libddwaf 1.22.0.0.2 → 1.24.1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/lint.yml +2 -2
  3. data/.github/workflows/test-for-memory-leaks.yml +15 -0
  4. data/CHANGELOG.md +21 -2
  5. data/Dockerfile +11 -0
  6. data/Steepfile +5 -5
  7. data/lib/datadog/appsec/waf/context.rb +24 -38
  8. data/lib/datadog/appsec/waf/converter.rb +62 -69
  9. data/lib/datadog/appsec/waf/errors.rb +19 -0
  10. data/lib/datadog/appsec/waf/handle.rb +30 -77
  11. data/lib/datadog/appsec/waf/handle_builder.rb +91 -0
  12. data/lib/datadog/appsec/waf/lib_ddwaf.rb +94 -94
  13. data/lib/datadog/appsec/waf/version.rb +3 -3
  14. data/lib/datadog/appsec/waf.rb +9 -7
  15. data/lib/libddwaf.rb +1 -1
  16. data/libddwaf.gemspec +20 -22
  17. data/sig/datadog/appsec/waf/context.rbs +5 -15
  18. data/sig/datadog/appsec/waf/errors.rbs +20 -0
  19. data/sig/datadog/appsec/waf/handle.rbs +6 -27
  20. data/sig/datadog/appsec/waf/handle_builder.rbs +23 -0
  21. data/sig/datadog/appsec/waf/lib_ddwaf.rbs +19 -17
  22. metadata +9 -6
data/lib/datadog/appsec/waf/lib_ddwaf.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'ffi'
4
- require 'datadog/appsec/waf/version'
3
+ require "ffi"
4
+ require "datadog/appsec/waf/version"
5
5
 
6
6
  module Datadog
7
7
  module AppSec
@@ -9,28 +9,27 @@ module Datadog
9
9
  # FFI-binding for C-libddwaf
10
10
  # See https://github.com/DataDog/libddwaf
11
11
  module LibDDWAF
12
- # An exception binding raises in most of the cases
13
- class Error < StandardError
14
- attr_reader :diagnostics
12
+ DEFAULT_MAX_CONTAINER_SIZE = 256
13
+ DEFAULT_MAX_CONTAINER_DEPTH = 20
14
+ DEFAULT_MAX_STRING_LENGTH = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point
15
15
 
16
- def initialize(msg, diagnostics: nil)
17
- @diagnostics = diagnostics
16
+ DDWAF_MAX_CONTAINER_SIZE = 256
17
+ DDWAF_MAX_CONTAINER_DEPTH = 20
18
+ DDWAF_MAX_STRING_LENGTH = 4096
18
19
 
19
- super(msg)
20
- end
21
- end
20
+ DDWAF_RUN_TIMEOUT = 5000
22
21
 
23
22
  extend ::FFI::Library
24
23
 
25
24
  def self.local_os
26
- if RUBY_ENGINE == 'jruby'
27
- os_name = java.lang.System.get_property('os.name')
25
+ if RUBY_ENGINE == "jruby"
26
+ os_name = java.lang.System.get_property("os.name")
28
27
 
29
28
  os = case os_name
30
- when /linux/i then 'linux'
31
- when /mac/i then 'darwin'
32
- else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
33
- end
29
+ when /linux/i then "linux"
30
+ when /mac/i then "darwin"
31
+ else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
32
+ end
34
33
 
35
34
  return os
36
35
  end
@@ -39,23 +38,23 @@ module Datadog
39
38
  end
40
39
 
41
40
  def self.local_version
42
- return nil unless local_os == 'linux'
41
+ return nil unless local_os == "linux"
43
42
 
44
43
  # Old rubygems don't handle non-gnu linux correctly
45
44
  return ::Regexp.last_match(1) if RUBY_PLATFORM =~ /linux-(.+)$/
46
45
 
