libddwaf 1.3.0.0.0.beta1-x86_64-darwin → 1.3.0.1.0.beta1-x86_64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/datadog/appsec/waf/version.rb +1 -1
- data/lib/datadog/appsec/waf.rb +37 -10
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7d50e0b415a11836091e3cb62b952baee214c3311f73ea3c608ab00c2555e0b3
|
|
4
|
+
data.tar.gz: 4c9d2b8d23c4ef2db600eacd9c5ff02c120df87318c9ce104d5e1087a38e1998
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d37910756e41cba242b99f01b59af01b12fb973f9a7e59692b838f8ed9bf208682d696ddbc41b7c190a4d6bc6556e8f4f90c1dbfaf81ccc9b63313fa588f7ca1
|
|
7
|
+
data.tar.gz: 8be70d72535ae68c858ebac882dfeec31a5349045a923eb9626e180044f2b539ba11ba6d2a4a8d93c64abc5976b299346faf8b224cf770709d30e2ba756aa395
|
data/lib/datadog/appsec/waf.rb
CHANGED
|
@@ -6,7 +6,13 @@ module Datadog
|
|
|
6
6
|
module AppSec
|
|
7
7
|
module WAF
|
|
8
8
|
module LibDDWAF
|
|
9
|
-
class Error < StandardError
|
|
9
|
+
class Error < StandardError
|
|
10
|
+
attr_reader :ruleset_info
|
|
11
|
+
|
|
12
|
+
def initialize(msg, ruleset_info: nil)
|
|
13
|
+
@ruleset_info = ruleset_info
|
|
14
|
+
end
|
|
15
|
+
end
|
|
10
16
|
|
|
11
17
|
extend ::FFI::Library
|
|
12
18
|
|
|
@@ -158,8 +164,8 @@ module Datadog
|
|
|
158
164
|
end
|
|
159
165
|
|
|
160
166
|
class Obfuscator < ::FFI::Struct
|
|
161
|
-
layout :key_regex, :
|
|
162
|
-
:value_regex, :
|
|
167
|
+
layout :key_regex, :pointer, # :charptr
|
|
168
|
+
:value_regex, :pointer # :charptr
|
|
163
169
|
end
|
|
164
170
|
|
|
165
171
|
layout :limits, Limits,
|
|
@@ -183,7 +189,7 @@ module Datadog
|
|
|
183
189
|
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
|
|
184
190
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
|
185
191
|
|
|
186
|
-
attach_function :ddwaf_required_addresses, [:ddwaf_handle,
|
|
192
|
+
attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
|
|
187
193
|
|
|
188
194
|
# running
|
|
189
195
|
|
|
@@ -354,7 +360,9 @@ module Datadog
|
|
|
354
360
|
DEFAULT_MAX_CONTAINER_DEPTH = 0
|
|
355
361
|
DEFAULT_MAX_STRING_LENGTH = 0
|
|
356
362
|
|
|
357
|
-
|
|
363
|
+
attr_reader :ruleset_info
|
|
364
|
+
|
|
365
|
+
def initialize(rule, limits: {}, obfuscator: {})
|
|
358
366
|
rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
|
|
359
367
|
if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
|
|
360
368
|
fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
|
|
@@ -365,15 +373,25 @@ module Datadog
|
|
|
365
373
|
fail LibDDWAF::Error, 'Could not create config struct'
|
|
366
374
|
end
|
|
367
375
|
|
|
368
|
-
config_obj[:limits][:max_container_size] =
|
|
369
|
-
config_obj[:limits][:max_container_depth] =
|
|
370
|
-
config_obj[:limits][:max_string_length] =
|
|
376
|
+
config_obj[:limits][:max_container_size] = limits[:max_container_size] || DEFAULT_MAX_CONTAINER_SIZE
|
|
377
|
+
config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || DEFAULT_MAX_CONTAINER_DEPTH
|
|
378
|
+
config_obj[:limits][:max_string_length] = limits[:max_string_length] || DEFAULT_MAX_STRING_LENGTH
|
|
379
|
+
config_obj[:obfuscator][:key_regex] = FFI::MemoryPointer.from_string(obfuscator[:key_regex]) if obfuscator[:key_regex]
|
|
380
|
+
config_obj[:obfuscator][:value_regex] = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
|
|
371
381
|
|
|
372
|
-
ruleset_info = LibDDWAF::
|
|
382
|
+
ruleset_info = LibDDWAF::RuleSetInfo.new
|
|
373
383
|
|
|
374
384
|
@handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
|
|
385
|
+
|
|
386
|
+
@ruleset_info = {
|
|
387
|
+
loaded: ruleset_info[:loaded],
|
|
388
|
+
failed: ruleset_info[:failed],
|
|
389
|
+
errors: WAF.object_to_ruby(ruleset_info[:errors]),
|
|
390
|
+
version: ruleset_info[:version],
|
|
391
|
+
}
|
|
392
|
+
|
|
375
393
|
if @handle_obj.null?
|
|
376
|
-
fail LibDDWAF::Error
|
|
394
|
+
fail LibDDWAF::Error.new('Could not create handle', ruleset_info: @ruleset_info)
|
|
377
395
|
end
|
|
378
396
|
|
|
379
397
|
ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
|
|
@@ -387,6 +405,15 @@ module Datadog
|
|
|
387
405
|
Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
|
|
388
406
|
end
|
|
389
407
|
end
|
|
408
|
+
|
|
409
|
+
def required_addresses
|
|
410
|
+
count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
|
|
411
|
+
list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
|
|
412
|
+
|
|
413
|
+
return [] if count == 0 # list is null
|
|
414
|
+
|
|
415
|
+
list.get_array_of_string(0, count[:value])
|
|
416
|
+
end
|
|
390
417
|
end
|
|
391
418
|
|
|
392
419
|
Result = Struct.new(:action, :data, :total_runtime, :timeout)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libddwaf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.0.
|
|
4
|
+
version: 1.3.0.1.0.beta1
|
|
5
5
|
platform: x86_64-darwin
|
|
6
6
|
authors:
|
|
7
7
|
- Datadog, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-04-
|
|
11
|
+
date: 2022-04-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|