libddwaf 1.11.0.0.0-x86_64-linux → 1.15.0.0.0-x86_64-linux

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bc6b34328b53329c7cbdff6986bb71d8ce6169a020b3468079ad23f1c6cffa50
4
- data.tar.gz: cdaf779c80feb701be702b7943af1cb437ad362582b7d79ce61fba07fa6b96d6
3
+ metadata.gz: 680463b022230fdf677f2d0e9ac140ca487bb225b23f73c2bbf02219125eaf39
4
+ data.tar.gz: a00a6cdc1987bd1544626864f1ef371ed922a333e82982516e123702e1a20e60
5
5
  SHA512:
6
- metadata.gz: 7d5179a6def6bb42ea379461c6274ae529a043b31b70ed76b4b9c20c26936f7db25a94d46aa072a16c6432d8af9c16f120a89993d42cc8a9b7a34139a9fa1d53
7
- data.tar.gz: dcc4a1f9f2d593f6f2663b18b92c6ea7777883112dc3a2eed6c5dc01921c972252889b806a4899a8463b6da28612b573de39f418d207a75a14dd2dcbbcea7152
6
+ metadata.gz: 2283e51cee5a5d2fcf760f4b2cca60db1278f216d236ea575c8a3ba2509c5000249e6f1056b0aae6d5c1b9af13023f29b26a7b2f88099d65ad30a5635800f31d
7
+ data.tar.gz: 4ffe31cade9cd4f555e7dadb04aa5a11ca3004b19e2e4249fc43df9d9c7c057ca1cf3c8274b6ca524c6bd37f19508f38ea836b4861b7fdeb252cbe29a1931880
data/CHANGELOG.md CHANGED
@@ -1,8 +1,19 @@
1
+ # 2024-10-29 v.1.15.0.0.0
2
+ - Update to libddwaf 1.15.0
3
+ - Changed `Datadog::AppSec::WAF::Context#run` interface to accommodate ephemeral data ([Breaking change](https://github.com/DataDog/libddwaf/blob/master/CHANGELOG.md#v1150-unstable))
4
+
5
+ # 2023-09-11 v.1.14.0.0.0
6
+ - Update to libddwaf 1.14.0
7
+ - Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
8
+
9
+
1
10
  # 2023-08-29 v.1.11.0.0.0
2
11
 
3
12
  - Update to libddwaf 1.11.0
4
- - Rename Handle#ruleset_info to Handle#diagnostics. (Breaking change)
5
- The schema of the new diagnostics variable can be [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
13
+ - Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics`. (Breaking change)
14
+ The schema of the diagnostics variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
15
+ - Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
16
+ The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)
6
17
 
7
18
 
8
19
  # 2023-08-28 v.1.10.0.0.0
@@ -2,9 +2,9 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = '1.11.0'
5
+ BASE_STRING = '1.15.0'
6
6
  STRING = "#{BASE_STRING}.0.0"
7
- MINIMUM_RUBY_VERSION = '2.1'
7
+ MINIMUM_RUBY_VERSION = '2.5'
8
8
  end
9
9
  end
10
10
  end
@@ -111,7 +111,10 @@ module Datadog
111
111
  :ddwaf_obj_string, 1 << 2,
112
112
  :ddwaf_obj_array, 1 << 3,
113
113
  :ddwaf_obj_map, 1 << 4,
114
- :ddwaf_obj_bool, 1 << 5
114
+ :ddwaf_obj_bool, 1 << 5,
115
+ :ddwaf_obj_float, 1 << 6,
116
+ :ddwaf_obj_null, 1 << 7
117
+
115
118
  typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
116
119
 
117
120
  typedef :pointer, :charptr
@@ -140,7 +143,8 @@ module Datadog
140
143
  :uintValue, :uint64,
141
144
  :intValue, :int64,
142
145
  :array, :pointer,
143
- :boolean, :bool
146
+ :boolean, :bool,
147
+ :f64, :double
144
148
  end
145
149
 
146
150
  class Object < ::FFI::Struct
@@ -159,11 +163,13 @@ module Datadog
159
163
  attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
160
164
  attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
161
165
  attach_function :ddwaf_object_stringl_nc, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
166
+ attach_function :ddwaf_object_string_from_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
167
+ attach_function :ddwaf_object_string_from_signed, [:ddwaf_object, :int64], :ddwaf_object
162
168
  attach_function :ddwaf_object_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
163
169
  attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
164
- attach_function :ddwaf_object_unsigned_force, [:ddwaf_object, :uint64], :ddwaf_object
165
- attach_function :ddwaf_object_signed_force, [:ddwaf_object, :int64], :ddwaf_object
166
170
  attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
171
+ attach_function :ddwaf_object_null, [:ddwaf_object], :ddwaf_object
172
+ attach_function :ddwaf_object_float, [:ddwaf_object, :double], :ddwaf_object
167
173
 
