Skip to content

Commit 00e895f

Browse files
Anilm3Anilm3
authored
Rename block_id to security_response_id & Release v1.30.0 (#473)
1 parent bea83f9 commit 00e895f

File tree

14 files changed

+81
-68
lines changed

14 files changed

+81
-68
lines changed

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
# libddwaf release
22

3+
## v1.30.0 ([unstable](https://github.com/DataDog/libddwaf/blob/master/README.md#versioning-semantics))
4+
This release introduces no new features, however the recently introduced `block_id` action parameter has been renamed to `security_response_id` for consistency.
5+
6+
### Release changelog
7+
8+
#### Changes
9+
- `Rename block_id to security_response_id ([#468](https://github.com/DataDog/libddwaf/pull/468))
10+
311
## v1.29.0 ([unstable](https://github.com/DataDog/libddwaf/blob/master/README.md#versioning-semantics))
412

513
### New Features

UPGRADING.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
# Upgrading libddwaf
22

3+
## Upgrading from `1.29.x` to `1.30.0`
4+
This new version introduces no new features, however the recently introduced `block_id` action parameter has been renamed to `security_response_id` for consistency.
5+
36
## Upgrading from `1.27.x` to `1.28.0`
47

58
This new version of `libddwaf` introduces no breaking changes to the API / ABI , however it does change the returned type of the following actions parameters:

schema/actions.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,15 @@
1717
"grpc_status_code": {
1818
"type": "number"
1919
},
20-
"block_id": {
20+
"security_response_id": {
2121
"type": "string"
2222
}
2323
},
2424
"required": [
2525
"status_code",
2626
"type",
2727
"grpc_status_code",
28-
"block_id"
28+
"security_response_id"
2929
],
3030
"additionalProperties": true
3131
},

src/configuration/actions_parser.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ void validate_and_add_redirect(auto &cfg, auto id, auto &type, auto &parameters)
142142
void remove_reserved_parameters(std::unordered_map<std::string, scalar_type> &params)
143143
{
144144
// Remove any parameters considered "reserved" to avoid potential injections
145-
const std::array<std::string, 2> reserved{"block_id", "stack_id"};
145+
const std::array<std::string, 2> reserved{"security_response_id", "stack_id"};
146146

147147
for (const auto &key : reserved) {
148148
auto it = params.find(key);

src/serializer.cpp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -287,7 +287,7 @@ void serialize_event(rule_event &event, const match_obfuscator &obfuscator,
287287
ddwaf_object_map_add(&root_map, "rule", &rule_map);
288288
ddwaf_object_map_add(&root_map, "rule_matches", &match_array);
289289
if (requires_block_id) {
290-
ddwaf_object_map_add(&root_map, "block_id", to_object(tmp, actions.block_id));
290+
ddwaf_object_map_add(&root_map, "security_response_id", to_object(tmp, actions.block_id));
291291
}
292292
if (requires_stack_id) {
293293
ddwaf_object_map_add(&root_map, "stack_id", to_object(tmp, actions.stack_id));
@@ -330,7 +330,8 @@ void serialize_action(std::string_view id, ddwaf_object &action_map, const actio
330330
ddwaf_object_map_addl(&param_map, k.data(), k.size(), &value);
331331
}
332332
if (is_blocking_action(type)) {
333-
ddwaf_object_map_addl(&param_map, STRL("block_id"), to_object(tmp, actions.block_id));
333+
ddwaf_object_map_addl(
334+
&param_map, STRL("security_response_id"), to_object(tmp, actions.block_id));
334335
}
335336
} else {
336337
ddwaf_object_map_addl(&param_map, STRL("stack_id"), to_object(tmp, actions.stack_id));

tests/common/gtest_utils.cpp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -296,12 +296,12 @@ bool WafResultActionMatcher::MatchAndExplain(
296296
obtained_params.erase("stack_id");
297297
}
298298

299-
if (expected_params.contains("block_id")) {
300-
if (!obtained_params.contains("block_id")) {
299+
if (expected_params.contains("security_response_id")) {
300+
if (!obtained_params.contains("security_response_id")) {
301301
return false;
302302
}
303-
expected_params.erase("block_id");
304-
obtained_params.erase("block_id");
303+
expected_params.erase("security_response_id");
304+
obtained_params.erase("security_response_id");
305305
}
306306

