libddwaf 1.14.0.0.0 → 1.18.0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/actions/docker-build-ruby/Dockerfile +5 -0
- data/.github/actions/docker-build-ruby/Dockerfile.alpine +7 -0
- data/.github/actions/docker-build-ruby/Dockerfile.jruby +6 -0
- data/.github/actions/docker-build-ruby/action.yml +57 -0
- data/.github/workflows/lint.yml +13 -12
- data/.github/workflows/package.yml +93 -174
- data/.github/workflows/test.yml +86 -190
- data/.gitignore +4 -1
- data/.steepignore +4 -0
- data/CHANGELOG.md +5 -1
- data/lib/datadog/appsec/waf/context.rb +122 -0
- data/lib/datadog/appsec/waf/converter.rb +172 -0
- data/lib/datadog/appsec/waf/handle.rb +108 -0
- data/lib/datadog/appsec/waf/lib_ddwaf.rb +307 -0
- data/lib/datadog/appsec/waf/result.rb +33 -0
- data/lib/datadog/appsec/waf/version.rb +2 -2
- data/lib/datadog/appsec/waf.rb +17 -670
- data/sig/datadog/appsec/waf/context.rbs +39 -0
- data/sig/datadog/appsec/waf/converter.rbs +11 -0
- data/sig/datadog/appsec/waf/handle.rbs +42 -0
- data/sig/datadog/appsec/waf/lib_ddwaf.rbs +156 -0
- data/sig/datadog/appsec/waf/result.rbs +33 -0
- data/sig/datadog/appsec/waf.rbs +1 -201
- metadata +22 -8
- data/vendor/rbs/ffi/0/ffi.rbs +0 -62
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2cea26919b7498876af6b3517e509939b1dfc2bfac538dccf9d4f7d6ba02bb84
|
4
|
+
data.tar.gz: ec604e73b223f59abcc8d001a08f46ea7d130b2ecc9e4f672313b812e91e5016
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 706ca9b34d702e244d74b46f2ef5633de09f37b8b8cfa3591e4421417592a9034eeabde5358879a00b113acad38c04a2827418edf8b936f8af3302d8b902bd01
|
7
|
+
data.tar.gz: c4c0f294b8e4d9e173ed775d6b60ecf89ebeb97360dfd67bb6c8049582f5f9d3e5cd7bc3cf179ac319518bef11b38b1bfcb7e740e18281b14c22510ee763dfcc
|
@@ -0,0 +1,57 @@
|
|
1
|
+
name: Build docker image
|
2
|
+
description:
|
3
|
+
Github Actions does not support setting the platform for the container yet.
|
4
|
+
This action builds the image for the specified architecture and libc.
|
5
|
+
|
6
|
+
inputs:
|
7
|
+
ruby-version:
|
8
|
+
description: Ruby version
|
9
|
+
required: true
|
10
|
+
|
11
|
+
arch:
|
12
|
+
description: Build architecture
|
13
|
+
required: true
|
14
|
+
|
15
|
+
libc:
|
16
|
+
description: Which libc is used
|
17
|
+
required: true
|
18
|
+
|
19
|
+
jruby:
|
20
|
+
description: Whether to use JRuby
|
21
|
+
required: false
|
22
|
+
default: "false"
|
23
|
+
|
24
|
+
outputs:
|
25
|
+
run-cmd:
|
26
|
+
description: Command to run the container
|
27
|
+
value: ${{ steps.set-run-cmd.outputs.run-cmd }}
|
28
|
+
|
29
|
+
runs:
|
30
|
+
using: "composite"
|
31
|
+
steps:
|
32
|
+
- name: Set up QEMU
|
33
|
+
uses: docker/setup-qemu-action@v3
|
34
|
+
with:
|
35
|
+
platforms: ${{ inputs.arch }}
|
36
|
+
|
37
|
+
- name: Set up Docker Buildx
|
38
|
+
uses: docker/setup-buildx-action@v3
|
39
|
+
|
40
|
+
- name: Build image
|
41
|
+
uses: docker/build-push-action@v6
|
42
|
+
with:
|
43
|
+
file: .github/actions/docker-build-ruby/Dockerfile${{ inputs.libc == 'musl' && '.alpine' || '' }}${{ inputs.jruby == 'true' && '.jruby' || '' }}
|
44
|
+
build-args: |
|
45
|
+
"RUBY_VERSION=${{ inputs.ruby-version }}"
|
46
|
+
push: false
|
47
|
+
load: true
|
48
|
+
tags: libddwaf-rb-test:latest
|
49
|
+
cache-from: type=gha
|
50
|
+
cache-to: type=gha,mode=max
|
51
|
+
platforms: linux/${{ inputs.arch }}
|
52
|
+
|
53
|
+
- name: Set run-cmd output
|
54
|
+
id: set-run-cmd
|
55
|
+
shell: bash
|
56
|
+
run: |
|
57
|
+
echo "run-cmd=docker run --platform linux/${{ inputs.arch }} -v gems:/usr/local/bundle -v ${{ github.workspace }}:/libddwaf-rb -w /libddwaf-rb libddwaf-rb-test:latest" >> "$GITHUB_OUTPUT"
|
data/.github/workflows/lint.yml
CHANGED
@@ -5,29 +5,30 @@ on:
|
|
5
5
|
jobs:
|
6
6
|
style-check:
|
7
7
|
name: Style check
|
8
|
-
runs-on: ubuntu-
|
8
|
+
runs-on: ubuntu-24.04
|
9
9
|
container:
|
10
|
-
image: ruby:3.
