libddwaf 1.0.14.2.1.beta1-aarch64-linux → 1.2.1.0.0.beta1-aarch64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 256903068fc39f1191e477889f89596147707ddffcfdb53d6c1fe0ec5a497b8f
-  data.tar.gz: 8f9294e2400097ef6444084f4803732176a4b861c5cd6acb3aca80a5a2460b59
+  metadata.gz: bfb2432bc222dbfdb31746689817e5daf2db7c33a529820a8ded0cb8562dbdfe
+  data.tar.gz: 0e9107e0a6051237816dd853b5cfd7afa06df2491056fcc4298898b1dfc579c2
 SHA512:
-  metadata.gz: 0acfee98686cd52a36736a52a19065a4fa65aa4da3b2b47d57d92eab1a3110407e7a7ff2fdf15092094826acb0e276d78d27ec8e3f040b13b51a472683624b2b
-  data.tar.gz: 32ebe75c03a2effcd18b5be1caca39ac454cfcbdb9e6782ae9f3930682ed243e7820ed223598db6d056be93d576fed989e04ca1302df9bad12fd1e588e82dc01
+  metadata.gz: 21998b8bfc616220ee5a0b7a81565576bb4a8010fd8419cf617b6a9bd643630760f8b04550d66f8d148692770ef89173f1b63d7a9f609e4a8006e9fa59b54f16
+  data.tar.gz: de70ff25315ddd224985021935913d27c054af0eba5c03d6272757a028b9e42745f475198028c4efad5f77a5cb7c67c03ca62c6a9a5cc3605e2f5052089fa529

data/lib/datadog/appsec/waf/version.rb

@@ -2,8 +2,8 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.0.14'
-        STRING = "#{BASE_STRING}.2.1.beta1"
+        BASE_STRING = '1.2.1'
+        STRING = "#{BASE_STRING}.0.0.beta1"
         MINIMUM_RUBY_VERSION = '2.1'
       end
     end

data/lib/datadog/appsec/waf.rb

@@ -73,6 +73,25 @@ module Datadog
                               :ddwaf_obj_map,      1 << 4
 
         typedef :pointer, :charptr
+        typedef :pointer, :charptrptr
+
+        class UInt32Ptr < ::FFI::Struct
+          layout :value, :uint32
+        end
+
+        typedef UInt32Ptr.by_ref, :uint32ptr
+
+        class UInt64Ptr < ::FFI::Struct
+          layout :value, :uint64
+        end
+
+        typedef UInt64Ptr.by_ref, :uint64ptr
+
+        class SizeTPtr < ::FFI::Struct
+          layout :value, :size_t
+        end
+
+        typedef SizeTPtr.by_ref, :sizeptr
 
         class ObjectValueUnion < ::FFI::Union
           layout :stringValue, :charptr,
@@ -91,6 +110,8 @@ module Datadog
 
         typedef Object.by_ref, :ddwaf_object
 
+        ## setters
+
         attach_function :ddwaf_object_invalid, [:ddwaf_object], :ddwaf_object
         attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
         attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
@@ -108,6 +129,19 @@ module Datadog
         attach_function :ddwaf_object_map_addl, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
         attach_function :ddwaf_object_map_addl_nc, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
 
+        ## getters
+
+        attach_function :ddwaf_object_type, [:ddwaf_object], DDWAF_OBJ_TYPE
+        attach_function :ddwaf_object_size, [:ddwaf_object], :uint64
+        attach_function :ddwaf_object_length, [:ddwaf_object], :size_t
+        attach_function :ddwaf_object_get_key, [:ddwaf_object, :sizeptr], :charptr
+        attach_function :ddwaf_object_get_string, [:ddwaf_object, :sizeptr], :charptr
+        attach_function :ddwaf_object_get_unsigned, [:ddwaf_object], :uint64
+        attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
+        attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
+
+        ## freeers
+
         ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
         ObjectNoFree = ::FFI::Pointer::NULL
 
@@ -118,16 +152,27 @@ module Datadog
 
         class Config < ::FFI::Struct
           layout :maxArrayLength, :uint64,
-                 :maxMapDepth,    :uint64,
-                 :maxTimeStore,   :uint64
+                 :maxMapDepth,    :uint64
         end
 
         typedef Config.by_ref, :ddwaf_config
 
-        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
+        class RuleSetInfo < ::FFI::Struct
+          layout :loaded, :uint16,
+                 :failed, :uint16,
+                 :errors, Object,
+                 :version, :string
+        end
+
+        typedef RuleSetInfo.by_ref, :ddwaf_ruleset_info
+        RuleSetInfoNone = Datadog::AppSec::WAF::LibDDWAF::RuleSetInfo.new(::FFI::Pointer::NULL)
+
+        attach_function :ddwaf_ruleset_info_free, [:ddwaf_ruleset_info], :void
+
+        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
 
