libddwaf 1.2.1.0.0.beta1-arm64-darwin → 1.3.0.1.0-arm64-darwin

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eae47388d5a98069f5167582c8563da98ab6ea8c731e21779722b492dc74713d
4
- data.tar.gz: 891a1d7acf10bd3c438c8c6c3c625a9b56af7030f5faa1ae2a36fa35f376e261
3
+ metadata.gz: a691170b9bdc4e23f2e430785add53f2c0f41b9a429a6c13a8428c0285b2a974
4
+ data.tar.gz: 046b526ed58dc6d5c0abf55255642061a766b539e2e91d94a8a02ee7587080b5
5
5
  SHA512:
6
- metadata.gz: c9134902f77a98bb9161b112eaa5b0526c86f0bdc1ffe6b53d2e5a500177ffbdd8e6f4196da9f575ab68a1274f5cb5d13ad04a572e37ff42898a4d01f631efdd
7
- data.tar.gz: 88e547f5c916ef4744b9d26d211c002c1d114bc7775faacab193f37426a583e0c07b6437122656b7da2113eff5f282ddd8c07bff4d60d470cc6fec8bdfde6e80
6
+ metadata.gz: 623f671fa1116b9d8dc4a6413723cc93c5eefe606eeaf11e10ab77d0b72f3c6b98c87ca0f8f1ba6acf9b050c5c46251c96d9a7ab5412ea60a0b4dc1ec7e6f69e
7
+ data.tar.gz: 475c973188acc9af9c3dce51352d35efeeb24c8fddb240e1ca3153be60a0caa6a02419dd02decaf4015bd67f55a502c03d7cb57505fafa434af26f83e32f1cfc
@@ -2,8 +2,8 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = '1.2.1'
6
- STRING = "#{BASE_STRING}.0.0.beta1"
5
+ BASE_STRING = '1.3.0'
6
+ STRING = "#{BASE_STRING}.1.0"
7
7
  MINIMUM_RUBY_VERSION = '2.1'
8
8
  end
9
9
  end
@@ -6,7 +6,13 @@ module Datadog
6
6
  module AppSec
7
7
  module WAF
8
8
  module LibDDWAF
9
- class Error < StandardError; end
9
+ class Error < StandardError
10
+ attr_reader :ruleset_info
11
+
12
+ def initialize(msg, ruleset_info: nil)
13
+ @ruleset_info = ruleset_info
14
+ end
15
+ end
10
16
 
11
17
  extend ::FFI::Library
12
18
 
@@ -151,8 +157,19 @@ module Datadog
151
157
  typedef Object.by_ref, :ddwaf_rule
152
158
 
153
159
  class Config < ::FFI::Struct
154
- layout :maxArrayLength, :uint64,
155
- :maxMapDepth, :uint64
160
+ class Limits < ::FFI::Struct
161
+ layout :max_container_size, :uint32,
162
+ :max_container_depth, :uint32,
163
+ :max_string_length, :uint32
164
+ end
165
+
166
+ class Obfuscator < ::FFI::Struct
167
+ layout :key_regex, :pointer, # :charptr
168
+ :value_regex, :pointer # :charptr
169
+ end
170
+
171
+ layout :limits, Limits,
172
+ :obfuscator, Obfuscator
156
173
  end
157
174
 
158
175
  typedef Config.by_ref, :ddwaf_config
@@ -172,7 +189,7 @@ module Datadog
172
189
  attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
173
190
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
174
191
 
175
- attach_function :ddwaf_required_addresses, [:ddwaf_handle, :uint32ptr], :charptrptr
192
+ attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
176
193
 
177
194
  # running
178
195
 
@@ -339,10 +356,13 @@ module Datadog
339
356
  class Handle
340
357
  attr_reader :handle_obj
341
358
 
342
- DEFAULT_MAX_ARRAY_LENGTH = 0
343
- DEFAULT_MAX_MAP_DEPTH = 0
359
+ DEFAULT_MAX_CONTAINER_SIZE = 0
360
+ DEFAULT_MAX_CONTAINER_DEPTH = 0
361
+ DEFAULT_MAX_STRING_LENGTH = 0
344
362
 
345
- def initialize(rule, config = {})
363
+ attr_reader :ruleset_info
364
+
365
+ def initialize(rule, limits: {}, obfuscator: {})
346
366
  rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
347
367
  if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
348
368
  fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
@@ -353,14 +373,25 @@ module Datadog
353
373
  fail LibDDWAF::Error, 'Could not create config struct'
354
374
  end
355
375
 
