libddwaf 1.11.0.0.0-x86_64-linux → 1.15.0.0.0-x86_64-linux
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 680463b022230fdf677f2d0e9ac140ca487bb225b23f73c2bbf02219125eaf39
|
4
|
+
data.tar.gz: a00a6cdc1987bd1544626864f1ef371ed922a333e82982516e123702e1a20e60
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2283e51cee5a5d2fcf760f4b2cca60db1278f216d236ea575c8a3ba2509c5000249e6f1056b0aae6d5c1b9af13023f29b26a7b2f88099d65ad30a5635800f31d
|
7
|
+
data.tar.gz: 4ffe31cade9cd4f555e7dadb04aa5a11ca3004b19e2e4249fc43df9d9c7c057ca1cf3c8274b6ca524c6bd37f19508f38ea836b4861b7fdeb252cbe29a1931880
|
data/CHANGELOG.md
CHANGED
@@ -1,8 +1,19 @@
|
|
1
|
+
# 2024-10-29 v.1.15.0.0.0
|
2
|
+
- Update to libddwaf 1.15.0
|
3
|
+
- Changed `Datadog::AppSec::WAF::Context#run` interface to accommodate ephemeral data ([Breaking change](https://github.com/DataDog/libddwaf/blob/master/CHANGELOG.md#v1150-unstable))
|
4
|
+
|
5
|
+
# 2023-09-11 v.1.14.0.0.0
|
6
|
+
- Update to libddwaf 1.14.0
|
7
|
+
- Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
|
8
|
+
|
9
|
+
|
1
10
|
# 2023-08-29 v.1.11.0.0.0
|
2
11
|
|
3
12
|
- Update to libddwaf 1.11.0
|
4
|
-
-
|
5
|
-
The schema of the
|
13
|
+
- Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics`. (Breaking change)
|
14
|
+
The schema of the diagnostics variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
|
15
|
+
- Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
|
16
|
+
The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)
|
6
17
|
|
7
18
|
|
8
19
|
# 2023-08-28 v.1.10.0.0.0
|
data/lib/datadog/appsec/waf.rb
CHANGED
@@ -111,7 +111,10 @@ module Datadog
|
|
111
111
|
:ddwaf_obj_string, 1 << 2,
|
112
112
|
:ddwaf_obj_array, 1 << 3,
|
113
113
|
:ddwaf_obj_map, 1 << 4,
|
114
|
-
:ddwaf_obj_bool, 1 << 5
|
114
|
+
:ddwaf_obj_bool, 1 << 5,
|
115
|
+
:ddwaf_obj_float, 1 << 6,
|
116
|
+
:ddwaf_obj_null, 1 << 7
|
117
|
+
|
115
118
|
typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
|
116
119
|
|
117
120
|
typedef :pointer, :charptr
|
@@ -140,7 +143,8 @@ module Datadog
|
|
140
143
|
:uintValue, :uint64,
|
141
144
|
:intValue, :int64,
|
142
145
|
:array, :pointer,
|
143
|
-
:boolean, :bool
|
146
|
+
:boolean, :bool,
|
147
|
+
:f64, :double
|
144
148
|
end
|
145
149
|
|
146
150
|
class Object < ::FFI::Struct
|
@@ -159,11 +163,13 @@ module Datadog
|
|
159
163
|
attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
|
160
164
|
attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
|
161
165
|
attach_function :ddwaf_object_stringl_nc, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
|
166
|
+
attach_function :ddwaf_object_string_from_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
|
167
|
+
attach_function :ddwaf_object_string_from_signed, [:ddwaf_object, :int64], :ddwaf_object
|
162
168
|
attach_function :ddwaf_object_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
|
163
169
|
attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
|
164
|
-
attach_function :ddwaf_object_unsigned_force, [:ddwaf_object, :uint64], :ddwaf_object
|
165
|
-
attach_function :ddwaf_object_signed_force, [:ddwaf_object, :int64], :ddwaf_object
|
166
170
|
attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
|
171
|
+
attach_function :ddwaf_object_null, [:ddwaf_object], :ddwaf_object
|
172
|
+
attach_function :ddwaf_object_float, [:ddwaf_object, :double], :ddwaf_object
|
167
173
|
|
168
174
|
attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
|
169
175
|
attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
|
@@ -184,6 +190,7 @@ module Datadog
|
|
184
190
|
attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
|
185
191
|
attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
|
186
192
|
attach_function :ddwaf_object_get_bool, [:ddwaf_object], :bool
|
193
|
+
attach_function :ddwaf_object_get_float, [:ddwaf_object], :double
|
187
194
|
|
188
195
|
## freeers
|
189
196
|
|
@@ -220,7 +227,7 @@ module Datadog
|
|
220
227
|
attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
|
221
228
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
222
229
|
|
223
|
-
attach_function :
|
230
|
+
attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
|
224
231
|
|
225
232
|
# updating
|
226
233
|
|
@@ -239,16 +246,17 @@ module Datadog
|
|
239
246
|
attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
|
240
247
|
|
241
248
|
class Result < ::FFI::Struct
|
242
|
-
layout :timeout,
|
243
|
-
:events,
|
244
|
-
:actions,
|
245
|
-
:
|
249
|
+
layout :timeout, :bool,
|
250
|
+
:events, Object,
|
251
|
+
:actions, Object,
|
252
|
+
:derivatives, Object,
|
253
|
+
:total_runtime, :uint64
|
246
254
|
end
|
247
255
|
|
248
256
|
typedef Result.by_ref, :ddwaf_result
|
249
257
|
typedef :uint64, :timeout_us
|
250
258
|
|
251
|
-
attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
|
259
|
+
attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
|
252
260
|
attach_function :ddwaf_result_free, [:ddwaf_result], :void
|
253
261
|
|
254
262
|
# logging
|
@@ -280,7 +288,7 @@ module Datadog
|
|
280
288
|
LibDDWAF.ddwaf_get_version
|
281
289
|
end
|
282
290
|
|
283
|
-
# rubocop:disable Metrics/MethodLength
|
291
|
+
# rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
284
292
|
def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
|
285
293
|
case val
|
286
294
|
when Array
|
@@ -358,9 +366,9 @@ module Datadog
|
|
358
366
|
res = if coerce
|
359
367
|
LibDDWAF.ddwaf_object_string(obj, val.to_s)
|
360
368
|
elsif val < 0
|
361
|
-
LibDDWAF.
