RubyGems - libddwaf - Versions diffs - 1.0.14.2.1.beta1-x86_64-darwin → 1.2.1.0.0.beta1-x86_64-darwin - Mend

libddwaf 1.0.14.2.1.beta1-x86_64-darwin → 1.2.1.0.0.beta1-x86_64-darwin

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/datadog/appsec/waf/version.rb +2 -2
data/lib/datadog/appsec/waf.rb +63 -20
data/vendor/libddwaf/{libddwaf-1.0.14-darwin-x86_64 → libddwaf-1.2.1-darwin-x86_64}/include/ddwaf.h +143 -17
data/vendor/libddwaf/libddwaf-1.2.1-darwin-x86_64/lib/libddwaf.dylib +0 -0
metadata +4 -4
data/vendor/libddwaf/libddwaf-1.0.14-darwin-x86_64/lib/libddwaf.dylib +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 775b52304a70463e7f93e2576b53d94f46e5dce2a117806f3b096bf44974c4b6
-  data.tar.gz: 5e2627502a283efedffd1ade2e3d8b4d7a7313c864e4fd8137a93f55d1adc3e7
+  metadata.gz: 37f6d33077e880bcde0704a6fe27712cc981a86ec99c1756da54745930e88374
+  data.tar.gz: bb2c7d5da20f11b79e2fe6140ef9e9f72df64f89b8170b673dc7e23d53002a42
 SHA512:
-  metadata.gz: fcda2a241fefbd0cc807d441422a04f06195ea567549a83aa87f410df1eb47b36d173b3ccb86d19ab44ac90e726f441d416e4c13e23610958a15d72e60e0049a
-  data.tar.gz: 4eb25a2b53164991a1c5b056923aeeab525845e63f91bdbbbe31036e9e314c354f39d2e427a4590f2ae0232889d6e12e8e88237d102786a9da05a9df857c67c8
+  metadata.gz: e41a7bd64cb511930ed98f3132738a1cecf77ecf69daa546b89e5e72ba3730535caefabbe5ce09e1909833effede751ddbe32c9cd87fb4142045b9b5c7b34ab4
+  data.tar.gz: 13f0b28d63f2b551b0301479c46785998c16b222940aa06e4a0ac604e382c1f6cc02cf1bd5b31eca589658b63e3099e71d38d8e929231fb821874d6fdf844d4f

data/lib/datadog/appsec/waf/version.rb CHANGED Viewed

@@ -2,8 +2,8 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.0.14'
-        STRING = "#{BASE_STRING}.2.1.beta1"
+        BASE_STRING = '1.2.1'
+        STRING = "#{BASE_STRING}.0.0.beta1"
         MINIMUM_RUBY_VERSION = '2.1'
       end
     end

data/lib/datadog/appsec/waf.rb CHANGED Viewed

@@ -73,6 +73,25 @@ module Datadog
                               :ddwaf_obj_map,      1 << 4
         typedef :pointer, :charptr
+        typedef :pointer, :charptrptr
+        class UInt32Ptr < ::FFI::Struct
+          layout :value, :uint32
+        end
+        typedef UInt32Ptr.by_ref, :uint32ptr
+        class UInt64Ptr < ::FFI::Struct
+          layout :value, :uint64
+        end
+        typedef UInt64Ptr.by_ref, :uint64ptr
+        class SizeTPtr < ::FFI::Struct
+          layout :value, :size_t
+        end
+        typedef SizeTPtr.by_ref, :sizeptr
         class ObjectValueUnion < ::FFI::Union
           layout :stringValue, :charptr,
@@ -91,6 +110,8 @@ module Datadog
         typedef Object.by_ref, :ddwaf_object
+        ## setters
         attach_function :ddwaf_object_invalid, [:ddwaf_object], :ddwaf_object
         attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
         attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
@@ -108,6 +129,19 @@ module Datadog
         attach_function :ddwaf_object_map_addl, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
         attach_function :ddwaf_object_map_addl_nc, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
+        ## getters
+        attach_function :ddwaf_object_type, [:ddwaf_object], DDWAF_OBJ_TYPE
+        attach_function :ddwaf_object_size, [:ddwaf_object], :uint64
+        attach_function :ddwaf_object_length, [:ddwaf_object], :size_t
+        attach_function :ddwaf_object_get_key, [:ddwaf_object, :sizeptr], :charptr
+        attach_function :ddwaf_object_get_string, [:ddwaf_object, :sizeptr], :charptr
+        attach_function :ddwaf_object_get_unsigned, [:ddwaf_object], :uint64
+        attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
+        attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
+        ## freeers
         ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
         ObjectNoFree = ::FFI::Pointer::NULL
@@ -118,16 +152,27 @@ module Datadog
         class Config < ::FFI::Struct
           layout :maxArrayLength, :uint64,
-                 :maxMapDepth,    :uint64,
-                 :maxTimeStore,   :uint64
+                 :maxMapDepth,    :uint64
         end
         typedef Config.by_ref, :ddwaf_config
-        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config], :ddwaf_handle
+        class RuleSetInfo < ::FFI::Struct
+          layout :loaded, :uint16,
+                 :failed, :uint16,
+                 :errors, Object,
+                 :version, :string
+        end
+        typedef RuleSetInfo.by_ref, :ddwaf_ruleset_info
+        RuleSetInfoNone = Datadog::AppSec::WAF::LibDDWAF::RuleSetInfo.new(::FFI::Pointer::NULL)
+        attach_function :ddwaf_ruleset_info_free, [:ddwaf_ruleset_info], :void
+        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_ruleset_info], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
-        attach_function :ddwaf_required_addresses, [:ddwaf_handle, :pointer], :pointer
+        attach_function :ddwaf_required_addresses, [:ddwaf_handle, :uint32ptr], :charptrptr
         # running
@@ -138,19 +183,17 @@ module Datadog
         attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
-        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -4,
-                              :ddwaf_err_invalid_object,   -3,
-                              :ddwaf_err_invalid_argument, -2,
-                              :ddwaf_err_timeout,          -1,
+        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
+                              :ddwaf_err_invalid_object,   -2,
+                              :ddwaf_err_invalid_argument, -1,
                               :ddwaf_good,                  0,
                               :ddwaf_monitor,               1,
                               :ddwaf_block,                 2
         class Result < ::FFI::Struct
-          layout :action,           DDWAF_RET_CODE,
+          layout :timeout,          :bool,
                  :data,             :string,
-                 :perfData,         :string,
-                 :perfTotalRuntime, :uint32 # in us
+                 :total_runtime,    :uint64
         end
         typedef Result.by_ref, :ddwaf_result
@@ -287,7 +330,7 @@ module Datadog
       def self.logger=(logger)
         @log_cb = proc do |level, func, file, line, message, len|
-          logger.debug { { level: level, func: func, file: file, message: message.read_bytes(len) }.inspect }
+          logger.debug { { level: level, func: func, file: file, line: line, message: message.read_bytes(len) }.inspect }
         end
         Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
@@ -298,7 +341,6 @@ module Datadog
         DEFAULT_MAX_ARRAY_LENGTH = 0
         DEFAULT_MAX_MAP_DEPTH = 0
-        DEFAULT_MAX_TIME_STORE = 0
         def initialize(rule, config = {})
           rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
@@ -313,15 +355,17 @@ module Datadog
           config_obj[:maxArrayLength] = config[:max_array_length] || DEFAULT_MAX_ARRAY_LENGTH
           config_obj[:maxMapDepth]    = config[:max_map_depth]    || DEFAULT_MAX_MAP_DEPTH
-          config_obj[:maxTimeStore]   = config[:max_time_store]   || DEFAULT_MAX_TIME_STORE
-          @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj)
+          ruleset_info = LibDDWAF::RuleSetInfoNone
+          @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, ruleset_info)
           if @handle_obj.null?
             fail LibDDWAF::Error, 'Could not create handle'
           end
           ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
         ensure
+          Datadog::AppSec::WAF::LibDDWAF.ddwaf_ruleset_info_free(ruleset_info) if ruleset_info
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
         end
@@ -332,7 +376,7 @@ module Datadog
         end
       end
-      Result = Struct.new(:action, :data, :perf_data, :perf_total_runtime)
+      Result = Struct.new(:action, :data, :total_runtime, :timeout)
       class Context
         attr_reader :context_obj
@@ -365,7 +409,6 @@ module Datadog
           ddwaf_err_internal:         :err_internal,
           ddwaf_err_invalid_object:   :err_invalid_object,
           ddwaf_err_invalid_argument: :err_invalid_argument,
-          ddwaf_err_timeout:          :err_timeout,
           ddwaf_good:                 :good,
           ddwaf_monitor:              :monitor,
           ddwaf_block:                :block,
@@ -388,10 +431,10 @@ module Datadog
           code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
           result = Result.new(
-            ACTION_MAP_OUT[result_obj[:action]],
+            ACTION_MAP_OUT[code],
             (JSON.parse(result_obj[:data]) if result_obj[:data] != nil),
-            (JSON.parse(result_obj[:perfData]) if result_obj[:perfData] != nil),
-            result_obj[:perfTotalRuntime],
+            result_obj[:total_runtime],
+            result_obj[:timeout],
           )
           [ACTION_MAP_OUT[code], result]

data/vendor/libddwaf/{libddwaf-1.0.14-darwin-x86_64 → libddwaf-1.2.1-darwin-x86_64}/include/ddwaf.h RENAMED Viewed

@@ -48,10 +48,9 @@ typedef enum
  **/
 typedef enum
 {
-    DDWAF_ERR_INTERNAL     = -4,
-    DDWAF_ERR_INVALID_OBJECT = -3,
-    DDWAF_ERR_INVALID_ARGUMENT = -2,
-    DDWAF_ERR_TIMEOUT      = -1,
+    DDWAF_ERR_INTERNAL     = -3,
+    DDWAF_ERR_INVALID_OBJECT = -2,
+    DDWAF_ERR_INVALID_ARGUMENT = -1,
     DDWAF_GOOD             = 0,
     DDWAF_MONITOR          = 1,
     DDWAF_BLOCK            = 2
@@ -72,13 +71,21 @@ typedef enum
     DDWAF_LOG_OFF,
 } DDWAF_LOG_LEVEL;
+#ifdef __cplusplus
+class PowerWAF;
+class PWAdditive;
+using ddwaf_handle = PowerWAF *;
+using ddwaf_context = PWAdditive *;
+#else
 typedef struct _ddwaf_handle* ddwaf_handle;
 typedef struct _ddwaf_context* ddwaf_context;
+#endif
 typedef struct _ddwaf_object ddwaf_object;
 typedef struct _ddwaf_config ddwaf_config;
 typedef struct _ddwaf_result ddwaf_result;
 typedef struct _ddwaf_version ddwaf_version;
+typedef struct _ddwaf_ruleset_info ddwaf_ruleset_info;
 /**
  * @struct ddwaf_object
  *
@@ -94,7 +101,7 @@ struct _ddwaf_object
         const char* stringValue;
         uint64_t uintValue;
         int64_t intValue;
-        const ddwaf_object* array;
+        ddwaf_object* array;
     };
     uint64_t nbEntries;
     DDWAF_OBJ_TYPE type;
@@ -111,8 +118,6 @@ struct _ddwaf_config
     uint64_t maxArrayLength;
     /** Maximum depth of ddwaf::object maps. */
     uint64_t maxMapDepth;
-    /** Maximum size of the rule run time store. **/
-    int32_t maxTimeStore;
 };
 /**
@@ -122,14 +127,12 @@ struct _ddwaf_config
  **/
 struct _ddwaf_result
 {
-    /** Run result action **/
-    DDWAF_RET_CODE action;
+    /** Whether there has been a timeout during the operation **/
+    bool timeout;
     /** Run result in JSON format **/
     const char* data;
-    /** Performance data in JSON format **/
-    const char* perfData;
-    /** Total run time in microseconds **/
-    uint32_t perfTotalRuntime;
+    /** Total WAF runtime in nanoseconds **/
+    uint64_t total_runtime;
 };
 /**
@@ -144,6 +147,24 @@ struct _ddwaf_version
     uint16_t patch;
 };
+/**
+ * @ddwaf_ruleset_info
+ *
+ * Structure containing diagnostics on the provided ruleset.
+ * */
+struct _ddwaf_ruleset_info
+{
+    /** Number of rules successfully loaded **/
+    uint16_t loaded;
+    /** Number of rules which failed to parse **/
+    uint16_t failed;
+    /** Map from an error string to an array of all the rule ids for which
+     *  that error was raised. {error: [rule_ids]} **/
+    ddwaf_object errors;
+    /** Ruleset version **/
+    const char *version;
+};
 /**
  * @typedef ddwaf_object_free_fn
  *
@@ -174,10 +195,12 @@ typedef void (*ddwaf_log_cb)(
  *
  * @param rule ddwaf::object containing the patterns to be used by the WAF. (nonnull)
  * @param config Optional configuration of the WAF. (nullable)
+ * @param info Optional ruleset parsing diagnostics. (nullable)
  *
  * @return Handle to the WAF instance.
  **/
-ddwaf_handle ddwaf_init(const ddwaf_object *rule, const ddwaf_config* config);
+ddwaf_handle ddwaf_init(const ddwaf_object *rule,
+    const ddwaf_config* config, ddwaf_ruleset_info *info);
 /**
  * ddwaf_destroy
@@ -187,7 +210,14 @@ ddwaf_handle ddwaf_init(const ddwaf_object *rule, const ddwaf_config* config);
  * @param Handle to the WAF instance.
  */
 void ddwaf_destroy(ddwaf_handle handle);
+/**
+ * ddwaf_ruleset_info_free
+ *
+ * Free the memory associated with the ruleset info structure.
+ *
+ * @param info Ruleset info to free.
+ * */
+void ddwaf_ruleset_info_free(ddwaf_ruleset_info *info);
 /**
  * ddwaf_required_addresses
  *
@@ -248,7 +278,8 @@ ddwaf_context ddwaf_context_init(const ddwaf_handle handle, ddwaf_object_free_fn
  *                           data is unknown. The result structure will not be
  *                           filled if this error occurs.
  **/
-DDWAF_RET_CODE ddwaf_run(ddwaf_context context, ddwaf_object *data, ddwaf_result *result, uint64_t timeout);
+DDWAF_RET_CODE ddwaf_run(ddwaf_context context, ddwaf_object *data,
+                         ddwaf_result *result,  uint64_t timeout);
 /**
  * ddwaf_context_destroy
@@ -451,6 +482,101 @@ bool ddwaf_object_map_addl(ddwaf_object *map, const char *key, size_t length, dd
  **/
 bool ddwaf_object_map_addl_nc(ddwaf_object *map, const char *key, size_t length, ddwaf_object *object);
+/**
+ * ddwaf_object_type
+ *
+ * Returns the type of the object.
+ *
+ * @param object The object from which to get the type.
+ *
+ * @return The object type of DDWAF_OBJ_INVALID if NULL.
+ **/
+DDWAF_OBJ_TYPE ddwaf_object_type(ddwaf_object *object);
+/**
+ * ddwaf_object_size
+ *
+ * Returns the size of the container object.
+ *
+ * @param object The object from which to get the size.
+ *
+ * @return The object size or 0 if the object is not a container (array, map).
+ **/
+size_t ddwaf_object_size(ddwaf_object *object);
+/**
+ * ddwaf_object_length
+ *
+ * Returns the length of the string object.
+ *
+ * @param object The object from which to get the length.
+ *
+ * @return The string length or 0 if the object is not a string.
+ **/
+size_t ddwaf_object_length(ddwaf_object *object);
+/**
+ * ddwaf_object_get_key
+ *
+ * Returns the key contained within the object.
+ *
+ * @param object The object from which to get the key.
+ * @param length Output parameter on which to return the length of the key,
+ *               this parameter is optional / nullable.
+ *
+ * @return The key of the object or NULL if the object doesn't contain a key.
+ **/
+const char* ddwaf_object_get_key(ddwaf_object *object, size_t *length);
+/**
+ * ddwaf_object_get_string
+ *
+ * Returns the string contained within the object.
+ *
+ * @param object The object from which to get the string.
+ * @param length Output parameter on which to return the length of the string,
+ *               this parameter is optional / nullable.
+ *
+ * @return The string of the object or NULL if the object is not a string.
+ **/
+const char* ddwaf_object_get_string(ddwaf_object *object, size_t *length);
+/**
+ * ddwaf_object_get_unsigned
+ *
+ * Returns the uint64 contained within the object.
+ *
+ * @param object The object from which to get the integer.
+ *
+ * @return The integer or 0 if the object is not an unsigned.
+ **/
+uint64_t ddwaf_object_get_unsigned(ddwaf_object *object);
+/**
+ * ddwaf_object_get_signed
+ *
+ * Returns the int64 contained within the object.
+ *
+ * @param object The object from which to get the integer.
+ *
+ * @return The integer or 0 if the object is not a signed.
+ **/
+int64_t ddwaf_object_get_signed(ddwaf_object *object);
+/**
+ * ddwaf_object_get_index
+ *
+ * Returns the object contained in the container at the given index.
+ *
+ * @param object The container from which to extract the object.
+ * @param index The position of the required object within the container.
+ *
+ * @return The requested object or NULL if the index is out of bounds or the
+ *         object is not a container.
+ **/
+ddwaf_object* ddwaf_object_get_index(ddwaf_object *object, size_t index);
 /**
  * ddwaf_object_free
  *

data/vendor/libddwaf/libddwaf-1.2.1-darwin-x86_64/lib/libddwaf.dylib ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.0.14.2.1.beta1
+  version: 1.2.1.0.0.beta1
 platform: x86_64-darwin
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-03 00:00:00.000000000 Z
+date: 2022-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -41,8 +41,8 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
-- vendor/libddwaf/libddwaf-1.0.14-darwin-x86_64/include/ddwaf.h
-- vendor/libddwaf/libddwaf-1.0.14-darwin-x86_64/lib/libddwaf.dylib
+- vendor/libddwaf/libddwaf-1.2.1-darwin-x86_64/include/ddwaf.h
+- vendor/libddwaf/libddwaf-1.2.1-darwin-x86_64/lib/libddwaf.dylib
 homepage: https://github.com/DataDog/libddwaf
 licenses:
 - BSD-3-Clause

data/vendor/libddwaf/libddwaf-1.0.14-darwin-x86_64/lib/libddwaf.dylib DELETED Viewed

Binary file