Crate libddwaf

Crate libddwaf 

Source
Expand description

Rust bindings for the libddwaf library.

§Basic Use

The following high-level steps are typically used:

  1. Create a new Builder
  2. Add new configurations to it using Builder::add_or_update_config
    • Rulesets are often parsed from JSON documents using serde_json, via the serde feature.
  3. Call Builder::build to obtain a new Handle
  4. For any service request:
    1. Call Handle::new_context to obtain a new Context
    2. Call Context::run as appropriate with the necessary address data
use libddwaf::{
    object::*,
    waf_array,
    waf_map,
    Builder,
    Config,
    RunResult,
};

let mut builder = Builder::new(&Config::default())
    .expect("Failed to build WAF instance");
let rule_set = waf_map!{
    /* Typically obtained by parsing a rules file using the serde feature */
    ("rules", waf_array!{ waf_map!{
        ("id", "1"),
        ("name", "rule 1"),
        ("tags", waf_map!{ ("type", "flow1"), ("category", "test") }),
        ("conditions", waf_array!{ waf_map!{
            ("operator", "match_regex"),
            ("parameters", waf_map!{
                ("regex", ".*"),
                ("inputs", waf_array!{ waf_map!{ ("address", "arg1" )} }),
            }),
        } }),
        ("on_match", waf_array!{ "block" })
    } }),
};
let mut diagnostics = WafOwned::<WafMap>::default();
if !builder.add_or_update_config("config/file/logical/path", &rule_set, Some(&mut diagnostics)) {
    panic!("Failed to add or update config!");
}
let waf = builder.build().expect("Failed to build WAF instance");

// For each new request to be monitored...
let mut waf_ctx = waf.new_context();
let data = waf_map!{
    ("arg1", "value1"),
};
match waf_ctx.run(Some(data), None, std::time::Duration::from_millis(1)) {
    // Deal with the result as appropriate...
    Ok(RunResult::Match(res)) => {
        assert!(!res.timeout());
        assert!(res.keep());
        assert!(res.duration() >= std::time::Duration::default());
        assert_eq!(res.events().expect("Expected events").len(), 1);
        assert_eq!(res.actions().expect("Expected actions").len(), 1);
        assert_eq!(res.attributes().expect("Expected attributes").len(), 0);
    },
    Err(e) => panic!("Error while running the in-app WAF: {e}"),
    _ => panic!("Unexpected result"),
}

Modules§

log
Access to the in-app WAF’s logging facility.
object
Data model for exchanging data with the in-app WAF.
serde
Implementations of serde::Deserialize for object::WafObject and object::WafMap.

Macros§

waf_array
Helper macro to create WafArrays.
waf_map
Helper macro to create WafMaps.
waf_object
Helper macro to create WafObjects.

Structs§

Builder
A builder for Handles.
Config
The configuration for a new Builder.
Context
A WAF Context that can be used to evaluate the configured ruleset against address data.
Handle
A fully configured WAF instance.
Obfuscator
Obfuscation configuration for the WAF.
RunOutput
The data produced by a Context::run operation.

Enums§

RunError
The error that can occur during a Context::run operation.
RunResult
The result of the Context::run operation.

Constants§

OBFUSCATOR_DEFAULT_KEY_REGEX
The regular expression used by Obfuscator::default to determine which key data to obfuscate.
OBFUSCATOR_DEFAULT_VAL_REGEX
The regular expression used by Obfuscator::default to determine which value data to obfuscate.

Functions§

get_version
Returns the version of the underlying libddwaf library.

Type Aliases§

Limits
The limits attached to a Config.