RubyGems - libddwaf - Versions diffs - 1.11.0.0.0-x86_64-linux → 1.15.0.0.0-x86_64-linux - Mend

libddwaf 1.11.0.0.0-x86_64-linux → 1.15.0.0.0-x86_64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +13 -2
data/lib/datadog/appsec/waf/version.rb +2 -2
data/lib/datadog/appsec/waf.rb +73 -35
data/vendor/libddwaf/libddwaf-1.15.0-linux-x86_64/lib/libddwaf.so +0 -0
metadata +8 -8
data/vendor/libddwaf/libddwaf-1.11.0-linux-x86_64/lib/libddwaf.so +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc6b34328b53329c7cbdff6986bb71d8ce6169a020b3468079ad23f1c6cffa50
-  data.tar.gz: cdaf779c80feb701be702b7943af1cb437ad362582b7d79ce61fba07fa6b96d6
+  metadata.gz: 680463b022230fdf677f2d0e9ac140ca487bb225b23f73c2bbf02219125eaf39
+  data.tar.gz: a00a6cdc1987bd1544626864f1ef371ed922a333e82982516e123702e1a20e60
 SHA512:
-  metadata.gz: 7d5179a6def6bb42ea379461c6274ae529a043b31b70ed76b4b9c20c26936f7db25a94d46aa072a16c6432d8af9c16f120a89993d42cc8a9b7a34139a9fa1d53
-  data.tar.gz: dcc4a1f9f2d593f6f2663b18b92c6ea7777883112dc3a2eed6c5dc01921c972252889b806a4899a8463b6da28612b573de39f418d207a75a14dd2dcbbcea7152
+  metadata.gz: 2283e51cee5a5d2fcf760f4b2cca60db1278f216d236ea575c8a3ba2509c5000249e6f1056b0aae6d5c1b9af13023f29b26a7b2f88099d65ad30a5635800f31d
+  data.tar.gz: 4ffe31cade9cd4f555e7dadb04aa5a11ca3004b19e2e4249fc43df9d9c7c057ca1cf3c8274b6ca524c6bd37f19508f38ea836b4861b7fdeb252cbe29a1931880

data/CHANGELOG.md CHANGED Viewed

@@ -1,8 +1,19 @@
+# 2024-10-29 v.1.15.0.0.0
+- Update to libddwaf 1.15.0
+- Changed `Datadog::AppSec::WAF::Context#run` interface to accommodate ephemeral data ([Breaking change](https://github.com/DataDog/libddwaf/blob/master/CHANGELOG.md#v1150-unstable))
+# 2023-09-11 v.1.14.0.0.0
+- Update to libddwaf 1.14.0
+- Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
 # 2023-08-29 v.1.11.0.0.0
 - Update to libddwaf 1.11.0
-- Rename Handle#ruleset_info to Handle#diagnostics. (Breaking change)
-  The schema of the new diagnostics variable can be [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
+- Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics`. (Breaking change)
+  The schema of the diagnostics variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
+- Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
+  The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)
 # 2023-08-28 v.1.10.0.0.0

data/lib/datadog/appsec/waf/version.rb CHANGED Viewed

@@ -2,9 +2,9 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.11.0'
+        BASE_STRING = '1.15.0'
         STRING = "#{BASE_STRING}.0.0"
-        MINIMUM_RUBY_VERSION = '2.1'
+        MINIMUM_RUBY_VERSION = '2.5'
       end
     end
   end

