libddwaf 1.24.1.0.3-arm64-darwin → 1.24.1.1.1-arm64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -1
- data/lib/datadog/appsec/waf/context.rb +7 -1
- data/lib/datadog/appsec/waf/converter.rb +35 -17
- data/lib/datadog/appsec/waf/handle.rb +3 -1
- data/lib/datadog/appsec/waf/lib_ddwaf.rb +8 -0
- data/lib/datadog/appsec/waf/result.rb +9 -0
- data/lib/datadog/appsec/waf/version.rb +1 -1
- data/lib/libddwaf.rb +2 -0
- data/libddwaf.gemspec +1 -1
- data/sig/datadog/appsec/waf/converter.rbs +1 -1
- data/sig/datadog/appsec/waf/handle.rbs +1 -1
- data/sig/datadog/appsec/waf/lib_ddwaf.rbs +3 -0
- data/sig/datadog/appsec/waf/result.rbs +6 -0
- data/sig/datadog/appsec/waf.rbs +2 -0
- metadata +3 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c219656c1bbb1cc7a6ed85552d51a17110777630f87b3dadce0409849f069dd
|
|
4
|
+
data.tar.gz: 7b49bca01a5e4324be4ac56a1e49ac3ee8ecd2e606e69e2a2ec5937c88c55e0e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e70cce5baf7d3e6a093645020172b4b16d6af05f06d84366f011cdf9aafdcbf773790f3be0734248f6094a0a77cc0afb12aa08bbe0d220a443615f9a22ede189
|
|
7
|
+
data.tar.gz: 075b323d94a8060c88b0b4a24b8518be183ef3311cbb010ce9165edb0373d6b231111730af9f3733f330a0f3a0df3235fd5284348c8678b21f2abfedc20b8951
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,20 @@
|
|
|
1
|
-
# Unreleased
|
|
1
|
+
# Unreleased
|
|
2
|
+
|
|
3
|
+
## Added
|
|
4
|
+
|
|
5
|
+
- Add `WAF::Result#input_truncated?` method that indicates that result is based on truncated input objects (see `LibDDWAF::Object#input_truncated?`)
|
|
6
|
+
|
|
7
|
+
# 2025-08-15 v1.24.1.1.0
|
|
8
|
+
|
|
9
|
+
## Added
|
|
10
|
+
|
|
11
|
+
- Add `LibDDWAF::Object#input_truncated?` method that returns true if the input object was truncated during conversion to libddwaf object
|
|
12
|
+
|
|
13
|
+
## Changed
|
|
14
|
+
|
|
15
|
+
- Change `Handle#known_addresses` to cache the result
|
|
16
|
+
|
|
17
|
+
# 2025-05-20 v1.24.1.0.0
|
|
2
18
|
|
|
3
19
|
## Added
|
|
4
20
|
|
|
@@ -74,7 +74,7 @@ module Datadog
|
|
|
74
74
|
|
|
75
75
|
code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
|
|
76
76
|
|
|
77
|
-
Result.new(
|
|
77
|
+
result = Result.new(
|
|
78
78
|
RESULT_CODE[code],
|
|
79
79
|
Converter.object_to_ruby(result_obj[:events]),
|
|
80
80
|
result_obj[:total_runtime],
|
|
@@ -82,6 +82,12 @@ module Datadog
|
|
|
82
82
|
Converter.object_to_ruby(result_obj[:actions]),
|
|
83
83
|
Converter.object_to_ruby(result_obj[:derivatives])
|
|
84
84
|
)
|
|
85
|
+
|
|
86
|
+
if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
|
|
87
|
+
result.mark_input_truncated!
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
result
|
|
85
91
|
ensure
|
|
86
92
|
LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
|
87
93
|
LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
|
|
@@ -8,27 +8,32 @@ module Datadog
|
|
|
8
8
|
module_function
|
|
9
9
|
|
|
10
10
|
# standard:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
|
|
11
|
-
def ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
|
|
11
|
+
def ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, top_obj: nil, coerce: true)
|
|
12
12
|
case val
|
|
13
13
|
when Array
|
|
14
14
|
obj = LibDDWAF::Object.new
|
|
15
15
|
res = LibDDWAF.ddwaf_object_array(obj)
|
|
16
16
|
raise ConversionError, "Could not convert into object: #{val}" if res.null?