-        attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
+        attach_function :ddwaf_required_addresses, [:ddwaf_handle, :uint32ptr], :charptrptr
 
         # running
 
@@ -138,19 +183,17 @@ module Datadog
         attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
 
-        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -4,
-                              :ddwaf_err_invalid_object,   -3,
-                              :ddwaf_err_invalid_argument, -2,
-                              :ddwaf_err_timeout,          -1,
+        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
+                              :ddwaf_err_invalid_object,   -2,
+                              :ddwaf_err_invalid_argument, -1,
                               :ddwaf_good,                  0,
                               :ddwaf_monitor,               1,
                               :ddwaf_block,                 2
 
         class Result < ::FFI::Struct
-          layout :action,           DDWAF_RET_CODE,
+          layout :timeout,          :bool,
                  :data,             :string,
-                 :perfData,         :string,
-                 :perfTotalRuntime, :uint32 # in us
+                 :total_runtime,    :uint64
         end
 
         typedef Result.by_ref, :ddwaf_result
@@ -287,7 +330,7 @@ module Datadog
 
       def self.logger=(logger)
         @log_cb = proc do |level, func, file, line, message, len|
-          logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
+          logger.debug { { level: level, func: func, file: file, line: line, message: message.read_bytes(len) }.inspect }
         end
 
         Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
@@ -298,7 +341,6 @@ module Datadog
 
         DEFAULT_MAX_ARRAY_LENGTH = 0
         DEFAULT_MAX_MAP_DEPTH = 0
-        DEFAULT_MAX_TIME_STORE = 0
 
         def initialize(rule, config = {})
           rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
@@ -313,15 +355,17 @@ module Datadog
 
           config_obj[:maxArrayLength] = config[:max_array_length] || DEFAULT_MAX_ARRAY_LENGTH
           config_obj[:maxMapDepth]    = config[:max_map_depth]    || DEFAULT_MAX_MAP_DEPTH
-          config_obj[:maxTimeStore]   = config[:max_time_store]   || DEFAULT_MAX_TIME_STORE
 
-          @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
+          ruleset_info = LibDDWAF::RuleSetInfoNone
+
+          @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
           if @handle_obj.null?
             fail LibDDWAF::Error, 'Could not create handle'
           end
 
           ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
         ensure
+          Datadog::AppSec::WAF::LibDDWAF.ddwaf_ruleset_info_free(ruleset_info) if ruleset_info
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
         end
 
@@ -332,7 +376,7 @@ module Datadog
         end
       end
 
-      Result = Struct.new(:action, :data, :perf_data, :perf_total_runtime)
+      Result = Struct.new(:action, :data, :total_runtime, :timeout)
 
       class Context
         attr_reader :context_obj
@@ -365,7 +409,6 @@ module Datadog
           ddwaf_err_internal:         :err_internal,
           ddwaf_err_invalid_object:   :err_invalid_object,
           ddwaf_err_invalid_argument: :err_invalid_argument,
-          ddwaf_err_timeout:          :err_timeout,
           ddwaf_good:                 :good,
           ddwaf_monitor:              :monitor,
           ddwaf_block:                :block,
@@ -388,10 +431,10 @@ module Datadog
           code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
 
           result = Result.new(
-            ACTION_MAP_OUT[result_obj[:action]],
+            ACTION_MAP_OUT[code],
             (JSON.parse(result_obj[:data]) if result_obj[:data] != nil),
-            (JSON.parse(result_obj[:perfData]) if result_obj[:perfData] != nil),
-            result_obj[:perfTotalRuntime],
+            result_obj[:total_runtime],
+            result_obj[:timeout],
           )
 
           [ACTION_MAP_OUT[code], result]

data/vendor/libddwaf/{libddwaf-1.0.14-linux-aarch64 → libddwaf-1.2.1-linux-aarch64}/include/ddwaf.h

