libddwaf 1.24.1.1.0-arm64-darwin → 1.24.1.2.1-arm64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/lib/datadog/appsec/waf/context.rb +7 -1
- data/lib/datadog/appsec/waf/converter.rb +24 -27
- data/lib/datadog/appsec/waf/lib_ddwaf.rb +4 -4
- data/lib/datadog/appsec/waf/result.rb +9 -0
- data/lib/datadog/appsec/waf/version.rb +1 -1
- data/lib/libddwaf.rb +2 -0
- data/libddwaf.gemspec +1 -1
- data/sig/datadog/appsec/waf/lib_ddwaf.rbs +2 -2
- data/sig/datadog/appsec/waf/result.rbs +6 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5275d4f1ff861c6abb346748bbc7b7071d529b9381a77b513f9c57d1bca5fd0d
|
|
4
|
+
data.tar.gz: 4b67b98d8c1c0628deb594dfaab853b4dba5d2f72116f60572e1a0b9bd9a97be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 13b0012d3ff0b3def7500a215144b56fc1289a223227261a555eb7e09315a6682d64b93ced8be5b33ad09b503b0e5ac0c04b97c805c96036d9e3cce4164ca851
|
|
7
|
+
data.tar.gz: 566de2ae665281c21e5471412d89c63ea4927c2a4e2ed97e9b45b8a2563a0f5ea6d53017ff8b2828bf034d39cdcd45bab2285eefb3e5977638a270b67822af49
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Unreleased
|
|
2
2
|
|
|
3
|
+
# 2025-09-15 v1.24.1.2.1
|
|
4
|
+
|
|
5
|
+
## Fixed
|
|
6
|
+
|
|
7
|
+
- Fix conversion of non-string Hash keys with potential size truncation
|
|
8
|
+
|
|
9
|
+
# 2025-09-02 v1.24.1.2.0
|
|
10
|
+
|
|
11
|
+
## Added
|
|
12
|
+
|
|
13
|
+
- Add `WAF::Result#input_truncated?` method that indicates that result is based on truncated input objects (see `LibDDWAF::Object#input_truncated?`)
|
|
14
|
+
|
|
3
15
|
# 2025-08-15 v1.24.1.1.0
|
|
4
16
|
|
|
5
17
|
## Added
|
|
@@ -74,7 +74,7 @@ module Datadog
|
|
|
74
74
|
|
|
75
75
|
code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
|
|
76
76
|
|
|
77
|
-
Result.new(
|
|
77
|
+
result = Result.new(
|
|
78
78
|
RESULT_CODE[code],
|
|
79
79
|
Converter.object_to_ruby(result_obj[:events]),
|
|
80
80
|
result_obj[:total_runtime],
|
|
@@ -82,6 +82,12 @@ module Datadog
|
|
|
82
82
|
Converter.object_to_ruby(result_obj[:actions]),
|
|
83
83
|
Converter.object_to_ruby(result_obj[:derivatives])
|
|
84
84
|
)
|
|
85
|
+
|
|
86
|
+
if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
|
|
87
|
+
result.mark_input_truncated!
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
result
|
|
85
91
|
ensure
|
|
86
92
|
LibDDWAF.ddwaf_result_free(result_obj) if result_obj
|
|
87
93
|
LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
|
|
@@ -15,11 +15,15 @@ module Datadog
|
|
|
15
15
|
res = LibDDWAF.ddwaf_object_array(obj)
|
|
16
16
|
raise ConversionError, "Could not convert into object: #{val}" if res.null?
|
|
17
17
|
|
|
18
|
-
max_index = max_container_size - 1 if max_container_size
|
|
19
18
|
if max_container_depth == 0
|
|
20
|
-
top_obj&.
|
|
19
|
+
top_obj&.mark_truncated!
|
|
21
20
|
else
|
|
22
21
|
val.each.with_index do |e, i|
|
|
22
|
+
if max_container_size && i >= max_container_size
|
|
23
|
+
(top_obj || obj).mark_truncated!
