libddwaf 1.11.0.0.0 → 1.15.0.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/.github/actions/docker-build-ruby/Dockerfile +5 -0
  3. data/.github/actions/docker-build-ruby/Dockerfile.alpine +7 -0
  4. data/.github/actions/docker-build-ruby/Dockerfile.jruby +6 -0
  5. data/.github/actions/docker-build-ruby/action.yml +57 -0
  6. data/.github/workflows/lint.yml +13 -12
  7. data/.github/workflows/package.yml +93 -174
  8. data/.github/workflows/test.yml +86 -190
  9. data/.gitignore +4 -1
  10. data/.steepignore +4 -0
  11. data/CHANGELOG.md +13 -2
  12. data/Steepfile +0 -1
  13. data/lib/datadog/appsec/waf/version.rb +2 -2
  14. data/lib/datadog/appsec/waf.rb +73 -35
  15. data/libddwaf-releases.sha256 +126 -0
  16. data/sig/datadog/appsec/waf.rbs +34 -18
  17. metadata +13 -8
  18. data/vendor/rbs/ffi/0/ffi.rbs +0 -62
data/.github/workflows/test.yml CHANGED
@@ -3,220 +3,116 @@ on:
3
3
  - push
4
4
 
5
5
  jobs:
6
- test-linux:
6
+ test-cruby-linux:
7
7
  strategy:
8
8
  fail-fast: false
9
9
  matrix:
10
+ os: [ubuntu-24.04]
11
+ ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2", "3.3"]
12
+ arch: [amd64, arm64]
13
+ libc: [gnu, musl]
10
14
  include:
11
- - os: ubuntu-20.04
12
- cpu: x86_64
15
+ - arch: amd64
13
16
  platform: x86_64-linux
14
- image: ruby:3.1
15
- qemu: amd64
16
- libc: gnu
17
- - os: ubuntu-20.04
18
- cpu: aarch64
17
+ - arch: arm64
19
18
  platform: aarch64-linux
20
- image: ruby:3.1
21
- qemu: arm64
22
- libc: gnu
23
- - os: ubuntu-20.04
24
- cpu: x86_64
25
- platform: x86_64-linux
26
- image: ruby:3.0
27
- qemu: amd64
28
- libc: gnu
29
- - os: ubuntu-20.04
30
- cpu: aarch64
31
- platform: aarch64-linux
32
- image: ruby:3.0
33
- qemu: arm64
34
- libc: gnu
35
- - os: ubuntu-20.04
36
- cpu: x86_64
37
- platform: x86_64-linux
38
- image: ruby:2.7
39
- qemu: amd64
40
- libc: gnu
41
- - os: ubuntu-20.04
42
- cpu: aarch64
43
- platform: aarch64-linux
44
- image: ruby:2.7
45
- qemu: arm64
46
- libc: gnu
47
- - os: ubuntu-20.04
48
- cpu: x86_64
49
- platform: x86_64-linux
50
- image: ruby:2.6
51
- qemu: amd64
52
- libc: gnu
53
- - os: ubuntu-20.04
54
- cpu: aarch64
55
- platform: aarch64-linux
56
- image: ruby:2.6
57
- qemu: arm64
58
- libc: gnu
59
- - os: ubuntu-20.04
60
- cpu: x86_64
61
- platform: x86_64-linux
62
- image: ruby:2.5
63
- qemu: amd64
64
- libc: gnu
65
- - os: ubuntu-20.04
66
- cpu: x86_64
67
- platform: x86_64-linux
68
- image: ruby:2.4
69
- qemu: amd64
70
- libc: gnu
71
- - os: ubuntu-20.04
72
- cpu: x86_64
73
- platform: x86_64-linux
74
- image: ruby:2.3
75
- qemu: amd64
76
- libc: gnu
77
- - os: ubuntu-20.04
78
- cpu: x86_64
79
- platform: x86_64-linux
80
- image: ruby:2.2
81
- qemu: amd64
82
- libc: gnu
83
- - os: ubuntu-20.04
84
- cpu: x86_64
85
- platform: x86_64-linux
86
- image: ruby:2.1
87
- qemu: amd64
88
- libc: gnu
89
- - os: ubuntu-20.04
90
- cpu: x86_64
91
- platform: x86_64-linux
92
- image: ruby:3.1-alpine
93
- qemu: amd64
94
- libc: musl
95
- - os: ubuntu-20.04
96
- cpu: aarch64
97
- platform: aarch64-linux
98
- image: ruby:3.1-alpine
99
- qemu: arm64
100
- libc: musl
101
- - os: ubuntu-20.04
102
- cpu: x86_64
103
- platform: x86_64-linux
104
- image: ruby:3.0-alpine
105
- qemu: amd64
106
- libc: musl
107
- - os: ubuntu-20.04
108
- cpu: aarch64
109
- platform: aarch64-linux
110
- image: ruby:3.0-alpine
111
- qemu: arm64
112
- libc: musl
113
- - os: ubuntu-20.04
114
- cpu: x86_64
115
- platform: x86_64-linux
116
- image: ruby:2.7-alpine
117
- qemu: amd64
118
- libc: musl
119
- - os: ubuntu-20.04
120
- cpu: aarch64
121
- platform: aarch64-linux
122
- image: ruby:2.7-alpine
123
- qemu: arm64
124
- libc: musl
125
- - os: ubuntu-20.04
126
- cpu: x86_64
19
+
20
+ name: Test (Ruby ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
21
+ runs-on: ${{ matrix.os }}
22
+
23
+ steps:
24
+ - name: Checkout
25
+ uses: actions/checkout@v4
26
+
27
+ - name: Build docker image
28
+ id: build-image
29
+ uses: ./.github/actions/docker-build-ruby
30
+ with:
31
+ ruby-version: ${{ matrix.ruby }}
32
+ arch: ${{ matrix.arch }}
33
+ libc: ${{ matrix.libc }}
34
+
35
+ - name: Bundle install
36
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle install
37
+
38
+ - name: Fetch binary library
39
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake fetch[${{ matrix.platform }}]
40
+
41
+ - name: Extract binary library
42
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake extract[${{ matrix.platform }}]
43
+
44
+ - name: Run specs
45
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake spec
