devel/libddwaf: Add libddwaf 1.8.2

libddwaf is Datadog's implementation of a Web Application Firewall (WAF) engine, with a goal of low performance and memory overhead, and embeddability in a wide variety of language runtimes through a C API.
freebsd · Apr 5, 2023 · bca243c · bca243c
1 parent 6527bbb
commit bca243c
Show file tree

Hide file tree

Showing 9 changed files with 618 additions and 0 deletions.
diff --git a/devel/Makefile b/devel/Makefile
@@ -1183,6 +1183,7 @@
     SUBDIR += libdbusmenu
     SUBDIR += libdbusmenu-qt
     SUBDIR += libddoc
+    SUBDIR += libddwaf
     SUBDIR += libdevq
     SUBDIR += libdfui
     SUBDIR += libdill

diff --git a/devel/libddwaf/Makefile b/devel/libddwaf/Makefile
@@ -0,0 +1,38 @@
+PORTNAME=	libddwaf
+PORTVERSION=	1.8.2
+CATEGORIES=	devel
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Datadog WAF engine
+WWW=		https://github.com/DataDog/libddwaf
+
+LICENSE=	APACHE20 BSD3CLAUSE
+LICENSE_COMB=	dual
+LICENSE_FILE_APACHE20=	${WRKSRC}/LICENSE.Apache
+LICENSE_FILE_BSD3CLAUSE=${WRKSRC}/LICENSE.BSD3
+
+BUILD_DEPENDS=	rapidjson>=1.1.0.524:devel/rapidjson
+LIB_DEPENDS=	libac.so:devel/libac \
+		libbenchmark.so:devel/benchmark \
+		libgtest.so:devel/googletest \
+		libinjection.so:devel/libinjection \
+		libre2.so:devel/re2 \
+		libutf8proc.so:textproc/utf8proc \
+		libyaml-cpp.so:devel/yaml-cpp
+
+USES=		cmake compiler:c++17-lang localbase:ldflags
+
+CMAKE_OFF=	LIBDDWAF_KEEP_SYMBOL_FILE LIBDDWAF_TESTING
+CMAEK_ON=	LIBDDWAF_BUILD_SHARED LIBDDWAF_BUILD_STATIC
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	DataDog
+GH_TUPLE=	DataDog:appsec-event-rules:1.3.2:DataDog_appsec_event_rules/third_party/proj_event_rules \
+		Tencent:rapidjson:22a62fc:Tencent_rapidjson/third_party/rapidjson
+
+post-patch:
+# Clean up bundled libraries
+	@${RM} -r ${WRKSRC}/third_party/libinjection/
+	@${RM} -r ${WRKSRC}/third_party/lua-aho-corasick/
+
+.include <bsd.port.mk>
diff --git a/devel/libddwaf/distinfo b/devel/libddwaf/distinfo
@@ -0,0 +1,7 @@
+TIMESTAMP = 1679498480
+SHA256 (DataDog-libddwaf-1.8.2_GH0.tar.gz) = f8f645088f555fcd3be54447513c64cb863c10324e3294712c6651cc6780412b
+SIZE (DataDog-libddwaf-1.8.2_GH0.tar.gz) = 691348
+SHA256 (DataDog-appsec-event-rules-1.3.2_GH0.tar.gz) = c890c46b5ae19f0a58fdec920dc5616b406ef5bac57ae8b1bffac91f05cf7bfd
+SIZE (DataDog-appsec-event-rules-1.3.2_GH0.tar.gz) = 140353
+SHA256 (Tencent-rapidjson-22a62fc_GH0.tar.gz) = 94068810b413fb5e7334a8bab6e8190b6f56497b660110e212a619793fc2d93f
+SIZE (Tencent-rapidjson-22a62fc_GH0.tar.gz) = 1107453
diff --git a/devel/libddwaf/files/patch-CMakeLists.txt b/devel/libddwaf/files/patch-CMakeLists.txt
@@ -0,0 +1,207 @@
+--- CMakeLists.txt.orig	2023-01-17 18:39:22 UTC
++++ CMakeLists.txt
+@@ -8,23 +8,23 @@ set(CMAKE_PROJECT_VERSION ${version})
+ configure_file(src/version.hpp.in ${CMAKE_CURRENT_SOURCE_DIR}/src/version.hpp)
+
+ set(CMAKE_OSX_DEPLOYMENT_TARGET "10.12" CACHE STRING "Minimum OS X deployment version")
+-if(CMAKE_OSX_ARCHITECTURES MATCHES "x86_64" OR
+-  CMAKE_OSX_ARCHITECTURES MATCHES "arm64")
+-  set(CPU_TYPE ${CMAKE_OSX_ARCHITECTURES})
+-endif()
++#if(CMAKE_OSX_ARCHITECTURES MATCHES "x86_64" OR
++#  CMAKE_OSX_ARCHITECTURES MATCHES "arm64")
++#  set(CPU_TYPE ${CMAKE_OSX_ARCHITECTURES})
++#endif()
+
+ set(CMAKE_C_STANDARD 99)
+ set(CMAKE_CXX_STANDARD 17)
+ set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
+
+-set(LIBDDWAF_SHARED_LINKER_FLAGS "-static-libstdc++" CACHE STRING "Shared library extra linker flags")
++#set(LIBDDWAF_SHARED_LINKER_FLAGS "-static-libstdc++" CACHE STRING "Shared library extra linker flags")
+ set(LIBDDWAF_EXE_LINKER_FLAGS "" CACHE STRING "Executable extra linker flags")
