bindings

package
v4.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxStringLength   = 4096
	MaxContainerDepth = 20
	MaxContainerSize  = 256
)

Variables

This section is empty.

Functions

func Load added in v4.5.0 

func Load() (bool, error)

Load loads libddwaf's dynamic library. The dynamic library is opened only once by the first call to this function and internally stored globally. No function is currently provided in this API to unload it.

This function is automatically called by [NewBuilder], and most users need not explicitly call it. It is however useful in order to explicitly check for the status of the Lib library's initialization.

The function returns true when libddwaf was successfully loaded, along with an error value. An error might still be returned even though the Lib load was successful: in such cases the error is indicative that some non-critical features are not available; but the Lib may still be used.

func Usable added in v4.5.0 

func Usable() (bool, error)

Usable returns true if the Lib is usable, false and an error otherwise.

If the Lib is usable, an error value may still be returned and should be treated as a warning (it is non-blocking).

The following conditions are checked:

  • The Lib library has been loaded successfully (you need to call Load first for this case to be taken into account)
  • The Lib library has not been manually disabled with the `datadog.no_waf` go build tag
  • The Lib library is not in an unsupported OS/Arch
  • The Lib library is not in an unsupported Go version

func Version added in v4.5.0 

func Version() string

Version returns the version returned by libddwaf. It relies on the dynamic loading of the library, which can fail and return an empty string or the previously loaded version, if any.

Types

type WAFBuilder 

type WAFBuilder uintptr

WAFBuilder is a forward declaration in ddwaf.h header We basically don't need to modify it, only to give it to the waf

type WAFConfig 

type WAFConfig struct {
	Limits     WAFConfigLimits
	Obfuscator WAFConfigObfuscator
	FreeFn     uintptr
	// contains filtered or unexported fields
}

type WAFConfigLimits 

type WAFConfigLimits struct {
	MaxContainerSize  uint32
	MaxContainerDepth uint32
	MaxStringLength   uint32
	// contains filtered or unexported fields
}

type WAFConfigObfuscator 

type WAFConfigObfuscator struct {
	KeyRegex   uintptr // char *
	ValueRegex uintptr // char *
	// contains filtered or unexported fields
}

type WAFContext 

type WAFContext uintptr

WAFContext is a forward declaration in ddwaf.h header We basically don't need to modify it, only to give it to the waf

type WAFHandle 

type WAFHandle uintptr

WAFHandle is a forward declaration in ddwaf.h header We basically don't need to modify it, only to give it to the waf

type WAFLib 

type WAFLib struct {
	// contains filtered or unexported fields
}

WAFLib is the type wrapper for all C calls to the waf It uses `libwaf` to make C calls All calls must go through this one-liner to be type safe since purego calls are not type safe 

var (
	// Lib is libddwaf's dynamic library handle and entrypoints. This is only safe to
	// read after calling [Load] or having acquired [gMu].
	Lib *WAFLib
)

Globally dlopen() libddwaf only once because several dlopens (eg. in tests) aren't supported by macOS.

func (*WAFLib) BuilderAddOrUpdateConfig 

func (waf *WAFLib) BuilderAddOrUpdateConfig(builder WAFBuilder, path string, config *WAFObject, diags *WAFObject) bool

BuilderAddOrUpdateConfig adds or updates a configuration based on the given path, which must be a unique identifier for the provided configuration. Returns false in case of an error.

func (*WAFLib) BuilderBuildInstance 

func (waf *WAFLib) BuilderBuildInstance(builder WAFBuilder) WAFHandle

BuilderBuildInstance builds a WAF instance based on the current set of configurations. Returns nil in case of an error.

func (*WAFLib) BuilderDestroy 

func (waf *WAFLib) BuilderDestroy(builder WAFBuilder)

BuilderDestroy destroys a WAF builder instance.

func (*WAFLib) BuilderGetConfigPaths 

func (waf *WAFLib) BuilderGetConfigPaths(builder WAFBuilder, filter string) []string

BuilderGetConfigPaths returns the list of currently loaded paths. Returns nil in case of an error.

