libddwaf 1.14.0.0.0 → 1.15.0.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '058fd59aa02f0d4be3c917d5a01d68c868cb41b77c903ee28d7b2106e5945f02'
-  data.tar.gz: 5dcaa2c486a0de0ca591ca06775d29184b3a8d9f6da539fed1cfa583ad86db9e
+  metadata.gz: 5c43525cce0eabb3c9e5f98ca93309313d81dceeb0f905b07ec98039dcff622e
+  data.tar.gz: 61db3b159cbebdfa9b93c6d09c974538765ef046077586550b14cfebcd219033
 SHA512:
-  metadata.gz: 0107d27ac04857784db5e789374a5b370d1afb92ec80cb31ed1289e154665c6216c20cbf7b4dc6a557db3cd14e65ebab38e4d52ed503f14b3c87d91b1869c32b
-  data.tar.gz: 5e7fe5e71a1a570705b5b950010e57b17c8c4bd1976fd7e97f35cc07eb7d0ac193198d52937950f88d609f4722b89551c4f79fe07dba11aaf2ef98cdbe54db07
+  metadata.gz: fbda3101720816799e5857a4efaaf7d97522f085b3be2fbd10451856db83624270893700fe41f0eb0af3a9c6758557c230417f7688441d30ba98c2503df999c7
+  data.tar.gz: 796c08137efa8662676e83552cb0b37f75bd7f80ef2b6f73875c2c77ba28f2c2ca1705b515661ea3e96fc72c2df9ef6598dc49af22951df41f90a2a133c175f4

data/.github/actions/docker-build-ruby/Dockerfile

@@ -0,0 +1,5 @@
+ARG RUBY_VERSION
+
+FROM ruby:${RUBY_VERSION:-2.5}
+
+RUN gem update --system 3.3.27

data/.github/actions/docker-build-ruby/Dockerfile.alpine

@@ -0,0 +1,7 @@
+ARG RUBY_VERSION
+
+FROM ruby:${RUBY_VERSION:-2.5}-alpine
+
+RUN apk add --no-cache build-base git
+
+RUN gem update --system 3.3.27

data/.github/actions/docker-build-ruby/Dockerfile.jruby

@@ -0,0 +1,6 @@
+ARG RUBY_VERSION
+
+FROM jruby:${RUBY_VERSION:-9.2}
+
+RUN apt-get update
+RUN apt-get install -y build-essential git

data/.github/actions/docker-build-ruby/action.yml

@@ -0,0 +1,57 @@
+name: Build docker image
+description:
+  Github Actions does not support setting the platform for the container yet.
+  This action builds the image for the specified architecture and libc.
+
+inputs:
+  ruby-version:
+    description: Ruby version
+    required: true
+
+  arch:
+    description: Build architecture
+    required: true
+
+  libc:
+    description: Which libc is used
+    required: true
+
+  jruby:
+    description: Whether to use JRuby
+    required: false
+    default: "false"
+
+outputs:
+  run-cmd:
+    description: Command to run the container
+    value: ${{ steps.set-run-cmd.outputs.run-cmd }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+      with:
+        platforms: ${{ inputs.arch }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build image
+      uses: docker/build-push-action@v6
+      with:
+        file: .github/actions/docker-build-ruby/Dockerfile${{ inputs.libc == 'musl' && '.alpine' || '' }}${{ inputs.jruby == 'true' && '.jruby' || '' }}
+        build-args: |
+          "RUBY_VERSION=${{ inputs.ruby-version }}"
+        push: false
+        load: true
+        tags: libddwaf-rb-test:latest
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        platforms: linux/${{ inputs.arch }}
+
+    - name: Set run-cmd output
+      id: set-run-cmd
+      shell: bash
+      run: |
+        echo "run-cmd=docker run --platform linux/${{ inputs.arch }} -v gems:/usr/local/bundle -v ${{ github.workspace }}:/libddwaf-rb -w /libddwaf-rb libddwaf-rb-test:latest" >> "$GITHUB_OUTPUT"