168
174
  attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
169
175
  attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
@@ -184,6 +190,7 @@ module Datadog
184
190
  attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
185
191
  attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
186
192
  attach_function :ddwaf_object_get_bool, [:ddwaf_object], :bool
193
+ attach_function :ddwaf_object_get_float, [:ddwaf_object], :double
187
194
 
188
195
  ## freeers
189
196
 
@@ -220,7 +227,7 @@ module Datadog
220
227
  attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
221
228
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
222
229
 
223
- attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
230
+ attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
224
231
 
225
232
  # updating
226
233
 
@@ -239,16 +246,17 @@ module Datadog
239
246
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
240
247
 
241
248
  class Result < ::FFI::Struct
242
- layout :timeout, :bool,
243
- :events, Object,
244
- :actions, Object,
245
- :total_runtime, :uint64
249
+ layout :timeout, :bool,
250
+ :events, Object,
251
+ :actions, Object,
252
+ :derivatives, Object,
253
+ :total_runtime, :uint64
246
254
  end
247
255
 
248
256
  typedef Result.by_ref, :ddwaf_result
249
257
  typedef :uint64, :timeout_us
250
258
 
251
- attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
259
+ attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
252
260
  attach_function :ddwaf_result_free, [:ddwaf_result], :void
253
261
 
254
262
  # logging
@@ -280,7 +288,7 @@ module Datadog
280
288
  LibDDWAF.ddwaf_get_version
281
289
  end
282
290
 
283
- # rubocop:disable Metrics/MethodLength
291
+ # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
284
292
  def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
285
293
  case val
286
294
  when Array
@@ -358,9 +366,9 @@ module Datadog
358
366
  res = if coerce
359
367
  LibDDWAF.ddwaf_object_string(obj, val.to_s)
360
368
  elsif val < 0
361
- LibDDWAF.ddwaf_object_signed_force(obj, val)
369
+ LibDDWAF.ddwaf_object_signed(obj, val)
362
370
  else
363
- LibDDWAF.ddwaf_object_unsigned_force(obj, val)
371
+ LibDDWAF.ddwaf_object_unsigned(obj, val)
364
372
  end
365
373
  if res.null?
366
374
  fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
@@ -369,7 +377,11 @@ module Datadog
369
377
  obj
370
378
  when Float
371
379
  obj = LibDDWAF::Object.new
372
- res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
380
+ res = if coerce
381
+ LibDDWAF.ddwaf_object_string(obj, val.to_s)
382
+ else
383
+ LibDDWAF.ddwaf_object_float(obj, val)
384
+ end
373
385
  if res.null?
374
386
  fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
375
387
  end
@@ -386,16 +398,28 @@ module Datadog
386
398
  fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
387
399
  end
388
400
 
401
+ obj
402
+ when NilClass
403
+ obj = LibDDWAF::Object.new
404
+ res = if coerce
405
+ LibDDWAF.ddwaf_object_string(obj, '')
406
+ else
407
+ LibDDWAF.ddwaf_object_null(obj)
408
+ end
409
+ if res.null?
410
+ fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
411
+ end
412
+
389
413
  obj
390
414
  else
391
415
  ruby_to_object(''.freeze)
392
416
  end
393
417
  end
394
- # rubocop:enable Metrics/MethodLength
418
+ # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
395
419
 
396
420
  def self.object_to_ruby(obj)
397
421
  case obj[:type]
398
- when :ddwaf_obj_invalid
422
+ when :ddwaf_obj_invalid, :ddwaf_obj_null
399
423
  nil
400
424
  when :ddwaf_obj_bool
401
425
  obj[:valueUnion][:boolean]
@@ -405,11 +429,13 @@ module Datadog
405
429
  obj[:valueUnion][:intValue]
406
430
  when :ddwaf_obj_unsigned
407
431
  obj[:valueUnion][:uintValue]
432
+ when :ddwaf_obj_float
433
+ obj[:valueUnion][:f64]
408
434
  when :ddwaf_obj_array
409
435
  (0...obj[:nbEntries]).each.with_object([]) do |i, a|
410
436
  ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
411
437
  e = object_to_ruby(LibDDWAF::Object.new(ptr))
412
- a << e
438
+ a << e # steep:ignore
413
439
  end
414
440
  when :ddwaf_obj_map
415
441
  (0...obj[:nbEntries]).each.with_object({}) do |i, h|
@@ -418,7 +444,7 @@ module Datadog
418
444
  l = o[:parameterNameLength]
419
445
  k = o[:parameterName].read_bytes(l)
420
446
  v = object_to_ruby(LibDDWAF::Object.new(ptr))
421
- h[k] = v
447
+ h[k] = v # steep:ignore
422
448
  end
423
449
  end
424
450
  end
@@ -510,7 +536,7 @@ module Datadog
510
536
  valid!
511
537
 