+ set(LIBDDWAF_PACKAGE_SUFFIX "" CACHE STRING "Suffix for packaging purposes")
+-if(CMAKE_OSX_ARCHITECTURES MATCHES "arm64")
+-    set(LIBDDWAF_PACKAGE_PROCESSOR ${CMAKE_OSX_ARCHITECTURES} CACHE STRING "Alternative processor for packaging purposes")
+-else()
+-    set(LIBDDWAF_PACKAGE_PROCESSOR ${CMAKE_SYSTEM_PROCESSOR} CACHE STRING "Alternative processor for packaging purposes")
+-endif()
++#if(CMAKE_OSX_ARCHITECTURES MATCHES "arm64")
++#    set(LIBDDWAF_PACKAGE_PROCESSOR ${CMAKE_OSX_ARCHITECTURES} CACHE STRING "Alternative processor for packaging purposes")
++#else()
++#    set(LIBDDWAF_PACKAGE_PROCESSOR ${CMAKE_SYSTEM_PROCESSOR} CACHE STRING "Alternative processor for packaging purposes")
++#endif()
+
+ option(LIBDDWAF_BUILD_SHARED "Build shared library" ON)
+ option(LIBDDWAF_BUILD_STATIC "Build shared library" ON)
+@@ -59,7 +59,7 @@ endif()
+
+ include(GNUInstallDirs)
+
+-add_subdirectory(third_party)
++#add_subdirectory(third_party)
+
+ set(LIBDDWAF_SOURCE
+     ${libddwaf_SOURCE_DIR}/src/clock.cpp
+@@ -121,7 +121,8 @@ install(FILES ${libddwaf_SOURCE_DIR}/include/ddwaf.h D
+ # System dependencies
+ set(LIBDDWAF_INTERFACE_LIBRARIES "")
+ set(LIBDDWAF_PRIVATE_LIBRARIES 
+-    lib_re2 lib_rapidjson lib_ac lib_injection lib_radix lib_utf8proc)
++#    lib_re2 lib_rapidjson lib_ac lib_injection lib_radix lib_utf8proc)
++    lib_radix)
+
+ if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
+ # needed for glibc <2.17. We compile with --as-needed so the library won't
+@@ -149,6 +150,27 @@ if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
+ elseif(WIN32)
+     list(APPEND LIBDDWAF_INTERFACE_LIBRARIES ws2_32)
+ endif()
++find_library(LIBAC ac)
++if (LIBAC)
++    list(APPEND LIBDDWAF_INTERFACE_LIBRARIES ac)
++endif()
++find_library(LIBINJECTION injection)
++if (LIBINJECTION)
++    list(APPEND LIBDDWAF_INTERFACE_LIBRARIES injection)
++endif()
++add_library(lib_radix STATIC ${PROJECT_SOURCE_DIR}/third_party/radixlib/radixlib.c)
++target_include_directories(lib_radix INTERFACE ${PROJECT_SOURCE_DIR}/third_party/radixlib)
++set_target_properties(lib_radix PROPERTIES POSITION_INDEPENDENT_CODE 1)
++add_library(lib_rapidjson INTERFACE IMPORTED GLOBAL)
++target_include_directories(lib_rapidjson INTERFACE ${PROJECT_SOURCE_DIR}/third_party/rapidjson/include)
++find_library(LIBRE2 re2)
++if (LIBRE2)
++    list(APPEND LIBDDWAF_INTERFACE_LIBRARIES re2)
++endif()
++find_library(LIBUTF8PROC utf8proc)
++if (LIBUTF8PROC)
++    list(APPEND LIBDDWAF_INTERFACE_LIBRARIES utf8proc)
++endif()
+
+ target_link_libraries(libddwaf_objects
+     PRIVATE ${LIBDDWAF_PRIVATE_LIBRARIES}
+@@ -173,66 +195,67 @@ if (LIBDDWAF_BUILD_STATIC)
+         INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
+
+     # Post-processing on the static library
+-    if(MSVC)
+-        add_custom_command(TARGET libddwaf_static POST_BUILD
+-            COMMAND ${CMAKE_COMMAND} -E make_directory lib_comb
+-            COMMAND ${CMAKE_COMMAND} -E chdir lib_comb lib.exe
+-                /OUT:combined${CMAKE_STATIC_LIBRARY_SUFFIX}
+-                $<TARGET_FILE:libddwaf_static> $<TARGET_FILE:lib_re2> $<TARGET_FILE:lib_ac>
+-                $<TARGET_FILE:lib_injection> $<TARGET_FILE:lib_utf8proc> $<TARGET_FILE:lib_radix>
+-            COMMAND ${CMAKE_COMMAND} -E copy lib_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} $<TARGET_FILE:libddwaf_static>
+-            WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
+-    else()
+-        if(CMAKE_OSX_ARCHITECTURES MATCHES "arm64")
+-          add_custom_command(TARGET libddwaf_static POST_BUILD
+-              COMMAND ${CMAKE_COMMAND} -E make_directory ar_comb