data/.github/workflows/lint.yml

@@ -5,29 +5,30 @@ on:
 jobs:
   style-check:
     name: Style check
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     container:
-      image: ruby:3.1
+      image: ruby:3.3
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+
       - name: Bundle
-        run: |
-          bundle install
+        run: bundle install
+
       - name: Run Rubocop
-        run: |
-          bundle exec rubocop -D
+        run: bundle exec rubocop -D
+
   type-check:
     name: Type check
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     container:
-      image: ruby:3.1
+      image: ruby:3.3
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+
       - name: Bundle
-        run: |
-          bundle install
+        run: bundle install
+
       - name: Run Steep
-        run: |
-          bundle exec steep check
+        run: bundle exec rake steep:check

data/.github/workflows/package.yml

@@ -3,213 +3,132 @@ on:
   - push
 
 jobs:
-  package-ruby:
+  test-rake-build:
     strategy:
       fail-fast: false
       matrix:
+        os: [ubuntu-24.04]
+        ruby: ["3.3"]
+        arch: [amd64, arm64]
+        libc: [gnu]
         include:
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: ruby
-    name: Build package (${{ matrix.platform }})
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install Linux build tools
-        if: ${{ startsWith(matrix.os, 'ubuntu-') }}
-        run: sudo apt-get install -y ruby ruby-bundler
-      - name: Bundle
-        run: |
-          bundle install
-      - name: Build gem
-        run: |
-          bundle exec rake build
-      - name: Upload gem
-        uses: actions/upload-artifact@v2
-        with:
-          name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
-          path: pkg
-  package-binary:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux:llvm
-            artifact: x86_64-linux-llvm
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux:llvm
-            artifact: aarch64-linux-llvm
-          - os: ubuntu-20.04
-            cpu: universal
-            platform: java
-            artifact: java
-          - os: macos-12
-            cpu: x86_64
-            platform: x86_64-darwin
-            artifact: x86_64-darwin
-          - os: macos-12
-            cpu: arm64
-            platform: arm64-darwin
-            artifact: arm64-darwin
-    name: Build package (${{ matrix.platform }})
+          - arch: amd64
+            platform: x86_64-linux
+          - arch: arm64
+            platform: aarch64-linux
+
+    name: Test build without fetching libddwaf (Ruby ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
     runs-on: ${{ matrix.os }}
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install Linux build tools
-        if: ${{ startsWith(matrix.os, 'ubuntu-') }}
-        run: sudo apt-get install -y ruby ruby-bundler
-      - name: Bundle
-        run: |
-          bundle install
-      - name: Build binary gem
-        run: |
-          bundle exec rake binary[${{ matrix.platform }}]
-      - name: Upload gem
-        uses: actions/upload-artifact@v2
-        with:
-          name: libddwaf-${{ matrix.artifact }}-${{ github.run_id }}-${{ github.sha }}
-          path: pkg
-  test-ruby:
-    needs: package-ruby
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: ruby
-            image: ruby:2.6
-            qemu: amd64
-            libc: gnu
-    name: Test package (${{ matrix.platform }}-${{ matrix.libc }})
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Enable ${{ matrix.qemu }} platform
-        id: qemu
-        if: ${{ matrix.cpu != 'amd64' }}
-        run: |
-          docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
-          echo "::set-output name=platforms::$(cat platforms.json)"
-      - name: Start container
-        id: container
-        run: |
-          echo ${{ matrix.image }} > container_image
-          docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
-          docker exec -w "${PWD}" $(cat container_id) uname -a
-          echo "::set-output name=id::$(cat container_id)"
-      - uses: actions/download-artifact@v2
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        id: build-image
+        uses: ./.github/actions/docker-build-ruby
         with:
-          name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
-          path: pkg
+          ruby-version: ${{ matrix.ruby }}
+          arch: ${{ matrix.arch }}
+          libc: ${{ matrix.libc }}
+
+      - name: Bundle install
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle install
+
+      - name: Build gem
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake build
+
       - name: List artifact files
         run: find .
         working-directory: pkg
+
       - name: Install gem
-        run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
+        run: ${{ steps.build-image.outputs.run-cmd }} gem install --verbose pkg/*.gem
+
       - name: Run smoke test
