libddwaf 1.2.1.0.0.beta1-arm64-darwin → 1.3.0.1.0-arm64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eae47388d5a98069f5167582c8563da98ab6ea8c731e21779722b492dc74713d
-  data.tar.gz: 891a1d7acf10bd3c438c8c6c3c625a9b56af7030f5faa1ae2a36fa35f376e261
+  metadata.gz: a691170b9bdc4e23f2e430785add53f2c0f41b9a429a6c13a8428c0285b2a974
+  data.tar.gz: 046b526ed58dc6d5c0abf55255642061a766b539e2e91d94a8a02ee7587080b5
 SHA512:
-  metadata.gz: c9134902f77a98bb9161b112eaa5b0526c86f0bdc1ffe6b53d2e5a500177ffbdd8e6f4196da9f575ab68a1274f5cb5d13ad04a572e37ff42898a4d01f631efdd
-  data.tar.gz: 88e547f5c916ef4744b9d26d211c002c1d114bc7775faacab193f37426a583e0c07b6437122656b7da2113eff5f282ddd8c07bff4d60d470cc6fec8bdfde6e80
+  metadata.gz: 623f671fa1116b9d8dc4a6413723cc93c5eefe606eeaf11e10ab77d0b72f3c6b98c87ca0f8f1ba6acf9b050c5c46251c96d9a7ab5412ea60a0b4dc1ec7e6f69e
+  data.tar.gz: 475c973188acc9af9c3dce51352d35efeeb24c8fddb240e1ca3153be60a0caa6a02419dd02decaf4015bd67f55a502c03d7cb57505fafa434af26f83e32f1cfc

data/lib/datadog/appsec/waf/version.rb

@@ -2,8 +2,8 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.2.1'
-        STRING = "#{BASE_STRING}.0.0.beta1"
+        BASE_STRING = '1.3.0'
+        STRING = "#{BASE_STRING}.1.0"
         MINIMUM_RUBY_VERSION = '2.1'
       end
     end

data/lib/datadog/appsec/waf.rb

@@ -6,7 +6,13 @@ module Datadog
   module AppSec
     module WAF
       module LibDDWAF
-        class Error < StandardError; end
+        class Error < StandardError
+          attr_reader :ruleset_info
+
+          def initialize(msg, ruleset_info: nil)
+            @ruleset_info = ruleset_info
+          end
+        end
 
         extend ::FFI::Library
 
@@ -151,8 +157,19 @@ module Datadog
         typedef Object.by_ref, :ddwaf_rule
 
         class Config < ::FFI::Struct
-          layout :maxArrayLength, :uint64,
-                 :maxMapDepth,    :uint64
+          class Limits < ::FFI::Struct
+            layout :max_container_size,  :uint32,
+                   :max_container_depth, :uint32,
+                   :max_string_length,   :uint32
+          end
+
+          class Obfuscator < ::FFI::Struct
+            layout :key_regex,   :pointer, # :charptr
+                   :value_regex, :pointer  # :charptr
+          end
+
+          layout :limits,     Limits,
+                 :obfuscator, Obfuscator
         end
 
         typedef Config.by_ref, :ddwaf_config
@@ -172,7 +189,7 @@ module Datadog
         attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
 
-        attach_function :ddwaf_required_addresses, [:ddwaf_handle, :uint32ptr], :charptrptr
+        attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
 
         # running
 
@@ -339,10 +356,13 @@ module Datadog
       class Handle
         attr_reader :handle_obj
 
-        DEFAULT_MAX_ARRAY_LENGTH = 0
-        DEFAULT_MAX_MAP_DEPTH = 0
+        DEFAULT_MAX_CONTAINER_SIZE  = 0
+        DEFAULT_MAX_CONTAINER_DEPTH = 0
+        DEFAULT_MAX_STRING_LENGTH   = 0
 
-        def initialize(rule, config = {})
+        attr_reader :ruleset_info
+
+        def initialize(rule, limits: {}, obfuscator: {})
           rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
           if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
             fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
@@ -353,14 +373,25 @@ module Datadog
             fail LibDDWAF::Error, 'Could not create config struct'
           end
 