46
+
47
+ test-jruby-linux:
48
+ strategy:
49
+ fail-fast: false
50
+ matrix:
51
+ os: [ubuntu-24.04]
52
+ jruby: ["9.3", "9.4"]
53
+ arch: [amd64, arm64]
54
+ include:
55
+ - arch: amd64
127
56
  platform: x86_64-linux
128
- image: ruby:2.6-alpine
129
- qemu: amd64
130
- libc: musl
131
- - os: ubuntu-20.04
132
- cpu: aarch64
57
+ - arch: arm64
133
58
  platform: aarch64-linux
134
- image: ruby:2.6-alpine
135
- qemu: arm64
136
- libc: musl
137
- # TODO: jruby images have no sudo so apt-get can't get a lock
138
- # - os: ubuntu-20.04
139
- # cpu: x86_64
140
- # platform: x86_64-linux-gnu
141
- # image: jruby:9.3.0.0
142
- # qemu: amd64
143
- # libc: gnu
144
- # - os: ubuntu-20.04
145
- # cpu: x86_64
146
- # platform: x86_64-linux-gnu
147
- # image: jruby:9.2.8.0
148
- # qemu: amd64
149
- # libc: gnu
150
- # - os: ubuntu-20.04
151
- # cpu: x86_64
152
- # platform: aarch64-linux-gnu
153
- # image: jruby:9.3.4.0
154
- # qemu: arm64
155
- # libc: gnu
156
- name: Test (${{ matrix.image }}, ${{ matrix.cpu }})
59
+
60
+ name: Test (Jruby ${{ matrix.jruby }}, ${{ matrix.arch }})
157
61
  runs-on: ${{ matrix.os }}
62
+
158
63
  steps:
159
- - name: Enable ${{ matrix.qemu }} platform
160
- id: qemu
161
- if: ${{ matrix.cpu != 'amd64' }}
162
- run: |
163
- docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
164
- echo "::set-output name=platforms::$(cat platforms.json)"
165
- - name: Start container
166
- id: container
167
- run: |
168
- echo ${{ matrix.image }} > container_image
169
- docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
170
- docker exec -w "${PWD}" $(cat container_id) uname -a
171
- echo "::set-output name=id::$(cat container_id)"
172
- - name: Install Alpine system dependencies
173
- if: ${{ matrix.libc == 'musl' }}
174
- run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} apk add --no-cache build-base git
175
- - name: Install JRuby system dependencies
176
- if: ${{ startsWith(matrix.image, 'jruby') }}
177
- run: |
178
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} sudo apt-get update
179
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} sudo apt-get install -y build-essential git
180
64
  - name: Checkout
181
- uses: actions/checkout@v2
182
- - name: Bundle
183
- run: |
184
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle install
65
+ uses: actions/checkout@v4
66
+
67
+ - name: Build docker image
68
+ id: build-image
69
+ uses: ./.github/actions/docker-build-ruby
70
+ with:
71
+ ruby-version: ${{ matrix.jruby }}
72
+ jruby: true
73
+ arch: ${{ matrix.arch }}
74
+ libc: gnu
75
+
76
+ - name: Bundle install
77
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle install
78
+
185
79
  - name: Fetch binary library
186
- run: |
187
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake fetch[${{ matrix.platform }}]
80
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake fetch[${{ matrix.platform }}]
81
+
188
82
  - name: Extract binary library
189
- run: |
190
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake extract[${{ matrix.platform }}]
83
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake extract[${{ matrix.platform }}]
84
+
191
85
  - name: Run specs
192
- run: |
193
- docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake spec
86
+ run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake spec
87
+
194
88
  test-darwin:
195
89
  strategy:
196
90
  fail-fast: false
197
91
  matrix:
92
+ os: [macos-15, macos-15-large]
198
93
  include:
199
- - os: macos-12
200
- cpu: x86_64
94
+ - os: macos-15
95
+ platform: arm64-darwin
96
+ - os: macos-15-large
201
97
  platform: x86_64-darwin
202
- # - os: macos-12
203
- # cpu: arm64
204
- # platform: arm64-darwin
205
- name: Test (${{ matrix.os }} ${{ matrix.cpu }})
98
+
99
+ name: Test (${{ matrix.os }})
206
100
  runs-on: ${{ matrix.os }}
101
+ env:
102
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
103
+
207
104
  steps:
208
105
  - name: Checkout
209
- uses: actions/checkout@v2
106
+ uses: actions/checkout@v4
107
+
210
108
  - name: Bundle
211
- run: |
212
- bundle install
109
+ run: bundle install
110
+
213
111
  - name: Fetch binary library
214
- run: |
215
- bundle exec rake fetch[${{ matrix.platform }}]
112
+ run: bundle exec rake fetch[${{ matrix.platform }}]
113
+
216
114
  - name: Extract binary library
217
- run: |
218
- bundle exec rake extract[${{ matrix.platform }}]
219
- - name: Run specs
220
- run: |
221
- bundle exec rake spec
115
+ run: bundle exec rake extract[${{ matrix.platform }}]
222
116
 
