From d438b4e63e07ddd1cbbcb843e94a225b00557c7a Mon Sep 17 00:00:00 2001 From: Anil Mahtani <929854+Anilm3@users.noreply.github.com> Date: Tue, 20 Feb 2024 16:16:21 +0000 Subject: [PATCH] Release v1.17.0-alpha1, fix variadic argument parsing, update validator tests, update release actions to node-20 (#267) --- .github/workflows/build.yml | 2 +- CHANGELOG.md | 7 +++++++ src/condition/structured_condition.hpp | 2 +- .../tests/rules/structured/001_lfi_basic_run_match.yaml | 4 ++-- validator/tests/rules/structured/ruleset.yaml | 7 ++++++- version | 2 +- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c9273e38a..2a5f55282 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -326,7 +326,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/') steps: - uses: actions/checkout@v4 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: path: artifacts - name: Display structure of downloaded files diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c52575fc..e3137034b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,11 @@ # libddwaf release +### v1.17.0-alpha1 ([unstable](https://github.com/DataDog/libddwaf/blob/master/README.md#versioning-semantics)) +#### Fixes +- Fix parsing of variadic arguments ([#267](https://github.com/DataDog/libddwaf/pull/267)) + +#### Miscellaneous +- Update node-16 actions to node-20 ones ([#266](https://github.com/DataDog/libddwaf/pull/266)) + ### v1.17.0-alpha0 ([unstable](https://github.com/DataDog/libddwaf/blob/master/README.md#versioning-semantics)) #### Changes - Multivariate operator support ([#241](https://github.com/DataDog/libddwaf/pull/241)) diff --git a/src/condition/structured_condition.hpp b/src/condition/structured_condition.hpp index cb82200c5..94a0fee6d 100644 --- a/src/condition/structured_condition.hpp +++ b/src/condition/structured_condition.hpp @@ -186,8 +186,8 @@ template class base_impl : public base_condition { return std::array{{ { param_names[Is], - argument_retriever>::is_optional, argument_retriever>::is_variadic, + argument_retriever>::is_optional, }..., }}; } diff --git a/validator/tests/rules/structured/001_lfi_basic_run_match.yaml b/validator/tests/rules/structured/001_lfi_basic_run_match.yaml index 8622cfa2b..63ec34686 100644 --- a/validator/tests/rules/structured/001_lfi_basic_run_match.yaml +++ b/validator/tests/rules/structured/001_lfi_basic_run_match.yaml @@ -3,7 +3,7 @@ runs: [ { persistent-input: { - server.app.include_path: "documents/../../../../../../../../../etc/passwd", + server.io.fs.file: "documents/../../../../../../../../../etc/passwd", server.request.query: [ "../../../../../../../../../etc/passwd" ] }, rules: [ @@ -11,7 +11,7 @@ "rsp-930-001": [ { resource: { - address: "server.app.include_path", + address: "server.io.fs.file", value: "documents/../../../../../../../../../etc/passwd" }, params: { diff --git a/validator/tests/rules/structured/ruleset.yaml b/validator/tests/rules/structured/ruleset.yaml index 73a524895..9842bfcd2 100644 --- a/validator/tests/rules/structured/ruleset.yaml +++ b/validator/tests/rules/structured/ruleset.yaml @@ -11,7 +11,12 @@ rules: conditions: - parameters: resource: - - address: server.app.include_path + - address: server.io.fs.file params: - address: server.request.query + - address: server.request.body + - address: server.request.path_params + - address: grpc.server.request.message + - address: graphql.server.all_resolvers + - address: graphql.server.resolver operator: lfi_detector diff --git a/version b/version index 8db31422c..b89a4c5ef 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.17.0-alpha0 \ No newline at end of file +1.17.0-alpha1 \ No newline at end of file