-          config_obj[:maxArrayLength] = config[:max_array_length] || DEFAULT_MAX_ARRAY_LENGTH
-          config_obj[:maxMapDepth]    = config[:max_map_depth]    || DEFAULT_MAX_MAP_DEPTH
+          config_obj[:limits][:max_container_size]  = limits[:max_container_size]  || DEFAULT_MAX_CONTAINER_SIZE
+          config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || DEFAULT_MAX_CONTAINER_DEPTH
+          config_obj[:limits][:max_string_length]   = limits[:max_string_length]   || DEFAULT_MAX_STRING_LENGTH
+          config_obj[:obfuscator][:key_regex]       = FFI::MemoryPointer.from_string(obfuscator[:key_regex])   if obfuscator[:key_regex]
+          config_obj[:obfuscator][:value_regex]     = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
 
-          ruleset_info = LibDDWAF::RuleSetInfoNone
+          ruleset_info = LibDDWAF::RuleSetInfo.new
 
           @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
+
+          @ruleset_info = {
+            loaded: ruleset_info[:loaded],
+            failed: ruleset_info[:failed],
+            errors: WAF.object_to_ruby(ruleset_info[:errors]),
+            version: ruleset_info[:version],
+          }
+
           if @handle_obj.null?
-            fail LibDDWAF::Error, 'Could not create handle'
+            fail LibDDWAF::Error.new('Could not create handle', ruleset_info: @ruleset_info)
           end
 
           ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
@@ -374,6 +405,15 @@ module Datadog
             Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
           end
         end
+
+        def required_addresses
+          count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
+          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
+
+          return [] if count == 0 # list is null
+
+          list.get_array_of_string(0, count[:value])
+        end
       end
 
       Result = Struct.new(:action, :data, :total_runtime, :timeout)

data/vendor/libddwaf/{libddwaf-1.2.1-darwin-arm64 → libddwaf-1.3.0-darwin-arm64}/include/ddwaf.h

@@ -17,8 +17,8 @@ extern "C"
 #include <stddef.h>
 
 #define DDWAF_MAX_STRING_LENGTH 4096
-#define DDWAF_MAX_MAP_DEPTH 20
-#define DDWAF_MAX_ARRAY_LENGTH 256
+#define DDWAF_MAX_CONTAINER_DEPTH 20
+#define DDWAF_MAX_CONTAINER_SIZE 256
 #define DDWAF_RUN_TIMEOUT 5000
 
 /**
@@ -114,10 +114,22 @@ struct _ddwaf_object
  **/
 struct _ddwaf_config
 {
-    /** Maximum length of ddwaf::object arrays. */
-    uint64_t maxArrayLength;
-    /** Maximum depth of ddwaf::object maps. */
-    uint64_t maxMapDepth;
+    struct {
+        /** Maximum size of ddwaf::object containers. */
+        uint32_t max_container_size;
+        /** Maximum depth of ddwaf::object containers. */
+        uint32_t max_container_depth;
+        /** Maximum length of ddwaf::object strings. */
+        uint32_t max_string_length;
+    } limits;
+
+    /** Obfuscator regexes - the strings are owned by the caller */
+    struct {
+        /** Regular expression for key-based obfuscation */
+        const char *key_regex;
+        /** Regular expression for value-based obfuscation */
+        const char *value_regex;
+    } obfuscator;
 };
 
 /**

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.2.1.0.0.beta1
+  version: 1.3.0.1.0
 platform: arm64-darwin
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-18 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -41,8 +41,8 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
-- vendor/libddwaf/libddwaf-1.2.1-darwin-arm64/include/ddwaf.h
-- vendor/libddwaf/libddwaf-1.2.1-darwin-arm64/lib/libddwaf.dylib
+- vendor/libddwaf/libddwaf-1.3.0-darwin-arm64/include/ddwaf.h
+- vendor/libddwaf/libddwaf-1.3.0-darwin-arm64/lib/libddwaf.dylib
 homepage: https://github.com/DataDog/libddwaf
 licenses:
 - BSD-3-Clause