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
|
|
18
|
+
if max_container_depth == 0
|
|
19
|
+
top_obj&.mark_truncated!
|
|
20
|
+
else
|
|
20
21
|
val.each.with_index do |e, i|
|
|
22
|
+
if max_container_size && i >= max_container_size
|
|
23
|
+
(top_obj || obj).mark_truncated!
|
|
24
|
+
break val
|
|
25
|
+
end
|
|
26
|
+
|
|
21
27
|
member = Converter.ruby_to_object(
|
|
22
28
|
e,
|
|
23
29
|
max_container_size: max_container_size,
|
|
24
30
|
max_container_depth: (max_container_depth - 1 if max_container_depth),
|
|
25
31
|
max_string_length: max_string_length,
|
|
32
|
+
top_obj: top_obj || obj,
|
|
26
33
|
coerce: coerce
|
|
27
34
|
)
|
|
28
35
|
e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
|
|
29
36
|
raise ConversionError, "Could not add to array object: #{e.inspect}" unless e_res
|
|
30
|
-
|
|
31
|
-
break val if max_index && i >= max_index
|
|
32
37
|
end
|
|
33
38
|
end
|
|
34
39
|
|
|
@@ -38,25 +43,33 @@ module Datadog
|
|
|
38
43
|
res = LibDDWAF.ddwaf_object_map(obj)
|
|
39
44
|
raise ConversionError, "Could not convert into object: #{val}" if res.null?
|
|
40
45
|
|
|
41
|
-
|
|
42
|
-
|
|
46
|
+
if max_container_depth == 0
|
|
47
|
+
top_obj&.mark_truncated!
|
|
48
|
+
else
|
|
43
49
|
val.each.with_index do |e, i|
|
|
50
|
+
if max_container_size && i >= max_container_size
|
|
51
|
+
(top_obj || obj).mark_truncated!
|
|
52
|
+
break val
|
|
53
|
+
end
|
|
54
|
+
|
|
44
55
|
# for Steep, which doesn't handle |(k, v), i|
|
|
45
|
-
k = e[0]
|
|
56
|
+
k = e[0].to_s
|
|
46
57
|
v = e[1]
|
|
47
58
|
|
|
48
|
-
|
|
59
|
+
if max_string_length && k.length > max_string_length
|
|
60
|
+
k = k[0, max_string_length]
|
|
61
|
+
(top_obj || obj).mark_truncated!
|
|
62
|
+
end
|
|
49
63
|
member = Converter.ruby_to_object(
|
|
50
64
|
v,
|
|
51
65
|
max_container_size: max_container_size,
|
|
52
66
|
max_container_depth: (max_container_depth - 1 if max_container_depth),
|
|
53
67
|
max_string_length: max_string_length,
|
|
68
|
+
top_obj: top_obj || obj,
|
|
54
69
|
coerce: coerce
|
|
55
70
|
)
|
|
56
|
-
kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k
|
|
57
|
-
raise ConversionError, "Could not add to map object: #{
|
|
58
|
-
|
|
59
|
-
break val if max_index && i >= max_index
|
|
71
|
+
kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k, k.bytesize, member)
|
|
72
|
+
raise ConversionError, "Could not add to map object: #{e[0].inspect} => #{v.inspect}" unless kv_res
|
|
60
73
|
end
|
|
61
74
|
end
|
|
62
75
|
|
|
@@ -64,16 +77,21 @@ module Datadog
|
|
|
64
77
|
when String
|
|
65
78
|
obj = LibDDWAF::Object.new
|
|
66
79
|
encoded_val = val.to_s.encode(Encoding::UTF_8, invalid: :replace, undef: :replace)
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
80
|
+
if max_string_length && encoded_val.length > max_string_length
|
|
81
|
+
encoded_val = encoded_val[0, max_string_length] #: String
|
|
82
|
+
(top_obj || obj).mark_truncated!
|
|
83
|
+
end
|
|
84
|
+
res = LibDDWAF.ddwaf_object_stringl(obj, encoded_val, encoded_val.bytesize)
|
|
70
85
|
raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
|
|
71
86
|
|
|
72
87
|
obj
|
|
73
88
|
when Symbol
|
|
74
89
|
obj = LibDDWAF::Object.new
|
|
75
|
-
val = val.to_s[0, max_string_length] if max_string_length
|
|
76
90
|
str = val.to_s
|
|
91
|
+
if max_string_length && str.length > max_string_length
|
|
92
|
+
str = str[0, max_string_length] #: String
|
|
93
|
+
(top_obj || obj).mark_truncated!
|
|
94
|
+
end
|
|
77
95
|
res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
|
|
78
96
|
raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
|
|
79
97
|
|
|
@@ -37,6 +37,8 @@ module Datadog
|
|
|
37
37
|
#
|
|
38
38
|
# @return [Array<String>] the list of known addresses
|
|
39
39
|
def known_addresses
|
|
40
|
+
return @known_addresses if defined?(@known_addresses)
|
|
41
|
+
|
|
40
42
|
ensure_pointer_presence!
|
|
41
43
|
|
|
42
44
|
count = LibDDWAF::UInt32Ptr.new
|
|
@@ -44,7 +46,7 @@ module Datadog
|
|
|
44
46
|
|
|
45
47
|
return [] if count == 0 # list is null
|
|
46
48
|
|
|
47
|
-
list.get_array_of_string(0, count[:value])
|
|
49
|
+
@known_addresses = list.get_array_of_string(0, count[:value]).compact
|
|
48
50
|
end
|
|
49
51
|
|
|
50
52
|
private
|
|
@@ -136,6 +136,14 @@ module Datadog
|
|
|
136
136
|
:valueUnion, ObjectValueUnion,
|
|
137
137
|
:nbEntries, :uint64,
|
|
138
138
|
:type, :ddwaf_obj_type
|
|
139
|
+
|
|
140
|
+
def truncated?