47
- 'gnu'
46
+ "gnu"
48
47
  end
49
48
 
50
49
  def self.local_cpu
51
- if RUBY_ENGINE == 'jruby'
52
- os_arch = java.lang.System.get_property('os.arch')
50
+ if RUBY_ENGINE == "jruby"
51
+ os_arch = java.lang.System.get_property("os.arch")
53
52
 
54
53
  cpu = case os_arch
55
- when 'amd64' then 'x86_64'
56
- when 'aarch64' then local_os == 'darwin' ? 'arm64' : 'aarch64'
57
- else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
58
- end
54
+ when "amd64" then "x86_64"
55
+ when "aarch64" then (local_os == "darwin") ? "arm64" : "aarch64"
56
+ else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
57
+ end
59
58
 
60
59
  return cpu
61
60
  end
@@ -64,15 +63,15 @@ module Datadog
64
63
  end
65
64
 
66
65
  def self.source_dir
67
- __dir__ || raise('__dir__ is nil: eval?')
66
+ __dir__ || raise("__dir__ is nil: eval?")
68
67
  end
69
68
 
70
69
  def self.vendor_dir
71
- File.join(source_dir, '../../../../vendor')
70
+ File.join(source_dir, "../../../../vendor")
72
71
  end
73
72
 
74
73
  def self.libddwaf_vendor_dir
75
- File.join(vendor_dir, 'libddwaf')
74
+ File.join(vendor_dir, "libddwaf")
76
75
  end
77
76
 
78
77
  def self.shared_lib_triplet(version: local_version)
@@ -81,31 +80,31 @@ module Datadog
81
80
 
82
81
  def self.libddwaf_dir
83
82
  default = File.join(libddwaf_vendor_dir,
84
- "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
83
+ "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
85
84
  candidates = [
86
85
  default
87
86
  ]
88
87
 
89
- if local_os == 'linux'
88
+ if local_os == "linux"
90
89
  candidates << File.join(libddwaf_vendor_dir,
91
- "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
90
+ "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
92
91
  end
93
92
 
94
93
  candidates.find { |d| Dir.exist?(d) } || default
95
94
  end
96
95
 
97
96
  def self.shared_lib_extname
98
- if Gem::Platform.local.os == 'darwin'
99
- '.dylib'
100
- elsif Gem::Platform.local.os == 'java' && java.lang.System.get_property('os.name').match(/mac/i)
101
- '.dylib'
97
+ if Gem::Platform.local.os == "darwin"
98
+ ".dylib"
99
+ elsif Gem::Platform.local.os == "java" && java.lang.System.get_property("os.name").match(/mac/i)
100
+ ".dylib"
102
101
  else
103
- '.so'
102
+ ".so"
104
103
  end
105
104
  end
106
105
 
107
106
  def self.shared_lib_path
108
- File.join(libddwaf_dir, 'lib', "libddwaf#{shared_lib_extname}")
107
+ File.join(libddwaf_dir, "lib", "libddwaf#{shared_lib_extname}")
109
108
  end
110
109
 
111
110
  ffi_lib [shared_lib_path]
@@ -116,15 +115,15 @@ module Datadog
116
115
 
117
116
  # ddwaf::object data structure
118
117
 
119
- DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid, 0,
120
- :ddwaf_obj_signed, 1 << 0,
121
- :ddwaf_obj_unsigned, 1 << 1,
122
- :ddwaf_obj_string, 1 << 2,
123
- :ddwaf_obj_array, 1 << 3,
124
- :ddwaf_obj_map, 1 << 4,
125
- :ddwaf_obj_bool, 1 << 5,
126
- :ddwaf_obj_float, 1 << 6,
127
- :ddwaf_obj_null, 1 << 7
118
+ DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid, 0,
119
+ :ddwaf_obj_signed, 1 << 0,
120
+ :ddwaf_obj_unsigned, 1 << 1,
121
+ :ddwaf_obj_string, 1 << 2,
122
+ :ddwaf_obj_array, 1 << 3,
123
+ :ddwaf_obj_map, 1 << 4,
124
+ :ddwaf_obj_bool, 1 << 5,
125
+ :ddwaf_obj_float, 1 << 6,
126
+ :ddwaf_obj_null, 1 << 7
128
127
 
