libddwaf 1.10.0.0.0 → 1.11.0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/lib/datadog/appsec/waf/version.rb +1 -1
- data/lib/datadog/appsec/waf.rb +26 -59
- data/sig/datadog/appsec/waf.rbs +10 -22
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a81f6cc78531db0b34041a7d24f0cc782554124bbccd05340bcdc940686fc016
|
4
|
+
data.tar.gz: 7c92e8bc95465d9bf326648483d2d7a60ceec7629bd842deaf1f36cfc355f0aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 38691a5c6731218f61e9f384126d01210b7e5fcbb5de075c91efceb5da0403056720a5c3026baad76820c31ff1f4f30bfde949f022110ee2681427ed9c842b58
|
7
|
+
data.tar.gz: 1ccfcc3eedbd47a72add509225f9337c5ab930e33591bdee5423854e716ea97189e64b32ce2df5a163257a604500cce51d9c3ced226fdc7efcc5cf814548b491
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
# 2023-08-29 v.1.11.0.0.0
|
2
|
+
|
3
|
+
- Update to libddwaf 1.11.0
|
4
|
+
- Rename Handle#ruleset_info to Handle#diagnostics. (Breaking change)
|
5
|
+
The schema of the new diagnostics variable can be [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
|
6
|
+
|
7
|
+
|
8
|
+
# 2023-08-28 v.1.10.0.0.0
|
9
|
+
|
10
|
+
- Update to libddwaf 1.10.0
|
11
|
+
|
1
12
|
# 2023-06-13 v.1.9.0.0.1
|
2
13
|
|
3
14
|
- Handle invalid encoding
|
data/lib/datadog/appsec/waf.rb
CHANGED
@@ -8,10 +8,10 @@ module Datadog
|
|
8
8
|
module WAF
|
9
9
|
module LibDDWAF
|
10
10
|
class Error < StandardError
|
11
|
-
attr_reader :
|
11
|
+
attr_reader :diagnostics
|
12
12
|
|
13
|
-
def initialize(msg,
|
14
|
-
@
|
13
|
+
def initialize(msg, diagnostics: nil)
|
14
|
+
@diagnostics = diagnostics
|
15
15
|
end
|
16
16
|
end
|
17
17
|
|
@@ -216,20 +216,8 @@ module Datadog
|
|
216
216
|
|
217
217
|
typedef Config.by_ref, :ddwaf_config
|
218
218
|
|
219
|
-
|
220
|
-
|
221
|
-
:failed, :uint16,
|
222
|
-
:errors, Object,
|
223
|
-
:version, :string
|
224
|
-
end
|
225
|
-
|
226
|
-
typedef RuleSetInfo.by_ref, :ddwaf_ruleset_info
|
227
|
-
RuleSetInfoNone = Datadog::AppSec::WAF::LibDDWAF::RuleSetInfo.new(::FFI::Pointer::NULL)
|
228
|
-
|
229
|
-
attach_function :ddwaf_ruleset_info_free, [:ddwaf_ruleset_info], :void
|
230
|
-
|
231
|
-
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
|
232
|
-
attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_ruleset_info], :ddwaf_handle
|
219
|
+
attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_object], :ddwaf_handle
|
220
|
+
attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
|
233
221
|
attach_function :ddwaf_destroy, [:ddwaf_handle], :void
|
234
222
|
|
235
223
|
attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
|
@@ -250,15 +238,10 @@ module Datadog
|
|
250
238
|
attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
|
251
239
|
attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
|
252
240
|
|
253
|
-
class ResultActions < ::FFI::Struct
|
254
|
-
layout :array, :charptrptr,
|
255
|
-
:size, :uint32
|
256
|
-
end
|
257
|
-
|
258
241
|
class Result < ::FFI::Struct
|
259
|
-
layout :timeout,
|
260
|
-
:
|
261
|
-
:actions,
|
242
|
+
layout :timeout, :bool,
|
243
|
+
:events, Object,
|
244
|
+
:actions, Object,
|
262
245
|
:total_runtime, :uint64
|
263
246
|
end
|
264
247
|
|
@@ -479,7 +462,7 @@ module Datadog
|
|
479
462
|
}
|
480
463
|
|
481
464
|
class Handle
|
482
|
-
attr_reader :handle_obj, :
|
465
|
+
attr_reader :handle_obj, :diagnostics, :config
|
483
466
|
|
484
467
|
def initialize(rule, limits: {}, obfuscator: {})
|
485
468
|
rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
|
@@ -501,24 +484,19 @@ module Datadog
|
|
501
484
|
|
502
485
|
@config = config_obj
|
503
486
|
|
504
|
-
|
487
|
+
diagnostics_obj = Datadog::AppSec::WAF::LibDDWAF::Object.new
|
505
488
|
|
506
|
-
@handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj,
|
489
|
+
@handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, diagnostics_obj)
|
507
490
|
|
508
|
-
@
|
509
|
-
loaded: ruleset_info[:loaded],
|
510
|
-
failed: ruleset_info[:failed],
|
511
|
-
errors: WAF.object_to_ruby(ruleset_info[:errors]),
|
512
|
-
version: ruleset_info[:version],
|
513
|
-
}
|
491
|
+
@diagnostics = Datadog::AppSec::WAF.object_to_ruby(diagnostics_obj)
|
514
492
|
|
515
493
|
if @handle_obj.null?
