Skip to content

chore(asm): libddwaf update 1.25.0 #13496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
christophe-papazian merged 2 commits into from
May 26, 2025
Merged

chore(asm): libddwaf update 1.25.0 #13496

christophe-papazian merged 2 commits into from
May 26, 2025

Conversation

@christophe-papazian
Copy link
Contributor

@christophe-papazian christophe-papazian commented May 23, 2025
edited
Loading

Update libddwaf to 1.25.0

  • add keep parameter to DDwaf_result (unused at the moment)
  • drop ddwaf_result in C interface and replace it with ddwaf_object

APPSEC-57776

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@christophe-papazian christophe-papazian added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels May 23, 2025
@github-actions
Copy link
Contributor

github-actions bot commented May 23, 2025

CODEOWNERS have been resolved as:

ddtrace/appsec/_ddwaf/ddwaf_types.py                                    @DataDog/asm-python
ddtrace/appsec/_ddwaf/waf.py                                            @DataDog/asm-python
ddtrace/appsec/_utils.py                                                @DataDog/asm-python
setup.py                                                                @DataDog/python-guild
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_body_no_collection_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_cookies_no_collection_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot_with_errors.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled_attack.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403_json.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_nomatch_200.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env].json  @DataDog/asm-python
tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env]_220.json  @DataDog/asm-python

@github-actions
Copy link
Contributor

github-actions bot commented May 23, 2025
edited
Loading

Bootstrap import analysis

Comparison of import times between this PR and base.

Summary

The average import time from this PR is: 230 ± 1 ms.

The average import time from base is: 232 ± 2 ms.

The import time difference between this PR and base is: -2.1 ± 0.06 ms.

Import time breakdown

The following import paths have shrunk:

ddtrace.auto 1.992 ms (0.86%)
ddtrace.bootstrap.sitecustomize 1.289 ms (0.56%)
ddtrace.bootstrap.preload 1.289 ms (0.56%)
ddtrace.internal.remoteconfig.client 0.628 ms (0.27%)
ddtrace 0.703 ms (0.31%)
ddtrace._logger 0.030 ms (0.01%)
logging 0.030 ms (0.01%)
traceback 0.030 ms (0.01%)
contextlib 0.030 ms (0.01%)
ddtrace.internal._unpatched 0.023 ms (0.01%)

@pr-commenter
Copy link

pr-commenter bot commented May 23, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-05-23 15:06:37

Comparing candidate commit a23a948 in PR branch christophe-papazian/libddwaf_update_1.25.0 with baseline commit 5ed2342 in branch main.

Found 0 performance improvements and 2 performance regressions! Performance is the same for 508 metrics, 8 unstable metrics.

scenario:iast_aspects-ljust_aspect

  • 🟥 execution_time [+1.314µs; +1.411µs] or [+10.020%; +10.759%]

scenario:iast_aspects-rstrip_aspect

  • 🟥 execution_time [+1.461µs; +1.573µs] or [+11.295%; +12.158%]

@christophe-papazian christophe-papazian marked this pull request as ready for review May 23, 2025 15:08
@christophe-papazian christophe-papazian requested review from a team as code owners May 23, 2025 15:08
@christophe-papazian christophe-papazian enabled auto-merge (squash) May 23, 2025 15:18
@christophe-papazian christophe-papazian enabled auto-merge (squash) May 23, 2025 15:28
@christophe-papazian christophe-papazian merged commit 83fc1e5 into main May 26, 2025
740 of 741 checks passed
@christophe-papazian christophe-papazian deleted the christophe-papazian/libddwaf_update_1.25.0 branch May 26, 2025 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gnufede gnufede gnufede approved these changes

@florentinl florentinl florentinl approved these changes

@P403n1x87 P403n1x87 Awaiting requested review from P403n1x87 P403n1x87 is a code owner automatically assigned from DataDog/python-guild

Assignees

No one assigned

Labels

ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@christophe-papazian @gnufede @florentinl