117
+ - name: Run specs
118
+ run: bundle exec rake spec
data/.gitignore CHANGED
@@ -1,7 +1,10 @@
1
- Gemfile.lock
2
1
  /.envrc
3
2
  /vendor/bundle
4
3
  /vendor/libddwaf
5
4
  /pkg
5
+ /tmp
6
6
  *.gem
7
7
  *.vim
8
+ .ruby-version
9
+ .github-token
10
+ Gemfile.lock
data/.steepignore ADDED
@@ -0,0 +1,4 @@
1
+ ffi/library.rbs:36:45 "Type `::FFI::DataConverter` is generic but used as a non generic type"
2
+ ffi/struct.rbs:5:15 "Type application of `::FFI::Type::Mapped` doesn't satisfy the constraints"
3
+ ffi/struct.rbs:23:29 "Type application of `::FFI::Type::Mapped` doesn't satisfy the constraints"
4
+ ffi/auto_pointer.rbs:15:65 "Type application of `::FFI::AutoPointer::Releaser::_Proc` doesn't satisfy the constraints"
data/CHANGELOG.md CHANGED
@@ -1,8 +1,19 @@
1
+ # 2024-10-29 v.1.15.0.0.0
2
+ - Update to libddwaf 1.15.0
3
+ - Changed `Datadog::AppSec::WAF::Context#run` interface to accommodate ephemeral data ([Breaking change](https://github.com/DataDog/libddwaf/blob/master/CHANGELOG.md#v1150-unstable))
4
+
5
+ # 2023-09-11 v.1.14.0.0.0
6
+ - Update to libddwaf 1.14.0
7
+ - Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
8
+
9
+
1
10
  # 2023-08-29 v.1.11.0.0.0
2
11
 