data/lib/datadog/appsec/waf.rb CHANGED Viewed

@@ -111,7 +111,10 @@ module Datadog
                               :ddwaf_obj_string,   1 << 2,
                               :ddwaf_obj_array,    1 << 3,
                               :ddwaf_obj_map,      1 << 4,
-                              :ddwaf_obj_bool,     1 << 5
+                              :ddwaf_obj_bool,     1 << 5,
+                              :ddwaf_obj_float,    1 << 6,
+                              :ddwaf_obj_null,     1 << 7
         typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
         typedef :pointer, :charptr
@@ -140,7 +143,8 @@ module Datadog
                  :uintValue,   :uint64,
                  :intValue,    :int64,
                  :array,       :pointer,
-                 :boolean,     :bool
+                 :boolean,     :bool,
+                 :f64,         :double
         end
         class Object < ::FFI::Struct
@@ -159,11 +163,13 @@ module Datadog
         attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
         attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
         attach_function :ddwaf_object_stringl_nc, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
+        attach_function :ddwaf_object_string_from_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
+        attach_function :ddwaf_object_string_from_signed, [:ddwaf_object, :int64], :ddwaf_object
         attach_function :ddwaf_object_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
         attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
-        attach_function :ddwaf_object_unsigned_force, [:ddwaf_object, :uint64], :ddwaf_object
-        attach_function :ddwaf_object_signed_force, [:ddwaf_object, :int64], :ddwaf_object
         attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
+        attach_function :ddwaf_object_null, [:ddwaf_object], :ddwaf_object
+        attach_function :ddwaf_object_float, [:ddwaf_object, :double], :ddwaf_object
         attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
         attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
@@ -184,6 +190,7 @@ module Datadog
         attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
         attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
         attach_function :ddwaf_object_get_bool, [:ddwaf_object], :bool
+        attach_function :ddwaf_object_get_float, [:ddwaf_object], :double
         ## freeers
@@ -220,7 +227,7 @@ module Datadog
         attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
-        attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
+        attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
         # updating
@@ -239,16 +246,17 @@ module Datadog
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
         class Result < ::FFI::Struct
-          layout :timeout, :bool,
-                 :events, Object,
-                 :actions,          Object,
-                 :total_runtime,    :uint64
+          layout :timeout,       :bool,
+                 :events,        Object,
+                 :actions,       Object,
+                 :derivatives,   Object,
+                 :total_runtime, :uint64
         end
         typedef Result.by_ref, :ddwaf_result
         typedef :uint64, :timeout_us
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
+        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
         attach_function :ddwaf_result_free, [:ddwaf_result], :void
         # logging
@@ -280,7 +288,7 @@ module Datadog
         LibDDWAF.ddwaf_get_version
       end
-      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
       def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
         case val
         when Array
@@ -358,9 +366,9 @@ module Datadog
           res = if coerce
                   LibDDWAF.ddwaf_object_string(obj, val.to_s)
                 elsif val < 0
-                  LibDDWAF.ddwaf_object_signed_force(obj, val)
+                  LibDDWAF.ddwaf_object_signed(obj, val)
                 else
-                  LibDDWAF.ddwaf_object_unsigned_force(obj, val)
+                  LibDDWAF.ddwaf_object_unsigned(obj, val)
                 end
           if res.null?
             fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
@@ -369,7 +377,11 @@ module Datadog
           obj
         when Float
           obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
+          res = if coerce
+                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
+                else
+                  LibDDWAF.ddwaf_object_float(obj, val)
+                end
           if res.null?
             fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
@@ -386,16 +398,28 @@ module Datadog
             fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
+          obj
+        when NilClass
+          obj = LibDDWAF::Object.new
+          res = if coerce
+                  LibDDWAF.ddwaf_object_string(obj, '')
+                else
+                  LibDDWAF.ddwaf_object_null(obj)
+                end
+          if res.null?
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
+          end
           obj
         else
           ruby_to_object(''.freeze)
         end
       end
-      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
       def self.object_to_ruby(obj)
         case obj[:type]
-        when :ddwaf_obj_invalid
+        when :ddwaf_obj_invalid, :ddwaf_obj_null
           nil
         when :ddwaf_obj_bool
           obj[:valueUnion][:boolean]
@@ -405,11 +429,13 @@ module Datadog
           obj[:valueUnion][:intValue]
         when :ddwaf_obj_unsigned
           obj[:valueUnion][:uintValue]
+        when :ddwaf_obj_float
+          obj[:valueUnion][:f64]
         when :ddwaf_obj_array
           (0...obj[:nbEntries]).each.with_object([]) do |i, a|
             ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
             e = object_to_ruby(LibDDWAF::Object.new(ptr))
-            a << e
+            a << e # steep:ignore
           end
         when :ddwaf_obj_map
           (0...obj[:nbEntries]).each.with_object({}) do |i, h|
@@ -418,7 +444,7 @@ module Datadog
             l = o[:parameterNameLength]
             k = o[:parameterName].read_bytes(l)
             v = object_to_ruby(LibDDWAF::Object.new(ptr))
-            h[k] = v
+            h[k] = v # steep:ignore
           end
         end
       end
@@ -510,7 +536,7 @@ module Datadog
           valid!
           count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
-          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
+          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
           return [] if count == 0 # list is null
@@ -561,14 +587,15 @@ module Datadog
       end
       class Result
-        attr_reader :status, :events, :total_runtime, :timeout, :actions
+        attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
-        def initialize(status, events, total_runtime, timeout, actions)
+        def initialize(status, events, total_runtime, timeout, actions, derivatives)
           @status = status
           @events = events
           @total_runtime = total_runtime
           @timeout = timeout
           @actions = actions
+          @derivatives = derivatives
         end
       end
@@ -599,19 +626,32 @@ module Datadog
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
         end
-        def run(input, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
+        def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
           valid!
-          max_container_size  = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
-          max_container_depth = LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH
-          max_string_length   = LibDDWAF::DDWAF_MAX_STRING_LENGTH
+          persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
+            persistent_data,
+            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
+            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
+            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
+            coerce: false
+          )
+          if persistent_data_obj.null?
+            fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
+          end
-          input_obj = Datadog::AppSec::WAF.ruby_to_object(input,
-                                                          max_container_size: max_container_size,
-                                                          max_container_depth: max_container_depth,
-                                                          max_string_length: max_string_length)
-          if input_obj.null?
-            fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
+          # retain C objects in memory for subsequent calls to run
+          retain(persistent_data_obj)
+          ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
+            ephemeral_data,
+            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
+            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
+            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
+            coerce: false
+          )
+          if ephemeral_data_obj.null?
+            fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
           end
           result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
@@ -619,10 +659,7 @@ module Datadog
             fail LibDDWAF::Error, "Could not create result object"
           end
-          # retain C objects in memory for subsequent calls to run
-          retain(input_obj)
-          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
+          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
           result = Result.new(
             RESULT_CODE[code],
@@ -630,6 +667,7 @@ module Datadog
             result_obj[:total_runtime],
             result_obj[:timeout],
             Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
+            Datadog::AppSec::WAF.object_to_ruby(result_obj[:derivatives]),
           )
           [RESULT_CODE[code], result]

data/vendor/libddwaf/libddwaf-1.15.0-linux-x86_64/lib/libddwaf.so ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.11.0.0.0
+  version: 1.15.0.0.0
 platform: x86_64-linux
 authors:
 - Datadog, Inc.
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-29 00:00:00.000000000 Z
+date: 2024-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -42,13 +42,13 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
-- vendor/libddwaf/libddwaf-1.11.0-linux-x86_64/lib/libddwaf.so
+- vendor/libddwaf/libddwaf-1.15.0-linux-x86_64/lib/libddwaf.so
 homepage: https://github.com/DataDog/libddwaf-rb
 licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -56,15 +56,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.3.27
+signing_key:
 specification_version: 4
 summary: Datadog WAF
 test_files: []

data/vendor/libddwaf/libddwaf-1.11.0-linux-x86_64/lib/libddwaf.so DELETED Viewed

Binary file