|
10
|
+
image: ruby:3.3
|
11
11
|
steps:
|
12
12
|
- name: Checkout
|
13
13
|
uses: actions/checkout@v2
|
14
|
+
|
14
15
|
- name: Bundle
|
15
|
-
run:
|
16
|
-
|
16
|
+
run: bundle install
|
17
|
+
|
17
18
|
- name: Run Rubocop
|
18
|
-
run:
|
19
|
-
|
19
|
+
run: bundle exec rubocop -D
|
20
|
+
|
20
21
|
type-check:
|
21
22
|
name: Type check
|
22
|
-
runs-on: ubuntu-
|
23
|
+
runs-on: ubuntu-24.04
|
23
24
|
container:
|
24
|
-
image: ruby:3.
|
25
|
+
image: ruby:3.3
|
25
26
|
steps:
|
26
27
|
- name: Checkout
|
27
28
|
uses: actions/checkout@v2
|
29
|
+
|
28
30
|
- name: Bundle
|
29
|
-
run:
|
30
|
-
|
31
|
+
run: bundle install
|
32
|
+
|
31
33
|
- name: Run Steep
|
32
|
-
run:
|
33
|
-
bundle exec steep check
|
34
|
+
run: bundle exec rake steep:check
|
@@ -3,213 +3,132 @@ on:
|
|
3
3
|
- push
|
4
4
|
|
5
5
|
jobs:
|
6
|
-
|
6
|
+
test-rake-build:
|
7
7
|
strategy:
|
8
8
|
fail-fast: false
|
9
9
|
matrix:
|
10
|
+
os: [ubuntu-24.04]
|
11
|
+
ruby: ["3.3"]
|
12
|
+
arch: [amd64, arm64]
|
13
|
+
libc: [gnu]
|
10
14
|
include:
|
11
|
-
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
- name: Checkout
|
18
|
-
uses: actions/checkout@v2
|
19
|
-
- name: Install Linux build tools
|
20
|
-
if: ${{ startsWith(matrix.os, 'ubuntu-') }}
|
21
|
-
run: sudo apt-get install -y ruby ruby-bundler
|
22
|
-
- name: Bundle
|
23
|
-
run: |
|
24
|
-
bundle install
|
25
|
-
- name: Build gem
|
26
|
-
run: |
|
27
|
-
bundle exec rake build
|
28
|
-
- name: Upload gem
|
29
|
-
uses: actions/upload-artifact@v2
|
30
|
-
with:
|
31
|
-
name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
|
32
|
-
path: pkg
|
33
|
-
package-binary:
|
34
|
-
strategy:
|
35
|
-
fail-fast: false
|
36
|
-
matrix:
|
37
|
-
include:
|
38
|
-
- os: ubuntu-20.04
|
39
|
-
cpu: x86_64
|
40
|
-
platform: x86_64-linux:llvm
|
41
|
-
artifact: x86_64-linux-llvm
|
42
|
-
- os: ubuntu-20.04
|
43
|
-
cpu: aarch64
|
44
|
-
platform: aarch64-linux:llvm
|
45
|
-
artifact: aarch64-linux-llvm
|
46
|
-
- os: ubuntu-20.04
|
47
|
-
cpu: universal
|
48
|
-
platform: java
|
49
|
-
artifact: java
|
50
|
-
- os: macos-12
|
51
|
-
cpu: x86_64
|
52
|
-
platform: x86_64-darwin
|
53
|
-
artifact: x86_64-darwin
|
54
|
-
- os: macos-12
|
55
|
-
cpu: arm64
|
56
|
-
platform: arm64-darwin
|
57
|
-
artifact: arm64-darwin
|
58
|
-
name: Build package (${{ matrix.platform }})
|
15
|
+
- arch: amd64
|
16
|
+
platform: x86_64-linux
|
17
|
+
- arch: arm64
|
18
|
+
platform: aarch64-linux
|
19
|
+
|
20
|
+
name: Test build without fetching libddwaf (Ruby ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
|
59
21
|
runs-on: ${{ matrix.os }}
|
22
|
+
|
60
23
|
steps:
|
61
24
|
- name: Checkout
|
62
|
-
uses: actions/checkout@
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
run: |
|
68
|
-
bundle install
|
69
|
-
- name: Build binary gem
|
70
|
-
run: |
|
71
|
-
bundle exec rake binary[${{ matrix.platform }}]
|
72
|
-
- name: Upload gem
|
73
|
-
uses: actions/upload-artifact@v2
|
74
|
-
with:
|
75
|
-
name: libddwaf-${{ matrix.artifact }}-${{ github.run_id }}-${{ github.sha }}
|
76
|
-
path: pkg
|
77
|
-
test-ruby:
|
78
|
-
needs: package-ruby
|
79
|
-
strategy:
|
80
|
-
fail-fast: false
|
81
|