3
12
  - Update to libddwaf 1.11.0
4
- - Rename Handle#ruleset_info to Handle#diagnostics. (Breaking change)
5
- The schema of the new diagnostics variable can be [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
13
+ - Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics`. (Breaking change)
14
+ The schema of the diagnostics variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
15
+ - Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
16
+ The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)
6
17
 
7
18
 
8
19
  # 2023-08-28 v.1.10.0.0.0
data/Steepfile CHANGED
@@ -4,7 +4,6 @@ target :lib do
4
4
  signature "sig"
5
5
 
6
6
  check "lib"
7
- library "rubygems"
8
7
  library "logger"
9
8
  library "monitor" # needed by logger
10
9
  library "json"
data/lib/datadog/appsec/waf/version.rb CHANGED
@@ -2,9 +2,9 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = '1.11.0'
5
+ BASE_STRING = '1.15.0'
6
6
  STRING = "#{BASE_STRING}.0.0"
7
- MINIMUM_RUBY_VERSION = '2.1'
7
+ MINIMUM_RUBY_VERSION = '2.5'
8
8
  end
9
9
  end
10
10
  end
data/lib/datadog/appsec/waf.rb CHANGED
@@ -111,7 +111,10 @@ module Datadog
111
111
  :ddwaf_obj_string, 1 << 2,
112
112
  :ddwaf_obj_array, 1 << 3,
113
113
  :ddwaf_obj_map, 1 << 4,
114
- :ddwaf_obj_bool, 1 << 5
114
+ :ddwaf_obj_bool, 1 << 5,
115
+ :ddwaf_obj_float, 1 << 6,
116
+ :ddwaf_obj_null, 1 << 7
117
+
115
118
  typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
116
119
 
117
120
  typedef :pointer, :charptr
@@ -140,7 +143,8 @@ module Datadog
140
143
  :uintValue, :uint64,
141
144
  :intValue, :int64,
142
145
  :array, :pointer,
143
- :boolean, :bool
146
+ :boolean, :bool,
147
+ :f64, :double
144
148
  end
145
149
 
146
150
  class Object < ::FFI::Struct
@@ -159,11 +163,13 @@ module Datadog
159
163
  attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
160
164
  attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
161
165
  attach_function :ddwaf_object_stringl_nc, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
166
+ attach_function :ddwaf_object_string_from_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
167
+ attach_function :ddwaf_object_string_from_signed, [:ddwaf_object, :int64], :ddwaf_object
162
168
  attach_function :ddwaf_object_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
163
169
  attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
164
- attach_function :ddwaf_object_unsigned_force, [:ddwaf_object, :uint64], :ddwaf_object
165
- attach_function :ddwaf_object_signed_force, [:ddwaf_object, :int64], :ddwaf_object
166
170
  attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
171
+ attach_function :ddwaf_object_null, [:ddwaf_object], :ddwaf_object
172
+ attach_function :ddwaf_object_float, [:ddwaf_object, :double], :ddwaf_object
167
173
 