512
538
  count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
513
- list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
539
+ list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
514
540
 
515
541
  return [] if count == 0 # list is null
516
542
 
@@ -561,14 +587,15 @@ module Datadog
561
587
  end
562
588
 
563
589
  class Result
564
- attr_reader :status, :events, :total_runtime, :timeout, :actions
590
+ attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
565
591
 
566
- def initialize(status, events, total_runtime, timeout, actions)
592
+ def initialize(status, events, total_runtime, timeout, actions, derivatives)
567
593
  @status = status
568
594
  @events = events
569
595
  @total_runtime = total_runtime
570
596
  @timeout = timeout
571
597
  @actions = actions
598
+ @derivatives = derivatives
572
599
  end
573
600
  end
574
601
 
@@ -599,19 +626,32 @@ module Datadog
599
626
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
600
627
  end
601
628
 
602
- def run(input, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
629
+ def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
603
630
  valid!
604
631
 
605
- max_container_size = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
606
- max_container_depth = LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH
607
- max_string_length = LibDDWAF::DDWAF_MAX_STRING_LENGTH
632
+ persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
633
+ persistent_data,
634
+ max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
635
+ max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
636
+ max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
637
+ coerce: false
638
+ )
639
+ if persistent_data_obj.null?
640
+ fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
641
+ end
608
642
 
609
- input_obj = Datadog::AppSec::WAF.ruby_to_object(input,
610
- max_container_size: max_container_size,
611
- max_container_depth: max_container_depth,
612
- max_string_length: max_string_length)
613
- if input_obj.null?
614
- fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
643
+ # retain C objects in memory for subsequent calls to run
644
+ retain(persistent_data_obj)
645
+
646
+ ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
647
+ ephemeral_data,
648
+ max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
649
+ max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
650
+ max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
651
+ coerce: false
652
+ )
653
+ if ephemeral_data_obj.null?
654
+ fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
615
655
  end
616
656
 
617
657
  result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
@@ -619,10 +659,7 @@ module Datadog
619
659
  fail LibDDWAF::Error, "Could not create result object"
620
660
  end
621
661
 
622
- # retain C objects in memory for subsequent calls to run
623
- retain(input_obj)
624
-
625
- code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
662
+ code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
626
663
 
627
664
  result = Result.new(
628
665
  RESULT_CODE[code],
@@ -630,6 +667,7 @@ module Datadog
630
667
  result_obj[:total_runtime],
631
668
  result_obj[:timeout],
632
669
  Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
670
+ Datadog::AppSec::WAF.object_to_ruby(result_obj[:derivatives]),
633
671
  )
634
672
 
635
673
  [RESULT_CODE[code], result]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.11.0.0.0
4
+ version: 1.15.0.0.0
5
5
  platform: x86_64-linux
6
6
  authors:
7
7
  - Datadog, Inc.
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-29 00:00:00.000000000 Z
11
+ date: 2024-10-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -42,13 +42,13 @@ files:
42
42
  - lib/datadog/appsec/waf.rb
43
43
  - lib/datadog/appsec/waf/version.rb
44
44
  - lib/libddwaf.rb
45
- - vendor/libddwaf/libddwaf-1.11.0-linux-x86_64/lib/libddwaf.so
45
+ - vendor/libddwaf/libddwaf-1.15.0-linux-x86_64/lib/libddwaf.so
46
46
  homepage: https://github.com/DataDog/libddwaf-rb
47
47
  licenses:
48
48
  - BSD-3-Clause
49
49
  metadata:
50
50
  allowed_push_host: https://rubygems.org
51
- post_install_message:
51
+ post_install_message:
52
52
  rdoc_options: []
53
53
  require_paths:
54
54
  - lib
@@ -56,15 +56,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
56
56
  requirements:
57
57
  - - ">="
58
58
  - !ruby/object:Gem::Version
59
- version: '2.1'
59
+ version: '2.5'
60
60
  required_rubygems_version: !ruby/object:Gem::Requirement
61
61
  requirements:
62
62
  - - ">="
63
63
  - !ruby/object:Gem::Version
64
64
  version: 2.0.0
65
65
  requirements: []
66
- rubygems_version: 3.1.2
67
- signing_key:
66
+ rubygems_version: 3.3.27
67
+ signing_key:
68
68
  specification_version: 4
69
69
  summary: Datadog WAF
70
70
  test_files: []