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -e 'begin require "libddwaf"; rescue LoadError => e; puts e.message; else fail "loaded when it should not"; end'
-  test-linux:
-    needs: package-binary
+        run: ${{ steps.build-image.outputs.run-cmd }} ruby -e 'begin require "libddwaf"; rescue LoadError => e; puts e.message; else fail "loaded when it should not"; end'
+
+  test-rake-binary:
     strategy:
       fail-fast: false
       matrix:
+        os: [ubuntu-24.04]
+        ruby: ["3.3", "9.4"]
+        arch: [amd64, arm64]
+        libc: [gnu, musl]
         include:
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            artifact: x86_64-linux-llvm
-            image: ruby:2.6
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            artifact: aarch64-linux-llvm
-            image: ruby:2.6
-            qemu: aarch64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            artifact: x86_64-linux-llvm
-            image: ruby:2.6-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            artifact: aarch64-linux-llvm
-            image: ruby:2.6-alpine
-            qemu: aarch64
+          - arch: amd64
+            platform: x86_64-linux:llvm
+          - arch: arm64
+            platform: aarch64-linux:llvm
+          - ruby: 3.3
+            jruby: false
+          - ruby: 9.4
+            jruby: true
+        exclude:
+          - ruby: 9.4
             libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: java
-            artifact: java
-            image: jruby:9.3.0.0
-            qemu: amd64
-            libc: gnu
-    name: Test package (${{ matrix.platform }}, ${{ matrix.libc }}, ${{ matrix.cpu }})
+
+    name: Test gem build (${{ matrix.jruby == true && 'Jruby' || 'Ruby'}} ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
     runs-on: ${{ matrix.os }}
+
     steps:
-      - name: Enable ${{ matrix.qemu }} platform
-        id: qemu
-        if: ${{ matrix.cpu != 'amd64' }}
-        run: |
-          docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
-          echo "::set-output name=platforms::$(cat platforms.json)"
-      - name: Start container
-        id: container
-        run: |
-          echo ${{ matrix.image }} > container_image
-          docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
-          docker exec -w "${PWD}" $(cat container_id) uname -a
-          echo "::set-output name=id::$(cat container_id)"
-      - uses: actions/download-artifact@v2
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        id: build-image
+        uses: ./.github/actions/docker-build-ruby
         with:
-          name: libddwaf-${{ matrix.artifact }}-${{ github.run_id }}-${{ github.sha }}
-          path: pkg
+          ruby-version: ${{ matrix.ruby }}
+          arch: ${{ matrix.arch }}
+          libc: ${{ matrix.libc }}
+          jruby: ${{ matrix.jruby }}
+
+      - name: Bundle install
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle install
+
+      - name: Build binary gem
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake binary[${{ matrix.platform }}]
+
       - name: List artifact files
         run: find .
         working-directory: pkg
-      - name: Install Alpine system dependencies
-        if: ${{ matrix.libc == 'musl' }}
-        run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} apk add --no-cache build-base
+
       - name: Install gem
-        run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} gem install --verbose pkg/*.gem
+        run: ${{ steps.build-image.outputs.run-cmd }} gem install --verbose pkg/*.gem
+
       - name: Run smoke test
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'
-  test-darwin:
-    needs: package-binary
+        run: ${{ steps.build-image.outputs.run-cmd }} ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'
+
+  test-rake-binary-on-darwin:
     strategy:
       fail-fast: false
       matrix:
+        os: [macos-15, macos-15-large]
         include:
-          - os: macos-12
-            cpu: x86_64
+          - os: macos-15
+            platform: arm64-darwin
+          - os: macos-15-large
             platform: x86_64-darwin
-        # - os: macos-12
-        #   cpu: arm64
-        #   platform: arm64-darwin
-    name: Test package (${{ matrix.platform }})
+
+    name: Test gem build (${{ matrix.os }})
     runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: libddwaf-${{ matrix.platform }}-${{ github.run_id }}-${{ github.sha }}
-          path: pkg
-      - name: List artifact files
-        run: find .
-        working-directory: pkg
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Bundle
+        run: bundle install
+
+      - name: Build binary gem
+        run: bundle exec rake binary[${{ matrix.platform }}]
+
       - name: Install gem
         run: gem install --verbose pkg/*.gem
+
       - name: Run smoke test
-        run: |
-          ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'
+        run: ruby -r 'libddwaf' -e 'p Datadog::AppSec::WAF::LibDDWAF.ddwaf_get_version'

