DataDog
diff --git a/‎.gitattributes‎
Lines changed: 3 additions & 0 deletions b/‎.gitattributes‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 3 additions & 4 deletions b/‎.github/workflows/test.yml‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 3 deletions b/‎.gitignore‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 120 additions & 0 deletions b/‎README.md‎
Lines changed: 120 additions & 0 deletions
diff --git a/‎_tools/libddwaf-updater/update.sh‎
Lines changed: 6 additions & 0 deletions b/‎_tools/libddwaf-updater/update.sh‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎cgo_ref_pool.go‎
Lines changed: 92 additions & 0 deletions b/‎cgo_ref_pool.go‎
Lines changed: 92 additions & 0 deletions
@@ -0,0 +1,3 @@
+*.dylib -diff
+*.so -diff
+*.a -diff
@@ -41,7 +41,7 @@ jobs:
           # Install gotestsum
           env GOBIN=$PWD go install gotest.tools/gotestsum@latest
           # Run the tests with gotestsum
-          env CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v ./... || true
+          env CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./...
 
   # Same tests but on the official golang container for linux
   golang-linux-container:
@@ -74,7 +74,7 @@ jobs:
           # Install gotestsum
           env GOBIN=$PWD go install gotest.tools/gotestsum@latest
           # Run the tests with gotestsum
-          env CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v ./... || true
+          env CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./...
 
   linux-arm64:
     runs-on: ubuntu-latest
@@ -96,5 +96,4 @@ jobs:
         uses: docker/setup-qemu-action@v2
         with:
           platforms: arm64
-      - run: docker run --platform=linux/arm64 -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v ./...
-      
+      - run: docker run --platform=linux/arm64 -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v -count=10 -shuffle=on ./...
@@ -1,9 +1,6 @@
 # Binaries for programs and plugins
 *.exe
 *.exe~
-*.dll
-*.so
-*.dylib
 