@@ -48,10 +48,9 @@ typedef enum
  **/
 typedef enum
 {
-    DDWAF_ERR_INTERNAL     = -4,
-    DDWAF_ERR_INVALID_OBJECT = -3,
-    DDWAF_ERR_INVALID_ARGUMENT = -2,
-    DDWAF_ERR_TIMEOUT      = -1,
+    DDWAF_ERR_INTERNAL     = -3,
+    DDWAF_ERR_INVALID_OBJECT = -2,
+    DDWAF_ERR_INVALID_ARGUMENT = -1,
     DDWAF_GOOD             = 0,
     DDWAF_MONITOR          = 1,
     DDWAF_BLOCK            = 2
@@ -72,13 +71,21 @@ typedef enum
     DDWAF_LOG_OFF,
 } DDWAF_LOG_LEVEL;
 
+#ifdef __cplusplus
+class PowerWAF;
+class PWAdditive;
+using ddwaf_handle = PowerWAF *;
+using ddwaf_context = PWAdditive *;
+#else
 typedef struct _ddwaf_handle* ddwaf_handle;
 typedef struct _ddwaf_context* ddwaf_context;
+#endif
+
 typedef struct _ddwaf_object ddwaf_object;
 typedef struct _ddwaf_config ddwaf_config;
 typedef struct _ddwaf_result ddwaf_result;
 typedef struct _ddwaf_version ddwaf_version;
-
+typedef struct _ddwaf_ruleset_info ddwaf_ruleset_info;
 /**
  * @struct ddwaf_object
  *
@@ -94,7 +101,7 @@ struct _ddwaf_object
         const char* stringValue;
         uint64_t uintValue;
         int64_t intValue;
-        const ddwaf_object* array;
+        ddwaf_object* array;
     };
     uint64_t nbEntries;
     DDWAF_OBJ_TYPE type;
@@ -111,8 +118,6 @@ struct _ddwaf_config
     uint64_t maxArrayLength;
     /** Maximum depth of ddwaf::object maps. */
     uint64_t maxMapDepth;
-    /** Maximum size of the rule run time store. **/
-    int32_t maxTimeStore;
 };
 
 /**
@@ -122,14 +127,12 @@ struct _ddwaf_config
  **/
 struct _ddwaf_result
 {
-    /** Run result action **/
-    DDWAF_RET_CODE action;
+    /** Whether there has been a timeout during the operation **/
+    bool timeout;
     /** Run result in JSON format **/
     const char* data;
-    /** Performance data in JSON format **/
-    const char* perfData;
-    /** Total run time in microseconds **/
-    uint32_t perfTotalRuntime;
+    /** Total WAF runtime in nanoseconds **/
+    uint64_t total_runtime;
 };
 
 /**
@@ -144,6 +147,24 @@ struct _ddwaf_version
     uint16_t patch;
 };
 
+/**
+ * @ddwaf_ruleset_info
+ *
+ * Structure containing diagnostics on the provided ruleset.
+ * */
+struct _ddwaf_ruleset_info
+{
+    /** Number of rules successfully loaded **/
+    uint16_t loaded;
+    /** Number of rules which failed to parse **/
+    uint16_t failed;
+    /** Map from an error string to an array of all the rule ids for which
+     *  that error was raised. {error: [rule_ids]} **/
+    ddwaf_object errors;
+    /** Ruleset version **/
+    const char *version;
+};
+
 /**
  * @typedef ddwaf_object_free_fn
  *
@@ -174,10 +195,12 @@ typedef void (*ddwaf_log_cb)(
  *
  * @param rule ddwaf::object containing the patterns to be used by the WAF. (nonnull)
  * @param config Optional configuration of the WAF. (nullable)
+ * @param info Optional ruleset parsing diagnostics. (nullable)
  *
  * @return Handle to the WAF instance.
  **/
-ddwaf_handle ddwaf_init(const ddwaf_object *rule, const ddwaf_config* config);
+ddwaf_handle ddwaf_init(const ddwaf_object *rule,
+    const ddwaf_config* config, ddwaf_ruleset_info *info);
 
 /**
  * ddwaf_destroy
@@ -187,7 +210,14 @@ ddwaf_handle ddwaf_init(const ddwaf_object *rule, const ddwaf_config* config);
  * @param Handle to the WAF instance.
  */
 void ddwaf_destroy(ddwaf_handle handle);
-
+/**
+ * ddwaf_ruleset_info_free
+ *
+ * Free the memory associated with the ruleset info structure.
+ *
+ * @param info Ruleset info to free.
+ * */
+void ddwaf_ruleset_info_free(ddwaf_ruleset_info *info);
 /**
  * ddwaf_required_addresses
  *
@@ -248,7 +278,8 @@ ddwaf_context ddwaf_context_init(const ddwaf_handle handle, ddwaf_object_free_fn
  *                           data is unknown. The result structure will not be
  *                           filled if this error occurs.
  **/
-DDWAF_RET_CODE ddwaf_run(ddwaf_context context, ddwaf_object *data, ddwaf_result *result, uint64_t timeout);
+DDWAF_RET_CODE ddwaf_run(ddwaf_context context, ddwaf_object *data,
+                         ddwaf_result *result,  uint64_t timeout);
 
