Skip to main content

Crate libddwaf

Crate libddwaf 

Source
Expand description

Rust bindings for the libddwaf library.

§Basic Use

The following high-level steps are typically used:

  1. Create a new Builder
  2. Add new configurations to it using Builder::add_or_update_config
    • Rulesets are often parsed from JSON documents using serde_json, via the serde feature.
  3. Call Builder::build to obtain a new Handle
  4. For any service request:
    1. Call Handle::new_context to obtain a new Context
    2. Call Context::run as appropriate with the necessary address data
use libddwaf::{
    object::*,
    waf_array,
    waf_map,
    Builder,
    Config,
    RunnableContext,
    RunResult,
};

let mut builder = Builder::new(Some(&Config::default()))
    .expect("Failed to build WAF instance");
let rule_set = waf_map!{
    /* Typically obtained by parsing a rules file using the serde feature */
    ("rules", waf_array!{ waf_map!{
        ("id", "1"),
        ("name", "rule 1"),
        ("tags", waf_map!{ ("type", "flow1"), ("category", "test") }),
        ("conditions", waf_array!{ waf_map!{
            ("operator", "match_regex"),
            ("parameters", waf_map!{
                ("regex", ".*"),
                ("inputs", waf_array!{ waf_map!{ ("address", "arg1" )} }),
            }),
        } }),
        ("on_match", waf_array!{ "block" })
    } }),
};
let mut diagnostics = WafOwnedDefaultAllocator::<WafMap>::default();
if !builder.add_or_update_config("config/file/logical/path", &rule_set, Some(&mut diagnostics)) {
    panic!("Failed to add or update config!");
}
let waf = builder.build().expect("Failed to build WAF instance");

// For each new request to be monitored...
let mut waf_ctx = waf.new_context();
let data = waf_map!{
    ("arg1", "value1"),
};
match waf_ctx.run(data, std::time::Duration::from_millis(1)) {
    // Deal with the result as appropriate...
    Ok(RunResult::Match(res)) => {
        assert!(!res.timeout());
        assert!(res.keep());
        assert!(res.duration() >= std::time::Duration::default());
        assert_eq!(res.events().expect("Expected events").len(), 1);
        assert_eq!(res.actions().expect("Expected actions").len(), 1);
        assert_eq!(res.attributes().expect("Expected attributes").len(), 0);
    },
    Err(e) => panic!("Error while running the in-app WAF: {e}"),
    _ => panic!("Unexpected result"),
}

Modules§

log
Access to the in-app WAF’s logging facility.
object
Data model for exchanging data with the in-app WAF.
serde
Implementations of serde::Deserialize for object::WafObject and object::WafMap.

Macros§

waf_array
Helper macro to create WafArrays.
waf_map
Helper macro to create WafMaps.
waf_object
Helper macro to create WafObjects.

Structs§

Builder
A builder for Handles.
Config
The configuration for a new Builder.
Context
A WAF Context that can be used to evaluate the configured ruleset against address data.
Handle
A fully configured WAF instance.
InternalError
An unexpected internal error in the WAF from functions other than RunnableContext::run.
Obfuscator
Obfuscation configuration for the WAF.
RunOutput
The data produced by a Context::run operation.
Subcontext
Subcontexts are type of Context that inherit the data from their parents, but evaluations do not affect the parent’s data.

Enums§

RunError
The error that can occur during a RunnableContext::run operation.
RunResult
The result of the RunnableContext::run operation.

Traits§

RunnableContext
Common waf evaluation interface for Context and Subcontext.

Functions§

version
Returns the version of the underlying libddwaf library.