Introduce ddwaf_(context|subcontext)_multieval to evaluate multiple batches in sequence#494
Open
Anilm3 wants to merge 3 commits into
Open
Introduce ddwaf_(context|subcontext)_multieval to evaluate multiple batches in sequence#494Anilm3 wants to merge 3 commits into
Anilm3 wants to merge 3 commits into
Conversation
This comment has been minimized.
This comment has been minimized.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #494 +/- ##
==========================================
+ Coverage 84.71% 84.76% +0.04%
==========================================
Files 190 190
Lines 9670 9332 -338
Branches 4186 4196 +10
==========================================
- Hits 8192 7910 -282
+ Misses 577 532 -45
+ Partials 901 890 -11
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Dynamic Artifact Size Comparison 📦
Static Artifact Size Comparison 📦
|
Anilm3
force-pushed
the
anilm3/multieval
branch
4 times, most recently
from
df4a13d to
47ed904
Compare
Collaborator
Author
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 47ed904d18
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…atches in sequence
christophe-papazian
left a comment
christophe-papazian
left a comment
Collaborator
There was a problem hiding this comment.
The serializer now always writes evaluated into the result object, but schema/result.json still has additionalProperties: false and doesn't list it. Worth updating the schema, or will this silently break consumers doing strict validation?
estringana
approved these changes
Jun 11, 2026
cataphract
reviewed
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds two new public entrypoints,
ddwaf_context_multievalandddwaf_subcontext_multieval, that evaluate multiple input batches in sequence within a single call and return one combined result. Functionally each entrypoint behaves like its_evalcounterpart, except thatdatais an array of maps where every element is treated as a separate input batch and evaluated in order.To support this, insertions to the object store now result in the batch being added to a queue, which then has to be explicitly applied before it's ready to be evaluated:
insert_batch/insert_batchesenqueue input (a single map, or an array of maps) without applying it.next_batchpops and applies the next queued batch, marking its targets as new.flush_input_queuedrains any batches left unevaluated (e.g. after a timeout) on every exit path, applying them as "existing" targets targets so they carry over to subsequent calls and resets the new-target set for the next evaluation.The evaluation engine now loops over batches, running pre-processors, filters, rules, and post-processors per batch, accumulating events/actions/attributes into the single result.
A new field has been added to the result object:
evaluated: an unsigned integer reporting how many batches were fully evaluated. In the normal case this equals the number of non-empty batches; on timeout/error during batchi(0-based, counting non-empty batches) it equalsI, i.e. the index of the batch where the problem occurred. Empty batches are skipped and don't count.This field is present on the regular
_evalresults too (the result schema is shared), where it's simply1for a non-empty evaluated batch or0otherwise.Files to review (
src/)src/object_store.hpp/src/object_store.cpp: core change: the batch queue,insert_batch/insert_batches/insert_target/next_batch/flush_input_queue/enqueue_batch/apply_batch, and theinsert_and_applytest helper. Worth the closest look for the queue lifetime and new-target semantics.src/evaluation_engine.cpp: the per-batch evaluation loop,flush_input_queueon exit, and theevaluatedcounter.src/evaluation_engine.hpp:insert_batch/insert_batchesforwarding and thenext_batch/insert_and_applytest internals.src/interface.cpp: the two new public functions plus the array-vs-map dispatch added toddwaf_context_eval/ddwaf_subcontext_eval.src/context.hpp:context/subcontextforwarding for the new store methods and test internals.src/serializer.hpp/src/serializer.cpp: theevaluatedfield added toresult_componentsandinitialise_result_object.src/processor/base.hpp: processor output switched frominserttoinsert_target.