data/.github/workflows/test.yml

@@ -3,220 +3,116 @@ on:
   - push
 
 jobs:
-  test-linux:
+  test-cruby-linux:
     strategy:
       fail-fast: false
       matrix:
+        os: [ubuntu-24.04]
+        ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2", "3.3"]
+        arch: [amd64, arm64]
+        libc: [gnu, musl]
         include:
-          - os: ubuntu-20.04
-            cpu: x86_64
+          - arch: amd64
             platform: x86_64-linux
-            image: ruby:3.1
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
+          - arch: arm64
             platform: aarch64-linux
-            image: ruby:3.1
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:3.0
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:3.0
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.7
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:2.7
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.6
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:2.6
-            qemu: arm64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.5
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.4
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.3
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.2
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.1
-            qemu: amd64
-            libc: gnu
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:3.1-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:3.1-alpine
-            qemu: arm64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:3.0-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:3.0-alpine
-            qemu: arm64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
-            platform: x86_64-linux
-            image: ruby:2.7-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
-            platform: aarch64-linux
-            image: ruby:2.7-alpine
-            qemu: arm64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: x86_64
+
+    name: Test (Ruby ${{ matrix.ruby }}, ${{ matrix.arch }}, ${{ matrix.libc }})
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        id: build-image
+        uses: ./.github/actions/docker-build-ruby
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          arch: ${{ matrix.arch }}
+          libc: ${{ matrix.libc }}
+
+      - name: Bundle install
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle install
+
+      - name: Fetch binary library
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake fetch[${{ matrix.platform }}]
+
+      - name: Extract binary library
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake extract[${{ matrix.platform }}]
+
+      - name: Run specs
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake spec
+
+  test-jruby-linux:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-24.04]
+        jruby: ["9.3", "9.4"]
+        arch: [amd64, arm64]
+        include:
+          - arch: amd64
             platform: x86_64-linux
-            image: ruby:2.6-alpine
-            qemu: amd64
-            libc: musl
-          - os: ubuntu-20.04
-            cpu: aarch64
+          - arch: arm64
             platform: aarch64-linux
-            image: ruby:2.6-alpine
-            qemu: arm64
-            libc: musl
-        # TODO: jruby images have no sudo so apt-get can't get a lock
-        # - os: ubuntu-20.04
-        #   cpu: x86_64
-        #   platform: x86_64-linux-gnu
-        #   image: jruby:9.3.0.0
-        #   qemu: amd64
-        #   libc: gnu
-        # - os: ubuntu-20.04
-        #   cpu: x86_64
-        #   platform: x86_64-linux-gnu
-        #   image: jruby:9.2.8.0
-        #   qemu: amd64
-        #   libc: gnu
-        # - os: ubuntu-20.04
-        #   cpu: x86_64
-        #   platform: aarch64-linux-gnu
-        #   image: jruby:9.3.4.0
-        #   qemu: arm64
-        #   libc: gnu
-    name: Test (${{ matrix.image }}, ${{ matrix.cpu }})
+
+    name: Test (Jruby ${{ matrix.jruby }}, ${{ matrix.arch }})
     runs-on: ${{ matrix.os }}
+
     steps:
-      - name: Enable ${{ matrix.qemu }} platform
-        id: qemu
-        if: ${{ matrix.cpu != 'amd64' }}
-        run: |
-          docker run --privileged --rm tonistiigi/binfmt:latest --install ${{ matrix.qemu }} | tee platforms.json
-          echo "::set-output name=platforms::$(cat platforms.json)"
-      - name: Start container
-        id: container
-        run: |
-          echo ${{ matrix.image }} > container_image
-          docker run --rm -d -v "${PWD}":"${PWD}" -w "${PWD}" --platform linux/${{ matrix.qemu }} ${{ matrix.image }} /bin/sleep 64d | tee container_id
-          docker exec -w "${PWD}" $(cat container_id) uname -a
-          echo "::set-output name=id::$(cat container_id)"
-      - name: Install Alpine system dependencies
-        if: ${{ matrix.libc == 'musl' }}
-        run: docker exec -w "${PWD}" ${{ steps.container.outputs.id }} apk add --no-cache build-base git
-      - name: Install JRuby system dependencies
-        if: ${{ startsWith(matrix.image, 'jruby') }}
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} sudo apt-get update
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} sudo apt-get install -y build-essential git
       - name: Checkout
-        uses: actions/checkout@v2
-      - name: Bundle
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle install
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        id: build-image
+        uses: ./.github/actions/docker-build-ruby
+        with:
+          ruby-version: ${{ matrix.jruby }}
+          jruby: true
+          arch: ${{ matrix.arch }}
+          libc: gnu
+
+      - name: Bundle install
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle install
+
       - name: Fetch binary library
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake fetch[${{ matrix.platform }}]
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake fetch[${{ matrix.platform }}]
+
       - name: Extract binary library
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake extract[${{ matrix.platform }}]
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake extract[${{ matrix.platform }}]
+
       - name: Run specs
-        run: |
-          docker exec -w "${PWD}" ${{ steps.container.outputs.id }} bundle exec rake spec
+        run: ${{ steps.build-image.outputs.run-cmd }} bundle exec rake spec
+
   test-darwin:
     strategy:
       fail-fast: false
       matrix:
+        os: [macos-15, macos-15-large]
         include:
-          - os: macos-12
-            cpu: x86_64
+          - os: macos-15
+            platform: arm64-darwin
+          - os: macos-15-large
             platform: x86_64-darwin
-        # - os: macos-12
-        #   cpu: arm64
-        #   platform: arm64-darwin
-    name: Test (${{ matrix.os }} ${{ matrix.cpu }})
+
+    name: Test (${{ matrix.os }})
     runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
       - name: Bundle
-        run: |
-          bundle install
+        run: bundle install
+
       - name: Fetch binary library
-        run: |
-          bundle exec rake fetch[${{ matrix.platform }}]
+        run: bundle exec rake fetch[${{ matrix.platform }}]
+
       - name: Extract binary library
-        run: |
-          bundle exec rake extract[${{ matrix.platform }}]
-      - name: Run specs
-        run: |
-          bundle exec rake spec
+        run: bundle exec rake extract[${{ matrix.platform }}]
 