307307
if (expected_params != obtained_params) {
@@ -476,7 +476,7 @@ event as_if<event, void>::operator()() const
476476
e.actions = as<std::vector<std::string>>(rule, "on_match");
477477
e.matches = as<std::vector<match>>(node, "rule_matches");
478478
e.stack_id = as<std::string>(node, "stack_id");
479-
e.block_id = as<std::string>(node, "block_id");
479+
e.block_id = as<std::string>(node, "security_response_id");
480480

481481
return e;
482482
}

tests/integration/actions/test.cpp

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ TEST(TestActionsIntegration, DefaultActions)
5050

5151
EXPECT_ACTIONS(
5252
res, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
53-
{"type", "auto"}, {"block_id", "*"}}}});
53+
{"type", "auto"}, {"security_response_id", "*"}}}});
5454
ddwaf_object_free(&res);
5555
}
5656

@@ -195,7 +195,7 @@ TEST(TestActionsIntegration, OverrideDefaultAction)
195195

196196
EXPECT_ACTIONS(
197197
res, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
198-
{"type", "auto"}, {"block_id", "*"}}}});
198+
{"type", "auto"}, {"security_response_id", "*"}}}});
199199
ddwaf_object_free(&res);
200200

201201
ddwaf_context_destroy(context);
@@ -236,9 +236,9 @@ TEST(TestActionsIntegration, OverrideDefaultAction)
236236
.address = "value",
237237
}}}}});
238238

239-
EXPECT_ACTIONS(res,
240-
{{"redirect_request",
241-
{{"location", "http://google.com"}, {"status_code", 303ULL}, {"block_id", "*"}}}});
239+
EXPECT_ACTIONS(
240+
res, {{"redirect_request", {{"location", "http://google.com"}, {"status_code", 303ULL},
241+
{"security_response_id", "*"}}}});
242242
ddwaf_object_free(&res);
243243

244244
ddwaf_context_destroy(context);
@@ -368,7 +368,7 @@ TEST(TestActionsIntegration, EmptyOrInvalidActions)
368368
}}}}});
369369

370370
EXPECT_ACTIONS(res, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
371-
{"type", "auto"}, {"block_id", "*"}}}});
371+
{"type", "auto"}, {"security_response_id", "*"}}}});
372372
ddwaf_object_free(&res);
373373

374374
ddwaf_context_destroy(context);
@@ -455,7 +455,7 @@ TEST(TestActionsIntegration, PreventBlockIDInjectionOnBlock)
455455

456456
EXPECT_ACTIONS(
457457
res, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
458-
{"type", "auto"}, {"block_id", "*"}}}});
458+
{"type", "auto"}, {"security_response_id", "*"}}}});
459459
ddwaf_object_free(&res);
460460

461461
ddwaf_context_destroy(context);
@@ -465,7 +465,7 @@ TEST(TestActionsIntegration, PreventBlockIDInjectionOnBlock)
465465
ddwaf_destroy(handle);
466466

467467
auto actions = yaml_to_object(
468-
R"({actions: [{id: block, type: block_request, parameters: {status_code: 404, "block_id": "this is an injected ID", "display_id": true}}]})");
468+
R"({actions: [{id: block, type: block_request, parameters: {status_code: 404, "security_response_id": "this is an injected ID", "display_id": true}}]})");
469469
ddwaf_builder_add_or_update_config(builder, LSTRARG("actions"), &actions, nullptr);
470470
ddwaf_object_free(&actions);
471471
}
@@ -496,17 +496,18 @@ TEST(TestActionsIntegration, PreventBlockIDInjectionOnBlock)
496496
.address = "value",
497497
}}}}});
498498

499-
EXPECT_ACTIONS(res,
500-
{{"block_request", {{"status_code", 404ULL}, {"grpc_status_code", 10ULL},
501-
{"type", "auto"}, {"block_id", "*"}, {"display_id", true}}}});
499+
EXPECT_ACTIONS(
500+
res, {{"block_request",
501+
{{"status_code", 404ULL}, {"grpc_status_code", 10ULL}, {"type", "auto"},
502+
{"security_response_id", "*"}, {"display_id", true}}}});
502503

