libddwaf 1.11.0.0.0 → 1.15.0.0.0

data/.github/workflows/test.yml

@@ -3,220 +3,116 @@ on:
   - push
 
 jobs:
-  test-linux:
+  test-cruby-linux:
     strategy:
       fail-fast: false
       matrix:
+        os: [ubuntu-24.04]
+        ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2", "3.3"]
+        arch: [amd64, arm64]
+        libc: [gnu, musl]
         include:
-          - os: ubuntu-20.04
-            cpu: x86_64
+          - arch: amd64
             platform: x86_64-linux
-            image: ruby:3.1
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
+          - arch: arm64
             platform: aarch64-linux
-            image: ruby:3.1
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:3.0
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:3.0
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.7
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:2.7
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.6
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:2.6
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.5
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.4
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.3
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.2
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.1
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:3.1-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:3.1-alpine
-            qemu: arm64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:3.0-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:3.0-alpine
-            qemu: arm64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.7-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:2.7-alpine
-            qemu: arm64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
+
+    name: Test (Ruby ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        id: build-image
+        uses: ./.github/actions/docker-build-ruby
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          arch: ${{ matrix.arch }}
+          libc: ${{ matrix.libc }}
+
+      - name: Bundle install
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle install
+
+      - name: Fetch binary library
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake fetch[${{ matrix.platform }}]
+
+      - name: Extract binary library
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake extract[${{ matrix.platform }}]
+
+      - name: Run specs
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake spec
+
+  test-jruby-linux:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-24.04]
+        jruby: ["9.3", "9.4"]
+        arch: [amd64, arm64]
+        include:
+          - arch: amd64
             platform: x86_64-linux
-            image: ruby:2.6-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
+          - arch: arm64
             platform: aarch64-linux
-            image: ruby:2.6-alpine
-            qemu: arm64
-            libc: musl
-        # TODO: jruby images have no sudo so apt-get can't get a lock
-        # - os: ubuntu-20.04
-        #   cpu: x86_64
-        #   platform: x86_64-linux-gnu
-        #   image: jruby:9.3.0.0
-        #   qemu: amd64
-        #   libc: gnu
-        # - os: ubuntu-20.04
-        #   cpu: x86_64
-        #   platform: x86_64-linux-gnu
-        #   image: jruby:9.2.8.0
-        #   qemu: amd64
-        #   libc: gnu
-        # - os: ubuntu-20.04
-        #   cpu: x86_64
-        #   platform: aarch64-linux-gnu
-        #   image: jruby:9.3.4.0
-        #   qemu: arm64
-        #   libc: gnu
-    name: Test (${{ matrix.image }}, ${{ matrix.cpu }})
+
+    name: Test (Jruby ${{ matrix.jruby }}, ${{ matrix.arch }})
     runs-on: ${{ matrix.os }}
+
     steps:
-      - name: Enable ${{ matrix.qemu }} platform
-        id: qemu
-        if: ${{ matrix.cpu != 'amd64' }}
-        run: |
-          docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
-          echo "::set-output name=platforms::$(cat platforms.json)"
-      - name: Start container
-        id: container
-        run: |
-          echo ${{ matrix.image }} > container_image
-          docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
-          docker exec -w "${PWD}" $(cat container_id) uname -a
-          echo "::set-output name=id::$(cat container_id)"
-      - name: Install Alpine system dependencies
-        if: ${{ matrix.libc == 'musl' }}
-        run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} apk add --no-cache build-base git
-      - name: Install JRuby system dependencies
-        if: ${{ startsWith(matrix.image, 'jruby') }}
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} sudo apt-get update
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} sudo apt-get install -y build-essential git
       - name: Checkout
-        uses: actions/checkout@v2
-      - name: Bundle
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle install
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        id: build-image
+        uses: ./.github/actions/docker-build-ruby
+        with:
+          ruby-version: ${{ matrix.jruby }}
+          jruby: true
+          arch: ${{ matrix.arch }}
+          libc: gnu
+
+      - name: Bundle install
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle install
+
       - name: Fetch binary library
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake fetch[${{ matrix.platform }}]
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake fetch[${{ matrix.platform }}]
+
       - name: Extract binary library
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake extract[${{ matrix.platform }}]
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake extract[${{ matrix.platform }}]
+
       - name: Run specs
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake spec
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake spec
+
   test-darwin:
     strategy:
       fail-fast: false
       matrix:
+        os: [macos-15, macos-15-large]
         include:
-          - os: macos-12
-            cpu: x86_64
+          - os: macos-15
+            platform: arm64-darwin
+          - os: macos-15-large
             platform: x86_64-darwin
-        # - os: macos-12
-        #   cpu: arm64
-        #   platform: arm64-darwin
-    name: Test (${{ matrix.os }} ${{ matrix.cpu }})
+
+    name: Test (${{ matrix.os }})
     runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
       - name: Bundle
-        run: |
-          bundle install
+        run: bundle install
+
       - name: Fetch binary library
-        run: |
-          bundle exec rake fetch[${{ matrix.platform }}]
+        run: bundle exec rake fetch[${{ matrix.platform }}]
+
       - name: Extract binary library
-        run: |
-          bundle exec rake extract[${{ matrix.platform }}]
-      - name: Run specs
-        run: |
-          bundle exec rake spec
+        run: bundle exec rake extract[${{ matrix.platform }}]
 