129
128
  typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
130
129
 
@@ -155,21 +154,21 @@ module Datadog
155
154
  # Ruby representation of C union
156
155
  class ObjectValueUnion < ::FFI::Union
157
156
  layout :stringValue, :charptr,
158
- :uintValue, :uint64,
159
- :intValue, :int64,
160
- :array, :pointer,
161
- :boolean, :bool,
162
- :f64, :double
157
+ :uintValue, :uint64,
158
+ :intValue, :int64,
159
+ :array, :pointer,
160
+ :boolean, :bool,
161
+ :f64, :double
163
162
  end
164
163
 
165
164
  # Ruby representation of ddwaf_object
166
165
  # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L94C1-L115C3
167
166
  class Object < ::FFI::Struct
168
- layout :parameterName, :charptr,
169
- :parameterNameLength, :uint64,
170
- :valueUnion, ObjectValueUnion,
171
- :nbEntries, :uint64,
172
- :type, :ddwaf_obj_type
167
+ layout :parameterName, :charptr,
168
+ :parameterNameLength, :uint64,
169
+ :valueUnion, ObjectValueUnion,
170
+ :nbEntries, :uint64,
171
+ :type, :ddwaf_obj_type
173
172
  end
174
173
 
175
174
  typedef Object.by_ref, :ddwaf_object
@@ -214,51 +213,62 @@ module Datadog
214
213
  ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
215
214
  ObjectNoFree = ::FFI::Pointer::NULL
216
215
 
217
- # main handle
216
+ # handle builder
218
217
 
218
+ typedef :pointer, :ddwaf_builder
219
219
  typedef :pointer, :ddwaf_handle
220
- typedef Object.by_ref, :ddwaf_rule
220
+ typedef :pointer, :ddwaf_diagnostics
221
221
 
222
222
  callback :ddwaf_object_free_fn, [:ddwaf_object], :void
223
223
 
224
224
  # Ruby representation of ddwaf_config
225
225
  # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L129-L152
226
- class Config < ::FFI::Struct
226
+ class HandleBuilderConfig < ::FFI::Struct
227
227
  # Ruby representation of ddwaf_config_limits
228
228
  # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L131-L138
229
229
  class Limits < ::FFI::Struct
230
- layout :max_container_size, :uint32,
231
- :max_container_depth, :uint32,
232
- :max_string_length, :uint32
230
+ layout :max_container_size, :uint32,
231
+ :max_container_depth, :uint32,
232
+ :max_string_length, :uint32
233
233
  end
234
234
 
235
235
  # Ruby representation of ddwaf_config_obfuscator
236
236
  # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L141-L146
237
237
  class Obfuscator < ::FFI::Struct
238
- layout :key_regex, :pointer, # should be :charptr
239
- :value_regex, :pointer # should be :charptr
238
+ layout :key_regex, :pointer, # should be :charptr
239
+ :value_regex, :pointer # should be :charptr
240
240
  end
241
241
 
242
- layout :limits, Limits,
243
- :obfuscator, Obfuscator,
244
- :free_fn, :pointer # :ddwaf_object_free_fn
242
+ layout :limits, Limits,
243
+ :obfuscator, Obfuscator,
244
+ :free_fn, :pointer # :ddwaf_object_free_fn
245
245
  end
246
246
 