-
matrix:
|
82
|
-
include:
|
83
|
-
- os: ubuntu-20.04
|
84
|
-
cpu: x86_64
|
85
|
-
platform: ruby
|
86
|
-
image: ruby:2.6
|
87
|
-
qemu: amd64
|
88
|
-
libc: gnu
|
89
|
-
name: Test package (${{ matrix.platform }}-${{ matrix.libc }})
|
90
|
-
runs-on: ${{ matrix.os }}
|
91
|
-
steps:
|
92
|
-
- name: Enable ${{ matrix.qemu }} platform
|
93
|
-
id: qemu
|
94
|
-
if: ${{ matrix.cpu != 'amd64' }}
|
95
|
-
run: |
|
96
|
-
docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
|
97
|
-
echo "::set-output name=platforms::$(cat platforms.json)"
|
98
|
-
- name: Start container
|
99
|
-
id: container
|
100
|
-
run: |
|
101
|
-
echo ${{ matrix.image }} > container_image
|
102
|
-
docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
|
103
|
-
docker exec -w "${PWD}" $(cat container_id) uname -a
|
104
|
-
echo "::set-output name=id::$(cat container_id)"
|
105
|
-
- uses: actions/download-artifact@v2
|
25
|
+
uses: actions/checkout@v4
|
26
|
+
|
27
|
+
- name: Build docker image
|
28
|
+
id: build-image
|
29
|
+
uses: ./.github/actions/docker-build-ruby
|
106
30
|
with:
|
107
|
-
|
108
|
-
|
31
|
+
ruby-version: ${{ matrix.ruby }}
|
32
|
+
arch: ${{ matrix.arch }}
|
33
|
+
libc: ${{ matrix.libc }}
|
34
|
+
|
35
|
+
- name: Bundle install
|
36
|
+
run: ${{ steps.build-image.outputs.run-cmd }} bundle install
|
37
|
+
|
38
|
+
- name: Build gem
|
39
|
+
run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake build
|
40
|
+
|
109
41
|
- name: List artifact files
|
110
42
|
run: find .
|
111
43
|
working-directory: pkg
|
44
|
+
|
112
45
|
- name: Install gem
|
113
|
-
run:
|
46
|
+
run: ${{ steps.build-image.outputs.run-cmd }} gem install --verbose pkg/*.gem
|
47
|
+
|
114
48
|
- name: Run smoke test
|
115
|
-
run:
|
116
|
-
|
117
|
-
test-
|
118
|
-
needs: package-binary
|
49
|
+
run: ${{ steps.build-image.outputs.run-cmd }} ruby -e 'begin require "libddwaf"; rescue LoadError => e; puts e.message; else fail "loaded when it should not"; end'
|
50
|
+
|
51
|
+
test-rake-binary:
|
119
52
|
strategy:
|
120
53
|
fail-fast: false
|
121
54
|
matrix:
|
55
|
+
os: [ubuntu-24.04]
|
56
|
+
ruby: ["3.3", "9.4"]
|
57
|
+
arch: [amd64, arm64]
|
58
|
+
libc: [gnu, musl]
|
122
59
|
include:
|
123
|
-
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
artifact: aarch64-linux-llvm
|
134
|
-
image: ruby:2.6
|
135
|
-
qemu: aarch64
|
136
|
-
libc: gnu
|
137
|
-
- os: ubuntu-20.04
|
138
|
-
cpu: x86_64
|
139
|
-
platform: x86_64-linux
|
140
|
-
artifact: x86_64-linux-llvm
|
141
|
-
image: ruby:2.6-alpine
|
142
|
-
qemu: amd64
|
143
|
-
libc: musl
|
144
|
-
- os: ubuntu-20.04
|
145
|
-
cpu: aarch64
|
146
|
-
platform: aarch64-linux
|
147
|
-
artifact: aarch64-linux-llvm
|
148
|
-
image: ruby:2.6-alpine
|
149
|
-
qemu: aarch64
|
60
|
+
- arch: amd64
|
61
|
+
platform: x86_64-linux:llvm
|
62
|
+
- arch: arm64
|
63
|
+
platform: aarch64-linux:llvm
|
64
|
+
- ruby: 3.3
|
65
|
+
jruby: false
|
66
|
+
- ruby: 9.4
|
67
|
+
jruby: true
|
68
|
+
exclude:
|
69
|
+
- ruby: 9.4
|
150
70
|
libc: musl
|
151
|
-
|
152
|
-
|
153
|
-
platform: java
|
154
|
-
artifact: java
|
155
|
-
image: jruby:9.3.0.0
|
156
|
-
qemu: amd64
|
157
|
-
libc: gnu
|
158
|
-