|
516
|
-
fail LibDDWAF::Error.new('Could not create handle',
|
494
|
+
fail LibDDWAF::Error.new('Could not create handle', diagnostics: @diagnostics)
|
517
495
|
end
|
518
496
|
|
519
497
|
validate!
|
520
498
|
ensure
|
521
|
-
Datadog::AppSec::WAF::LibDDWAF.
|
499
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
|
522
500
|
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
|
523
501
|
end
|
524
502
|
|
@@ -541,29 +519,24 @@ module Datadog
|
|
541
519
|
|
542
520
|
def merge(data)
|
543
521
|
data_obj = Datadog::AppSec::WAF.ruby_to_object(data, coerce: false)
|
544
|
-
|
545
|
-
new_handle = Datadog::AppSec::WAF::LibDDWAF.ddwaf_update(handle_obj, data_obj,
|
522
|
+
diagnostics_obj = LibDDWAF::Object.new
|
523
|
+
new_handle = Datadog::AppSec::WAF::LibDDWAF.ddwaf_update(handle_obj, data_obj, diagnostics_obj)
|
546
524
|
|
547
525
|
return if new_handle.null?
|
548
526
|
|
549
|
-
|
550
|
-
|
551
|
-
failed: ruleset_info[:failed],
|
552
|
-
errors: WAF.object_to_ruby(ruleset_info[:errors]),
|
553
|
-
version: ruleset_info[:version],
|
554
|
-
}
|
555
|
-
new_from_handle(new_handle, info, config)
|
527
|
+
diagnostics = Datadog::AppSec::WAF.object_to_ruby(diagnostics_obj)
|
528
|
+
new_from_handle(new_handle, diagnostics, config)
|
556
529
|
ensure
|
557
530
|
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(data_obj) if data_obj
|
558
|
-
Datadog::AppSec::WAF::LibDDWAF.
|
531
|
+
Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
|
559
532
|
end
|
560
533
|
|
561
534
|
private
|
562
535
|
|
563
|
-
def new_from_handle(handle_object,
|
536
|
+
def new_from_handle(handle_object, diagnostics, config)
|
564
537
|
obj = self.class.allocate
|
565
538
|
obj.instance_variable_set(:@handle_obj, handle_object)
|
566
|
-
obj.instance_variable_set(:@
|
539
|
+
obj.instance_variable_set(:@diagnostics, diagnostics)
|
567
540
|
obj.instance_variable_set(:@config, config)
|
568
541
|
obj
|
569
542
|
end
|
@@ -588,11 +561,11 @@ module Datadog
|
|
588
561
|
end
|
589
562
|
|
590
563
|
class Result
|
591
|
-
attr_reader :status, :
|
564
|
+
attr_reader :status, :events, :total_runtime, :timeout, :actions
|
592
565
|
|
593
|
-
def initialize(status,
|
566
|
+
def initialize(status, events, total_runtime, timeout, actions)
|
594
567
|
@status = status
|
595
|
-
@
|
568
|
+
@events = events
|
596
569
|
@total_runtime = total_runtime
|
597
570
|
@timeout = timeout
|
598
571
|
@actions = actions
|
@@ -651,18 +624,12 @@ module Datadog
|
|
651
624
|
|
652
625
|
code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
|
653
626
|
|
654
|
-
actions = if result_obj[:actions][:size] > 0
|
655
|
-
result_obj[:actions][:array].get_array_of_string(0, result_obj[:actions][:size])
|
656
|
-
else
|
657
|
-
[]
|
658
|
-
end
|
659
|
-
|
660
627
|
result = Result.new(
|
661
628
|
RESULT_CODE[code],
|
662
|
-
|
629
|
+
Datadog::AppSec::WAF.object_to_ruby(result_obj[:events]),
|
663
630
|
result_obj[:total_runtime],
|
664
631
|
result_obj[:timeout],
|
665
|
-
actions,
|
632
|
+
Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
|
666
633
|
)
|
667
634
|
|
668
635
|
[RESULT_CODE[code], result]
|
data/sig/datadog/appsec/waf.rbs
CHANGED
@@ -3,9 +3,9 @@ module Datadog
|
|
3
3
|
module WAF
|
4
4
|
module LibDDWAF
|
5
5
|
class Error < StandardError
|
6
|
-
attr_reader
|
6
|
+
attr_reader diagnostics: ::Datadog::AppSec::WAF::data
|
7
7
|
|
8
|
-
def initialize: (::String msg, ?