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:libddwaf_static>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_re2>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_ac>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_injection>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_utf8proc>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_radix>
+-              COMMAND libtool -static -o ar_comb/combined.a -arch_only ${CMAKE_OSX_ARCHITECTURES} ar_comb/*.o*
+-
+-              COMMAND ${CMAKE_COMMAND} -E copy ar_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} $<TARGET_FILE:libddwaf_static>
+-              COMMAND rm -rf ar_comb
+-              WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
+-        else()
+-          add_custom_command(TARGET libddwaf_static POST_BUILD
+-              COMMAND ${CMAKE_COMMAND} -E make_directory ar_comb
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:libddwaf_static>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_re2>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_ac>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_injection>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_utf8proc>
+-              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_radix>
+-              COMMAND ${CMAKE_AR} -qcs ar_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} ar_comb/*.o*
+-
+-              COMMAND ${CMAKE_COMMAND} -E copy ar_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} $<TARGET_FILE:libddwaf_static>
+-              COMMAND rm -rf ar_comb
+-              WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
+-      endif()
+-      if(NOT (CMAKE_BUILD_TYPE MATCHES Debug))
+-          if (CMAKE_SYSTEM_NAME STREQUAL Darwin OR CMAKE_SYSTEM_NAME STREQUAL Linux)
+-              find_program(STRIP strip)
+-              if (STRIP STREQUAL "STRIP-NOTFOUND")
+-                  message(FATAL_ERROR "strip not found")
+-              endif()
+-              add_custom_command(TARGET libddwaf_static POST_BUILD
+-                  COMMAND ${STRIP} -x -S $<TARGET_FILE:libddwaf_static> -o $<TARGET_FILE:libddwaf_static>.stripped)
+-              install(FILES $<TARGET_FILE:libddwaf_static>.stripped DESTINATION ${CMAKE_INSTALL_LIBDIR})
+-          endif()
+-      endif()
+-  endif()
++#    if(MSVC)
++#        add_custom_command(TARGET libddwaf_static POST_BUILD
++#            COMMAND ${CMAKE_COMMAND} -E make_directory lib_comb
++#            COMMAND ${CMAKE_COMMAND} -E chdir lib_comb lib.exe
++#                /OUT:combined${CMAKE_STATIC_LIBRARY_SUFFIX}
++#                $<TARGET_FILE:libddwaf_static> $<TARGET_FILE:lib_re2> $<TARGET_FILE:lib_ac>
++#                $<TARGET_FILE:lib_injection> $<TARGET_FILE:lib_utf8proc> $<TARGET_FILE:lib_radix>
++#            COMMAND ${CMAKE_COMMAND} -E copy lib_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} $<TARGET_FILE:libddwaf_static>
++#            WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
++#    else()
++#        if(CMAKE_OSX_ARCHITECTURES MATCHES "arm64")
++#          add_custom_command(TARGET libddwaf_static POST_BUILD
++#              COMMAND ${CMAKE_COMMAND} -E make_directory ar_comb
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:libddwaf_static>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_re2>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_ac>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_injection>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_utf8proc>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_radix>
++#              COMMAND libtool -static -o ar_comb/combined.a -arch_only ${CMAKE_OSX_ARCHITECTURES} ar_comb/*.o*
++#
++#              COMMAND ${CMAKE_COMMAND} -E copy ar_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} $<TARGET_FILE:libddwaf_static>
