libddwaf 1.0.14.2.1.beta1-aarch64-linux → 1.2.1.0.0.beta1-aarch64-linux

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 256903068fc39f1191e477889f89596147707ddffcfdb53d6c1fe0ec5a497b8f
4
- data.tar.gz: 8f9294e2400097ef6444084f4803732176a4b861c5cd6acb3aca80a5a2460b59
3
+ metadata.gz: bfb2432bc222dbfdb31746689817e5daf2db7c33a529820a8ded0cb8562dbdfe
4
+ data.tar.gz: 0e9107e0a6051237816dd853b5cfd7afa06df2491056fcc4298898b1dfc579c2
5
5
  SHA512:
6
- metadata.gz: 0acfee98686cd52a36736a52a19065a4fa65aa4da3b2b47d57d92eab1a3110407e7a7ff2fdf15092094826acb0e276d78d27ec8e3f040b13b51a472683624b2b
7
- data.tar.gz: 32ebe75c03a2effcd18b5be1caca39ac454cfcbdb9e6782ae9f3930682ed243e7820ed223598db6d056be93d576fed989e04ca1302df9bad12fd1e588e82dc01
6
+ metadata.gz: 21998b8bfc616220ee5a0b7a81565576bb4a8010fd8419cf617b6a9bd643630760f8b04550d66f8d148692770ef89173f1b63d7a9f609e4a8006e9fa59b54f16
7
+ data.tar.gz: de70ff25315ddd224985021935913d27c054af0eba5c03d6272757a028b9e42745f475198028c4efad5f77a5cb7c67c03ca62c6a9a5cc3605e2f5052089fa529
@@ -2,8 +2,8 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = '1.0.14'
6
- STRING = "#{BASE_STRING}.2.1.beta1"
5
+ BASE_STRING = '1.2.1'
6
+ STRING = "#{BASE_STRING}.0.0.beta1"
7
7
  MINIMUM_RUBY_VERSION = '2.1'
8
8
  end
9
9
  end
@@ -73,6 +73,25 @@ module Datadog
73
73
  :ddwaf_obj_map, 1 << 4
74
74
 
75
75
  typedef :pointer, :charptr
76
+ typedef :pointer, :charptrptr
77
+
78
+ class UInt32Ptr < ::FFI::Struct
79
+ layout :value, :uint32
80
+ end
81
+
82
+ typedef UInt32Ptr.by_ref, :uint32ptr
83
+
84
+ class UInt64Ptr < ::FFI::Struct
85
+ layout :value, :uint64
86
+ end
87
+
88
+ typedef UInt64Ptr.by_ref, :uint64ptr
89
+
90
+ class SizeTPtr < ::FFI::Struct
91
+ layout :value, :size_t
92
+ end
93
+
94
+ typedef SizeTPtr.by_ref, :sizeptr
76
95
 
77
96
  class ObjectValueUnion < ::FFI::Union
78
97
  layout :stringValue, :charptr,
@@ -91,6 +110,8 @@ module Datadog
91
110
 
92
111
  typedef Object.by_ref, :ddwaf_object
93
112
 
113
+ ## setters
114
+
94
115
  attach_function :ddwaf_object_invalid, [:ddwaf_object], :ddwaf_object
95
116
  attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
96
117
  attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
@@ -108,6 +129,19 @@ module Datadog
108
129
  attach_function :ddwaf_object_map_addl, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
109
130
  attach_function :ddwaf_object_map_addl_nc, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
110
131
 
132
+ ## getters
133
+
134
+ attach_function :ddwaf_object_type, [:ddwaf_object], DDWAF_OBJ_TYPE
135
+ attach_function :ddwaf_object_size, [:ddwaf_object], :uint64
136
+ attach_function :ddwaf_object_length, [:ddwaf_object], :size_t
137
+ attach_function :ddwaf_object_get_key, [:ddwaf_object, :sizeptr], :charptr
138
+ attach_function :ddwaf_object_get_string, [:ddwaf_object, :sizeptr], :charptr
139
+ attach_function :ddwaf_object_get_unsigned, [:ddwaf_object], :uint64
140
+ attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
141
+ attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
142
+
143
+ ## freeers
144
+
111
145
  ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
112
146
  ObjectNoFree = ::FFI::Pointer::NULL
113
147
 