356
- config_obj[:maxArrayLength] = config[:max_array_length] || DEFAULT_MAX_ARRAY_LENGTH
357
- config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
376
+ config_obj[:limits][:max_container_size] = limits[:max_container_size] || DEFAULT_MAX_CONTAINER_SIZE
377
+ config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || DEFAULT_MAX_CONTAINER_DEPTH
378
+ config_obj[:limits][:max_string_length] = limits[:max_string_length] || DEFAULT_MAX_STRING_LENGTH
379
+ config_obj[:obfuscator][:key_regex] = FFI::MemoryPointer.from_string(obfuscator[:key_regex]) if obfuscator[:key_regex]
380
+ config_obj[:obfuscator][:value_regex] = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
358
381
 
359
- ruleset_info = LibDDWAF::RuleSetInfoNone
382
+ ruleset_info = LibDDWAF::RuleSetInfo.new
360
383
 
361
384
  @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
385
+
386
+ @ruleset_info = {
387
+ loaded: ruleset_info[:loaded],
388
+ failed: ruleset_info[:failed],
389
+ errors: WAF.object_to_ruby(ruleset_info[:errors]),
390
+ version: ruleset_info[:version],
391
+ }
392
+
362
393
  if @handle_obj.null?
363
- fail LibDDWAF::Error, 'Could not create handle'
394
+ fail LibDDWAF::Error.new('Could not create handle', ruleset_info: @ruleset_info)
364
395
  end
365
396
 
366
397
  ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
@@ -374,6 +405,15 @@ module Datadog
374
405
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
375
406
  end
376
407
  end
408
+
409
+ def required_addresses
410
+ count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
411
+ list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
412
+
413
+ return [] if count == 0 # list is null
414
+
415
+ list.get_array_of_string(0, count[:value])
416
+ end
377
417
  end
378
418
 
379
419
  Result = Struct.new(:action, :data, :total_runtime, :timeout)
@@ -17,8 +17,8 @@ extern "C"
17
17
  #include <stddef.h>
18
18
 
19
19
  #define DDWAF_MAX_STRING_LENGTH 4096
20
- #define DDWAF_MAX_MAP_DEPTH 20
21
- #define DDWAF_MAX_ARRAY_LENGTH 256
20
+ #define DDWAF_MAX_CONTAINER_DEPTH 20
21
+ #define DDWAF_MAX_CONTAINER_SIZE 256
22
22
  #define DDWAF_RUN_TIMEOUT 5000
23
23
 
24
24
  /**
@@ -114,10 +114,22 @@ struct _ddwaf_object
114
114
  **/
115
115
  struct _ddwaf_config
116
116
  {
117
- /** Maximum length of ddwaf::object arrays. */
118
- uint64_t maxArrayLength;
119
- /** Maximum depth of ddwaf::object maps. */
120
- uint64_t maxMapDepth;
117
+ struct {
118
+ /** Maximum size of ddwaf::object containers. */
119
+ uint32_t max_container_size;
120
+ /** Maximum depth of ddwaf::object containers. */
121
+ uint32_t max_container_depth;
122
+ /** Maximum length of ddwaf::object strings. */
123
+ uint32_t max_string_length;
124
+ } limits;
125
+
126
+ /** Obfuscator regexes - the strings are owned by the caller */
127
+ struct {
128
+ /** Regular expression for key-based obfuscation */
129
+ const char *key_regex;
130
+ /** Regular expression for value-based obfuscation */
131
+ const char *value_regex;
132
+ } obfuscator;
121
133
  };
122
134
 
123
135
  /**
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1.0.0.beta1
4
+ version: 1.3.0.1.0
5
5
  platform: arm64-darwin
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-18 00:00:00.000000000 Z
11
+ date: 2022-04-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -41,8 +41,8 @@ files:
41
41
  - lib/datadog/appsec/waf.rb
42
42
  - lib/datadog/appsec/waf/version.rb
43
43
  - lib/libddwaf.rb
44
- - vendor/libddwaf/libddwaf-1.2.1-darwin-arm64/include/ddwaf.h
45
- - vendor/libddwaf/libddwaf-1.2.1-darwin-arm64/lib/libddwaf.dylib
44
+ - vendor/libddwaf/libddwaf-1.3.0-darwin-arm64/include/ddwaf.h
45
+ - vendor/libddwaf/libddwaf-1.3.0-darwin-arm64/lib/libddwaf.dylib
46
46
  homepage: https://github.com/DataDog/libddwaf
47
47
  licenses:
48
48
  - BSD-3-Clause