247
- typedef Config.by_ref, :ddwaf_config
247
+ typedef HandleBuilderConfig.by_ref, :ddwaf_config
248
+
249
+ attach_function :ddwaf_builder_init, [:ddwaf_config], :ddwaf_builder
250
+ attach_function :ddwaf_builder_destroy, [:ddwaf_builder], :void
251
+
252
+ attach_function :ddwaf_builder_add_or_update_config, [:ddwaf_builder, :string, :size_t, :ddwaf_object, :ddwaf_diagnostics], :bool
253
+ attach_function :ddwaf_builder_remove_config, [:ddwaf_builder, :string, :size_t], :bool
254
+
255
+ attach_function :ddwaf_builder_build_instance, [:ddwaf_builder], :ddwaf_handle
256
+
257
+ # handle
258
+
259
+ callback :ddwaf_object_free_fn, [:ddwaf_object], :void
248
260
 
249
- attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_object], :ddwaf_handle
250
- attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
251
261
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
252
262
 
253
263
  attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
254
264
 
255
265
  # updating
256
266
 
257
- DDWAF_RET_CODE = enum :ddwaf_err_internal, -3,
258
- :ddwaf_err_invalid_object, -2,
259
- :ddwaf_err_invalid_argument, -1,
260
- :ddwaf_ok, 0,
261
- :ddwaf_match, 1
267
+ DDWAF_RET_CODE = enum :ddwaf_err_internal, -3,
268
+ :ddwaf_err_invalid_object, -2,
269
+ :ddwaf_err_invalid_argument, -1,
270
+ :ddwaf_ok, 0,
271
+ :ddwaf_match, 1
262
272
  typedef DDWAF_RET_CODE, :ddwaf_ret_code
263
273
 
264
274
  # running
@@ -271,11 +281,11 @@ module Datadog
271
281
  # Ruby representation of ddwaf_result
272
282
  # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
273
283
  class Result < ::FFI::Struct
274
- layout :timeout, :bool,
275
- :events, Object,
276
- :actions, Object,
277
- :derivatives, Object,
278
- :total_runtime, :uint64
284
+ layout :timeout, :bool,
285
+ :events, Object,
286
+ :actions, Object,
287
+ :derivatives, Object,
288
+ :total_runtime, :uint64
279
289
  end
280
290
 
281
291
  typedef Result.by_ref, :ddwaf_result
@@ -287,26 +297,16 @@ module Datadog
287
297
  # logging
288
298
 
289
299
  DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
290
- :ddwaf_log_debug,
291
- :ddwaf_log_info,
292
- :ddwaf_log_warn,
293
- :ddwaf_log_error,
294
- :ddwaf_log_off
300
+ :ddwaf_log_debug,
301
+ :ddwaf_log_info,
302
+ :ddwaf_log_warn,
303
+ :ddwaf_log_error,
304
+ :ddwaf_log_off
295
305
  typedef DDWAF_LOG_LEVEL, :ddwaf_log_level
296
306
 
297
307
  callback :ddwaf_log_cb, [:ddwaf_log_level, :string, :string, :uint, :charptr, :uint64], :void
298
308
 
299
309
  attach_function :ddwaf_set_log_cb, [:ddwaf_log_cb, :ddwaf_log_level], :bool
300
-
301
- DEFAULT_MAX_CONTAINER_SIZE = 256
302
- DEFAULT_MAX_CONTAINER_DEPTH = 20
303
- DEFAULT_MAX_STRING_LENGTH = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point)
304
-
305
- DDWAF_MAX_CONTAINER_SIZE = 256
306
- DDWAF_MAX_CONTAINER_DEPTH = 20
307
- DDWAF_MAX_STRING_LENGTH = 4096
308
-
309
- DDWAF_RUN_TIMEOUT = 5000
310
310
  end
311
311
  end
312
312
  end
data/lib/datadog/appsec/waf/version.rb CHANGED
@@ -2,11 +2,11 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = '1.22.0'
5
+ BASE_STRING = "1.24.1"
6
6
  # NOTE: Every change to the `BASE_STRING` should be accompanied
7
7
  # by a reset of the patch version in the `STRING` below.
8
- STRING = "#{BASE_STRING}.0.2"
9
- MINIMUM_RUBY_VERSION = '2.5'
8
+ STRING = "#{BASE_STRING}.0.0"
9
+ MINIMUM_RUBY_VERSION = "2.5"
10
10
  end
11
11
  end
12
12
  end
data/lib/datadog/appsec/waf.rb CHANGED
@@ -1,12 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'datadog/appsec/waf/lib_ddwaf'
4
-
5
- require 'datadog/appsec/waf/converter'
6
- require 'datadog/appsec/waf/result'
7
- require 'datadog/appsec/waf/context'
8
- require 'datadog/appsec/waf/handle'
9
- require 'datadog/appsec/waf/version'
3
+ require "datadog/appsec/waf/lib_ddwaf"
4
+
5
+ require "datadog/appsec/waf/handle_builder"
6
+ require "datadog/appsec/waf/handle"
7
+ require "datadog/appsec/waf/converter"
8
+ require "datadog/appsec/waf/errors"
9
+ require "datadog/appsec/waf/result"
10
+ require "datadog/appsec/waf/context"
11
+ require "datadog/appsec/waf/version"
10
12
 
