libddwaf update 1.24.1 #159

sezen-datadog · 2025-02-24T09:53:15Z

This commit provides the new WafBuilder class for libddwaf configuration manipulations. This new class holds a pointer to the c object ddwaf_builder and the operations are handled in waf_jni.c via the new binding of NativeWafhandle (ddwaf_handle)

RuleSetInfo is also modified with the new field, error and updated to contain all possible fields

Waf.run is eliminated as it is deprecated for a while now

src/main/c/powerwaf_jni.c

src/main/java/com/datadog/ddwaf/exception/AbstractWafException.java

codecov-commenter · 2025-03-18T12:47:06Z

Codecov Report

Attention: Patch coverage is 76.71233% with 68 lines in your changes missing coverage. Please review.

Project coverage is 55.96%. Comparing base (47c2db6) to head (7642f64).
Report is 57 commits behind head on master.

Files with missing lines	Patch %	Lines
src/main/c/waf_jni.c	64.94%	21 Missing and 13 partials ⚠️
src/main/c/output.c	52.94%	8 Missing and 8 partials ⚠️
...rc/main/java/com/datadog/ddwaf/WafDiagnostics.java	88.46%	5 Missing and 7 partials ⚠️
src/main/java/com/datadog/ddwaf/WafBuilder.java	89.28%	1 Missing and 2 partials ⚠️
src/main/java/com/datadog/ddwaf/WafHandle.java	83.33%	1 Missing and 2 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #159      +/-   ##
============================================
- Coverage     58.55%   55.96%   -2.60%     
- Complexity      134      167      +33     
============================================
  Files            34       34              
  Lines          3458     3479      +21     
  Branches        780      782       +2     
============================================
- Hits           2025     1947      -78     
- Misses          900      993      +93     
- Partials        533      539       +6

Flag	Coverage Δ
helper	`55.96% <76.71%> (-2.60%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

src/main/c/waf_jni.c

Copilot

Pull Request Overview

This PR updates libddwaf to version 1.24.1 by introducing a new WafBuilder class for managing configuration, updating exception handling by replacing RuleSetInfo with WafDiagnostics, and removing the deprecated Waf.run method. It also updates various JNI bindings, logging, and benchmark usage to reflect these changes.

Introduces WafBuilder with new native bindings and config update methods.
Updates exception handling and configuration (regex visibility) while removing legacy classes.
Adjusts JNI and benchmark usage and updates version numbers in build workflow.

Reviewed Changes

Copilot reviewed 35 out of 38 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/main/java/com/datadog/ddwaf/exception/InvalidRuleSetException.java	Updated exception to use WafDiagnostics instead of RuleSetInfo.
src/main/java/com/datadog/ddwaf/WafMetrics.java	Changed constructor visibility from package-private to public.
src/main/java/com/datadog/ddwaf/WafHandle.java	Revised handle creation, native handle management, and closing logic.
src/main/java/com/datadog/ddwaf/WafConfig.java	Made DEFAULT_KEY_REGEX and DEFAULT_VALUE_REGEX public for external access.
src/main/java/com/datadog/ddwaf/WafBuilder.java	Introduced new builder to add/update configurations and build a new WafHandle.
src/main/java/com/datadog/ddwaf/Waf.java	Updated library version and removed deprecated methods.
Removed Files	Removed RuleSetInfo.java and NativeWafHandle.java as part of the update.
src/main/c/*.c & JNI headers	Updated native signatures and JNI bindings to match Java changes.
src/jmh/java/com/datadog/ddwaf/WafHandleRunRulesBenchmark.java	Updated benchmark to use the new WafContext run method.
.github/workflows/actions.yml	Updated build configuration with the new libddwafVersion.

Files not reviewed (3)

libddwaf: Language not supported
src/test/groovy/com/datadog/ddwaf/BadRuleTests.groovy: Language not supported
src/test/groovy/com/datadog/ddwaf/BasicTests.groovy: Language not supported

Comments suppressed due to low confidence (4)

src/main/java/com/datadog/ddwaf/exception/InvalidRuleSetException.java:16

Ensure all callers of InvalidRuleSetException are updated to use the new WafDiagnostics-based constructors, and update the related documentation to explain the change in error reporting.

public InvalidRuleSetException(WafDiagnostics wafDiagnostics, String message) {

src/main/java/com/datadog/ddwaf/WafMetrics.java:21

The constructor visibility has been changed to public; please confirm that this change exposes only intended behaviors and is adequately covered by tests.

public WafMetrics() {

src/main/java/com/datadog/ddwaf/WafConfig.java:12

Changing the regex constants to public exposes internal patterns; please verify that this design decision aligns with the intended public API and that any security considerations are addressed.

public final static String DEFAULT_KEY_REGEX =

.github/workflows/actions.yml:14

Ensure that the updated libddwafVersion in the build configuration is consistent with all other version settings across the project to avoid potential build discrepancies.

libddwafVersion: 1.24.1

src/main/java/com/datadog/ddwaf/WafHandle.java

src/main/java/com/datadog/ddwaf/WafBuilder.java

src/main/c/waf_jni.c

datadog-datadog-prod-us1 · 2025-05-13T08:29:32Z

Datadog Summary

✅ Code Quality ✅ Code Security ✅ Dependencies

Was this helpful? Give us feedback!

src/main/c/waf_jni.c

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch from 12afcd8 to 64c099e Compare February 24, 2025 10:00

manuel-alvarez-alvarez reviewed Feb 24, 2025

View reviewed changes

src/main/c/powerwaf_jni.c Outdated Show resolved Hide resolved

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch 4 times, most recently from 6a83170 to 007bd4d Compare March 3, 2025 10:22

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch 5 times, most recently from 6709b88 to 4279333 Compare March 10, 2025 09:12

datadog-datadog-prod-us1 bot reviewed Mar 10, 2025

View reviewed changes

src/main/java/com/datadog/ddwaf/exception/AbstractWafException.java Show resolved Hide resolved

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch 5 times, most recently from 162b628 to 430f81c Compare March 17, 2025 10:58

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch from 815d2d6 to fe106a4 Compare March 17, 2025 13:59

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch 2 times, most recently from f682a5e to 0599dce Compare March 28, 2025 15:43

sezen-datadog marked this pull request as ready for review April 1, 2025 13:26

sezen-datadog requested a review from a team as a code owner April 1, 2025 13:27

sezen-datadog requested review from jandro996 and smola April 1, 2025 13:27

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch 2 times, most recently from a9fc49c to d512f46 Compare April 2, 2025 15:34

sezen-datadog marked this pull request as draft April 2, 2025 15:43

sezen-datadog force-pushed the sezen.leblay/APPSEC-55502-libddwaf-update-1.23.0 branch from 80f403e to b2512f4 Compare April 3, 2025 08:29

sezen-datadog marked this pull request as ready for review April 3, 2025 09:12