|
|
24
|
+
break val
|
|
25
|
+
end
|
|
26
|
+
|
|
23
27
|
member = Converter.ruby_to_object(
|
|
24
28
|
e,
|
|
25
29
|
max_container_size: max_container_size,
|
|
@@ -30,11 +34,6 @@ module Datadog
|
|
|
30
34
|
)
|
|
31
35
|
e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
|
|
32
36
|
raise ConversionError, "Could not add to array object: #{e.inspect}" unless e_res
|
|
33
|
-
|
|
34
|
-
if max_index && i >= max_index
|
|
35
|
-
(top_obj || obj).mark_as_input_truncated!
|
|
36
|
-
break val
|
|
37
|
-
end
|
|
38
37
|
end
|
|
39
38
|
end
|
|
40
39
|
|
|
@@ -44,18 +43,22 @@ module Datadog
|
|
|
44
43
|
res = LibDDWAF.ddwaf_object_map(obj)
|
|
45
44
|
raise ConversionError, "Could not convert into object: #{val}" if res.null?
|
|
46
45
|
|
|
47
|
-
max_index = max_container_size - 1 if max_container_size
|
|
48
46
|
if max_container_depth == 0
|
|
49
|
-
top_obj&.
|
|
47
|
+
top_obj&.mark_truncated!
|
|
50
48
|
else
|
|
51
49
|
val.each.with_index do |e, i|
|
|
50
|
+
if max_container_size && i >= max_container_size
|
|
51
|
+
(top_obj || obj).mark_truncated!
|
|
52
|
+
break val
|
|
53
|
+
end
|
|
54
|
+
|
|
52
55
|
# for Steep, which doesn't handle |(k, v), i|
|
|
53
|
-
k = e[0]
|
|
56
|
+
k = e[0].to_s
|
|
54
57
|
v = e[1]
|
|
55
58
|
|
|
56
59
|
if max_string_length && k.length > max_string_length
|
|
57
|
-
k = k
|
|
58
|
-
(top_obj || obj).
|
|
60
|
+
k = k[0, max_string_length]
|
|
61
|
+
(top_obj || obj).mark_truncated!
|
|
59
62
|
end
|
|
60
63
|
member = Converter.ruby_to_object(
|
|
61
64
|
v,
|
|
@@ -65,13 +68,8 @@ module Datadog
|
|
|
65
68
|
top_obj: top_obj || obj,
|
|
66
69
|
coerce: coerce
|
|
67
70
|
)
|
|
68
|
-
kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k
|
|
69
|
-
raise ConversionError, "Could not add to map object: #{
|
|
70
|
-
|
|
71
|
-
if max_index && i >= max_index
|
|
72
|
-
(top_obj || obj).mark_as_input_truncated!
|
|
73
|
-
break val
|
|
74
|
-
end
|
|
71
|
+
kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k, k.bytesize, member)
|
|
72
|
+
raise ConversionError, "Could not add to map object: #{e[0].inspect} => #{v.inspect}" unless kv_res
|
|
75
73
|
end
|
|
76
74
|
end
|
|
77
75
|
|
|
@@ -80,21 +78,20 @@ module Datadog
|
|
|
80
78
|
obj = LibDDWAF::Object.new
|
|
81
79
|
encoded_val = val.to_s.encode(Encoding::UTF_8, invalid: :replace, undef: :replace)
|
|
82
80
|
if max_string_length && encoded_val.length > max_string_length
|
|
83
|
-
encoded_val = encoded_val[0, max_string_length]
|
|
84
|
-
(top_obj || obj).
|
|
81
|
+
encoded_val = encoded_val[0, max_string_length] #: String
|
|
82
|
+
(top_obj || obj).mark_truncated!
|
|
85
83
|
end
|
|
86
|
-
|
|
87
|
-
res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
|
|
84
|
+
res = LibDDWAF.ddwaf_object_stringl(obj, encoded_val, encoded_val.bytesize)
|
|
88
85
|
raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
|
|
89
86
|
|
|
90
87
|
obj
|
|
91
88
|
when Symbol
|
|
92
89
|
obj = LibDDWAF::Object.new
|
|
93
|
-
if max_string_length
|
|
94
|
-
val = val.to_s[0, max_string_length]
|
|
95
|
-
(top_obj || obj).mark_as_input_truncated!
