diff --git a/src/collection.cpp b/src/collection.cpp index 3e2e81f43..4827cc2aa 100644 --- a/src/collection.cpp +++ b/src/collection.cpp @@ -25,6 +25,7 @@ std::optional match_rule(rule *rule, const object_store &store, } if (!rule->is_enabled()) { + DDWAF_DEBUG("Rule %s is disabled", id.c_str()); return std::nullopt; } diff --git a/src/event.cpp b/src/event.cpp index 140a26235..05e66b9ac 100644 --- a/src/event.cpp +++ b/src/event.cpp @@ -13,16 +13,6 @@ namespace ddwaf { namespace { -char *to_cstr(std::string_view input) -{ - const std::size_t size = input.size(); - // NOLINTNEXTLINE - char *str = static_cast(malloc(size + 1)); - memcpy(str, input.data(), size); - str[size] = '\0'; - return str; -} - bool redact_match(const ddwaf::obfuscator &obfuscator, const event::match &match) { for (const auto &key : match.key_path) { diff --git a/src/parser/parser_v2.cpp b/src/parser/parser_v2.cpp index 1344160ee..ddd414f5e 100644 --- a/src/parser/parser_v2.cpp +++ b/src/parser/parser_v2.cpp @@ -407,19 +407,20 @@ rule_spec_container parse_rules(parameter::vector &rule_array, base_section_info try { id = at(rule_map, "id"); if (rules.find(id) != rules.end()) { - DDWAF_WARN("duplicate rule %s", id.c_str()); + DDWAF_WARN("Duplicate rule %s", id.c_str()); info.add_failed(id, "duplicate rule"); continue; } auto rule = parse_rule(rule_map, target_manifest, rule_data_ids, limits, source); + DDWAF_DEBUG("Parsed rule %s", id.c_str()); info.add_loaded(id); rules.emplace(std::move(id), std::move(rule)); } catch (const std::exception &e) { if (id.empty()) { id = index_to_id(i); } - DDWAF_WARN("failed to parse rule '%s': %s", id.c_str(), e.what()); + DDWAF_WARN("Failed to parse rule '%s': %s", id.c_str(), e.what()); info.add_failed(id, e.what()); } } @@ -475,6 +476,7 @@ rule_data_container parse_rule_data(parameter::vector &rule_data, base_section_i continue; } + DDWAF_DEBUG("Parsed rule data %s", id.c_str()); info.add_loaded(id); processors.emplace(std::move(id), std::move(processor)); } catch (const ddwaf::exception &e) { @@ -506,13 +508,14 @@ override_spec_container parse_overrides(parameter::vector &override_array, base_ overrides.by_tags.emplace_back(std::move(spec)); } else { // This code is likely unreachable - DDWAF_WARN("rule override with no targets"); + DDWAF_WARN("Rule override with no targets"); info.add_failed(id, "rule override with no targets"); continue; } + DDWAF_DEBUG("Parsed override %s", id.c_str()); info.add_loaded(id); } catch (const std::exception &e) { - DDWAF_WARN("failed to parse rule override: %s", e.what()); + DDWAF_WARN("Failed to parse rule override: %s", e.what()); info.add_failed(id, e.what()); } } @@ -531,7 +534,7 @@ filter_spec_container parse_filters(parameter::vector &filter_array, base_sectio try { id = at(node, "id"); if (filters.ids.find(id) != filters.ids.end()) { - DDWAF_WARN("duplicate filter: %s", id.c_str()); + DDWAF_WARN("Duplicate filter: %s", id.c_str()); info.add_failed(id, "duplicate filter"); continue; } @@ -545,12 +548,13 @@ filter_spec_container parse_filters(parameter::vector &filter_array, base_sectio filters.ids.emplace(id); filters.rule_filters.emplace(id, std::move(filter)); } + DDWAF_DEBUG("Parsed exclusion filter %s", id.c_str()); info.add_loaded(id); } catch (const std::exception &e) { if (id.empty()) { id = index_to_id(i); } - DDWAF_WARN("failed to parse filter '%s': %s", id.c_str(), e.what()); + DDWAF_WARN("Failed to parse filter '%s': %s", id.c_str(), e.what()); info.add_failed(id, e.what()); } } diff --git a/src/ruleset_builder.cpp b/src/ruleset_builder.cpp index 85bec009b..cc9ab647c 100644 --- a/src/ruleset_builder.cpp +++ b/src/ruleset_builder.cpp @@ -232,6 +232,7 @@ ruleset_builder::change_state ruleset_builder::load(parameter::map &root, base_r auto it = root.find("rules"); if (it != root.end()) { + DDWAF_DEBUG("Parsing base rules"); auto §ion = info.add_section("rules"); try { auto rules = static_cast(it->second); @@ -241,16 +242,19 @@ ruleset_builder::change_state ruleset_builder::load(parameter::map &root, base_r base_rules_ = parser::v2::parse_rules( rules, section, target_manifest_, rule_data_ids_, limits_); } else { + DDWAF_DEBUG("Clearing all base rules"); base_rules_.clear(); } state = state | change_state::rules; } catch (const std::exception &e) { + DDWAF_WARN("Failed to parse rules: %s", e.what()); section.set_error(e.what()); } } it = root.find("custom_rules"); if (it != root.end()) { + DDWAF_DEBUG("Parsing custom rules"); auto §ion = info.add_section("custom_rules"); try { auto rules = static_cast(it->second); @@ -263,10 +267,12 @@ ruleset_builder::change_state ruleset_builder::load(parameter::map &root, base_r rule_data_ids, limits_, rule::source_type::user); user_rules_ = std::move(new_user_rules); } else { + DDWAF_DEBUG("Clearing all custom rules"); user_rules_.clear(); } state = state | change_state::custom_rules; } catch (const std::exception &e) { + DDWAF_WARN("Failed to parse custom rules: %s", e.what()); section.set_error(e.what()); } } @@ -274,11 +280,13 @@ ruleset_builder::change_state ruleset_builder::load(parameter::map &root, base_r if (base_rules_.empty() && user_rules_.empty()) { // If we haven't received rules and our base ruleset is empty, the // WAF can't proceed. + DDWAF_WARN("No valid rules found"); throw ddwaf::parsing_error("no valid rules found"); } it = root.find("rules_data"); if (it != root.end()) { + DDWAF_DEBUG("Parsing rule data"); auto §ion = info.add_section("rules_data"); try { auto rules_data = static_cast(it->second); @@ -293,32 +301,38 @@ ruleset_builder::change_state ruleset_builder::load(parameter::map &root, base_r dynamic_processors_ = std::move(new_processors); } } else { + DDWAF_DEBUG("Clearing all rule data"); dynamic_processors_.clear(); } state = state | change_state::data; } catch (const std::exception &e) { + DDWAF_WARN("Failed to parse rule data: %s", e.what()); section.set_error(e.what()); } } it = root.find("rules_override"); if (it != root.end()) { + DDWAF_DEBUG("Parsing overrides"); auto §ion = info.add_section("rules_override"); try { auto overrides = static_cast(it->second); if (!overrides.empty()) { overrides_ = parser::v2::parse_overrides(overrides, section); } else { + DDWAF_DEBUG("Clearing all overrides"); overrides_.clear(); } state = state | change_state::overrides; } catch (const std::exception &e) { + DDWAF_WARN("Failed to parse overrides: %s", e.what()); section.set_error(e.what()); } } it = root.find("exclusions"); if (it != root.end()) { + DDWAF_DEBUG("Parsing exclusions"); auto §ion = info.add_section("exclusions"); try { auto exclusions = static_cast(it->second); @@ -326,10 +340,12 @@ ruleset_builder::change_state ruleset_builder::load(parameter::map &root, base_r exclusions_ = parser::v2::parse_filters(exclusions, section, target_manifest_, limits_); } else { + DDWAF_DEBUG("Clearing all exclusions"); exclusions_.clear(); } state = state | change_state::filters; } catch (const std::exception &e) { + DDWAF_WARN("Failed to parse exclusions: %s", e.what()); section.set_error(e.what()); } } diff --git a/src/waf.cpp b/src/waf.cpp index 04839c8b6..066484fc5 100644 --- a/src/waf.cpp +++ b/src/waf.cpp @@ -28,12 +28,14 @@ waf::waf(ddwaf::parameter input, ddwaf::base_ruleset_info &info, ddwaf::object_l ddwaf::ruleset rs; rs.free_fn = free_fn; rs.event_obfuscator = event_obfuscator; + DDWAF_DEBUG("Parsing ruleset with schema version 1.x"); parser::v1::parse(input_map, info, rs, limits); ruleset_ = std::make_shared(std::move(rs)); return; } if (version == 2) { + DDWAF_DEBUG("Parsing ruleset with schema version 2.x"); builder_ = std::make_shared(limits, free_fn, std::move(event_obfuscator)); ruleset_ = builder_->build(input, info); if (!ruleset_) { @@ -43,6 +45,7 @@ waf::waf(ddwaf::parameter input, ddwaf::base_ruleset_info &info, ddwaf::object_l } DDWAF_ERROR("incompatible ruleset schema version %u.x", version); + throw unsupported_version(); }