func (*WAFLib) BuilderInit 

func (waf *WAFLib) BuilderInit(cfg *WAFConfig) WAFBuilder

BuilderInit initializes a new WAF builder with the provided configuration, which may be nil. Returns nil in case of an error.

func (*WAFLib) BuilderRemoveConfig 

func (waf *WAFLib) BuilderRemoveConfig(builder WAFBuilder, path string) bool

BuilderRemoveConfig removes a configuration based on the provided path. Returns false in case of an error.

func (*WAFLib) Close 

func (waf *WAFLib) Close() error

func (*WAFLib) ContextDestroy 

func (waf *WAFLib) ContextDestroy(context WAFContext)

func (*WAFLib) ContextInit 

func (waf *WAFLib) ContextInit(handle WAFHandle) WAFContext

func (*WAFLib) Destroy 

func (waf *WAFLib) Destroy(handle WAFHandle)

Destroy destroys a WAF instance.

func (*WAFLib) GetVersion 

func (waf *WAFLib) GetVersion() string

GetVersion returned string is a static string so we do not need to free it

func (*WAFLib) Handle 

func (waf *WAFLib) Handle() uintptr

func (*WAFLib) KnownActions 

func (waf *WAFLib) KnownActions(handle WAFHandle) []string

func (*WAFLib) KnownAddresses 

func (waf *WAFLib) KnownAddresses(handle WAFHandle) []string

func (*WAFLib) ObjectFree 

func (waf *WAFLib) ObjectFree(obj *WAFObject)

func (*WAFLib) ObjectFromJSON added in v4.5.0 

func (waf *WAFLib) ObjectFromJSON(json []byte) (WAFObject, bool)

func (*WAFLib) Run 

func (waf *WAFLib) Run(context WAFContext, persistentData, ephemeralData *WAFObject, result *WAFObject, timeout uint64) WAFReturnCode

func (*WAFLib) SetLogCb 

func (waf *WAFLib) SetLogCb(cb uintptr, level log.Level)

SetLogCb sets the log callback function for the WAF.

type WAFObject 

type WAFObject struct {
	ParameterName       uintptr
	ParameterNameLength uint64
	Value               uintptr
	NbEntries           uint64
	Type                WAFObjectType
	// contains filtered or unexported fields
}

func (*WAFObject) AnyValue added in v4.2.0 

func (w *WAFObject) AnyValue() (any, error)

func (*WAFObject) ArrayValue added in v4.2.0 

func (w *WAFObject) ArrayValue() ([]any, error)

func (*WAFObject) BoolValue added in v4.2.0 

func (w *WAFObject) BoolValue() (bool, error)

func (*WAFObject) FloatValue added in v4.2.0 

func (w *WAFObject) FloatValue() (float64, error)

func (*WAFObject) IntValue added in v4.2.0 

func (w *WAFObject) IntValue() (int64, error)

func (*WAFObject) IsArray 

func (w *WAFObject) IsArray() bool

IsArray determines whether this WAF Object is an array or not.

func (*WAFObject) IsBool added in v4.1.0 

func (w *WAFObject) IsBool() bool

IsBool determines whether this WAF Object is a bool or not.

func (*WAFObject) IsFloat added in v4.1.0 

func (w *WAFObject) IsFloat() bool

IsFloat determines whether this WAF Object is a float or not.

func (*WAFObject) IsInt added in v4.1.0 

func (w *WAFObject) IsInt() bool

IsInt determines whether this WAF Object is a iny or not.

func (*WAFObject) IsInvalid 

func (w *WAFObject) IsInvalid() bool

IsInvalid determines whether this WAF Object has the invalid type (which is the 0-value).

func (*WAFObject) IsMap 

func (w *WAFObject) IsMap() bool

IsMap determines whether this WAF Object is a map or not.

func (*WAFObject) IsNil 

func (w *WAFObject) IsNil() bool

IsNil determines whether this WAF Object is nil or not.

func (*WAFObject) IsString added in v4.2.0 

func (w *WAFObject) IsString() bool

IsString determines whether this WAF Object is a string or not.

