Integer representation
Closed this issue · 2 comments
The integer representation has been an opened topic for the past 3 years and source of integration problems way many times.
I personally think we should make the API trivial by letting libddwaf users pass ddwaf objects of type DDWAF_OBJ_SIGNED or DDWAF_OBJ_UNSIGNED, and have libddwaf internally handle them, such as converting it to a string when used in the regexp operator.
The latest problem I experienced with this was the new min_length rule option that is a JSON number while the WAF expects it as a string.
Overall, I'd be okay in saying we should pass them as string, but then maybe we should remove the signed/unsigned object types to avoid those mistakes again.
I'm not sure what I'll do here, I don't like the fact that the signed / unsigned functions result in a string object, although:
- I enjoy the convenience of not having to create the string myself and then pass it as a no-copy.
- Having the WAF convert all signed / unsigned objects to string can have a performance impact and we'd need to cache them somehow.
- Removing the signed / unsigned objects would only be temporary as I'm sure we'll want them back at some point for internal use.
Perhaps the right solution here is to accurately name the API to something like:
ddwaf_object_(un)signed- produce actual (un)signed objectddwaf_object_(un)signed_to_string- produce string object from (un)signed
Or something along those lines...