 # Test binary, built with `go test -c`
 *.test
@@ -13,3 +10,6 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+
+.vscode/
+.idea/
@@ -0,0 +1,120 @@
+# go-libddwaf
+
+This project's goal is to produce a higher level API for the go bindings to [libddwaf](https://github.com/DataDog/libddwaf): DataDog in-app WAF.
+It consists of 2 separate entities: the bindings for the calls to libddwaf, and the encoder whose job is to convert _any_ go value to its libddwaf object representation.
+
+An example usage would be:
+
+```go
+import waf "github.com/DataDog/go-libddwaf"
+
+//go:embed
+var ruleset []byte
+
+func main() {
+    var parsedRuleset any
+
+    if err := json.Unmarshal(ruleset, &parsedRuleset); err != nil {
+        return 1
+    }
+
+    wafHandle, err := waf.NewHandle(parsedRuleset, "", "")
+    if err != nil {
+        return 1
+    }
+
+    defer wafHandle.Close()
+
+    wafCtx := wafHandle.NewContext()
+    defer wafCtx.Close()
+
+    matches, actions := wafCtx.Run(map[string]any{
+        "server.request.path_params": "/rfiinc.txt",
+    }, time.Minute)
+}
+```
+
+The API documentation details can be found on [pkg.go.dev](https://pkg.go.dev/github.com/DataDog/go-libddwaf).
+
+Originally this project was only here to provide CGO Wrappers to the calls to libddwaf.
+But with the appearance of `ddwaf_object` tree like structure,
+but also with the intention to build CGO-less bindings, this project size has grown to be a fully integrated brick in the DataDog tracer structure.
+Which in turn made it necessary to document the project, to maintain it in an orderly fashion.
+
+## Design
+
+The WAF bindings have multiple moving parts that are necessary to understand:
+
+- Handle: a object wrapper over the pointer to the C WAF Handle
+- Context: a object wrapper over a pointer to the C WAF Context
+- Encoder: whose goal is to construct a tree of Waf Objects to send to the WAF
+- Allocator: Does all writing and allocation operations for the construction of Waf Objects
+- Decoder: Transforms Waf Objects returned from the WAF to usual go objects (e.g. maps, arrays, ...)
+- Library: The library which wraps all calls to C code
+
+```mermaid
+flowchart LR
+
+    START:::hidden -->|NewHandle| Handle -->|NewContext| Context
+
+    Context -->|Encode Inputs| Encoder
+
+    Handle -->|Encode Ruleset| Encoder
+    Handle -->|Init WAF| Library
+    Context -->|Decode Result| Decoder
+
+    Handle -->|Decode Init Errors| Decoder
+
+    Context -->|Run| Library
+    Context -->|Store Go References| ContextAllocator
+
+    Encoder -->|Allocate Waf Objects| EncoderAllocator
+
+    EncoderAllocator -->|Copy after each encoding| ContextAllocator
+
+    Library -->|Call C code| libddwaf
+
+    classDef hidden display: none;
+```
+
+### Allocator
+
+The cgoRefPool is a pure Go cgoRefPool of `ddwaf_object` C values on the Go memory heap.
+the `cgoRefPool` go type is a way to make sure we can safely send go allocated data to the C side of the WAF
+The main issue is the following: the `wafObject` uses a C union to store the tree structure of the full object,
+union equivalent in go are interfaces and they are not compatible with C unions. The only way to be 100% sure
+that the Go `wafObject` struct has the same layout as the C one is to only use primitive types. So the only way to
+store a raw pointer is to use the `uintptr` type. But since `uintptr` do not have pointer semantics (and are just
+basically integers), we need another structure to store the value as Go pointer because the GC is lurking. That's
+where the `cgoRefPool` object comes into play: all new `wafObject` elements are created via this API whose especially
+built to make sure there is no gap for the Garbage Collector to exploit. From there, since underlying values of the
+`wafObject` are either arrays (for maps, structs and arrays) or string (for all ints, booleans and strings),
+we can store 2 slices of arrays and use `runtime.KeepAlive` in each code path to protect them from the GC.
+
+### Typical call to Run()
+
+Here is an example of the flow of operations on a simple call to Run():
+
+- Encode input data into Waf Objects
+- Lock the context mutex until the end of the call
+- Call `ddwaf_run`
+- Decode the matches and actions
+
+### CGO-less C Bindings
+
+The main component used to build C bindings without using CGO is called [purego](https://github.com/ebitengine/purego). The flow of execution on our side is to embed the C shared library using `go:embed`. Then to dump it into a file, load it using `dlopen` and to load the symbols using `dlsym`. And finally to call them.
+
+⚠️ Keep in mind that **purego only works on linux/darwin for amd64/arm64 and so does go-libddwaf.**
+
+Another requirement of `libddwaf` is to have a FHS filesystem on your machine and, for linux, to provide `libc.so.6`, `libpthread.so.0` and `libm.so.6`, `libdl.so.2` as dynamic libraries.
+
+## Contributing usual pitfalls
+
+- Cannot dlopen twice in the app lifetime on OSX
+- `runtime.KeepAlive()` calls are here to prevent the GC from destroying objects too early
+- Since there is a stack switch between the go code and the C code, usually the only C stacktrace you will ever get is from gdb
+- If a segfault happens during a call to the C code, the goroutine stacktrace which has done the call is the one annotated with `[syscall]`.
+- [GoLand](https://www.jetbrains.com/go/) does not support `CGO_ENABLED=0` (as of June 2023)
+- Keep in mind that we fully escape the type system. If you send the wrong data it will segfaults in the best cases but not always!
+- The structs in `ctypes.go` are here to reproduce the memory layout of the structs in `include/ddwaf.h` because pointer to these structs will be passed directly.
+- Do not use `uintptr` as function arguments or results types, coming from `unsafe.Pointer` casts of Go values, because they escape the pointer analysis which can create wrongly optimized code and crash. Pointer arithmetic is of course necessary in such a library but must be kept in the same function scope.
@@ -52,6 +52,7 @@ echo Updating libddwaf for darwin/arm64
 curl -L https://github.com/DataDog/libddwaf/releases/download/$version/libddwaf-$version-darwin-arm64.tar.gz | tar -xz -C$tmpdir
 echo Copying the darwin/arm64 library
 cp -v $tmpdir/libddwaf-$version-darwin-arm64/lib/libddwaf.a.stripped $bindings_dir/lib/darwin-arm64/libddwaf.a
+cp -v "$tmpdir/libddwaf-$version-darwin-arm64/lib/libddwaf.dylib" "$bindings_dir/lib/darwin-arm64/_libddwaf.dylib"
 
 #
 # darwin/amd64
@@ -61,6 +62,7 @@ echo Updating libddwaf for darwin/amd64yes
 curl -L https://github.com/DataDog/libddwaf/releases/download/$version/libddwaf-$version-darwin-x86_64.tar.gz | tar -xz -C$tmpdir
 echo Copying the darwin/amd64 library
 cp -v $tmpdir/libddwaf-$version-darwin-x86_64/lib/libddwaf.a.stripped $bindings_dir/lib/darwin-amd64/libddwaf.a
+cp -v "$tmpdir/libddwaf-$version-darwin-x86_64/lib/libddwaf.dylib" "$bindings_dir/lib/darwin-amd64/_libddwaf.dylib"
 