11
13
  module Datadog
12
14
  module AppSec
data/lib/libddwaf.rb CHANGED
@@ -1 +1 @@
1
- require 'datadog/appsec/waf'
1
+ require "datadog/appsec/waf"
data/libddwaf.gemspec CHANGED
@@ -1,40 +1,38 @@
1
- # coding: utf-8
2
-
3
- lib = File.expand_path('../lib', __FILE__)
1
+ lib = File.expand_path("../lib", __FILE__)
4
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
- require 'datadog/appsec/waf/version'
3
+ require "datadog/appsec/waf/version"
6
4
 
7
5
  Gem::Specification.new do |spec|
8
- spec.name = 'libddwaf'
9
- spec.version = Datadog::AppSec::WAF::VERSION::STRING
6
+ spec.name = "libddwaf"
7
+ spec.version = Datadog::AppSec::WAF::VERSION::STRING
10
8
  spec.required_ruby_version = [">= #{Datadog::AppSec::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
11
- spec.required_rubygems_version = '>= 2.0.0'
12
- spec.authors = ['Datadog, Inc.']
13
- spec.email = ['dev@datadoghq.com']
9
+ spec.required_rubygems_version = ">= 2.0.0"
10
+ spec.authors = ["Datadog, Inc."]
11
+ spec.email = ["dev@datadoghq.com"]
14
12
 
15
- spec.summary = 'Datadog WAF'
16
- spec.description = <<-EOS.gsub(/^[\s]+/, '')
13
+ spec.summary = "Datadog WAF"
14
+ spec.description = <<-EOS.gsub(/^[\s]+/, "")
17
15
  libddwaf packages a WAF implementation in C++, exposed to Ruby
18
16
  EOS
19
17
 
20
- spec.homepage = 'https://github.com/DataDog/libddwaf-rb'
21
- spec.license = 'BSD-3-Clause'
18
+ spec.homepage = "https://github.com/DataDog/libddwaf-rb"
19
+ spec.license = "BSD-3-Clause"
22
20
 
23
21
  if spec.respond_to?(:metadata)
24
- spec.metadata['allowed_push_host'] = 'https://rubygems.org'
22
+ spec.metadata["allowed_push_host"] = "https://rubygems.org"
25
23
  else
26
- raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
24
+ raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
27
25
  end
28
26
 
29
27
  spec.files =
30
28
  `git ls-files -z`
31
- .split("\x0")
32
- .reject { |f| f.match(%r{^(spec|[.]circleci)/}) }
33
- .reject do |f|
34
- ['.dockerignore', '.env', '.rspec', '.rubocop.yml', '.rubocop_todo.yml',
35
- '.simplecov', 'Gemfile', 'Rakefile', 'docker-compose.yml'].include?(f)
29
+ .split("\x0")
30
+ .reject { |f| f.match(%r{^(spec|[.]circleci)/}) }
31
+ .reject do |f|
32
+ [".dockerignore", ".env", ".rspec", ".rubocop.yml", ".rubocop_todo.yml",
33
+ ".simplecov", "Gemfile", "Rakefile", "docker-compose.yml"].include?(f)
36
34
  end
37
- spec.require_paths = ['lib']
35
+ spec.require_paths = ["lib"]
38
36
 
