More fixes

DataDog · Jan 7, 2025 · 185e42f · 185e42f
1 parent 9308259
commit 185e42f
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 100 deletions.
diff --git a/include/ddwaf.h b/include/ddwaf.h
@@ -210,22 +210,6 @@ typedef void (*ddwaf_log_cb)(
 ddwaf_handle ddwaf_init(const ddwaf_object *ruleset,
     const ddwaf_config* config, ddwaf_object *diagnostics);
 
-/**
- * ddwaf_update
- *
- * Update a ddwaf instance
- *
- * @param ruleset ddwaf::object map containing rules, exclusions, rules_override and rules_data. (nonnull)
- * @param diagnostics Optional ruleset parsing diagnostics. (nullable)
- *
- * @return Handle to the new WAF instance or NULL if there was an error processing the ruleset.
- *
- * @note If handle or ruleset are NULL, the diagnostics object will not be initialised.
- * @note This function is not thread-safe
- **/
-ddwaf_handle ddwaf_update(ddwaf_handle handle, const ddwaf_object *ruleset,
-    ddwaf_object *diagnostics);
-
 /**
  * ddwaf_destroy
  *

diff --git a/libddwaf.def b/libddwaf.def
@@ -1,8 +1,12 @@
 LIBRARY ddwaf
 EXPORTS
   ddwaf_init
-  ddwaf_update
   ddwaf_destroy
+  ddwaf_builder_init
+  ddwaf_builder_add_or_update_config
+  ddwaf_builder_remove_config
+  ddwaf_builder_build_instance
+  ddwaf_builder_destroy
   ddwaf_known_addresses
   ddwaf_context_init
   ddwaf_run

diff --git a/src/configuration/actions_parser.cpp b/src/configuration/actions_parser.cpp
@@ -30,8 +30,8 @@ void validate_and_add_block(auto &actions, auto id, auto &type, auto &parameters
         for (const auto &[k, v] : default_params.parameters) { parameters.try_emplace(k, v); }
     }
 
-    actions.emplace_back(
-        action_spec{std::move(id), action_type_from_string(type), std::move(type), std::move(parameters)});
+    actions.emplace_back(action_spec{
+        std::move(id), action_type_from_string(type), std::move(type), std::move(parameters)});
 }
 
 void validate_and_add_redirect(auto &actions, auto id, auto &type, auto &parameters)

diff --git a/tests/unit/sha256_test.cpp b/tests/unit/sha256_test.cpp
@@ -4,12 +4,12 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2021 Datadog, Inc.
 
-#include "sha256.hpp"
-
+#include <cstdint>
 #include <utility>
 #include <vector>
 
 #include "common/gtest_utils.hpp"
+#include "sha256.hpp"
 
 TEST(TestSha256, RandomInputTest)
 {

diff --git a/tools/waf_runner.cpp b/tools/waf_runner.cpp
@@ -64,109 +64,101 @@ int main(int argc, char *argv[])
 
     const std::vector<std::string> rulesets = args["--ruleset"];
     const std::vector<std::string> inputs = args["--input"];
-    if (rulesets.empty() || inputs.empty()) {
-        std::cout << "Usage: " << argv[0] << " --ruleset <json/yaml file> [<json/yaml file>..]"
+    if (rulesets.empty() || rulesets.size() > 1 || inputs.empty()) {
+        std::cout << "Usage: " << argv[0] << " --ruleset <json/yaml file>"
                   << " --input <json input> [<json input>..]\n";
         return EXIT_FAILURE;
     }
 
-    ddwaf_handle handle = nullptr;
-    for (const auto &ruleset : rulesets) {
-        auto rule = YAML::Load(read_file(ruleset)).as<ddwaf_object>();
-        if (handle == nullptr) {
-            const ddwaf_config config{{0, 0, 0}, {key_regex, value_regex}, ddwaf_object_free};
-            handle = ddwaf_init(&rule, &config, nullptr);
-        } else {
-            auto *updated_handle = ddwaf_update(handle, &rule, nullptr);
-            ddwaf_destroy(handle);
-            handle = updated_handle;
-        }
+    const auto &ruleset = rulesets[0];
 
-        ddwaf_object_free(&rule);
-        if (handle == nullptr) {
-            std::cout << "Failed to load " << ruleset << '\n';
-            return EXIT_FAILURE;
-        }
+    auto rule = YAML::Load(read_file(ruleset)).as<ddwaf_object>();
+    const ddwaf_config config{{0, 0, 0}, {key_regex, value_regex}, ddwaf_object_free};
+    ddwaf_handle handle = ddwaf_init(&rule, &config, nullptr);
+    ddwaf_object_free(&rule);
+    if (handle == nullptr) {
+        std::cout << "Failed to load " << ruleset << '\n';
+        return EXIT_FAILURE;
+    }
 
-        std::cout << "-- Run with " << ruleset << '\n';
+    std::cout << "-- Run with " << ruleset << '\n';
 
-        ddwaf_context context = ddwaf_context_init(handle);
-        if (context == nullptr) {
-            ddwaf_destroy(handle);
-            std::cout << "Failed to initialise context\n";
-            return EXIT_FAILURE;
-        }
+    ddwaf_context context = ddwaf_context_init(handle);
+    if (context == nullptr) {
+        ddwaf_destroy(handle);
+        std::cout << "Failed to initialise context\n";
+        return EXIT_FAILURE;
+    }
 
