Skip to content

Commit

Permalink
appsec: fix libddwaf stripping on macOS (#1481)
Browse files Browse the repository at this point in the history
Co-authored-by: François Mazeau <[email protected]>
  • Loading branch information
Julio-Guerra and François Mazeau committed Sep 26, 2022
1 parent f0f2c2c commit d6656d1
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 10 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/appsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
- cron: "0 0 * * *"
pull_request: # on pull requests touching appsec files
paths:
- '.github/workflows/appsec.yml'
- 'internal/appsec/**'
- 'appsec/**'
- 'contrib/**/appsec.go'
Expand All @@ -17,7 +18,7 @@ jobs:
native:
strategy:
matrix:
runs-on: [ macos-latest, ubuntu-latest, windows-latest ]
runs-on: [ macos-12, macos-11, macos-10.15, ubuntu-22.04, ubuntu-20.04, ubuntu-18.04, windows-latest ]
go-version: [ 1.19, 1.18, 1.17 ]
cgo_enabled: # test it compiles with and without cgo
- 0
Expand Down
7 changes: 0 additions & 7 deletions internal/appsec/_tools/libddwaf-updater/update.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,6 @@ run_binutils() {
docker run -it --rm -v $bindings_dir:$bindings_dir -v $tmpdir:$tmpdir -w $PWD ghcr.io/datadog/binutils-gdb:2.37 $@
}

run_strip() {
run_binutils $1-strip --strip-dwo --strip-unneeded --strip-debug $2
}

#
# darwin/amd64
#
Expand All @@ -47,7 +43,6 @@ echo Updating libddwaf for darwin/amd64
curl -L https://github.com/DataDog/libddwaf/releases/download/$version/libddwaf-$version-darwin-x86_64.tar.gz | tar -xz -C$tmpdir
echo Copying the darwin/amd64 library
cp -v $tmpdir/libddwaf-$version-darwin-x86_64/lib/libddwaf.a $bindings_dir/lib/darwin-amd64
run_strip x86_64-apple-darwin $bindings_dir/lib/darwin-amd64/libddwaf.a

#
# linux/amd64
Expand All @@ -72,8 +67,6 @@ run_binutils x86_64-linux-gnu-ld \
--require-defined=ddwaf_context_destroy \
--require-defined=ddwaf_required_addresses \
$tmpdir/libddwaf-$version-linux-x86_64/lib/libddwaf.a $libcxx_dir/libc++.a $libcxx_dir/libc++abi.a $libcxx_dir/libunwind.a
# 4. Strip
run_strip x86_64-linux-gnu $bindings_dir/lib/linux-amd64/libddwaf.a

#
# ddwaf.h
Expand Down
17 changes: 15 additions & 2 deletions internal/appsec/waf/include/ddwaf.h
Original file line number Diff line number Diff line change
Expand Up @@ -263,10 +263,23 @@ void ddwaf_ruleset_info_free(ddwaf_ruleset_info *info);
*
* @param Handle to the WAF instance.
* @param size Output parameter in which the size will be returned. The value of
* size will be 0 if the return value is nullptr.
* @return NULL if error, otherwise a pointer to an array with size elements.
* size will be 0 if the return value is NULL.
* @return NULL if empty, otherwise a pointer to an array with size elements.
**/
const char* const* ddwaf_required_addresses(const ddwaf_handle handle, uint32_t *size);
/**
* ddwaf_required_rule_data_ids
*
* Get a list of required rule data IDs (if any). The memory is owned by the
* WAF and should not be freed.
*
* @param Handle to the WAF instance.
* @param size Output parameter in which the size will be returned. The value of
* size will be 0 if the return value is NULL.
* @return NULL if empty, otherwise a pointer to an array with size elements.
**/
const char* const* ddwaf_required_rule_data_ids(const ddwaf_handle handle, uint32_t *size);

/**
* ddwaf_context_init
*
Expand Down
Binary file modified internal/appsec/waf/lib/darwin-amd64/libddwaf.a
Binary file not shown.
Binary file modified internal/appsec/waf/lib/linux-amd64/libddwaf.a
Binary file not shown.

0 comments on commit d6656d1

Please sign in to comment.