+      - name: Run specs
+        run: bundle exec rake spec

data/.gitignore

@@ -1,7 +1,10 @@
-Gemfile.lock
 /.envrc
 /vendor/bundle
 /vendor/libddwaf
 /pkg
+/tmp
 *.gem
 *.vim
+.ruby-version
+.github-token
+Gemfile.lock

data/.steepignore

@@ -0,0 +1,4 @@
+ffi/library.rbs:36:45 "Type `::FFI::DataConverter` is generic but used as a non generic type"
+ffi/struct.rbs:5:15 "Type application of `::FFI::Type::Mapped` doesn't satisfy the constraints"
+ffi/struct.rbs:23:29 "Type application of `::FFI::Type::Mapped` doesn't satisfy the constraints"
+ffi/auto_pointer.rbs:15:65 "Type application of `::FFI::AutoPointer::Releaser::_Proc` doesn't satisfy the constraints"

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# 2024-10-29 v.1.15.0.0.0
+- Update to libddwaf 1.15.0
+- Changed `Datadog::AppSec::WAF::Context#run` interface to accommodate ephemeral data ([Breaking change](https://github.com/DataDog/libddwaf/blob/master/CHANGELOG.md#v1150-unstable))
+
 # 2023-09-11 v.1.14.0.0.0
 - Update to libddwaf 1.14.0
 - Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
@@ -6,7 +10,7 @@
 # 2023-08-29 v.1.11.0.0.0
 
 - Update to libddwaf 1.11.0
-- Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics``. (Breaking change)
+- Changed `Datadog::AppSec::WAF::Handle#ruleset_info` to `Datadog::AppSec::WAF::Handle#diagnostics`. (Breaking change)
   The schema of the diagnostics variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/diagnostics.json)
 - Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
   The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)

data/lib/datadog/appsec/waf/version.rb

@@ -2,9 +2,9 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.14.0'
+        BASE_STRING = '1.15.0'
         STRING = "#{BASE_STRING}.0.0"
-        MINIMUM_RUBY_VERSION = '2.1'
+        MINIMUM_RUBY_VERSION = '2.5'
       end
     end
   end

data/lib/datadog/appsec/waf.rb

@@ -227,7 +227,7 @@ module Datadog
         attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
 
-        attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
+        attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
 
         # updating
 
@@ -256,7 +256,7 @@ module Datadog
         typedef Result.by_ref, :ddwaf_result
         typedef :uint64, :timeout_us
 