|
369
|
+
LibDDWAF.ddwaf_object_signed(obj, val)
|
362
370
|
else
|
363
|
-
LibDDWAF.
|
371
|
+
LibDDWAF.ddwaf_object_unsigned(obj, val)
|
364
372
|
end
|
365
373
|
if res.null?
|
366
374
|
fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
|
@@ -369,7 +377,11 @@ module Datadog
|
|
369
377
|
obj
|
370
378
|
when Float
|
371
379
|
obj = LibDDWAF::Object.new
|
372
|
-
res =
|
380
|
+
res = if coerce
|
381
|
+
LibDDWAF.ddwaf_object_string(obj, val.to_s)
|
382
|
+
else
|
383
|
+
LibDDWAF.ddwaf_object_float(obj, val)
|
384
|
+
end
|
373
385
|
if res.null?
|
374
386
|
fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
|
375
387
|
end
|
@@ -386,16 +398,28 @@ module Datadog
|
|
386
398
|
fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
|
387
399
|
end
|
388
400
|
|
401
|
+
obj
|
402
|
+
when NilClass
|
403
|
+
obj = LibDDWAF::Object.new
|
404
|
+
res = if coerce
|
405
|
+
LibDDWAF.ddwaf_object_string(obj, '')
|
406
|
+
else
|
407
|
+
LibDDWAF.ddwaf_object_null(obj)
|
408
|
+
end
|
409
|
+
if res.null?
|
410
|
+
fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
|
411
|
+
end
|
412
|
+
|
389
413
|
obj
|
390
414
|
else
|
391
415
|
ruby_to_object(''.freeze)
|
392
416
|
end
|
393
417
|
end
|
394
|
-
# rubocop:enable Metrics/MethodLength
|
418
|
+
# rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
395
419
|
|
396
420
|
def self.object_to_ruby(obj)
|
397
421
|
case obj[:type]
|
398
|
-
when :ddwaf_obj_invalid
|
422
|
+
when :ddwaf_obj_invalid, :ddwaf_obj_null
|
399
423
|
nil
|
400
424
|
when :ddwaf_obj_bool
|
401
425
|
obj[:valueUnion][:boolean]
|
@@ -405,11 +429,13 @@ module Datadog
|
|
405
429
|
obj[:valueUnion][:intValue]
|
406
430
|
when :ddwaf_obj_unsigned
|
407
431
|
obj[:valueUnion][:uintValue]
|
432
|
+
when :ddwaf_obj_float
|
433
|
+
obj[:valueUnion][:f64]
|
408
434
|
when :ddwaf_obj_array
|
409
435
|
(0...obj[:nbEntries]).each.with_object([]) do |i, a|
|
410
436
|
ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
|
411
437
|
e = object_to_ruby(LibDDWAF::Object.new(ptr))
|
412
|
-
a << e
|
438
|
+
a << e # steep:ignore
|
413
439
|
end
|
414
440
|
when :ddwaf_obj_map
|
415
441
|
(0...obj[:nbEntries]).each.with_object({}) do |i, h|
|
@@ -418,7 +444,7 @@ module Datadog
|
|
418
444
|
l = o[:parameterNameLength]
|
419
445
|
k = o[:parameterName].read_bytes(l)
|
420
446
|
v = object_to_ruby(LibDDWAF::Object.new(ptr))
|
421
|
-
h[k] = v
|
447
|
+
h[k] = v # steep:ignore
|
422
448
|
end
|
423
449
|
end
|
424
450
|
end
|
@@ -510,7 +536,7 @@ module Datadog
|
|
510
536
|
valid!