503504
const auto *actions = ddwaf_object_find(&res, STRL("actions"));
504505
ASSERT_NE(actions, nullptr);
505506

506507
const auto *block_params = ddwaf_object_find(actions, STRL("block_request"));
507508
ASSERT_NE(block_params, nullptr);
508509

509-
const auto *block_id = ddwaf_object_find(block_params, STRL("block_id"));
510+
const auto *block_id = ddwaf_object_find(block_params, STRL("security_response_id"));
510511
ASSERT_NE(block_id, nullptr);
511512

512513
std::regex uuid_regex{"^[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-1b[a-f0-9]{2}-[a-f0-9]{12}$",
@@ -564,7 +565,7 @@ TEST(TestActionsIntegration, PreventBlockIDInjectionOnRedirect)
564565

565566
EXPECT_ACTIONS(
566567
res, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
567-
{"type", "auto"}, {"block_id", "*"}}}});
568+
{"type", "auto"}, {"security_response_id", "*"}}}});
568569
ddwaf_object_free(&res);
569570

570571
ddwaf_context_destroy(context);
@@ -574,7 +575,7 @@ TEST(TestActionsIntegration, PreventBlockIDInjectionOnRedirect)
574575
ddwaf_destroy(handle);
575576

576577
auto actions = yaml_to_object(
577-
R"({actions: [{id: block, type: redirect_request, parameters: {status_code: 303, "location": "http://google.com", "block_id": "this is an injected ID", "display_id": true}}]})");
578+
R"({actions: [{id: block, type: redirect_request, parameters: {status_code: 303, "location": "http://google.com", "security_response_id": "this is an injected ID", "display_id": true}}]})");
578579
ddwaf_builder_add_or_update_config(builder, LSTRARG("actions"), &actions, nullptr);
579580
ddwaf_object_free(&actions);
580581
}
@@ -607,15 +608,15 @@ TEST(TestActionsIntegration, PreventBlockIDInjectionOnRedirect)
607608

608609
EXPECT_ACTIONS(
609610
res, {{"redirect_request", {{"location", "http://google.com"}, {"status_code", 303ULL},
610-
{"block_id", "*"}, {"display_id", true}}}});
611+
{"security_response_id", "*"}, {"display_id", true}}}});
611612

612613
const auto *actions = ddwaf_object_find(&res, STRL("actions"));
613614
ASSERT_NE(actions, nullptr);
614615

615616
const auto *block_params = ddwaf_object_find(actions, STRL("redirect_request"));
616617
ASSERT_NE(block_params, nullptr);
617618

618-
const auto *block_id = ddwaf_object_find(block_params, STRL("block_id"));
619+
const auto *block_id = ddwaf_object_find(block_params, STRL("security_response_id"));
619620
ASSERT_NE(block_id, nullptr);
620621

621622
std::regex uuid_regex{"^[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-1b[a-f0-9]{2}-[a-f0-9]{12}$",

tests/integration/exclusion/rule_filter/test.cpp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -728,7 +728,7 @@ TEST(TestRuleFilterIntegration, UnconditionalCustomFilterMode)
728728
.address = "http.client_ip",
729729
}}}}});
730730
EXPECT_ACTIONS(out, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
731-
{"type", "auto"}, {"block_id", "*"}}}})
731+
{"type", "auto"}, {"security_response_id", "*"}}}})
732732

733733
ddwaf_object_free(&out);
734734
ddwaf_context_destroy(context);
@@ -768,7 +768,7 @@ TEST(TestRuleFilterIntegration, ConditionalCustomFilterMode)
768768
}}}}});
769769
EXPECT_ACTIONS(
770770
out, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
771-
{"type", "auto"}, {"block_id", "*"}}}})
771+
{"type", "auto"}, {"security_response_id", "*"}}}})
772772