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
+        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
         attach_function :ddwaf_result_free, [:ddwaf_result], :void
 
         # logging
@@ -435,7 +435,7 @@ module Datadog
           (0...obj[:nbEntries]).each.with_object([]) do |i, a|
             ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
             e = object_to_ruby(LibDDWAF::Object.new(ptr))
-            a << e
+            a << e # steep:ignore
           end
         when :ddwaf_obj_map
           (0...obj[:nbEntries]).each.with_object({}) do |i, h|
@@ -444,7 +444,7 @@ module Datadog
             l = o[:parameterNameLength]
             k = o[:parameterName].read_bytes(l)
             v = object_to_ruby(LibDDWAF::Object.new(ptr))
-            h[k] = v
+            h[k] = v # steep:ignore
           end
         end
       end
@@ -536,7 +536,7 @@ module Datadog
           valid!
 
           count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
-          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
+          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
 
           return [] if count == 0 # list is null
 
@@ -626,20 +626,32 @@ module Datadog
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
         end
 
-        def run(input, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
+        def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
           valid!
 
-          max_container_size  = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
-          max_container_depth = LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH
-          max_string_length   = LibDDWAF::DDWAF_MAX_STRING_LENGTH
-
-          input_obj = Datadog::AppSec::WAF.ruby_to_object(input,
-                                                          max_container_size: max_container_size,
-                                                          max_container_depth: max_container_depth,
-                                                          max_string_length: max_string_length,
-                                                          coerce: false)
-          if input_obj.null?
-            fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
+          persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
+            persistent_data,
+            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
+            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
+            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
+            coerce: false
+          )
+          if persistent_data_obj.null?
+            fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
+          end
+
+          # retain C objects in memory for subsequent calls to run
+          retain(persistent_data_obj)
+
+          ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
+            ephemeral_data,
+            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
+            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
+            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
+            coerce: false
+          )
+          if ephemeral_data_obj.null?
+            fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
           end
 
           result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
@@ -647,10 +659,7 @@ module Datadog
             fail LibDDWAF::Error, "Could not create result object"
           end
 
-          # retain C objects in memory for subsequent calls to run
-          retain(input_obj)
-
-          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
+          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
 