 #
 # linux/amd64
@@ -81,6 +83,8 @@ run_binutils x86_64-linux-gnu-ld \
    $tmpdir/libddwaf-$version-linux-x86_64/lib/libddwaf.a $libcxx_dir/libc++.a $libcxx_dir/libc++abi.a $libcxx_dir/libunwind.a
 # 4. Strip
 run_strip x86_64-linux-gnu $bindings_dir/lib/linux-amd64/libddwaf.a
+cp -v "$tmpdir/libddwaf-$version-linux-x86_64/lib/libddwaf.so" "$bindings_dir/lib/linux-amd64/_libddwaf.so"
+run_strip x86_64-linux-gnu "$bindings_dir/lib/linux-amd64/_libddwaf.so"
 
 #
 # linux/arm64
@@ -101,6 +105,8 @@ run_binutils aarch64-linux-gnu-ld \
    $tmpdir/libddwaf-$version-linux-aarch64/lib/libddwaf.a $libcxx_dir/libc++.a $libcxx_dir/libc++abi.a $libcxx_dir/libunwind.a
 # 4. Strip
 run_strip aarch64-linux-gnu $bindings_dir/lib/linux-arm64/libddwaf.a
+cp -v "$tmpdir/libddwaf-$version-linux-aarch64/lib/libddwaf.so" "$bindings_dir/lib/linux-arm64/_libddwaf.so"
+run_strip aarch64-linux-gnu "$bindings_dir/lib/linux-arm64/_libddwaf.so"
 
 #
 # ddwaf.h
 
@@ -0,0 +1,92 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build (linux || darwin) && (amd64 || arm64)
+
+package waf
+
+import (
+	"strconv"
+)
+
+// cgoRefPool is a way to make sure we can safely send go allocated data on the C side of the WAF
+// The main issue is the following: the wafObject uses a C union to store the tree structure of the full object,
+// union equivalent in go are interfaces and they are not compatible with C unions. The only way to be 100% sure
+// that the Go wafObject struct have the same layout as the C one is to only use primitive types. So the only way to
+// store a raw pointer is to use the uintptr type. But since uintptr do not have pointer semantics (and are just
+// basically integers), we need another structure to store the value as Go pointer because the GC is lurking. That's
+// where the cgoRefPool object comes into play: All new wafObject elements are created via this API whose especially
+// built to make sure there is no gap for the Garbage Collector to exploit. From there, since underlying values of the
+// wafObject are either arrays (for maps, structs and arrays) or string (for all ints, booleans and strings),
+// we can store 2 slices of arrays and use runtime.KeepAlive in each code path to protect them from the GC.
+type cgoRefPool struct {
+	stringRefs [][]byte
+	arrayRefs  [][]wafObject
+}
+
+func (refPool *cgoRefPool) append(newRefs cgoRefPool) {
+	refPool.stringRefs = append(refPool.stringRefs, newRefs.stringRefs...)
+	refPool.arrayRefs = append(refPool.arrayRefs, newRefs.arrayRefs...)
+}
+
+func (refPool *cgoRefPool) AllocCString(str string) uintptr {
+	goArray := make([]byte, len(str)+1)
+	copy(goArray, str)
+	refPool.stringRefs = append(refPool.stringRefs, goArray)
+	goArray[len(str)] = 0 // Null termination byte for C strings
+
+	return sliceToUintptr(goArray)
+}
+
+func (refPool *cgoRefPool) AllocWafString(obj *wafObject, str string) {
+	obj._type = wafStringType
+
+	if len(str) == 0 {
+		obj.nbEntries = 0
+		obj.value = 0
+		return
+	}
+
+	goArray := make([]byte, len(str))
+	copy(goArray, str)
+	refPool.stringRefs = append(refPool.stringRefs, goArray)
+
+	obj.value = sliceToUintptr(goArray)
+	obj.nbEntries = uint64(len(goArray))
+}
+
+func (refPool *cgoRefPool) AllocWafArray(obj *wafObject, typ wafObjectType, size uint64) []wafObject {
+	if typ != wafMapType && typ != wafArrayType {
+		panic("Cannot allocate this waf object data type as an array: " + strconv.Itoa(int(typ)))
+	}
+
+	obj._type = typ
+	obj.nbEntries = size
+
+	// If the array size is zero no need to allocate anything
+	if size == 0 {
+		obj.value = 0
+		return nil
+	}
+
+	goArray := make([]wafObject, size)
+	refPool.arrayRefs = append(refPool.arrayRefs, goArray)
+
+	obj.value = sliceToUintptr(goArray)
+	return goArray
+}
+
+func (refPool *cgoRefPool) AllocWafMapKey(obj *wafObject, str string) {
+	if len(str) == 0 {
+		return
+	}
+
+	goArray := make([]byte, len(str))
+	copy(goArray, str)
+	refPool.stringRefs = append(refPool.stringRefs, goArray)
+
+	obj.parameterName = sliceToUintptr(goArray)
+	obj.parameterNameLength = uint64(len(goArray))
+}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+*.dylib -diff`
	`2`	`+*.so -diff`
	`3`	`+*.a -diff`