func (*WAFObject) IsUint added in v4.1.0 

func (w *WAFObject) IsUint() bool

IsUint determines whether this WAF Object is a uint or not.

func (*WAFObject) IsUnusable 

func (w *WAFObject) IsUnusable() bool

IsUnusable returns true if the wafObject has no impact on the WAF execution But we still need this kind of objects to forward map keys in case the value of the map is invalid

func (*WAFObject) MapKey added in v4.2.0 

func (w *WAFObject) MapKey() string

func (*WAFObject) MapValue added in v4.2.0 

func (w *WAFObject) MapValue() (map[string]any, error)

func (*WAFObject) SetArray 

func (w *WAFObject) SetArray(pinner pin.Pinner, capacity uint64) []WAFObject

SetArray sets the receiving WAFObject to a new array with the given capacity.

func (*WAFObject) SetArrayData added in v4.2.0 

func (w *WAFObject) SetArrayData(pinner pin.Pinner, data []WAFObject)

SetArrayData sets the receiving WAFObject to the provided array items.

func (*WAFObject) SetBool added in v4.1.0 

func (w *WAFObject) SetBool(b bool)

SetBool sets the receiving WAFObject value to the given bool.

func (*WAFObject) SetFloat added in v4.1.0 

func (w *WAFObject) SetFloat(f float64)

SetFloat sets the receiving WAFObject value to the given float.

func (*WAFObject) SetInt added in v4.1.0 

func (w *WAFObject) SetInt(i int64)

SetInt sets the receiving WAFObject value to the given int.

func (*WAFObject) SetInvalid added in v4.1.0 

func (w *WAFObject) SetInvalid()

SetInvalid sets the receiving WAFObject to invalid.

func (*WAFObject) SetMap 

func (w *WAFObject) SetMap(pinner pin.Pinner, capacity uint64) []WAFObject

SetMap sets the receiving WAFObject to a new map with the given capacity.

func (*WAFObject) SetMapData added in v4.2.0 

func (w *WAFObject) SetMapData(pinner pin.Pinner, data []WAFObject)

SetMapData sets the receiving WAFObject to the provided map items.

func (*WAFObject) SetMapKey 

func (w *WAFObject) SetMapKey(pinner pin.Pinner, key string)

SetMapKey sets the receiving WAFObject to a new map key with the given string.

func (*WAFObject) SetNil added in v4.1.0 

func (w *WAFObject) SetNil()

SetNil sets the receiving WAFObject to nil.

func (*WAFObject) SetString 

func (w *WAFObject) SetString(pinner pin.Pinner, str string)

SetString sets the receiving WAFObject value to the given string.

func (*WAFObject) SetUint added in v4.1.0 

func (w *WAFObject) SetUint(i uint64)

SetUint sets the receiving WAFObject value to the given uint.

func (*WAFObject) StringValue added in v4.2.0 

func (w *WAFObject) StringValue() (string, error)

func (*WAFObject) UIntValue added in v4.2.0 

func (w *WAFObject) UIntValue() (uint64, error)

func (*WAFObject) Values added in v4.2.0 

func (w *WAFObject) Values() ([]WAFObject, error)

type WAFObjectType 

type WAFObjectType uint32

WAFObjectType is an enum in C which has the size of DWORD. But DWORD is 4 bytes in amd64 and arm64 so uint32 it is. 

const (
	WAFIntType WAFObjectType = 1 << iota
	WAFUintType
	WAFStringType
	WAFArrayType
	WAFMapType
	WAFBoolType
	WAFFloatType
	WAFNilType
)
const WAFInvalidType WAFObjectType = 0

func (WAFObjectType) String 

func (w WAFObjectType) String() string

type WAFResult 

type WAFResult struct {
	Timeout      byte
	Events       WAFObject
	Actions      WAFObject
	Derivatives  WAFObject
	TotalRuntime uint64
	// contains filtered or unexported fields
}

type WAFReturnCode 

type WAFReturnCode int32
const (
	WAFErrInternal WAFReturnCode = iota - 3
	WAFErrInvalidObject
	WAFErrInvalidArgument
	WAFOK
	WAFMatch
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.