           result = Result.new(
             RESULT_CODE[code],

data/libddwaf-releases.sha256

@@ -0,0 +1,126 @@
+8fcbd4b5206708bf0791c696e6ecc08b22df212e449482f08418c9b5984493bc  libddwaf-1.20.0-darwin-arm64.tar.gz
+dfdad3eca35939d9a97ee8be12bc5aba6f6f4c93ac78e20a95988e51a0297d9f  libddwaf-1.20.0-darwin-x86_64.tar.gz
+b44da32816d95c53d346e43294f973fe3c0215a8ebfe8ea680cbcc5713aeba61  libddwaf-1.19.1-darwin-arm64.tar.gz
+1ad0cea489f34b6f92d0abf90016c589eca78a7a944705fbaaa495ccc8350052  libddwaf-1.19.1-darwin-x86_64.tar.gz
+a5fb14fc7633f3243bf300e8df719add5ae9a9c44404bd97d3e93b13de35c3e9  libddwaf-1.19.0-darwin-arm64.tar.gz
+a7db7942142501cef89b922ebc467b1b92e93b9e0f039e70356c991c870d693c  libddwaf-1.19.0-darwin-x86_64.tar.gz
+3251b4912d77185c03ed3a396bbeb71a6d6b2ea4cb3894553a2d3672dacae9f0  libddwaf-1.18.0-darwin-arm64.tar.gz
+f7a3b797369dc6729efd8f501a3dfd6a852eb729ebb98f963305509489080fb0  libddwaf-1.18.0-darwin-x86_64.tar.gz
+4cad0bd952be1688fbe4ca3f673a3dc7913d1e9aafae05698f4a29bfd07580ea  libddwaf-1.17.0-darwin-arm64.tar.gz
+ba89513b2d17d74adb6af3fbb8815c5d1839970a13bae0222bcea0215b4d68d8  libddwaf-1.17.0-darwin-x86_64.tar.gz
+c833255a79cacb01893a4f511562e82ef79c6a03626eeed853093fcb5ab88212  libddwaf-1.16.1-darwin-arm64.tar.gz
+4f9a63e202eafe97e6fb2a6313a85aadbcb5b3ddde8fd4125e2a63d7502ed101  libddwaf-1.16.1-darwin-x86_64.tar.gz
+7cb57b8c0736ed9ecbe78acd855715b1f0dd50c3b038c3084edf672a448be9e7  libddwaf-1.16.0-darwin-arm64.tar.gz
+0b777b1112ffc746cb58fb24b602bf6ebf8e21b50d5975e4f6f678e4a271bc31  libddwaf-1.16.0-darwin-x86_64.tar.gz
+ab0165c7aee2ff8ab717c3ad578f3212a98b6995eb0ae26d76495a91dcce5c12  libddwaf-1.15.1-darwin-arm64.tar.gz
+318cf177c0b01d2bfc06eb6d32cba5be4971b796856a587f65e54a309128c496  libddwaf-1.15.1-darwin-x86_64.tar.gz
+b07616b5f25327ec9b3bb9c52e239a54cdf1ea262b71882a187ec5d53c70f597  libddwaf-1.15.1-linux-aarch64.tar.gz
+ed3b4a83494426cbdde236fd2806124eb94215540eb75894e13e7f083ddf5a70  libddwaf-1.15.1-linux-x86_64.tar.gz
+3f6bbc5ab68677afc8f8132526d1ad2749025012fcb1272b044064d646e4a5e9  libddwaf-1.15.0-darwin-arm64.tar.gz
+405eb9d6ce6e85464e5bd57312ed894896457f7535ede476fded2af0a4d860a6  libddwaf-1.15.0-darwin-x86_64.tar.gz
+0e0d9f81787588b05443ab1e64c0e8a2d2f695877b3601f4f60e6fd0342eb22d  libddwaf-1.15.0-linux-aarch64.tar.gz
+18b1a18949c04896b0831989a6b662bcd83ccaac816c488a7936efa2b8d79c84  libddwaf-1.15.0-linux-x86_64.tar.gz
+d9cd1c92a3a814b8f3c4f92f7dce3037904c2650fcff52019121b0a7c56a5106  libddwaf-1.14.0-darwin-arm64.tar.gz
+9bea4519fabd0d740ad45050654aef92b3c33ede2ea76e0c616adfb4b2aff828  libddwaf-1.14.0-darwin-x86_64.tar.gz
+e54bd624459158c33f62c846399ccaf7ae851b039cb2daa727949ab5b1d50ff5  libddwaf-1.14.0-linux-aarch64.tar.gz
+0e56a381e81cbdf8d8375d42642ee31ac46e576c7e4ad9e72d0b7d214c0f9874  libddwaf-1.14.0-linux-x86_64.tar.gz
+6a1cfc375a3ea7604ff5bd939e095b41e77699e704a8762ccbc4fd1b85582ee5  libddwaf-1.13.1-darwin-arm64.tar.gz
+9176e0d141bab2aa47d7863be8b117fec2b7fc67da3e9d871fab2e5db6dbbfd0  libddwaf-1.13.1-darwin-x86_64.tar.gz
+77dedffe5551b81bbdcc7026d25a671e4a1784d14e36b05d056d014355287d67  libddwaf-1.13.1-linux-aarch64.tar.gz