+      - name: Run specs
+        run: bundle exec rake spec

data/.gitignore

@@ -1,7 +1,10 @@
-Gemfile.lock
 /.envrc
 /vendor/bundle
 /vendor/libddwaf
 /pkg
+/tmp
 *.gem
 *.vim
+.ruby-version
+.github-token
+Gemfile.lock

data/.steepignore

@@ -0,0 +1,4 @@
+ffi/library.rbs:36:45 "Type `::FFI::DataConverter` is generic but used as a non generic type"
+ffi/struct.rbs:5:15 "Type application of `::FFI::Type::Mapped` doesn't satisfy the constraints"
+ffi/struct.rbs:23:29 "Type application of `::FFI::Type::Mapped` doesn't satisfy the constraints"
+ffi/auto_pointer.rbs:15:65 "Type application of `::FFI::AutoPointer::Releaser::_Proc` doesn't satisfy the constraints"

data/CHANGELOG.md

@@ -1,8 +1,19 @@
+# 2024-10-29 v.1.15.0.0.0
+- Update to libddwaf 1.15.0
+- Changed `Datadog::AppSec::WAF::Context#run` interface to accommodate ephemeral data ([Breaking change](https://github.com/DataDog/libddwaf/blob/master/CHANGELOG.md#v1150-unstable))
+
+# 2023-09-11 v.1.14.0.0.0
+- Update to libddwaf 1.14.0
+- Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
+
+
 # 2023-08-29 v.1.11.0.0.0
 
 - Update to libddwaf 1.11.0
-- Rename Handle#ruleset_info to Handle#diagnostics. (Breaking change)
-  The schema of the new diagnostics variable can be [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
+- Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics`. (Breaking change)
+  The schema of the diagnostics variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
+- Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
+  The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)
 
 
 # 2023-08-28 v.1.10.0.0.0

data/Steepfile

@@ -4,7 +4,6 @@ target :lib do
   signature "sig"
 
   check "lib"
-  library "rubygems"
   library "logger"
   library "monitor" # needed by logger
   library "json"

data/lib/datadog/appsec/waf/version.rb

@@ -2,9 +2,9 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.11.0'
+        BASE_STRING = '1.15.0'
         STRING = "#{BASE_STRING}.0.0"
-        MINIMUM_RUBY_VERSION = '2.1'
+        MINIMUM_RUBY_VERSION = '2.5'
       end
     end
   end

data/lib/datadog/appsec/waf.rb

@@ -111,7 +111,10 @@ module Datadog
                               :ddwaf_obj_string,   1 << 2,
                               :ddwaf_obj_array,    1 << 3,
                               :ddwaf_obj_map,      1 << 4,
-                              :ddwaf_obj_bool,     1 << 5
+                              :ddwaf_obj_bool,     1 << 5,
+                              :ddwaf_obj_float,    1 << 6,
+                              :ddwaf_obj_null,     1 << 7
+
         typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
 
         typedef :pointer, :charptr
@@ -140,7 +143,8 @@ module Datadog
                  :uintValue,   :uint64,
                  :intValue,    :int64,
                  :array,       :pointer,
-                 :boolean,     :bool
+                 :boolean,     :bool,
+                 :f64,         :double
         end
 
         class Object < ::FFI::Struct
@@ -159,11 +163,13 @@ module Datadog
         attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
         attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
         attach_function :ddwaf_object_stringl_nc, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
+        attach_function :ddwaf_object_string_from_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
+        attach_function :ddwaf_object_string_from_signed, [:ddwaf_object, :int64], :ddwaf_object
         attach_function :ddwaf_object_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
         attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
-        attach_function :ddwaf_object_unsigned_force, [:ddwaf_object, :uint64], :ddwaf_object
-        attach_function :ddwaf_object_signed_force, [:ddwaf_object, :int64], :ddwaf_object
         attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
+        attach_function :ddwaf_object_null, [:ddwaf_object], :ddwaf_object
+        attach_function :ddwaf_object_float, [:ddwaf_object, :double], :ddwaf_object
 
         attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
         attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
@@ -184,6 +190,7 @@ module Datadog
         attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
         attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
         attach_function :ddwaf_object_get_bool, [:ddwaf_object], :bool
+        attach_function :ddwaf_object_get_float, [:ddwaf_object], :double
 
         ## freeers
 
@@ -220,7 +227,7 @@ module Datadog
         attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
 
-        attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
+        attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
 