 /**
  * ddwaf_context_destroy
@@ -451,6 +482,101 @@ bool ddwaf_object_map_addl(ddwaf_object *map, const char *key, size_t length, dd
  **/
 bool ddwaf_object_map_addl_nc(ddwaf_object *map, const char *key, size_t length, ddwaf_object *object);
 
+/**
+ * ddwaf_object_type
+ *
+ * Returns the type of the object.
+ *
+ * @param object The object from which to get the type.
+ *
+ * @return The object type of DDWAF_OBJ_INVALID if NULL.
+ **/
+DDWAF_OBJ_TYPE ddwaf_object_type(ddwaf_object *object);
+
+/**
+ * ddwaf_object_size
+ *
+ * Returns the size of the container object.
+ *
+ * @param object The object from which to get the size.
+ *
+ * @return The object size or 0 if the object is not a container (array, map).
+ **/
+size_t ddwaf_object_size(ddwaf_object *object);
+
+/**
+ * ddwaf_object_length
+ *
+ * Returns the length of the string object.
+ *
+ * @param object The object from which to get the length.
+ *
+ * @return The string length or 0 if the object is not a string.
+ **/
+size_t ddwaf_object_length(ddwaf_object *object);
+
+/**
+ * ddwaf_object_get_key
+ *
+ * Returns the key contained within the object.
+ *
+ * @param object The object from which to get the key.
+ * @param length Output parameter on which to return the length of the key,
+ *               this parameter is optional / nullable.
+ *
+ * @return The key of the object or NULL if the object doesn't contain a key.
+ **/
+const char* ddwaf_object_get_key(ddwaf_object *object, size_t *length);
+
+/**
+ * ddwaf_object_get_string
+ *
+ * Returns the string contained within the object.
+ *
+ * @param object The object from which to get the string.
+ * @param length Output parameter on which to return the length of the string,
+ *               this parameter is optional / nullable.
+ *
+ * @return The string of the object or NULL if the object is not a string.
+ **/
+const char* ddwaf_object_get_string(ddwaf_object *object, size_t *length);
+
+/**
+ * ddwaf_object_get_unsigned
+ *
+ * Returns the uint64 contained within the object.
+ *
+ * @param object The object from which to get the integer.
+ *
+ * @return The integer or 0 if the object is not an unsigned.
+ **/
+uint64_t ddwaf_object_get_unsigned(ddwaf_object *object);
+
+/**
+ * ddwaf_object_get_signed
+ *
+ * Returns the int64 contained within the object.
+ *
+ * @param object The object from which to get the integer.
+ *
+ * @return The integer or 0 if the object is not a signed.
+ **/
+int64_t ddwaf_object_get_signed(ddwaf_object *object);
+
+/**
+ * ddwaf_object_get_index
+ *
+ * Returns the object contained in the container at the given index.
+ *
+ * @param object The container from which to extract the object.
+ * @param index The position of the required object within the container.
+ *
+ * @return The requested object or NULL if the index is out of bounds or the
+ *         object is not a container.
+ **/
+ddwaf_object* ddwaf_object_get_index(ddwaf_object *object, size_t index);
+
+
 /**
  * ddwaf_object_free
  *

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.0.14.2.1.beta1
+  version: 1.2.1.0.0.beta1
 platform: aarch64-linux
 authors:
 - Datadog, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-03 00:00:00.000000000 Z
+date: 2022-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -41,8 +41,8 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
-- vendor/libddwaf/libddwaf-1.0.14-linux-aarch64/include/ddwaf.h
-- vendor/libddwaf/libddwaf-1.0.14-linux-aarch64/lib/libddwaf.so
+- vendor/libddwaf/libddwaf-1.2.1-linux-aarch64/include/ddwaf.h
+- vendor/libddwaf/libddwaf-1.2.1-linux-aarch64/lib/libddwaf.so
 homepage: https://github.com/DataDog/libddwaf
 licenses:
 - BSD-3-Clause