39
- spec.add_dependency 'ffi', '~> 1.0'
37
+ spec.add_dependency "ffi", "~> 1.0"
40
38
  end
data/sig/datadog/appsec/waf/context.rbs CHANGED
@@ -2,31 +2,21 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  class Context
5
- @context_obj: ::FFI::Pointer
6
-
7
- @valid: bool
5
+ @context_ptr: ::FFI::Pointer
8
6
 
9
7
  @retained: Array[untyped]
10
8
 
11
9
  RESULT_CODE: ::Hash[::Symbol, ::Symbol]
12
10
 
13
- attr_reader context_obj: ::FFI::Pointer
14
-
15
- def initialize: (Handle handle) -> void
11
+ def initialize: (::FFI::Pointer context_ptr) -> void
16
12
 
17
- def finalize: () -> void
13
+ def finalize!: () -> void
18
14
 
19
- def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> ::Array[top]
15
+ def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
20
16
 
21
17
  private
22
18
 
23
- def validate!: () -> void
24
-
25
- def invalidate!: () -> void
26
-
27
- def valid?: () -> bool?
28
-
29
- def valid!: () -> void
19
+ def ensure_pointer_presence!: () -> void
30
20
 
31
21
  def retained: () -> Array[untyped]
32
22
 
data/sig/datadog/appsec/waf/errors.rbs ADDED
@@ -0,0 +1,20 @@
1
+ module Datadog
2
+ module AppSec
3
+ module WAF
4
+ class Error < StandardError
5
+ end
6
+
7
+ class InstanceFinalizedError < Error
8
+ end
9
+
10
+ class ConversionError < Error
11
+ end
12
+
13
+ class LibDDWAFError < Error
14
+ attr_reader diagnostics: WAF::data
15
+
16
+ def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
17
+ end
18
+ end
19
+ end
20
+ end
data/sig/datadog/appsec/waf/handle.rbs CHANGED
@@ -2,40 +2,19 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  class Handle
5
- @config: LibDDWAF::Config
5
+ @handle_ptr: ::FFI::Pointer
6
6
 
7
- @handle_obj: ::FFI::Pointer
7
+ def initialize: (::FFI::Pointer handle_ptr) -> void
8
8
 
9
- @diagnostics: WAF::data
9
+ def finalize!: () -> void
10
10
 
11
- @valid: bool
11
+ def build_context: () -> Context
12
12
 
13
- attr_reader handle_obj: ::FFI::Pointer
14
-
15
- attr_reader diagnostics: WAF::data
16
-
17
- attr_reader config: LibDDWAF::Config
18
-
19
- def initialize: (data rule, ?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
20
-
21
- def finalize: () -> void
22
-
23
- def required_addresses: () -> ::Array[::String?]
24
-
25
- # TODO: WAF::data
26
- def merge: (untyped data) -> Handle?
13
+ def known_addresses: () -> ::Array[::String?]
27
14
 