168
174
  attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
169
175
  attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
@@ -184,6 +190,7 @@ module Datadog
184
190
  attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
185
191
  attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
186
192
  attach_function :ddwaf_object_get_bool, [:ddwaf_object], :bool
193
+ attach_function :ddwaf_object_get_float, [:ddwaf_object], :double
187
194
 
188
195
  ## freeers
189
196
 
@@ -220,7 +227,7 @@ module Datadog
220
227
  attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
221
228
  attach_function :ddwaf_destroy, [:ddwaf_handle], :void
222
229
 
223
- attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
230
+ attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
224
231
 
225
232
  # updating
226
233
 
@@ -239,16 +246,17 @@ module Datadog
239
246
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
240
247
 
241
248
  class Result < ::FFI::Struct
242
- layout :timeout, :bool,
243
- :events, Object,
244
- :actions, Object,
245
- :total_runtime, :uint64
249
+ layout :timeout, :bool,
250
+ :events, Object,
251
+ :actions, Object,
252
+ :derivatives, Object,
253
+ :total_runtime, :uint64
246
254
  end
247
255
 
248
256
  typedef Result.by_ref, :ddwaf_result
249
257
  typedef :uint64, :timeout_us
250
258
 
251
- attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
259
+ attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
252
260
  attach_function :ddwaf_result_free, [:ddwaf_result], :void
253
261
 
254
262
  # logging
@@ -280,7 +288,7 @@ module Datadog
280
288
  LibDDWAF.ddwaf_get_version
281
289
  end
282
290
 
283
- # rubocop:disable Metrics/MethodLength
291
+ # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
284
292
  def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
285
293
  case val
286
294
  when Array
@@ -358,9 +366,9 @@ module Datadog
358
366
  res = if coerce
359
367
  LibDDWAF.ddwaf_object_string(obj, val.to_s)
360
368
  elsif val < 0
361
- LibDDWAF.ddwaf_object_signed_force(obj, val)
369
+ LibDDWAF.ddwaf_object_signed(obj, val)
362
370
  else
363
- LibDDWAF.ddwaf_object_unsigned_force(obj, val)
371
+ LibDDWAF.ddwaf_object_unsigned(obj, val)
364
372
  end
365
373
  if res.null?
366
374
  fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
@@ -369,7 +377,11 @@ module Datadog
369
377
  obj
370
378
  when Float
371
379
  obj = LibDDWAF::Object.new
372
- res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
380
+ res = if coerce
381
+ LibDDWAF.ddwaf_object_string(obj, val.to_s)
382
+ else
383
+ LibDDWAF.ddwaf_object_float(obj, val)
384
+ end
373
385
  if res.null?
374
386
  fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
375
387
  end
@@ -386,16 +398,28 @@ module Datadog
386
398
  fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
387
399
  end
388
400
 
401
+ obj
402
+ when NilClass
403
+ obj = LibDDWAF::Object.new
404
+ res = if coerce
405
+ LibDDWAF.ddwaf_object_string(obj, '')
406
+ else
407
+ LibDDWAF.ddwaf_object_null(obj)
408
+ end
409
+ if res.null?
410
+ fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
411
+ end
412
+
389
413
  obj
390
414
  else
391
415
  ruby_to_object(''.freeze)
392
416
  end
393
417
  end
394
- # rubocop:enable Metrics/MethodLength
418
+ # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
395
419
 