|
|
96
|
-
end
|
|
97
90
|
str = val.to_s
|
|
91
|
+
if max_string_length && str.length > max_string_length
|
|
92
|
+
str = str[0, max_string_length] #: String
|
|
93
|
+
(top_obj || obj).mark_truncated!
|
|
94
|
+
end
|
|
98
95
|
res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
|
|
99
96
|
raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
|
|
100
97
|
|
|
@@ -137,12 +137,12 @@ module Datadog
|
|
|
137
137
|
:nbEntries, :uint64,
|
|
138
138
|
:type, :ddwaf_obj_type
|
|
139
139
|
|
|
140
|
-
def
|
|
141
|
-
@
|
|
140
|
+
def truncated?
|
|
141
|
+
@truncated == true
|
|
142
142
|
end
|
|
143
143
|
|
|
144
|
-
def
|
|
145
|
-
@
|
|
144
|
+
def mark_truncated!
|
|
145
|
+
@truncated = true
|
|
146
146
|
end
|
|
147
147
|
end
|
|
148
148
|
|
|
@@ -15,6 +15,15 @@ module Datadog
|
|
|
15
15
|
@timeout = timeout
|
|
16
16
|
@actions = actions
|
|
17
17
|
@derivatives = derivatives
|
|
18
|
+
@input_truncated = false
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def mark_input_truncated!
|
|
22
|
+
@input_truncated = true
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def input_truncated?
|
|
26
|
+
@input_truncated
|
|
18
27
|
end
|
|
19
28
|
|
|
20
29
|
def to_h
|
|
@@ -5,7 +5,7 @@ module Datadog
|
|
|
5
5
|
BASE_STRING = "1.24.1"
|
|
6
6
|
# NOTE: Every change to the `BASE_STRING` should be accompanied
|
|
7
7
|
# by a reset of the patch version in the `STRING` below.
|
|
8
|
-
STRING = "#{BASE_STRING}.1
|
|
8
|
+
STRING = "#{BASE_STRING}.2.1"
|
|
9
9
|
MINIMUM_RUBY_VERSION = "2.5"
|
|
10
10
|
end
|
|
11
11
|
end
|
data/lib/libddwaf.rb
CHANGED
data/libddwaf.gemspec
CHANGED
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.email = ["dev@datadoghq.com"]
|
|
12
12
|
|
|
13
13
|
spec.summary = "Datadog WAF"
|
|
14
|
-
spec.description = <<-EOS.gsub(
|
|
14
|
+
spec.description = <<-EOS.gsub(/^\s+/, "")
|
|
15
15
|
libddwaf packages a WAF implementation in C++, exposed to Ruby
|
|
16
16
|
EOS
|
|
17
17
|
|
|
@@ -58,9 +58,9 @@ module Datadog
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
|
|
61
|
-
def
|
|
61
|
+
def truncated?: () -> bool
|
|
62
62
|
|
|
63
|
-
def
|
|
63
|
+
def mark_truncated!: () -> bool
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
# setters
|
|
@@ -14,6 +14,8 @@ module Datadog
|
|
|
14
14
|
|
|
15
15
|
@derivatives: WAF::data
|
|
16
16
|
|
|
17
|
+
@input_truncated: bool
|
|
18
|
+
|
|
17
19
|
attr_reader status: ::Symbol
|
|
18
20
|
|
|
19
21
|
attr_reader events: WAF::data
|
|
@@ -27,6 +29,10 @@ module Datadog
|
|
|
27
29
|
attr_reader derivatives: WAF::data
|
|
28
30
|
|
|
29
31
|
def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
|
|
32
|
+
|
|
33
|
+
def mark_input_truncated!: () -> bool
|
|
34
|
+
|
|
35
|
+
def input_truncated?: () -> bool
|
|
30
36
|
end
|
|
31
37
|
end
|
|
32
38
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libddwaf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.24.1.1
|
|
4
|
+
version: 1.24.1.2.1
|
|
5
5
|
platform: arm64-darwin
|
|
6
6
|
authors:
|
|
7
7
|
- Datadog, Inc.
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-
|
|
10
|
+
date: 2025-09-15 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: ffi
|