         # updating
 
@@ -239,16 +246,17 @@ module Datadog
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
 
         class Result < ::FFI::Struct
-          layout :timeout, :bool,
-                 :events, Object,
-                 :actions,          Object,
-                 :total_runtime,    :uint64
+          layout :timeout,       :bool,
+                 :events,        Object,
+                 :actions,       Object,
+                 :derivatives,   Object,
+                 :total_runtime, :uint64
         end
 
         typedef Result.by_ref, :ddwaf_result
         typedef :uint64, :timeout_us
 
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
+        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
         attach_function :ddwaf_result_free, [:ddwaf_result], :void
 
         # logging
@@ -280,7 +288,7 @@ module Datadog
         LibDDWAF.ddwaf_get_version
       end
 
-      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
       def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
         case val
         when Array
@@ -358,9 +366,9 @@ module Datadog
           res = if coerce
                   LibDDWAF.ddwaf_object_string(obj, val.to_s)
                 elsif val < 0
-                  LibDDWAF.ddwaf_object_signed_force(obj, val)
+                  LibDDWAF.ddwaf_object_signed(obj, val)
                 else
-                  LibDDWAF.ddwaf_object_unsigned_force(obj, val)
+                  LibDDWAF.ddwaf_object_unsigned(obj, val)
                 end
           if res.null?
             fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
@@ -369,7 +377,11 @@ module Datadog
           obj
         when Float
           obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
+          res = if coerce
+                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
+                else
+                  LibDDWAF.ddwaf_object_float(obj, val)
+                end
           if res.null?
             fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
@@ -386,16 +398,28 @@ module Datadog
             fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
 
+          obj
+        when NilClass
+          obj = LibDDWAF::Object.new
+          res = if coerce
+                  LibDDWAF.ddwaf_object_string(obj, '')
+                else
+                  LibDDWAF.ddwaf_object_null(obj)
+                end
+          if res.null?
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
+          end
+
           obj
         else
           ruby_to_object(''.freeze)
         end
       end
-      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
 
       def self.object_to_ruby(obj)
         case obj[:type]
-        when :ddwaf_obj_invalid
+        when :ddwaf_obj_invalid, :ddwaf_obj_null
           nil
         when :ddwaf_obj_bool
           obj[:valueUnion][:boolean]
@@ -405,11 +429,13 @@ module Datadog
           obj[:valueUnion][:intValue]
         when :ddwaf_obj_unsigned
           obj[:valueUnion][:uintValue]
+        when :ddwaf_obj_float
+          obj[:valueUnion][:f64]
         when :ddwaf_obj_array
           (0...obj[:nbEntries]).each.with_object([]) do |i, a|
             ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
             e = object_to_ruby(LibDDWAF::Object.new(ptr))
-            a << e
+            a << e # steep:ignore
           end
         when :ddwaf_obj_map
           (0...obj[:nbEntries]).each.with_object({}) do |i, h|
@@ -418,7 +444,7 @@ module Datadog
             l = o[:parameterNameLength]
             k = o[:parameterName].read_bytes(l)
             v = object_to_ruby(LibDDWAF::Object.new(ptr))
-            h[k] = v
+            h[k] = v # steep:ignore
           end
         end
       end
@@ -510,7 +536,7 @@ module Datadog
           valid!
 
           count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
-          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
+          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
 
           return [] if count == 0 # list is null
 
@@ -561,14 +587,15 @@ module Datadog
       end
 
       class Result
-        attr_reader :status, :events, :total_runtime, :timeout, :actions
+        attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
 
-        def initialize(status, events, total_runtime, timeout, actions)
+        def initialize(status, events, total_runtime, timeout, actions, derivatives)
           @status = status
           @events = events
           @total_runtime = total_runtime
           @timeout = timeout
           @actions = actions
+          @derivatives = derivatives
         end
       end
 
@@ -599,19 +626,32 @@ module Datadog
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
         end
 
-        def run(input, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
+        def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
           valid!
 
-          max_container_size  = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
-          max_container_depth = LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH
-          max_string_length   = LibDDWAF::DDWAF_MAX_STRING_LENGTH
+          persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
+            persistent_data,
+            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
+            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
+            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
+            coerce: false
+          )
+          if persistent_data_obj.null?
+            fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
+          end
 
-          input_obj = Datadog::AppSec::WAF.ruby_to_object(input,
-                                                          max_container_size: max_container_size,
-                                                          max_container_depth: max_container_depth,
-                                                          max_string_length: max_string_length)
-          if input_obj.null?
-            fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
+          # retain C objects in memory for subsequent calls to run
+          retain(persistent_data_obj)
+
+          ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
+            ephemeral_data,
+            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
+            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
+            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
+            coerce: false
+          )
+          if ephemeral_data_obj.null?
+            fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
           end
 
           result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
@@ -619,10 +659,7 @@ module Datadog
             fail LibDDWAF::Error, "Could not create result object"
           end
 
-          # retain C objects in memory for subsequent calls to run
-          retain(input_obj)
-
-          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
+          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
 
           result = Result.new(
             RESULT_CODE[code],
@@ -630,6 +667,7 @@ module Datadog
             result_obj[:total_runtime],
             result_obj[:timeout],
             Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
+            Datadog::AppSec::WAF.object_to_ruby(result_obj[:derivatives]),
           )
 
           [RESULT_CODE[code], result]