773773
ddwaf_object_free(&out);
774774
ddwaf_context_destroy(context);
@@ -876,7 +876,7 @@ TEST(TestRuleFilterIntegration, CustomFilterModeUnknownAction)
876876
}}}}});
877877
EXPECT_ACTIONS(
878878
out, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
879-
{"type", "auto"}, {"block_id", "*"}}}})
879+
{"type", "auto"}, {"security_response_id", "*"}}}})
880880

881881
ddwaf_object_free(&out);
882882
ddwaf_context_destroy(context);
@@ -921,7 +921,7 @@ TEST(TestRuleFilterIntegration, CustomFilterModeNonblockingAction)
921921
.address = "http.client_ip",
922922
}}}}});
923923
EXPECT_ACTIONS(out, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
924-
{"type", "auto"}, {"block_id", "*"}}}})
924+
{"type", "auto"}, {"security_response_id", "*"}}}})
925925

926926
ddwaf_object_free(&out);
927927
ddwaf_context_destroy(context);

tests/integration/interface/waf/test.cpp

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -582,7 +582,7 @@ TEST(TestWafIntegration, UpdateActionsByID)
582582
EXPECT_ACTIONS(result1, {});
583583
EXPECT_ACTIONS(
584584
result2, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
585-
{"type", "auto"}, {"block_id", "*"}}}});
585+
{"type", "auto"}, {"security_response_id", "*"}}}});
586586

587587
ddwaf_object_free(&result1);
588588
ddwaf_object_free(&result2);
@@ -658,10 +658,10 @@ TEST(TestWafIntegration, UpdateActionsByID)
658658

659659
EXPECT_ACTIONS(
660660
result2, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
661-
{"type", "auto"}, {"block_id", "*"}}}});
661+
{"type", "auto"}, {"security_response_id", "*"}}}});
662662
EXPECT_ACTIONS(result3,
663-
{{"redirect_request",
664-
{{"status_code", 303ULL}, {"location", "http://google.com"}, {"block_id", "*"}}}});
663+
{{"redirect_request", {{"status_code", 303ULL}, {"location", "http://google.com"},
664+
{"security_response_id", "*"}}}});
665665

666666
ddwaf_object_free(&result2);
667667
ddwaf_object_free(&result3);
@@ -737,7 +737,7 @@ TEST(TestWafIntegration, UpdateActionsByTags)
737737
EXPECT_ACTIONS(result1, {});
738738
EXPECT_ACTIONS(
739739
result2, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
740-
{"type", "auto"}, {"block_id", "*"}}}});
740+
{"type", "auto"}, {"security_response_id", "*"}}}});
741741

742742
ddwaf_object_free(&result1);
743743
ddwaf_object_free(&result2);
@@ -1204,7 +1204,7 @@ TEST(TestWafIntegration, UpdateOverrideByIDAndTag)
12041204
EXPECT_ACTIONS(result1, {});
12051205
EXPECT_ACTIONS(
12061206
result2, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
1207-
{"type", "auto"}, {"block_id", "*"}}}});
1207+
{"type", "auto"}, {"security_response_id", "*"}}}});
12081208

12091209
ddwaf_object_free(&result1);
12101210
ddwaf_object_free(&result2);
@@ -1268,7 +1268,7 @@ TEST(TestWafIntegration, UpdateOverrideByIDAndTag)
12681268

12691269
EXPECT_ACTIONS(
12701270
result2, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
1271-
{"type", "auto"}, {"block_id", "*"}}}});
1271+
{"type", "auto"}, {"security_response_id", "*"}}}});
12721272
EXPECT_ACTIONS(result3, {});
12731273

12741274
ddwaf_object_free(&result2);
@@ -1826,7 +1826,7 @@ TEST(TestWafIntegration, UpdateEverything)
18261826
EXPECT_ACTIONS(result2, {});
18271827
EXPECT_ACTIONS(
18281828
result3, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
1829-
{"type", "auto"}, {"block_id", "*"}}}});
1829+
{"type", "auto"}, {"security_response_id", "*"}}}});
18301830

