CONTAINER_DEPTH
378
+ config_obj[:limits][:max_string_length] = limits[:max_string_length] || DEFAULT_MAX_STRING_LENGTH
379
+ config_obj[:obfuscator][:key_regex] = FFI::MemoryPointer.from_string(obfuscator[:key_regex]) if obfuscator[:key_regex]
380
+ config_obj[:obfuscator][:value_regex] = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
381
+
382
+ ruleset_info = LibDDWAF::RuleSetInfo.new
383
+
384
+ @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
385
+
386
+ @ruleset_info = {
387
+ loaded: ruleset_info[:loaded],
388
+ failed: ruleset_info[:failed],
389
+ errors: WAF.object_to_ruby(ruleset_info[:errors]),
390
+ version: ruleset_info[:version],
391
+ }
317
392
 
318
- @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
319
393
  if @handle_obj.null?
320
- fail LibDDWAF::Error, 'Could not create handle'
394
+ fail LibDDWAF::Error.new('Could not create handle', ruleset_info: @ruleset_info)
321
395
  end
322
396
 
323
397
  ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
324
398
  ensure
399
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_ruleset_info_free(ruleset_info) if ruleset_info
325
400
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
326
401
  end
327
402
 
@@ -330,9 +405,18 @@ module Datadog
330
405
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
331
406
  end
332
407
  end
408
+
409
+ def required_addresses
410
+ count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
411
+ list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
412
+
413
+ return [] if count == 0 # list is null
414
+
415
+ list.get_array_of_string(0, count[:value])
416
+ end
333
417
  end
334
418
 
335
- Result = Struct.new(:action, :data, :perf_data, :perf_total_runtime)
419
+ Result = Struct.new(:action, :data, :total_runtime, :timeout)
336
420
 
337
421
  class Context
338
422
  attr_reader :context_obj
@@ -365,7 +449,6 @@ module Datadog
365
449
  ddwaf_err_internal: :err_internal,
366
450
  ddwaf_err_invalid_object: :err_invalid_object,
367
451
  ddwaf_err_invalid_argument: :err_invalid_argument,
368
- ddwaf_err_timeout: :err_timeout,
369
452
  ddwaf_good: :good,
370
453
  ddwaf_monitor: :monitor,
371
454
  ddwaf_block: :block,
@@ -388,10 +471,10 @@ module Datadog
388
471
  code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
389
472
 
390
473
  result = Result.new(
391
- ACTION_MAP_OUT[result_obj[:action]],
474
+ ACTION_MAP_OUT[code],
392
475
  (JSON.parse(result_obj[:data]) if result_obj[:data] != nil),
393
- (JSON.parse(result_obj[:perfData]) if result_obj[:perfData] != nil),
394
- result_obj[:perfTotalRuntime],
476
+ result_obj[:total_runtime],
477
+ result_obj[:timeout],
395
478
  )
396
479
 
397
480
  [ACTION_MAP_OUT[code], result]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.14.2.1.beta1
4
+ version: 1.3.0.1.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-03 00:00:00.000000000 Z
11
+ date: 2022-04-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi