libsqreen 0.6.1.0.1 → 1.0.4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/libsqreen_extension/libsqreen_extension.c +22 -22
- data/ext/libsqreen_extension/logging.c +4 -4
- data/lib/libsqreen/version.rb +1 -1
- data/vendor/libsqreen/include/waf.h +313 -213
- data/vendor/libsqreen/x86_64/darwin/libsqreen.a +0 -0
- data/vendor/libsqreen/x86_64/linux/libsqreen.a +0 -0
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c2ae03953a7873a5385ccb306ba5ed318a3a26b4cea7e2bd2e07c7896a00e5f6
|
4
|
+
data.tar.gz: 7c041b5f6cb494c4a90146c547c922348714b8e41acfe9398f87d57ace23452f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76c210772b5a88b86a7e8d1e06e2bb0d50040d030fe612fa9bfca5de7b62feebec5d2d5d15c4f575761620a739024d0ed758fbfd95773802cc36ec1e1162ccbf
|
7
|
+
data.tar.gz: ee82a4de97c206df867fe626331376dfa9a982e49be60e310d93f94eff0c7c9c35482af5c9f7fdb1c1654c0db46622cb4f85ebddf528c37edf6c49d79a9c5641
|
@@ -26,8 +26,8 @@ static VALUE waf_args_cls;
|
|
26
26
|
static const PWArgs pw_args_invalid = { .type = PWI_INVALID };
|
27
27
|
|
28
28
|
static const PWConfig pw_config = {
|
29
|
-
.maxArrayLength =
|
30
|
-
.maxMapDepth =
|
29
|
+
.maxArrayLength = 256,
|
30
|
+
.maxMapDepth = 64,
|
31
31
|
};
|
32
32
|
|
33
33
|
static VALUE cvt_ruby_str_to_utf8(VALUE value);
|
@@ -47,7 +47,7 @@ libsqreen_waf_args_free(void *b) {
|
|
47
47
|
return;
|
48
48
|
}
|
49
49
|
|
50
|
-
|
50
|
+
pw_freeArg(&box->pw_args);
|
51
51
|
box->pw_args = pw_args_invalid;
|
52
52
|
}
|
53
53
|
|
@@ -121,7 +121,7 @@ libsqreen_version(VALUE self) {
|
|
121
121
|
PWVersion version;
|
122
122
|
VALUE result;
|
123
123
|
|
124
|
-
version =
|
124
|
+
version = pw_getVersion();
|
125
125
|
result = rb_ary_new();
|
126
126
|
rb_ary_push(result, INT2NUM(version.major));
|
127
127
|
rb_ary_push(result, INT2NUM(version.minor));
|
@@ -143,7 +143,7 @@ libsqreen_waf_set(VALUE self, VALUE name, VALUE rules) {
|
|
143
143
|
|
144
144
|
pw_name = StringValueCStr(name);
|
145
145
|
pw_rules = StringValueCStr(rules);
|
146
|
-
pw_result =
|
146
|
+
pw_result = pw_init(pw_name, pw_rules, &pw_config, NULL);
|
147
147
|
|
148
148
|
result = pw_result ? Qtrue : Qfalse;
|
149
149
|
|
@@ -159,7 +159,7 @@ libsqreen_waf_delete(VALUE self, VALUE name) {
|
|
159
159
|
Check_Type(name, T_STRING);
|
160
160
|
|
161
161
|
pw_name = StringValueCStr(name);
|
162
|
-
|
162
|
+
pw_clearRule(pw_name);
|
163
163
|
|
164
164
|
return Qnil;
|
165
165
|
}
|
@@ -168,7 +168,7 @@ static VALUE
|
|
168
168
|
libsqreen_waf_clear(VALUE self) {
|
169
169
|
(void)self;
|
170
170
|
|
171
|
-
|
171
|
+
pw_clearAll();
|
172
172
|
|
173
173
|
return Qnil;
|
174
174
|
}
|
@@ -188,7 +188,7 @@ value_to_pw_args(VALUE val) {
|
|
188
188
|
|
189
189
|
pw_string = StringValuePtr(utf8_val);
|
190
190
|
pw_len = (size_t)RSTRING_LEN(utf8_val);
|
191
|
-
pw_val =
|
191
|
+
pw_val = pw_createStringWithLength(pw_string, pw_len);
|
192
192
|
}
|
193
193
|
break;
|
194
194
|
case T_FIXNUM:
|
@@ -196,13 +196,13 @@ value_to_pw_args(VALUE val) {
|
|
196
196
|
int64_t pw_int;
|
197
197
|
|
198
198
|
pw_int = FIX2LONG(val);
|
199
|
-
pw_val =
|
199
|
+
pw_val = pw_createInt(pw_int);
|
200
200
|
}
|
201
201
|
break;
|
202
202
|
case T_HASH:
|
203
203
|
{
|
204
204
|
VALUE waf_args = libsqreen_waf_args_new();
|
205
|
-
libsqreen_waf_args_set_boxed(waf_args,
|
205
|
+
libsqreen_waf_args_set_boxed(waf_args, pw_createMap());
|
206
206
|
// can in principle raise exception, but the WAF allocated
|
207
207
|
// memory (included the partial list of allocated values
|
208
208
|
// inserted in the map by on_hash_iteration) is already
|
@@ -216,7 +216,7 @@ value_to_pw_args(VALUE val) {
|
|
216
216
|
case T_ARRAY:
|
217
217
|
{
|
218
218
|
VALUE waf_args = libsqreen_waf_args_new();
|
219
|
-
libsqreen_waf_args_set_boxed(waf_args,
|
219
|
+
libsqreen_waf_args_set_boxed(waf_args, pw_createArray());
|
220
220
|
PWArgs *array_p = libsqreen_waf_args_get_boxed(waf_args);
|
221
221
|
|
222
222
|
for (int i = 0; i < RARRAY_LEN(val); i++) {
|
@@ -232,9 +232,9 @@ value_to_pw_args(VALUE val) {
|
|
232
232
|
|
233
233
|
// can in principle raise
|
234
234
|
pw_e = value_to_pw_args(e);
|
235
|
-
ok =
|
235
|
+
ok = pw_addArray(array_p, pw_e);
|
236
236
|
if (!ok) {
|
237
|
-
|
237
|
+
pw_freeArg(&pw_e);
|
238
238
|
}
|
239
239
|
}
|
240
240
|
|
@@ -249,7 +249,7 @@ value_to_pw_args(VALUE val) {
|
|
249
249
|
* in the log if the values in the top map are missing. Replace all
|
250
250
|
* invalid values with an empty map (this uses more maps than needed,
|
251
251
|
but also doesn't hurt) */
|
252
|
-
pw_val =
|
252
|
+
pw_val = pw_createMap();
|
253
253
|
break;
|
254
254
|
}
|
255
255
|
|
@@ -279,9 +279,9 @@ on_hash_iteration(volatile VALUE key, VALUE val, VALUE waf_value) {
|
|
279
279
|
PWArgs value_to_add = value_to_pw_args(val);
|
280
280
|
// key is volatile because between its last usage
|
281
281
|
// and the usage of its component pw_key, GC may run
|
282
|
-
ok =
|
282
|
+
ok = pw_addMap(parent, pw_key, pw_len, value_to_add);
|
283
283
|
if (!ok) {
|
284
|
-
|
284
|
+
pw_freeArg(&value_to_add);
|
285
285
|
}
|
286
286
|
|
287
287
|
return ST_CONTINUE;
|
@@ -433,7 +433,7 @@ libsqreen_waf_run(int argc, const VALUE *argv, VALUE self) {
|
|
433
433
|
|
434
434
|
rb_scan_args(argc, argv, "31", &name, &args, &budget, &max_run_budget);
|
435
435
|
|
436
|
-
PWRet
|
436
|
+
PWRet pw_ret;
|
437
437
|
VALUE result = rb_ary_new();
|
438
438
|
|
439
439
|
Check_Type(name, T_STRING);
|
@@ -447,7 +447,7 @@ libsqreen_waf_run(int argc, const VALUE *argv, VALUE self) {
|
|
447
447
|
struct timespec start = get_time_mono();
|
448
448
|
|
449
449
|
VALUE waf_args = libsqreen_waf_args_new_from_hash(args);
|
450
|
-
PWArgs
|
450
|
+
PWArgs pw_args = *libsqreen_waf_args_get_boxed(waf_args);
|
451
451
|
const char *pw_name = StringValueCStr(name);
|
452
452
|
size_t run_budget = calc_run_budget(start, gen_budget, max_run_budget);
|
453
453
|
if (run_budget == 0) {
|
@@ -456,13 +456,13 @@ libsqreen_waf_run(int argc, const VALUE *argv, VALUE self) {
|
|
456
456
|
return result;
|
457
457
|
}
|
458
458
|
|
459
|
-
pw_ret =
|
459
|
+
pw_ret = pw_run(pw_name, pw_args, run_budget);
|
460
460
|
|
461
|
-
rb_ary_push(result, ret_code_to_sym(pw_ret
|
462
|
-
rb_ary_push(result, pw_ret
|
461
|
+
rb_ary_push(result, ret_code_to_sym(pw_ret.action));
|
462
|
+
rb_ary_push(result, pw_ret.data == NULL ? Qnil : rb_str_new2(pw_ret.data));
|
463
463
|
|
464
464
|
libsqreen_waf_args_invalidate(waf_args);
|
465
|
-
|
465
|
+
pw_freeReturn(pw_ret);
|
466
466
|
|
467
467
|
return result;
|
468
468
|
}
|
@@ -38,7 +38,7 @@ log_init() {
|
|
38
38
|
|
39
39
|
static void
|
40
40
|
on_log(PW_LOG_LEVEL level, const char *function, const char *file,
|
41
|
-
int line, const char *message,
|
41
|
+
int line, const char *message, unsigned long long message_len);
|
42
42
|
|
43
43
|
|
44
44
|
static VALUE log_level_to_fixnum(PW_LOG_LEVEL level) {
|
@@ -108,7 +108,7 @@ libsqreen_waf_log_enable(VALUE self, VALUE severity) {
|
|
108
108
|
Check_Type(severity, T_SYMBOL);
|
109
109
|
|
110
110
|
level = sym_to_log_level(severity);
|
111
|
-
|
111
|
+
pw_setupLogging(on_log, level);
|
112
112
|
log_threshold = level;
|
113
113
|
|
114
114
|
return Qnil;
|
@@ -119,7 +119,7 @@ libsqreen_waf_log_disable(VALUE self) {
|
|
119
119
|
(void)self;
|
120
120
|
PW_LOG_LEVEL level = PWL_ERROR;
|
121
121
|
|
122
|
-
|
122
|
+
pw_setupLogging(NULL, level);
|
123
123
|
log_threshold = _PWL_AFTER_LAST;
|
124
124
|
|
125
125
|
return Qnil;
|
@@ -159,7 +159,7 @@ on_log(PW_LOG_LEVEL level,
|
|
159
159
|
const char *function,
|
160
160
|
const char *file,
|
161
161
|
int line,
|
162
|
-
const char *message,
|
162
|
+
const char *message, unsigned long long message_len) {
|
163
163
|
VALUE severity;
|
164
164
|
VALUE logger;
|
165
165
|
VALUE log_msg;
|
data/lib/libsqreen/version.rb
CHANGED
@@ -1,235 +1,335 @@
|
|
1
1
|
//
|
2
2
|
// PowerWAF
|
3
|
-
// Copyright ©
|
3
|
+
// Copyright © 2020 Sqreen. All rights reserved.
|
4
4
|
//
|
5
5
|
|
6
|
-
#ifndef
|
7
|
-
#define
|
6
|
+
#ifndef pw_h
|
7
|
+
#define pw_h
|
8
8
|
|
9
9
|
#ifdef __cplusplus
|
10
|
-
extern "C"
|
10
|
+
extern "C"
|
11
|
+
{
|
11
12
|
#endif
|
12
13
|
|
13
|
-
#include <stdint.h>
|
14
14
|
#include <stdbool.h>
|
15
|
-
#include <
|
15
|
+
#include <stdint.h>
|
16
16
|
|
17
17
|
#define PW_MAX_STRING_LENGTH 4096
|
18
18
|
#define PW_MAX_MAP_DEPTH 20
|
19
19
|
#define PW_MAX_ARRAY_LENGTH 256
|
20
20
|
#define PW_RUN_TIMEOUT 5000
|
21
21
|
|
22
|
-
typedef enum
|
23
|
-
{
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
} PW_INPUT_TYPE;
|
31
|
-
|
32
|
-
typedef
|
33
|
-
|
34
|
-
struct _PWArgs
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
22
|
+
typedef enum
|
23
|
+
{
|
24
|
+
PWI_INVALID = 0,
|
25
|
+
PWI_SIGNED_NUMBER = 1 << 0, // `value` shall be decoded as a int64_t (or int32_t on 32bits platforms)
|
26
|
+
PWI_UNSIGNED_NUMBER = 1 << 1, // `value` shall be decoded as a uint64_t (or uint32_t on 32bits platforms)
|
27
|
+
PWI_STRING = 1 << 2, // `value` shall be decoded as a UTF-8 string of length `nbEntries`
|
28
|
+
PWI_ARRAY = 1 << 3, // `value` shall be decoded as an array of PWArgs of length `nbEntries`, each item having no `parameterName`
|
29
|
+
PWI_MAP = 1 << 4, // `value` shall be decoded as an array of PWArgs of length `nbEntries`, each item having a `parameterName`
|
30
|
+
} PW_INPUT_TYPE;
|
31
|
+
|
32
|
+
typedef void* PWHandle;
|
33
|
+
typedef void* PWAddContext;
|
34
|
+
typedef struct _PWArgs PWArgs;
|
35
|
+
|
36
|
+
struct _PWArgs
|
37
|
+
{
|
38
|
+
const char* parameterName;
|
39
|
+
uint64_t parameterNameLength;
|
40
|
+
union
|
41
|
+
{
|
42
|
+
const char* stringValue;
|
43
|
+
uint64_t uintValue;
|
44
|
+
int64_t intValue;
|
45
|
+
const PWArgs* array;
|
46
|
+
const void* rawHandle;
|
47
|
+
};
|
48
|
+
uint64_t nbEntries;
|
49
|
+
PW_INPUT_TYPE type;
|
44
50
|
};
|
45
|
-
uint64_t nbEntries;
|
46
|
-
PW_INPUT_TYPE type;
|
47
|
-
};
|
48
|
-
|
49
|
-
typedef struct
|
50
|
-
{
|
51
|
-
uint64_t maxArrayLength;
|
52
|
-
uint64_t maxMapDepth;
|
53
|
-
} PWConfig;
|
54
51
|
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
}
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
///
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
///
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
///
|
109
|
-
///
|
110
|
-
///
|
111
|
-
///
|
112
|
-
/// @
|
113
|
-
|
114
|
-
extern
|
115
|
-
|
116
|
-
///
|
117
|
-
///
|
118
|
-
///
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
///
|
143
|
-
///
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
///
|
148
|
-
///
|
149
|
-
///
|
150
|
-
///
|
151
|
-
///
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
///
|
156
|
-
///
|
157
|
-
///
|
158
|
-
|
159
|
-
extern
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
///
|
169
|
-
///
|
170
|
-
///
|
171
|
-
///
|
172
|
-
/// @
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
///
|
189
|
-
///
|
190
|
-
///
|
191
|
-
/// @param
|
192
|
-
/// @param
|
193
|
-
/// @
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
///
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
///
|
206
|
-
///
|
207
|
-
///
|
208
|
-
///
|
209
|
-
///
|
210
|
-
|
211
|
-
|
212
|
-
///
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
52
|
+
typedef enum
|
53
|
+
{
|
54
|
+
PWD_PARSING_JSON = 0,
|
55
|
+
PWD_PARSING_RULE,
|
56
|
+
PWD_PARSING_RULE_FILTER,
|
57
|
+
PWD_OPERATOR_VALUE,
|
58
|
+
PWD_DUPLICATE_RULE,
|
59
|
+
PWD_PARSING_FLOW,
|
60
|
+
PWD_PARSING_FLOW_STEP,
|
61
|
+
PWD_MEANINGLESS_STEP,
|
62
|
+
PWD_DUPLICATE_FLOW,
|
63
|
+
PWD_DUPLICATE_FLOW_STEP,
|
64
|
+
PWD_STEP_HAS_INVALID_RULE
|
65
|
+
} PW_DIAG_CODE;
|
66
|
+
|
67
|
+
typedef enum
|
68
|
+
{
|
69
|
+
PW_ERR_INTERNAL = -6,
|
70
|
+
PW_ERR_TIMEOUT = -5,
|
71
|
+
PW_ERR_INVALID_CALL = -4,
|
72
|
+
PW_ERR_INVALID_RULE = -3,
|
73
|
+
PW_ERR_INVALID_FLOW = -2,
|
74
|
+
PW_ERR_NORULE = -1,
|
75
|
+
PW_GOOD = 0,
|
76
|
+
PW_MONITOR = 1,
|
77
|
+
PW_BLOCK = 2
|
78
|
+
} PW_RET_CODE;
|
79
|
+
|
80
|
+
typedef enum
|
81
|
+
{
|
82
|
+
PWL_TRACE,
|
83
|
+
PWL_DEBUG,
|
84
|
+
PWL_INFO,
|
85
|
+
PWL_WARN,
|
86
|
+
PWL_ERROR,
|
87
|
+
|
88
|
+
_PWL_AFTER_LAST,
|
89
|
+
} PW_LOG_LEVEL;
|
90
|
+
|
91
|
+
/// pw_init
|
92
|
+
///
|
93
|
+
/// Initialize a rule in the PowerWAF
|
94
|
+
/// Must be called before calling RunPowerWAF on this rule name
|
95
|
+
/// Will clear any existing rule with the same name
|
96
|
+
///
|
97
|
+
|
98
|
+
typedef struct
|
99
|
+
{
|
100
|
+
uint64_t maxArrayLength;
|
101
|
+
uint64_t maxMapDepth;
|
102
|
+
} PWConfig;
|
103
|
+
|
104
|
+
///
|
105
|
+
/// @param ruleName Name the atom that provided the patterns we're about to initialize with
|
106
|
+
/// @param wafRule JSON blob containing the patterns to work with
|
107
|
+
/// @param config Customized limits for the PWArgs validation
|
108
|
+
/// @param errors Pointer to the pointer to be populated with a potential error report. Set to NULL not to generate such a report
|
109
|
+
/// @return The success (true) or faillure (false) of the init
|
110
|
+
|
111
|
+
extern bool pw_init(const char* ruleName, const char* wafRule, const PWConfig* config, char** errors);
|
112
|
+
|
113
|
+
/// RunPowerWAF
|
114
|
+
///
|
115
|
+
/// Run the patterns from a rule on a set of parameters
|
116
|
+
///
|
117
|
+
|
118
|
+
typedef struct
|
119
|
+
{
|
120
|
+
PW_RET_CODE action;
|
121
|
+
const char* data;
|
122
|
+
const char* perfData;
|
123
|
+
|
124
|
+
uint32_t perfTotalRuntime;
|
125
|
+
uint32_t perfCacheHitRate;
|
126
|
+
} PWRet;
|
127
|
+
|
128
|
+
///
|
129
|
+
/// Threading guarantees: When calling this API, a lock will be taken for a very short window as this call will take ownership of a shared smart pointer.
|
130
|
+
/// This pointer implement reference counting and can be owned by as many thread as you want.
|
131
|
+
/// If you call pw_init while evaluation of pw_run is ongoing, the calls having already taken ownership will safely finish processing.
|
132
|
+
/// The shared pointer will be destroyed, without locking pw_init, when the last pw_run finish processing.
|
133
|
+
///
|
134
|
+
/// Maximum budget: The budget is internally stored in nanoseconds in an int64_t variable. This is then added to the current time, also coded in nano seconds.
|
135
|
+
/// Due to those convertions, the maximum safe value for the next 15 years is 2^52. After that, 2^51.
|
136
|
+
///
|
137
|
+
/// @param ruleName Name of the rule you want to run
|
138
|
+
/// @param parameters The request's parameters
|
139
|
+
/// @param timeLeftInUs The maximum time in microsecond PowerWAF is allowed to take
|
140
|
+
/// @return Whether the pattern matched or whether we encountered an error
|
141
|
+
|
142
|
+
extern PWRet pw_run(const char* ruleName, const PWArgs parameters, uint64_t timeLeftInUs);
|
143
|
+
|
144
|
+
/// pw_clearRule
|
145
|
+
///
|
146
|
+
/// Flush all context related to a rule
|
147
|
+
///
|
148
|
+
/// @param ruleName Name of the rule to unload
|
149
|
+
|
150
|
+
extern void pw_clearRule(const char* ruleName);
|
151
|
+
|
152
|
+
/// ClearAll
|
153
|
+
///
|
154
|
+
/// Flush all context
|
155
|
+
|
156
|
+
extern void pw_clearAll(void);
|
157
|
+
|
158
|
+
///
|
159
|
+
/// The following APIs (handle API) give the caller the full responsibility of the lifecycle of the wafHandle
|
160
|
+
/// Freeing this handle while another run is in progress will cause crashes or worst.
|
161
|
+
/// Don't use this API unless you understand the consequence and can provide 100% guarantee around it.
|
162
|
+
/// In exchange for this risk, your handle isn't added to the registry and access won't involve our internal mutex
|
163
|
+
///
|
164
|
+
|
165
|
+
/// pw_initH
|
166
|
+
///
|
167
|
+
/// Initialize a rule in the PowerWAF, and return a handle
|
168
|
+
///
|
169
|
+
/// @param wafRule JSON blob containing the patterns to work with
|
170
|
+
/// @param config Customized limits for the PWArgs validation
|
171
|
+
/// @param errors Pointer to the pointer to be populated with a potential error report. Set to NULL not to generate such a report
|
172
|
+
/// @return The handle of the initialized rule on success, NULL overwise
|
173
|
+
|
174
|
+
extern PWHandle pw_initH(const char* wafRule, const PWConfig* config, char** errors);
|
175
|
+
|
176
|
+
/// pw_runH
|
177
|
+
///
|
178
|
+
/// Run the patterns from a handle on a set of parameters
|
179
|
+
///
|
180
|
+
/// Threading guarantees: When calling this API, you're on your own.
|
181
|
+
/// Calling clearRuleH while a pw_runH is running will likely cause a use after free and a crash
|
182
|
+
/// Unless you _know_ what you're doing, use the safe API
|
183
|
+
///
|
184
|
+
/// Maximum budget: The budget is internally stored in nanoseconds in an int64_t variable. This is then added to the current time, also coded in nano seconds.
|
185
|
+
/// Due to those convertions, the maximum safe value for the next 15 years is 2^52. After that, 2^51.
|
186
|
+
///
|
187
|
+
/// @param wafHandle The rule handle
|
188
|
+
/// @param parameters The request's parameters
|
189
|
+
/// @param timeLeftInUs The maximum time in microsecond PowerWAF is allowed to take
|
190
|
+
/// @return Whether the pattern matched or whether we encountered an error
|
191
|
+
|
192
|
+
extern PWRet pw_runH(const PWHandle wafHandle, const PWArgs parameters, uint64_t timeLeftInUs);
|
193
|
+
|
194
|
+
/// pw_clearRuleH
|
195
|
+
///
|
196
|
+
/// Destroy a WAF handle
|
197
|
+
///
|
198
|
+
/// @param wafHandle handle to destroy
|
199
|
+
|
200
|
+
extern void pw_clearRuleH(PWHandle wafHandle);
|
201
|
+
|
202
|
+
///
|
203
|
+
/// Additive API
|
204
|
+
///
|
205
|
+
/// pw_initAdditive
|
206
|
+
///
|
207
|
+
/// Create a additive context you can use with pw_runAdd
|
208
|
+
/// Similarly to the handle API, you must call pw_clearAdditive at the end of the request to free caches
|
209
|
+
/// You must make sure that the context isn't in use in pw_runAdditive when or after calling pw_clearAdditive
|
210
|
+
///
|
211
|
+
/// @param ruleName Name of the rule you want to run (managed API)
|
212
|
+
/// @return A pointer to an additive context, or NULL if something went wrong
|
213
|
+
|
214
|
+
PWAddContext pw_initAdditive(const char* ruleName);
|
215
|
+
|
216
|
+
/// pw_initAdditiveH
|
217
|
+
///
|
218
|
+
/// Similar to pw_initAdditive but for the handle API
|
219
|
+
///
|
220
|
+
/// @param powerwafHandle The rule handle
|
221
|
+
/// @return A pointer to an additive context, or NULL if something went wrong
|
222
|
+
|
223
|
+
PWAddContext pw_initAdditiveH(const PWHandle powerwafHandle);
|
224
|
+
|
225
|
+
/// pw_runAdditive
|
226
|
+
///
|
227
|
+
/// Run the rules affiliated with an additive context on some new parameters
|
228
|
+
///
|
229
|
+
/// Important considerations:
|
230
|
+
/// You can call this API multiple time with the same context, and it will run on all new and past parameters
|
231
|
+
/// When sending PWArgs to this API, the additive context take ownership of the PWArgs and will take care of freeing it
|
232
|
+
/// When passing a parameter you already passed, further runs will ignore the past values
|
233
|
+
///
|
234
|
+
/// @param context The additive context for this request
|
235
|
+
/// @param newArgs The newly available parameters
|
236
|
+
/// @param timeLeftInUs The maximum time in microsecond PowerWAF is allowed to take
|
237
|
+
/// @return Whether the pattern matched or whether we encountered an error
|
238
|
+
|
239
|
+
PWRet pw_runAdditive(PWAddContext context, PWArgs newArgs, uint64_t timeLeftInUs);
|
240
|
+
|
241
|
+
/// pw_clearAdditive
|
242
|
+
///
|
243
|
+
/// Destroy the additive API context
|
244
|
+
/// Also take care of freeing any parameter sent to the context
|
245
|
+
///
|
246
|
+
/// @param context The additive context to free
|
247
|
+
|
248
|
+
void pw_clearAdditive(PWAddContext context);
|
249
|
+
|
250
|
+
/// pw_freeDiagnotics
|
251
|
+
///
|
252
|
+
/// Free the error report generated by pw_init
|
253
|
+
///
|
254
|
+
/// @param errors Pointer to a populated error report. NULL will be safely ignored
|
255
|
+
|
256
|
+
extern void pw_freeDiagnotics(char* errors);
|
257
|
+
|
258
|
+
/// pw_freeReturn
|
259
|
+
///
|
260
|
+
/// Free the buffers in the PWRet structure returned by pw_run
|
261
|
+
///
|
262
|
+
/// @param output Structure provided by pw_run
|
263
|
+
|
264
|
+
extern void pw_freeReturn(PWRet output);
|
265
|
+
|
266
|
+
/// GetVersion
|
267
|
+
///
|
268
|
+
/// Return the API version of PowerWAF
|
269
|
+
///
|
270
|
+
|
271
|
+
typedef struct
|
272
|
+
{
|
273
|
+
uint16_t major;
|
274
|
+
uint16_t minor;
|
275
|
+
uint16_t patch;
|
276
|
+
} PWVersion;
|
277
|
+
|
278
|
+
///
|
279
|
+
/// @return The API version in SemVer form
|
280
|
+
|
281
|
+
extern PWVersion pw_getVersion(void);
|
282
|
+
|
283
|
+
///
|
284
|
+
/// Callback that powerwaf will call to relay messages to the binding.
|
285
|
+
///
|
286
|
+
/// @param level The logging level
|
287
|
+
/// @param function The native function that emitted the message. Never NULL
|
288
|
+
/// @param file The file of the native function that emmitted the message. Never null
|
289
|
+
/// @param line The line where the message was emmitted. Non-negative
|
290
|
+
/// @param message The size of the logging message. NUL-terminated
|
291
|
+
/// @param message_len The length of the logging message (excluding NUL terminator)
|
292
|
+
///
|
293
|
+
|
294
|
+
typedef void (*pw_logging_cb_t)(
|
295
|
+
PW_LOG_LEVEL level, const char* function, const char* file, int line,
|
296
|
+
const char* message, uint64_t message_len);
|
297
|
+
|
298
|
+
///
|
299
|
+
/// Sets up PowerWAF to rely logging messages to the binding
|
300
|
+
///
|
301
|
+
/// @param cb The callback to call, or NULL to stop relaying messages
|
302
|
+
/// @param min_level The minimum logging level for which to relay messages (ignored if cb is NULL)
|
303
|
+
/// @return whether the logging sink was successfully replaced
|
304
|
+
///
|
305
|
+
bool pw_setupLogging(pw_logging_cb_t cb, PW_LOG_LEVEL min_level);
|
306
|
+
|
307
|
+
/// PWArgs utils
|
308
|
+
|
309
|
+
extern PWArgs pw_getInvalid(void);
|
310
|
+
extern PWArgs pw_createStringWithLength(const char* string, uint64_t length);
|
311
|
+
extern PWArgs pw_createString(const char* string);
|
312
|
+
extern PWArgs pw_createInt(int64_t value);
|
313
|
+
extern PWArgs pw_createUint(uint64_t value);
|
314
|
+
extern PWArgs pw_createArray(void);
|
315
|
+
extern PWArgs pw_createMap(void);
|
316
|
+
extern bool pw_addArray(PWArgs* array, PWArgs entry);
|
317
|
+
// Setting entryNameLength to 0 will result in the entryName length being re-computed with strlen
|
318
|
+
extern bool pw_addMap(PWArgs* map, const char* entryName, uint64_t entryNameLength, PWArgs entry);
|
319
|
+
extern void pw_freeArg(PWArgs* input);
|
320
|
+
|
321
|
+
/// Allocation utils to access PowerWAF's heap
|
322
|
+
/// If you're using the following two PWArgs util, make sure the memory is owned by libSqreen!
|
323
|
+
extern void* pw_memAlloc(uint64_t size);
|
324
|
+
extern void* pw_memRealloc(void* ptr, uint64_t size);
|
325
|
+
extern void pw_memFree(void* ptr);
|
326
|
+
|
327
|
+
/// Those APIs take ownership of your pointers: those may be free-ed at any time by libSqreen. Only use them with pointer allocated with pw_mem*
|
328
|
+
extern PWArgs pw_initString(const char* string, uint64_t length);
|
329
|
+
extern bool pw_addMapNoCopy(PWArgs* map, const char* entryName, uint64_t entryNameLength, PWArgs entry);
|
226
330
|
|
227
331
|
#ifdef __cplusplus
|
228
332
|
}
|
229
|
-
#ifdef TESTING
|
230
|
-
extern std::unordered_map<std::string, std::shared_ptr<PowerWAF>> & exportInternalRuleCollection();
|
231
|
-
#endif
|
232
|
-
|
233
333
|
#endif /* __cplusplus */
|
234
334
|
|
235
|
-
#endif /*
|
335
|
+
#endif /* pw_h */
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libsqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-10-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -116,8 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
116
116
|
- !ruby/object:Gem::Version
|
117
117
|
version: '0'
|
118
118
|
requirements: []
|
119
|
-
|
120
|
-
rubygems_version: 2.7.7
|
119
|
+
rubygems_version: 3.1.4
|
121
120
|
signing_key:
|
122
121
|
specification_version: 4
|
123
122
|
summary: Make the Sqreen agent faster
|