|
8
|
+
def initialize: (::String msg, ?diagnostics: ::Datadog::AppSec::WAF::data?) -> void
|
9
9
|
end
|
10
10
|
|
11
11
|
extend ::FFI::Library
|
@@ -93,15 +93,8 @@ module Datadog
|
|
93
93
|
end
|
94
94
|
end
|
95
95
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
RuleSetInfoNone: ::Datadog::AppSec::WAF::LibDDWAF::RuleSetInfo
|
100
|
-
|
101
|
-
def self.ddwaf_ruleset_info_free: (RuleSetInfo) -> void
|
102
|
-
|
103
|
-
def self.ddwaf_init: (top, Config, RuleSetInfo) -> ::FFI::Pointer
|
104
|
-
def self.ddwaf_update: (::FFI::Pointer, LibDDWAF::Object, RuleSetInfo) -> ::FFI::Pointer
|
96
|
+
def self.ddwaf_init: (top, Config, Object) -> ::FFI::Pointer
|
97
|
+
def self.ddwaf_update: (::FFI::Pointer, LibDDWAF::Object, LibDDWAF::Object) -> ::FFI::Pointer
|
105
98
|
def self.ddwaf_destroy: (::FFI::Pointer) -> void
|
106
99
|
|
107
100
|
def self.ddwaf_required_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
|
@@ -116,9 +109,6 @@ module Datadog
|
|
116
109
|
def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
|
117
110
|
def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
|
118
111
|
|
119
|
-
class ResultActions < ::FFI::Struct
|
120
|
-
end
|
121
|
-
|
122
112
|
class Result < ::FFI::Struct
|
123
113
|
end
|
124
114
|
|
@@ -165,35 +155,33 @@ module Datadog
|
|
165
155
|
|
166
156
|
class Handle
|
167
157
|
attr_reader handle_obj: ::FFI::Pointer
|
168
|
-
attr_reader
|
158
|
+
attr_reader diagnostics: data
|
169
159
|
attr_reader config: WAF::LibDDWAF::Config
|
170
160
|
|
171
161
|
def initialize: (data rule, ?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
|
172
162
|
def finalize: () -> untyped
|
173
163
|
def required_addresses: () -> ::Array[::String]
|
174
|
-
def
|
164
|
+
def merge: (untyped data) -> Handle?
|
175
165
|
|
176
166
|
private
|
177
167
|
|
178
168
|
@valid: bool
|
179
169
|
|
180
|
-
def new_from_handle: (::FFI::Pointer handle_object,
|
170
|
+
def new_from_handle: (::FFI::Pointer handle_object, data diagnostics, WAF::LibDDWAF::Config config) -> untyped
|
181
171
|
def validate!: () -> void
|
182
172
|
def invalidate!: () -> void
|
183
173
|
def valid?: () -> (nil | bool)
|
184
174
|
def valid!: () -> void
|
185
175
|
end
|
186
176
|
|
187
|
-
type result_data = Array[untyped] | nil
|
188
|
-
|
189
177
|
class Result
|
190
178
|
attr_reader status: ::Symbol
|
191
|
-
attr_reader
|
179
|
+
attr_reader events: data
|
192
180
|
attr_reader total_runtime: ::Float
|
193
181
|
attr_reader timeout: bool
|
194
|
-
attr_reader actions:
|
182
|
+
attr_reader actions: data
|
195
183
|
|
196
|
-
def initialize: (::Symbol,
|
184
|
+
def initialize: (::Symbol, data, ::Float, bool, data) -> void
|
197
185
|
end
|
198
186
|
|
199
187
|
class Context
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libddwaf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.11.0.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Datadog, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08-
|
11
|
+
date: 2023-08-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|