++#              COMMAND rm -rf ar_comb
++#              WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
++#        else()
++#          add_custom_command(TARGET libddwaf_static POST_BUILD
++#              COMMAND ${CMAKE_COMMAND} -E make_directory ar_comb
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:libddwaf_static>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_re2>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_ac>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_injection>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_utf8proc>
++#              COMMAND ${CMAKE_COMMAND} -E chdir ar_comb ${CMAKE_AR} -x $<TARGET_FILE:lib_radix>
++#              COMMAND ${CMAKE_AR} -qcs ar_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} ar_comb/*.o*
++#
++#              COMMAND ${CMAKE_COMMAND} -E copy ar_comb/combined${CMAKE_STATIC_LIBRARY_SUFFIX} $<TARGET_FILE:libddwaf_static>
++#              COMMAND rm -rf ar_comb
++#              WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
++#      endif()
++#      if(NOT (CMAKE_BUILD_TYPE MATCHES Debug))
++#          if (CMAKE_SYSTEM_NAME STREQUAL Darwin OR CMAKE_SYSTEM_NAME STREQUAL Linux)
++#              find_program(STRIP strip)
++#              if (STRIP STREQUAL "STRIP-NOTFOUND")
++#                  message(FATAL_ERROR "strip not found")
++#              endif()
++#              add_custom_command(TARGET libddwaf_static POST_BUILD
++#                  COMMAND ${STRIP} -x -S $<TARGET_FILE:libddwaf_static> -o $<TARGET_FILE:libddwaf_static>.stripped)
++#              install(FILES $<TARGET_FILE:libddwaf_static>.stripped DESTINATION ${CMAKE_INSTALL_LIBDIR})
++#          endif()
++#      endif()
++#  endif()
+ endif()
+
+ # Shared library
+ if (LIBDDWAF_BUILD_SHARED)
+-    execute_process(COMMAND git rev-parse HEAD
+-        WORKING_DIRECTORY ${libddwaf_SOURCE_DIR}
+-        OUTPUT_VARIABLE BUILD_ID
+-        OUTPUT_STRIP_TRAILING_WHITESPACE
+-    )
++#    execute_process(COMMAND git rev-parse HEAD
++#        WORKING_DIRECTORY ${libddwaf_SOURCE_DIR}
++#        OUTPUT_VARIABLE BUILD_ID
++#        OUTPUT_STRIP_TRAILING_WHITESPACE
++#    )
++    set(BUILD_ID "4be56b648aa8ce8b86255b0edad78862d102f65d")
+     message(STATUS "Build id is ${BUILD_ID}")
+     string(SUBSTRING "${BUILD_ID}" 0 2 BUILD_ID_PREFIX)
+     string(SUBSTRING "${BUILD_ID}" 2 39 BUILD_ID_SUFFIX)
diff --git a/devel/libddwaf/files/patch-perf-CMakeLists.txt b/devel/libddwaf/files/patch-perf-CMakeLists.txt
@@ -0,0 +1,19 @@
+--- perf/CMakeLists.txt.orig	2022-09-22 09:00:38 UTC
++++ perf/CMakeLists.txt
+@@ -13,8 +13,8 @@ target_link_libraries(benchcmp PRIVATE lib_yamlcpp m)
+ add_executable(benchmerge benchmerge.cpp)
+ target_link_libraries(benchmerge PRIVATE lib_yamlcpp m)
+
+-ExternalProject_Get_property(proj_event_rules SOURCE_DIR)
+-set(EVENT_RULES_SOURCE_DIR ${SOURCE_DIR})
++#ExternalProject_Get_property(proj_event_rules SOURCE_DIR)
++set(EVENT_RULES_SOURCE_DIR ${CMAKE_BINARY_DIR}/third_party/proj_event_rules)
+
+ add_custom_target(run_benchmark
+     COMMAND ${CMAKE_BINARY_DIR}/perf/benchmark
+@@ -27,4 +27,4 @@ add_custom_target(run_benchmark
+     WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+ )
+
+-add_dependencies(run_benchmark benchmark proj_event_rules)
++#add_dependencies(run_benchmark benchmark proj_event_rules)
diff --git a/devel/libddwaf/files/patch-src-ip_utils.cpp b/devel/libddwaf/files/patch-src-ip_utils.cpp
@@ -0,0 +1,10 @@
+--- src/ip_utils.cpp.orig	2023-01-17 18:39:22 UTC
++++ src/ip_utils.cpp
+@@ -22,6 +22,7 @@
+
+ #  include <ws2tcpip.h>
+ #else
++#  include <sys/socket.h>
+ #  include <arpa/inet.h>
+ #  include <netinet/in.h>
+ #endif