18311831
ddwaf_object_free(&result2);
18321832
ddwaf_object_free(&result3);
@@ -1894,7 +1894,7 @@ TEST(TestWafIntegration, UpdateEverything)
18941894
EXPECT_ACTIONS(result3, {});
18951895
EXPECT_ACTIONS(
18961896
result4, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
1897-
{"type", "auto"}, {"block_id", "*"}}}});
1897+
{"type", "auto"}, {"security_response_id", "*"}}}});
18981898

18991899
ddwaf_object_free(&result3);
19001900
ddwaf_object_free(&result4);
@@ -1956,10 +1956,10 @@ TEST(TestWafIntegration, UpdateEverything)
19561956

19571957
EXPECT_ACTIONS(
19581958
result4, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
1959-
{"type", "auto"}, {"block_id", "*"}}}});
1959+
{"type", "auto"}, {"security_response_id", "*"}}}});
19601960
EXPECT_ACTIONS(
19611961
result5, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
1962-
{"type", "auto"}, {"block_id", "*"}}}});
1962+
{"type", "auto"}, {"security_response_id", "*"}}}});
19631963

19641964
ddwaf_object_free(&result4);
19651965
ddwaf_object_free(&result5);
@@ -2010,7 +2010,7 @@ TEST(TestWafIntegration, UpdateEverything)
20102010

20112011
EXPECT_ACTIONS(
20122012
result4, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2013-
{"type", "auto"}, {"block_id", "*"}}}});
2013+
{"type", "auto"}, {"security_response_id", "*"}}}});
20142014
EXPECT_ACTIONS(result5, {});
20152015

20162016
ddwaf_object_free(&result4);
@@ -2058,7 +2058,7 @@ TEST(TestWafIntegration, UpdateEverything)
20582058
EXPECT_ACTIONS(result5, {});
20592059
EXPECT_ACTIONS(
20602060
result6, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2061-
{"type", "auto"}, {"block_id", "*"}}}});
2061+
{"type", "auto"}, {"security_response_id", "*"}}}});
20622062

20632063
ddwaf_object_free(&result5);
20642064
ddwaf_object_free(&result6);
@@ -2089,10 +2089,10 @@ TEST(TestWafIntegration, UpdateEverything)
20892089

20902090
EXPECT_ACTIONS(
20912091
result5, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2092-
{"type", "auto"}, {"block_id", "*"}}}});
2092+
{"type", "auto"}, {"security_response_id", "*"}}}});
20932093
EXPECT_ACTIONS(
20942094
result6, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2095-
{"type", "auto"}, {"block_id", "*"}}}});
2095+
{"type", "auto"}, {"security_response_id", "*"}}}});
20962096

20972097
ddwaf_object_free(&result5);
20982098
ddwaf_object_free(&result6);
@@ -2147,7 +2147,7 @@ TEST(TestWafIntegration, UpdateEverything)
21472147
EXPECT_ACTIONS(result6, {});
21482148
EXPECT_ACTIONS(
21492149
result7, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2150-
{"type", "auto"}, {"block_id", "*"}}}});
2150+
{"type", "auto"}, {"security_response_id", "*"}}}});
21512151

21522152
ddwaf_object_free(&result6);
21532153
ddwaf_object_free(&result7);
@@ -2186,7 +2186,7 @@ TEST(TestWafIntegration, UpdateEverything)
21862186

21872187
EXPECT_ACTIONS(
21882188
result7, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2189-
{"type", "auto"}, {"block_id", "*"}}}});
2189+
{"type", "auto"}, {"security_response_id", "*"}}}});
21902190
EXPECT_ACTIONS(result8, {});
21912191

21922192
ddwaf_object_free(&result7);
@@ -2218,7 +2218,7 @@ TEST(TestWafIntegration, UpdateEverything)
22182218

22192219
EXPECT_ACTIONS(
22202220
result7, {{"block_request", {{"status_code", 403ULL}, {"grpc_status_code", 10ULL},
2221-
{"type", "auto"}, {"block_id", "*"}}}});
2221+
{"type", "auto"}, {"security_response_id", "*"}}}});
22222222
EXPECT_ACTIONS(result8, {});
22232223

22242224
ddwaf_object_free(&result7);

0 commit comments

Comments
 (0)