396
420
  def self.object_to_ruby(obj)
397
421
  case obj[:type]
398
- when :ddwaf_obj_invalid
422
+ when :ddwaf_obj_invalid, :ddwaf_obj_null
399
423
  nil
400
424
  when :ddwaf_obj_bool
401
425
  obj[:valueUnion][:boolean]
@@ -405,11 +429,13 @@ module Datadog
405
429
  obj[:valueUnion][:intValue]
406
430
  when :ddwaf_obj_unsigned
407
431
  obj[:valueUnion][:uintValue]
432
+ when :ddwaf_obj_float
433
+ obj[:valueUnion][:f64]
408
434
  when :ddwaf_obj_array
409
435
  (0...obj[:nbEntries]).each.with_object([]) do |i, a|
410
436
  ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
411
437
  e = object_to_ruby(LibDDWAF::Object.new(ptr))
412
- a << e
438
+ a << e # steep:ignore
413
439
  end
414
440
  when :ddwaf_obj_map
415
441
  (0...obj[:nbEntries]).each.with_object({}) do |i, h|
@@ -418,7 +444,7 @@ module Datadog
418
444
  l = o[:parameterNameLength]
419
445
  k = o[:parameterName].read_bytes(l)
420
446
  v = object_to_ruby(LibDDWAF::Object.new(ptr))
421
- h[k] = v
447
+ h[k] = v # steep:ignore
422
448
  end
423
449
  end
424
450
  end
@@ -510,7 +536,7 @@ module Datadog
510
536
  valid!
511
537
 
512
538
  count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
513
- list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
539
+ list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
514
540
 
515
541
  return [] if count == 0 # list is null
516
542
 
@@ -561,14 +587,15 @@ module Datadog
561
587
  end
562
588
 
563
589
  class Result
564
- attr_reader :status, :events, :total_runtime, :timeout, :actions
590
+ attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
565
591
 
566
- def initialize(status, events, total_runtime, timeout, actions)
592
+ def initialize(status, events, total_runtime, timeout, actions, derivatives)
567
593
  @status = status
568
594
  @events = events
569
595
  @total_runtime = total_runtime
570
596
  @timeout = timeout
571
597
  @actions = actions
598
+ @derivatives = derivatives
572
599
  end
573
600
  end
574
601
 
@@ -599,19 +626,32 @@ module Datadog
599
626
  Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
600
627
  end
601
628
 
602
- def run(input, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
629
+ def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
603
630
  valid!
604
631
 
605
- max_container_size = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
606
- max_container_depth = LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH
607
- max_string_length = LibDDWAF::DDWAF_MAX_STRING_LENGTH
632
+ persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
633
+ persistent_data,
634
+ max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
635
+ max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
636
+ max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
637
+ coerce: false
638
+ )
639
+ if persistent_data_obj.null?
640
+ fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
641
+ end
608
642
 
609
- input_obj = Datadog::AppSec::WAF.ruby_to_object(input,
610
- max_container_size: max_container_size,
611
- max_container_depth: max_container_depth,
612
- max_string_length: max_string_length)
613
- if input_obj.null?
614
- fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
643
+ # retain C objects in memory for subsequent calls to run
644
+ retain(persistent_data_obj)
645
+
646
+ ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
647
+ ephemeral_data,
648
+ max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
649
+ max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
650
+ max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
651
+ coerce: false
652
+ )
653
+ if ephemeral_data_obj.null?
654
+ fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
615
655
  end
616
656
 
617
657
  result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
@@ -619,10 +659,7 @@ module Datadog
619
659
  fail LibDDWAF::Error, "Could not create result object"
620
660
  end
621
661
 
622
- # retain C objects in memory for subsequent calls to run
623
- retain(input_obj)
624
-
625
- code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
662
+ code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
626
663
 
627
664
  result = Result.new(
628
665
  RESULT_CODE[code],
@@ -630,6 +667,7 @@ module Datadog
630
667
  result_obj[:total_runtime],
631
668
  result_obj[:timeout],
632
669
  Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
670
+ Datadog::AppSec::WAF.object_to_ruby(result_obj[:derivatives]),
633
671
  )
634
672
 
635
673
  [RESULT_CODE[code], result]