@@ -118,16 +152,27 @@ module Datadog
118
152
 
119
153
  class Config < ::FFI::Struct
120
154
  layout :maxArrayLength, :uint64,
121
- :maxMapDepth, :uint64,
122
- :maxTimeStore, :uint64
155
+ :maxMapDepth, :uint64
123
156
  end
124
157
 
125
158
  typedef Config.by_ref, :ddwaf_config
126
159
 
127
- attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
160
+ class RuleSetInfo < ::FFI::Struct
161
+ layout :loaded, :uint16,
162
+ :failed, :uint16,
163
+ :errors, Object,
164
+ :version, :string
165
+ end
166
+
167
+ typedef RuleSetInfo.by_ref, :ddwaf_ruleset_info
168
+ RuleSetInfoNone = Datadog::AppSec::WAF::LibDDWAF::RuleSetInfo.new(::FFI::Pointer::NULL)
169
+
170
+ attach_function :ddwaf_ruleset_info_free, [:ddwaf_ruleset_info], :void
171
+
172
+ attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
128
173
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
129
174
 
130
- attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
175
+ attach_function :ddwaf_required_addresses, [:ddwaf_handle, :uint32ptr], :charptrptr
131
176
 
132
177
  # running
133
178
 
@@ -138,19 +183,17 @@ module Datadog
138
183
  attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
139
184
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
140
185
 
141
- DDWAF_RET_CODE = enum :ddwaf_err_internal, -4,
142
- :ddwaf_err_invalid_object, -3,
143
- :ddwaf_err_invalid_argument, -2,
144
- :ddwaf_err_timeout, -1,
186
+ DDWAF_RET_CODE = enum :ddwaf_err_internal, -3,
187
+ :ddwaf_err_invalid_object, -2,
188
+ :ddwaf_err_invalid_argument, -1,
145
189
  :ddwaf_good, 0,
146
190
  :ddwaf_monitor, 1,
147
191
  :ddwaf_block, 2
148
192
 
149
193
  class Result < ::FFI::Struct
150
- layout :action, DDWAF_RET_CODE,
194
+ layout :timeout, :bool,
151
195
  :data, :string,
152
- :perfData, :string,
153
- :perfTotalRuntime, :uint32 # in us
196
+ :total_runtime, :uint64
154
197
  end
155
198
 
156
199
  typedef Result.by_ref, :ddwaf_result
@@ -287,7 +330,7 @@ module Datadog
287
330
 
288
331
  def self.logger=(logger)
289
332
  @log_cb = proc do |level, func, file, line, message, len|
290
- logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
333
+ logger.debug { { level: level, func: func, file: file, line: line, message: message.read_bytes(len) }.inspect }
291
334
  end
292
335
 
293
336
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
@@ -298,7 +341,6 @@ module Datadog
298
341
 
299
342
  DEFAULT_MAX_ARRAY_LENGTH = 0
300
343
  DEFAULT_MAX_MAP_DEPTH = 0
301
- DEFAULT_MAX_TIME_STORE = 0
302
344
 
303
345
  def initialize(rule, config = {})
304
346
  rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
@@ -313,15 +355,17 @@ module Datadog
313
355
 
314
356
  config_obj[:maxArrayLength] = config[:max_array_length] || DEFAULT_MAX_ARRAY_LENGTH
315
357
  config_obj[:maxMapDepth] = config[:max_map_depth] || DEFAULT_MAX_MAP_DEPTH
316
- config_obj[:maxTimeStore] = config[:max_time_store] || DEFAULT_MAX_TIME_STORE
317
358
 
318
- @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
359
+ ruleset_info = LibDDWAF::RuleSetInfoNone
360
+
361
+ @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
319
362
  if @handle_obj.null?
320
363
  fail LibDDWAF::Error, 'Could not create handle'
321
364
  end
322
365
 
323
366
  ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
324
367
  ensure
368
+ Datadog::AppSec::WAF::LibDDWAF.ddwaf_ruleset_info_free(ruleset_info) if ruleset_info
325
369
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
326
370
  end
327
371
 