|
511
537
|
|
512
538
|
count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
|
513
|
-
list = Datadog::AppSec::WAF::LibDDWAF.
|
539
|
+
list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
|
514
540
|
|
515
541
|
return [] if count == 0 # list is null
|
516
542
|
|
@@ -561,14 +587,15 @@ module Datadog
|
|
561
587
|
end
|
562
588
|
|
563
589
|
class Result
|
564
|
-
attr_reader :status, :events, :total_runtime, :timeout, :actions
|
590
|
+
attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
|
565
591
|
|
566
|
-
def initialize(status, events, total_runtime, timeout, actions)
|
592
|
+
def initialize(status, events, total_runtime, timeout, actions, derivatives)
|
567
593
|
@status = status
|
568
594
|
@events = events
|
569
595
|
@total_runtime = total_runtime
|
570
596
|
@timeout = timeout
|
571
597
|
@actions = actions
|
598
|
+
@derivatives = derivatives
|
572
599
|
end
|
573
600
|
end
|
574
601
|
|
@@ -599,19 +626,32 @@ module Datadog
|
|
599
626
|
Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
|
600
627
|
end
|
601
628
|
|
602
|
-
def run(
|
629
|
+
def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
|
603
630
|
valid!
|
604
631
|
|
605
|
-
|
606
|
-
|
607
|
-
|
632
|
+
persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
|
633
|
+
persistent_data,
|
634
|
+
max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
|
635
|
+
max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
|
636
|
+
max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
|
637
|
+
coerce: false
|
638
|
+
)
|
639
|
+
if persistent_data_obj.null?
|
640
|
+
fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
|
641
|
+
end
|
608
642
|
|
609
|
-
|
610
|
-
|
611
|
-
|
612
|
-
|
613
|
-
|
614
|
-
|
643
|
+
# retain C objects in memory for subsequent calls to run
|
644
|
+
retain(persistent_data_obj)
|
645
|
+
|
646
|
+
ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
|
647
|
+
ephemeral_data,
|
648
|
+
max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
|
649
|
+
max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
|
650
|
+
max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
|
651
|
+
coerce: false
|
652
|
+
)
|
653
|
+
if ephemeral_data_obj.null?
|
654
|
+
fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
|
615
655
|
end
|
616
656
|
|
617
657
|
result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
|
@@ -619,10 +659,7 @@ module Datadog
|
|
619
659
|
fail LibDDWAF::Error, "Could not create result object"
|
620
660
|
end
|
621
661
|
|
622
|
-
|
623
|
-
retain(input_obj)
|
624
|
-
|
625
|
-
code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
|
662
|
+
code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
|
626
663
|
|
627
664
|
result = Result.new(
|
628
665
|
RESULT_CODE[code],
|
@@ -630,6 +667,7 @@ module Datadog
|
|
630
667
|
result_obj[:total_runtime],
|
631
668
|
result_obj[:timeout],
|
632
669
|
Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
|
670
|
+
Datadog::AppSec::WAF.object_to_ruby(result_obj[:derivatives]),
|
633
671
|
)
|
634
672
|
|
635
673
|
[RESULT_CODE[code], result]
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libddwaf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.15.0.0.0
|
5
5
|
platform: x86_64-linux
|
6
6
|
authors:
|
7
7
|
- Datadog, Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-10-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -42,13 +42,13 @@ files:
|
|
42
42
|
- lib/datadog/appsec/waf.rb
|
43
43
|
- lib/datadog/appsec/waf/version.rb
|
44
44
|
- lib/libddwaf.rb
|
45
|
-
- vendor/libddwaf/libddwaf-1.
|
45
|
+
- vendor/libddwaf/libddwaf-1.15.0-linux-x86_64/lib/libddwaf.so
|
46
46
|
homepage: https://github.com/DataDog/libddwaf-rb
|
47
47
|
licenses:
|
48
48
|
- BSD-3-Clause
|
49
49
|
metadata:
|
50
50
|
allowed_push_host: https://rubygems.org
|
51
|
-
post_install_message:
|
51
|
+
post_install_message:
|
52
52
|
rdoc_options: []
|
53
53
|
require_paths:
|
54
54
|
- lib
|
@@ -56,15 +56,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
56
56
|
requirements:
|
57
57
|
- - ">="
|
58
58
|
- !ruby/object:Gem::Version
|
59
|
-
version: '2.
|
59
|
+
version: '2.5'
|
60
60
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
61
61
|
requirements:
|
62
62
|
- - ">="
|
63
63
|
- !ruby/object:Gem::Version
|
64
64
|
version: 2.0.0
|
65
65
|
requirements: []
|
66
|
-
rubygems_version: 3.
|
67
|
-
signing_key:
|
66
|
+
rubygems_version: 3.3.27
|
67
|
+
signing_key:
|
68
68
|
specification_version: 4
|
69
69
|
summary: Datadog WAF
|
70
70
|
test_files: []
|
Binary file
|