Skip to main content

ddwaf_context_eval

libddwaf_sys

Function ddwaf_context_eval 

Source 
pub unsafe extern "C" fn ddwaf_context_eval(
    context: ddwaf_context,
    data: *mut ddwaf_object,
    alloc: ddwaf_allocator,
    result: *mut ddwaf_object,
    timeout: u64,
) -> DDWAF_RET_CODE
Expand description

Perform a matching operation on the provided data

@param context WAF context to be used in this run, this will determine the ruleset which will be used and it will also ensure that parameters are taken into account across runs (nonnull)

@param data (nonnull) Data on which to perform the pattern matching. This data will be stored by the context and used across multiple calls to this function or ddwaf_subcontext_eval. Once the context is destroyed, the user defined allocator will be used to free the data provided. Note that the data passed must be valid until the destruction of the context. The object must be a map of {string, } in which each key represents the relevant address associated to the value, which can be of an arbitrary type.

@param alloc (nullable) Allocator used to free the data provided. If NULL, the data will not be freed.

@param result (nullable) Object map containing the following items: - events: an array of the generated events. - actions: a map of the generated actions in the format: “{action type: { }, …}” - duration: an unsigned specifying the total runtime of the call in nanoseconds. - timeout: whether there has been a timeout during the call. - attributes: a map containing all derived objects in the format: {tag, value} - keep: whether the data contained herein must override any transport sampling through the relevant mechanism. This structure must be freed by the caller using the output allocator provided through ddwaf_context_init. The object will contain all specified keys when the value returned by ddwaf_context_eval is either DDWAF_OK or DDWAF_MATCH and will be empty otherwise. IMPORTANT: This object is not allocated with the allocator passed in this call. It uses the allocator given to ddwaf_context_init instead. @param timeout Maximum time budget in microseconds.

@return Return code of the operation. @retval DDWAF_ERR_INVALID_ARGUMENT The context is invalid, the data will not be freed. @retval DDWAF_ERR_INVALID_OBJECT The data provided didn’t match the desired structure or contained invalid objects, the data will be freed by this function. @retval DDWAF_ERR_INTERNAL There was an unexpected error and the operation did not succeed. The state of the WAF is undefined if this error is produced and the ownership of the data is unknown. The result structure will not be filled if this error occurs.

Notes on addresses:

  • Within a single run, addresses provided should be unique. If duplicate addresses are provided:
    • Within the same batch, the latest one in the structure will be the one used for evaluation.
    • Within two different batches, the second batch will only use the new data.