@@ -332,7 +376,7 @@ module Datadog
332
376
  end
333
377
  end
334
378
 
335
- Result = Struct.new(:action, :data, :perf_data, :perf_total_runtime)
379
+ Result = Struct.new(:action, :data, :total_runtime, :timeout)
336
380
 
337
381
  class Context
338
382
  attr_reader :context_obj
@@ -365,7 +409,6 @@ module Datadog
365
409
  ddwaf_err_internal: :err_internal,
366
410
  ddwaf_err_invalid_object: :err_invalid_object,
367
411
  ddwaf_err_invalid_argument: :err_invalid_argument,
368
- ddwaf_err_timeout: :err_timeout,
369
412
  ddwaf_good: :good,
370
413
  ddwaf_monitor: :monitor,
371
414
  ddwaf_block: :block,
@@ -388,10 +431,10 @@ module Datadog
388
431
  code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
389
432
 
390
433
  result = Result.new(
391
- ACTION_MAP_OUT[result_obj[:action]],
434
+ ACTION_MAP_OUT[code],
392
435
  (JSON.parse(result_obj[:data]) if result_obj[:data] != nil),
393
- (JSON.parse(result_obj[:perfData]) if result_obj[:perfData] != nil),
394
- result_obj[:perfTotalRuntime],
436
+ result_obj[:total_runtime],
437
+ result_obj[:timeout],
395
438
  )
396
439
 
397
440
  [ACTION_MAP_OUT[code], result]
@@ -48,10 +48,9 @@ typedef enum
48
48
  **/
49
49
  typedef enum
50
50
  {
51
- DDWAF_ERR_INTERNAL = -4,
52
- DDWAF_ERR_INVALID_OBJECT = -3,
53
- DDWAF_ERR_INVALID_ARGUMENT = -2,
54
- DDWAF_ERR_TIMEOUT = -1,
51
+ DDWAF_ERR_INTERNAL = -3,
52
+ DDWAF_ERR_INVALID_OBJECT = -2,
53
+ DDWAF_ERR_INVALID_ARGUMENT = -1,
55
54
  DDWAF_GOOD = 0,
56
55
  DDWAF_MONITOR = 1,
57
56
  DDWAF_BLOCK = 2
@@ -72,13 +71,21 @@ typedef enum
72
71
  DDWAF_LOG_OFF,
73
72
  } DDWAF_LOG_LEVEL;
74
73
 
74
+ #ifdef __cplusplus
75
+ class PowerWAF;
76
+ class PWAdditive;
77
+ using ddwaf_handle = PowerWAF *;
78
+ using ddwaf_context = PWAdditive *;
79
+ #else
75
80
  typedef struct _ddwaf_handle* ddwaf_handle;
76
81
  typedef struct _ddwaf_context* ddwaf_context;
82
+ #endif
83
+
77
84
  typedef struct _ddwaf_object ddwaf_object;
78
85
  typedef struct _ddwaf_config ddwaf_config;
79
86
  typedef struct _ddwaf_result ddwaf_result;
80
87
  typedef struct _ddwaf_version ddwaf_version;
81
-
88
+ typedef struct _ddwaf_ruleset_info ddwaf_ruleset_info;
82
89
  /**
83
90
  * @struct ddwaf_object
84
91
  *
@@ -94,7 +101,7 @@ struct _ddwaf_object
94
101
  const char* stringValue;
95
102
  uint64_t uintValue;
96
103
  int64_t intValue;
97
- const ddwaf_object* array;
104
+ ddwaf_object* array;
98
105
  };
99
106
  uint64_t nbEntries;
100
107
  DDWAF_OBJ_TYPE type;
@@ -111,8 +118,6 @@ struct _ddwaf_config
111
118
  uint64_t maxArrayLength;
112
119
  /** Maximum depth of ddwaf::object maps. */
113
120
  uint64_t maxMapDepth;
114
- /** Maximum size of the rule run time store. **/
115
- int32_t maxTimeStore;
116
121
  };
117
122
 