|
|
141
|
+
@truncated == true
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
def mark_truncated!
|
|
145
|
+
@truncated = true
|
|
146
|
+
end
|
|
139
147
|
end
|
|
140
148
|
|
|
141
149
|
typedef Object.by_ref, :ddwaf_object
|
|
@@ -15,6 +15,15 @@ module Datadog
|
|
|
15
15
|
@timeout = timeout
|
|
16
16
|
@actions = actions
|
|
17
17
|
@derivatives = derivatives
|
|
18
|
+
@input_truncated = false
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def mark_input_truncated!
|
|
22
|
+
@input_truncated = true
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def input_truncated?
|
|
26
|
+
@input_truncated
|
|
18
27
|
end
|
|
19
28
|
|
|
20
29
|
def to_h
|
|
@@ -5,7 +5,7 @@ module Datadog
|
|
|
5
5
|
BASE_STRING = "1.24.1"
|
|
6
6
|
# NOTE: Every change to the `BASE_STRING` should be accompanied
|
|
7
7
|
# by a reset of the patch version in the `STRING` below.
|
|
8
|
-
STRING = "#{BASE_STRING}.
|
|
8
|
+
STRING = "#{BASE_STRING}.1.1"
|
|
9
9
|
MINIMUM_RUBY_VERSION = "2.5"
|
|
10
10
|
end
|
|
11
11
|
end
|
data/lib/libddwaf.rb
CHANGED
data/libddwaf.gemspec
CHANGED
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.email = ["dev@datadoghq.com"]
|
|
12
12
|
|
|
13
13
|
spec.summary = "Datadog WAF"
|
|
14
|
-
spec.description = <<-EOS.gsub(
|
|
14
|
+
spec.description = <<-EOS.gsub(/^\s+/, "")
|
|
15
15
|
libddwaf packages a WAF implementation in C++, exposed to Ruby
|
|
16
16
|
EOS
|
|
17
17
|
|
|
@@ -2,7 +2,7 @@ module Datadog
|
|
|
2
2
|
module AppSec
|
|
3
3
|
module WAF
|
|
4
4
|
module Converter
|
|
5
|
-
def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?coerce: bool?) -> LibDDWAF::Object
|
|
5
|
+
def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
|
|
6
6
|
|
|
7
7
|
def self.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
|
|
8
8
|
end
|
|
@@ -14,6 +14,8 @@ module Datadog
|
|
|
14
14
|
|
|
15
15
|
@derivatives: WAF::data
|
|
16
16
|
|
|
17
|
+
@input_truncated: bool
|
|
18
|
+
|
|
17
19
|
attr_reader status: ::Symbol
|
|
18
20
|
|
|
19
21
|
attr_reader events: WAF::data
|
|
@@ -27,6 +29,10 @@ module Datadog
|
|
|
27
29
|
attr_reader derivatives: WAF::data
|
|
28
30
|
|
|
29
31
|
def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
|
|
32
|
+
|
|
33
|
+
def mark_input_truncated!: () -> bool
|
|
34
|
+
|
|
35
|
+
def input_truncated?: () -> bool
|
|
30
36
|
end
|
|
31
37
|
end
|
|
32
38
|
end
|
data/sig/datadog/appsec/waf.rbs
CHANGED
|
@@ -2,6 +2,8 @@ module Datadog
|
|
|
2
2
|
module AppSec
|
|
3
3
|
module WAF
|
|
4
4
|
type data = String | Symbol | Integer | Float | TrueClass | FalseClass | Array[data] | Hash[(String | Symbol | nil), data] | nil
|
|
5
|
+
type known_addresses = ::Array[::String]
|
|
6
|
+
type diagnostics = ::Hash[::String, untyped]
|
|
5
7
|
|
|
6
8
|
def self.version: () -> ::String
|
|
7
9
|
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libddwaf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.24.1.
|
|
4
|
+
version: 1.24.1.1.1
|
|
5
5
|
platform: arm64-darwin
|
|
6
6
|
authors:
|
|
7
7
|
- Datadog, Inc.
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
10
|
+
date: 2025-09-16 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: ffi
|
|
@@ -69,7 +68,6 @@ licenses:
|
|
|
69
68
|
- BSD-3-Clause
|
|
70
69
|
metadata:
|
|
71
70
|
allowed_push_host: https://rubygems.org
|
|
72
|
-
post_install_message:
|
|
73
71
|
rdoc_options: []
|
|
74
72
|
require_paths:
|
|
75
73
|
- lib
|
|
@@ -84,8 +82,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
84
82
|
- !ruby/object:Gem::Version
|
|
85
83
|
version: 2.0.0
|
|
86
84
|
requirements: []
|
|
87
|
-
rubygems_version: 3.
|
|
88
|
-
signing_key:
|
|
85
|
+
rubygems_version: 3.6.2
|
|
89
86
|
specification_version: 4
|
|
90
87
|
summary: Datadog WAF
|
|
91
88
|
test_files: []
|