28
15
  private
29
16
 
30
- def new_from_handle: (::FFI::Pointer handle_object, data diagnostics, WAF::LibDDWAF::Config config) -> Handle
31
-
32
- def validate!: () -> void
33
-
34
- def invalidate!: () -> void
35
-
36
- def valid?: () -> bool?
37
-
38
- def valid!: () -> void
17
+ def ensure_pointer_presence!: () -> void
39
18
  end
40
19
  end
41
20
  end
data/sig/datadog/appsec/waf/handle_builder.rbs ADDED
@@ -0,0 +1,23 @@
1
+ module Datadog
2
+ module AppSec
3
+ module WAF
4
+ class HandleBuilder
5
+ @builder_ptr: ::FFI::Pointer
6
+
7
+ def initialize: (?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
8
+
9
+ def finalize!: () -> void
10
+
11
+ def build_handle: () -> Handle
12
+
13
+ def add_or_update_config: (data config, path: ::String) -> data
14
+
15
+ def remove_config_at_path: (::String path) -> bool
16
+
17
+ private
18
+
19
+ def ensure_pointer_presence!: () -> void
20
+ end
21
+ end
22
+ end
23
+ end
data/sig/datadog/appsec/waf/lib_ddwaf.rbs CHANGED
@@ -2,11 +2,15 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module LibDDWAF
5
- class Error < StandardError
6
- attr_reader diagnostics: WAF::data
5
+ DEFAULT_MAX_CONTAINER_SIZE: ::Integer
6
+ DEFAULT_MAX_CONTAINER_DEPTH: ::Integer
7
+ DEFAULT_MAX_STRING_LENGTH: ::Integer
7
8
 
8
- def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
9
- end
9
+ DDWAF_MAX_CONTAINER_SIZE: ::Integer
10
+ DDWAF_MAX_CONTAINER_DEPTH: ::Integer
11
+ DDWAF_MAX_STRING_LENGTH: ::Integer
12
+
13
+ DDWAF_RUN_TIMEOUT: ::Integer
10
14
 
11
15
  extend ::FFI::Library
12
16
 
@@ -98,9 +102,19 @@ module Datadog
98
102
  ObjectFree: ::FFI::Function
99
103
  ObjectNoFree: ::FFI::Pointer
100
104
 
105
+ # handle builder
106
+
107
+ def self.ddwaf_builder_init: (HandleBuilderConfig) -> ::FFI::Pointer
108
+ def self.ddwaf_builder_destroy: (::FFI::Pointer) -> void
109
+
110
+ def self.ddwaf_builder_add_or_update_config: (::FFI::Pointer, ::String, ::Integer, LibDDWAF::Object, LibDDWAF::Object) -> bool
111
+ def self.ddwaf_builder_remove_config: (::FFI::Pointer, ::String, ::Integer) -> bool
112
+
113
+ def self.ddwaf_builder_build_instance: (::FFI::Pointer) -> ::FFI::Pointer
114
+
101
115
  # main handle
102
116
 
103
- class Config < ::FFI::Struct[::FFI::AbstractMemory, untyped]
117
+ class HandleBuilderConfig < ::FFI::Struct[::FFI::AbstractMemory, untyped]
104
118
  class Limits < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
105
119
  end
106
120
 
@@ -108,8 +122,6 @@ module Datadog
108
122
  end
109
123
  end
110
124
 
111
- def self.ddwaf_init: (top, Config, Object) -> ::FFI::Pointer
112
- def self.ddwaf_update: (::FFI::Pointer, LibDDWAF::Object, LibDDWAF::Object) -> ::FFI::Pointer
113
125
  def self.ddwaf_destroy: (::FFI::Pointer) -> void
114
126
 
115
127
  def self.ddwaf_known_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
@@ -140,16 +152,6 @@ module Datadog
140
152
  # type ddwaf_log_cb = ^(ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
141
153
  type ddwaf_log_cb = ::Method | ::Proc
142
154
  def self.ddwaf_set_log_cb: (ddwaf_log_cb, ddwaf_log_level) -> bool
143
-
144
- DEFAULT_MAX_CONTAINER_SIZE: ::Integer
145
- DEFAULT_MAX_CONTAINER_DEPTH: ::Integer
146
- DEFAULT_MAX_STRING_LENGTH: ::Integer
147
-
148
- DDWAF_MAX_CONTAINER_SIZE: ::Integer
149
- DDWAF_MAX_CONTAINER_DEPTH: ::Integer
150
- DDWAF_MAX_STRING_LENGTH: ::Integer
151
-
152
- DDWAF_RUN_TIMEOUT: ::Integer
153
155
  end
154
156
  end
155
157
  end