118
123
  /**
@@ -122,14 +127,12 @@ struct _ddwaf_config
122
127
  **/
123
128
  struct _ddwaf_result
124
129
  {
125
- /** Run result action **/
126
- DDWAF_RET_CODE action;
130
+ /** Whether there has been a timeout during the operation **/
131
+ bool timeout;
127
132
  /** Run result in JSON format **/
128
133
  const char* data;
129
- /** Performance data in JSON format **/
130
- const char* perfData;
131
- /** Total run time in microseconds **/
132
- uint32_t perfTotalRuntime;
134
+ /** Total WAF runtime in nanoseconds **/
135
+ uint64_t total_runtime;
133
136
  };
134
137
 
135
138
  /**
@@ -144,6 +147,24 @@ struct _ddwaf_version
144
147
  uint16_t patch;
145
148
  };
146
149
 
150
+ /**
151
+ * @ddwaf_ruleset_info
152
+ *
153
+ * Structure containing diagnostics on the provided ruleset.
154
+ * */
155
+ struct _ddwaf_ruleset_info
156
+ {
157
+ /** Number of rules successfully loaded **/
158
+ uint16_t loaded;
159
+ /** Number of rules which failed to parse **/
160
+ uint16_t failed;
161
+ /** Map from an error string to an array of all the rule ids for which
162
+ * that error was raised. {error: [rule_ids]} **/
163
+ ddwaf_object errors;
164
+ /** Ruleset version **/
165
+ const char *version;
166
+ };
167
+
147
168
  /**
148
169
  * @typedef ddwaf_object_free_fn
149
170
  *
@@ -174,10 +195,12 @@ typedef void (*ddwaf_log_cb)(
174
195
  *
175
196
  * @param rule ddwaf::object containing the patterns to be used by the WAF. (nonnull)
176
197
  * @param config Optional configuration of the WAF. (nullable)
198
+ * @param info Optional ruleset parsing diagnostics. (nullable)
177
199
  *
178
200
  * @return Handle to the WAF instance.
179
201
  **/
180
- ddwaf_handle ddwaf_init(const ddwaf_object *rule, const ddwaf_config* config);
202
+ ddwaf_handle ddwaf_init(const ddwaf_object *rule,
203
+ const ddwaf_config* config, ddwaf_ruleset_info *info);
181
204
 
182
205
  /**
183
206
  * ddwaf_destroy
@@ -187,7 +210,14 @@ ddwaf_handle ddwaf_init(const ddwaf_object *rule, const ddwaf_config* config);
187
210
  * @param Handle to the WAF instance.
188
211
  */
189
212
  void ddwaf_destroy(ddwaf_handle handle);
190
-
213
+ /**
214
+ * ddwaf_ruleset_info_free
215
+ *
216
+ * Free the memory associated with the ruleset info structure.
217
+ *
218
+ * @param info Ruleset info to free.
219
+ * */
220
+ void ddwaf_ruleset_info_free(ddwaf_ruleset_info *info);
191
221
  /**
192
222
  * ddwaf_required_addresses
193
223
  *
@@ -248,7 +278,8 @@ ddwaf_context ddwaf_context_init(const ddwaf_handle handle, ddwaf_object_free_fn
248
278
  * data is unknown. The result structure will not be
249
279
  * filled if this error occurs.
250
280
  **/
251
- DDWAF_RET_CODE ddwaf_run(ddwaf_context context, ddwaf_object *data, ddwaf_result *result, uint64_t timeout);
281
+ DDWAF_RET_CODE ddwaf_run(ddwaf_context context, ddwaf_object *data,
282
+ ddwaf_result *result, uint64_t timeout);
252
283
 
253
284
  /**
254
285
  * ddwaf_context_destroy
@@ -451,6 +482,101 @@ bool ddwaf_object_map_addl(ddwaf_object *map, const char *key, size_t length, dd
451
482
  **/
452
483
  bool ddwaf_object_map_addl_nc(ddwaf_object *map, const char *key, size_t length, ddwaf_object *object);
453
484
 