-        for (const auto &json_str : inputs) {
+    for (const auto &json_str : inputs) {
 
-            std::cout << "---- Run with " << json_str << '\n';
-            auto input = YAML::Load(json_str);
+        std::cout << "---- Run with " << json_str << '\n';
+        auto input = YAML::Load(json_str);
 
-            ddwaf_object persistent;
-            ddwaf_object ephemeral;
+        ddwaf_object persistent;
+        ddwaf_object ephemeral;
 
-            auto persistent_input = input["persistent"];
-            auto ephemeral_input = input["ephemeral"];
-            if (!persistent_input.IsDefined() && !ephemeral_input.IsDefined()) {
-                persistent = input.as<ddwaf_object>();
-                ddwaf_object_map(&ephemeral);
+        auto persistent_input = input["persistent"];
+        auto ephemeral_input = input["ephemeral"];
+        if (!persistent_input.IsDefined() && !ephemeral_input.IsDefined()) {
+            persistent = input.as<ddwaf_object>();
+            ddwaf_object_map(&ephemeral);
+        } else {
+            if (input["persistent"].IsDefined()) {
+                persistent = input["persistent"].as<ddwaf_object>();
             } else {
-                if (input["persistent"].IsDefined()) {
-                    persistent = input["persistent"].as<ddwaf_object>();
-                } else {
-                    ddwaf_object_map(&persistent);
-                }
-
-                if (input["ephemeral"].IsDefined()) {
-                    ephemeral = input["ephemeral"].as<ddwaf_object>();
-                } else {
-                    ddwaf_object_map(&ephemeral);
-                }
+                ddwaf_object_map(&persistent);
             }
 
-            ddwaf_result ret;
-            auto code =
-                ddwaf_run(context, &persistent, &ephemeral, &ret, std::numeric_limits<uint64_t>::max());
-            if (code == DDWAF_MATCH && ddwaf_object_size(&ret.events) > 0) {
-                std::stringstream ss;
-                YAML::Emitter out(ss);
-                out.SetIndent(2);
-                out.SetMapFormat(YAML::Block);
-                out.SetSeqFormat(YAML::Block);
-                out << object_to_yaml(ret.events);
-
-                std::cout << "Events:\n" << ss.str() << "\n\n";
+            if (input["ephemeral"].IsDefined()) {
+                ephemeral = input["ephemeral"].as<ddwaf_object>();
+            } else {
+                ddwaf_object_map(&ephemeral);
             }
+        }
 
-            if (code == DDWAF_MATCH && ddwaf_object_size(&ret.actions) > 0) {
-                std::stringstream ss;
-                YAML::Emitter out(ss);
-                out.SetIndent(2);
-                out.SetMapFormat(YAML::Block);
-                out.SetSeqFormat(YAML::Block);
-                out << object_to_yaml(ret.actions);
+        ddwaf_result ret;
+        auto code =
+            ddwaf_run(context, &persistent, &ephemeral, &ret, std::numeric_limits<uint64_t>::max());
+        if (code == DDWAF_MATCH && ddwaf_object_size(&ret.events) > 0) {
+            std::stringstream ss;
+            YAML::Emitter out(ss);
+            out.SetIndent(2);
+            out.SetMapFormat(YAML::Block);
+            out.SetSeqFormat(YAML::Block);
+            out << object_to_yaml(ret.events);
+
+            std::cout << "Events:\n" << ss.str() << "\n\n";
+        }
 
-                std::cout << "Actions:\n" << ss.str() << "\n\n";
-            }
+        if (code == DDWAF_MATCH && ddwaf_object_size(&ret.actions) > 0) {
+            std::stringstream ss;
+            YAML::Emitter out(ss);
+            out.SetIndent(2);
+            out.SetMapFormat(YAML::Block);
+            out.SetSeqFormat(YAML::Block);
+            out << object_to_yaml(ret.actions);
 
-            if (ddwaf_object_size(&ret.derivatives) > 0) {
-                std::stringstream ss;
-                YAML::Emitter out(ss);
-                out.SetIndent(2);
-                out.SetMapFormat(YAML::Block);
-                out.SetSeqFormat(YAML::Block);
-                out << object_to_yaml(ret.derivatives);
+            std::cout << "Actions:\n" << ss.str() << "\n\n";
+        }
 
-                std::cout << "Derivatives:\n" << ss.str() << "\n\n";
-            }
+        if (ddwaf_object_size(&ret.derivatives) > 0) {
+            std::stringstream ss;
+            YAML::Emitter out(ss);
+            out.SetIndent(2);
+            out.SetMapFormat(YAML::Block);
+            out.SetSeqFormat(YAML::Block);
+            out << object_to_yaml(ret.derivatives);
 
-            std::cout << "Total time: " << ret.total_runtime << '\n';
-            ddwaf_result_free(&ret);
+            std::cout << "Derivatives:\n" << ss.str() << "\n\n";
         }
 
-        ddwaf_context_destroy(context);
+        std::cout << "Total time: " << ret.total_runtime << '\n';
+        ddwaf_result_free(&ret);
     }
 
+    ddwaf_context_destroy(context);
+
     ddwaf_destroy(handle);
 
     return EXIT_SUCCESS;