name: Test package (${{ matrix.platform }}, ${{ matrix.libc }}, ${{ matrix.cpu }})
|
71
|
+
|
72
|
+
name: Test gem build (${{ matrix.jruby == true && 'Jruby' || 'Ruby'}} ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
|
159
73
|
runs-on: ${{ matrix.os }}
|
74
|
+
|
160
75
|
steps:
|
161
|
-
- name:
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
- name: Start container
|
168
|
-
id: container
|
169
|
-
run: |
|
170
|
-
echo ${{ matrix.image }} > container_image
|
171
|
-
docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
|
172
|
-
docker exec -w "${PWD}" $(cat container_id) uname -a
|
173
|
-
echo "::set-output name=id::$(cat container_id)"
|
174
|
-
- uses: actions/download-artifact@v2
|
76
|
+
- name: Checkout
|
77
|
+
uses: actions/checkout@v4
|
78
|
+
|
79
|
+
- name: Build docker image
|
80
|
+
id: build-image
|
81
|
+
uses: ./.github/actions/docker-build-ruby
|
175
82
|
with:
|
176
|
-
|
177
|
-
|
83
|
+
ruby-version: ${{ matrix.ruby }}
|
84
|
+
arch: ${{ matrix.arch }}
|
85
|
+
libc: ${{ matrix.libc }}
|
86
|
+
jruby: ${{ matrix.jruby }}
|
87
|
+
|
88
|
+
- name: Bundle install
|
89
|
+
run: ${{ steps.build-image.outputs.run-cmd }} bundle install
|
90
|
+
|
91
|
+
- name: Build binary gem
|
92
|
+
run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake binary[${{ matrix.platform }}]
|
93
|
+
|
178
94
|
- name: List artifact files
|
179
95
|
run: find .
|
180
96
|
working-directory: pkg
|
181
|
-
|
182
|
-
if: ${{ matrix.libc == 'musl' }}
|
183
|
-
run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} apk add --no-cache build-base
|
97
|
+
|
184
98
|
- name: Install gem
|
185
|
-
run:
|
99
|
+
run: ${{ steps.build-image.outputs.run-cmd }} gem install --verbose pkg/*.gem
|
100
|
+
|
186
101
|
- name: Run smoke test
|
187
|
-
run:
|
188
|
-
|
189
|
-
test-darwin:
|
190
|
-
needs: package-binary
|
102
|
+
run: ${{ steps.build-image.outputs.run-cmd }} ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'
|
103
|
+
|
104
|
+
test-rake-binary-on-darwin:
|
191
105
|
strategy:
|
192
106
|
fail-fast: false
|
193
107
|
matrix:
|
108
|
+
os: [macos-15, macos-15-large]
|
194
109
|
include:
|
195
|
-
- os: macos-
|
196
|
-
|
110
|
+
- os: macos-15
|
111
|
+
platform: arm64-darwin
|
112
|
+
- os: macos-15-large
|
197
113
|
platform: x86_64-darwin
|
198
|
-
|
199
|
-
|
200
|
-
# platform: arm64-darwin
|
201
|
-
name: Test package (${{ matrix.platform }})
|
114
|
+
|
115
|
+
name: Test gem build (${{ matrix.os }})
|
202
116
|
runs-on: ${{ matrix.os }}
|
117
|
+
env:
|
118
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
119
|
+
|
203
120
|
steps:
|
204
|
-
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
121
|
+
- name: Checkout
|
122
|
+
uses: actions/checkout@v4
|
123
|
+
|
124
|
+
- name: Bundle
|
125
|
+
run: bundle install
|
126
|
+
|
127
|
+
- name: Build binary gem
|
128
|
+
run: bundle exec rake binary[${{ matrix.platform }}]
|
129
|
+
|
211
130
|
- name: Install gem
|
212
131
|
run: gem install --verbose pkg/*.gem
|
132
|
+
|
213
133
|
- name: Run smoke test
|
214
|
-
run:
|
215
|
-
ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'
|
134
|
+
run: ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'
|