485
+ /**
486
+ * ddwaf_object_type
487
+ *
488
+ * Returns the type of the object.
489
+ *
490
+ * @param object The object from which to get the type.
491
+ *
492
+ * @return The object type of DDWAF_OBJ_INVALID if NULL.
493
+ **/
494
+ DDWAF_OBJ_TYPE ddwaf_object_type(ddwaf_object *object);
495
+
496
+ /**
497
+ * ddwaf_object_size
498
+ *
499
+ * Returns the size of the container object.
500
+ *
501
+ * @param object The object from which to get the size.
502
+ *
503
+ * @return The object size or 0 if the object is not a container (array, map).
504
+ **/
505
+ size_t ddwaf_object_size(ddwaf_object *object);
506
+
507
+ /**
508
+ * ddwaf_object_length
509
+ *
510
+ * Returns the length of the string object.
511
+ *
512
+ * @param object The object from which to get the length.
513
+ *
514
+ * @return The string length or 0 if the object is not a string.
515
+ **/
516
+ size_t ddwaf_object_length(ddwaf_object *object);
517
+
518
+ /**
519
+ * ddwaf_object_get_key
520
+ *
521
+ * Returns the key contained within the object.
522
+ *
523
+ * @param object The object from which to get the key.
524
+ * @param length Output parameter on which to return the length of the key,
525
+ * this parameter is optional / nullable.
526
+ *
527
+ * @return The key of the object or NULL if the object doesn't contain a key.
528
+ **/
529
+ const char* ddwaf_object_get_key(ddwaf_object *object, size_t *length);
530
+
531
+ /**
532
+ * ddwaf_object_get_string
533
+ *
534
+ * Returns the string contained within the object.
535
+ *
536
+ * @param object The object from which to get the string.
537
+ * @param length Output parameter on which to return the length of the string,
538
+ * this parameter is optional / nullable.
539
+ *
540
+ * @return The string of the object or NULL if the object is not a string.
541
+ **/
542
+ const char* ddwaf_object_get_string(ddwaf_object *object, size_t *length);
543
+
544
+ /**
545
+ * ddwaf_object_get_unsigned
546
+ *
547
+ * Returns the uint64 contained within the object.
548
+ *
549
+ * @param object The object from which to get the integer.
550
+ *
551
+ * @return The integer or 0 if the object is not an unsigned.
552
+ **/
553
+ uint64_t ddwaf_object_get_unsigned(ddwaf_object *object);
554
+
555
+ /**
556
+ * ddwaf_object_get_signed
557
+ *
558
+ * Returns the int64 contained within the object.
559
+ *
560
+ * @param object The object from which to get the integer.
561
+ *
562
+ * @return The integer or 0 if the object is not a signed.
563
+ **/
564
+ int64_t ddwaf_object_get_signed(ddwaf_object *object);
565
+
566
+ /**
567
+ * ddwaf_object_get_index
568
+ *
569
+ * Returns the object contained in the container at the given index.
570
+ *
571
+ * @param object The container from which to extract the object.
572
+ * @param index The position of the required object within the container.
573
+ *
574
+ * @return The requested object or NULL if the index is out of bounds or the
575
+ * object is not a container.
576
+ **/
577
+ ddwaf_object* ddwaf_object_get_index(ddwaf_object *object, size_t index);
578
+
579
+
454
580
  /**
455
581
  * ddwaf_object_free
456
582
  *
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.14.2.1.beta1
4
+ version: 1.2.1.0.0.beta1
5
5
  platform: aarch64-linux
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-03 00:00:00.000000000 Z
11
+ date: 2022-03-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -41,8 +41,8 @@ files:
41
41
  - lib/datadog/appsec/waf.rb
42
42
  - lib/datadog/appsec/waf/version.rb
43
43
  - lib/libddwaf.rb
44
- - vendor/libddwaf/libddwaf-1.0.14-linux-aarch64/include/ddwaf.h
45
- - vendor/libddwaf/libddwaf-1.0.14-linux-aarch64/lib/libddwaf.so
44
+ - vendor/libddwaf/libddwaf-1.2.1-linux-aarch64/include/ddwaf.h
45
+ - vendor/libddwaf/libddwaf-1.2.1-linux-aarch64/lib/libddwaf.so
46
46
  homepage: https://github.com/DataDog/libddwaf
47
47
  licenses:
48
48
  - BSD-3-Clause