+2e70feb65d8421004b1e4f74b3d6cad88508b9ba52196892c6e83ab7279df649  libddwaf-1.13.1-linux-x86_64.tar.gz
+038ac9074f88d9368da2fe698e3ed1d32cc623c613fffa72ce14186a4507f15a  libddwaf-1.13.0-darwin-arm64.tar.gz
+a3d1dde5d9869d1f3e70068c19a3fa519c78779066e4a359983b0166d229c083  libddwaf-1.13.0-darwin-x86_64.tar.gz
+3dd4bb27203dda509894ea777721ae2b57b715615f6ec7a58f4f6cca0dd379e9  libddwaf-1.13.0-linux-aarch64.tar.gz
+b440cb801d5951ac80c0eb87e16a0fca80b9f3e7afc3fcda93b8b9adb2191b93  libddwaf-1.13.0-linux-x86_64.tar.gz
+3cc006b295db487505737b81a1fa3d1acbf75605242fd5c983c35d81d8ae1ce1  libddwaf-1.12.0-darwin-arm64.tar.gz
+8da70f572c893b16c42a596de1bad994d39c657f468d951f1d9ac93965094cc4  libddwaf-1.12.0-darwin-x86_64.tar.gz
+7bb076e298041bbe5a45291b280ab8e4680523f59afe655cdec26a03f3ab2b44  libddwaf-1.12.0-linux-aarch64.tar.gz
+847f6b17fc6bd508e66c8c8198877f03e7397141db506150052bcdfa11161b90  libddwaf-1.12.0-linux-x86_64.tar.gz
+a50d087d5b8f6d3b4bc72d4ef85e8004c06b179f07e5974f7849ccb552b292c8  libddwaf-1.11.0-darwin-arm64.tar.gz
+e1285b9a62393a4a37fad16b49812052b9eed95920ffe4cd591e06ac27ed1b32  libddwaf-1.11.0-darwin-x86_64.tar.gz
+92a0a64daa00376b127dfe7d7f02436f39a611325113e212cf2cdafddd50053a  libddwaf-1.11.0-linux-aarch64.tar.gz
+7a0682c2e65cec7540d04646621d6768bc8f42c5ff22da2a0d20801b51ad442a  libddwaf-1.11.0-linux-x86_64.tar.gz
+4ddecf38ca0a2048088dbbf663dc66c053fb243504be0000c44dfa802f15788f  libddwaf-1.10.0-darwin-arm64.tar.gz
+f2bc8ed671cfa0662ed45cf3895cb4dd7fa0c8e9cdf4d2fe2b59eda9e9589813  libddwaf-1.10.0-darwin-x86_64.tar.gz
+d74ebadd09a11cb342082d763439dd235be4583f52b8f597369640cc5daa60c6  libddwaf-1.10.0-linux-aarch64.tar.gz
+a51c63ea0d0223df5b7b0d7d9abc608cf63f65b5aebbbb1acba7bd667e4f1335  libddwaf-1.10.0-linux-x86_64.tar.gz
+dbec69fbfd383266566f6bb2d9e033a88baab9bfc97b2ab552fbc22626b65b5a  libddwaf-1.9.0-darwin-arm64.tar.gz
+fbb00c3dad779141ef037238315aab84adac5abfffb7944b19e5493d432ea43c  libddwaf-1.9.0-darwin-x86_64.tar.gz
+3869b807be750bc71359e1add277635afecc20ea8609e3fc4c0c9722a68b709f  libddwaf-1.9.0-linux-aarch64.tar.gz
+a1e7422116d318883ad43942d7416bbe3e92797e60840336a98d1100487de912  libddwaf-1.9.0-linux-x86_64.tar.gz
+f7a18df1716241dcee10ff1289ba67fc377e60c5eaf6b2774b765432e0874e72  libddwaf-1.8.2-darwin-arm64.tar.gz
+c1fbf821396c9ba62deeae9719aff9ecb6a904f77b7d68c95de4eb759fb646ac  libddwaf-1.8.2-darwin-x86_64.tar.gz
+fee446827b2971454be992fa99284fb5b5d2609dd2cefba4c331fa1b53bc7faf  libddwaf-1.8.2-linux-aarch64.tar.gz
+106d5830b9011df1d7257d70ca1016a5970c8f287e75e0ad00d67e821c9ff04c  libddwaf-1.8.2-linux-x86_64.tar.gz
+6857f59b84f1673413cb1525f54eaed7ace291943d8df388841538be05181191  libddwaf-1.8.1-darwin-arm64.tar.gz
+2460a62559b3c6759c18b789d11687da8aaaddfc9e3f433cb1653d57c775f0ae  libddwaf-1.8.1-darwin-x86_64.tar.gz
+014709b614f6543f0787a60216ae51fee786974214882678d7e23ebd95987ebb  libddwaf-1.8.1-linux-aarch64.tar.gz
+658b79ebe9e4581b80d138043f6c60bbd336a4300eb5baf18fa5f204b4f9fb22  libddwaf-1.8.1-linux-x86_64.tar.gz
+d2a4668f8d48d9c9f40fbe2e6398ac1a5553b3e19864c68571b9044aef6e2fc4  libddwaf-1.8.0-darwin-arm64.tar.gz
+9afaec4a2430c5409b2b819cdcd5a48e2ad759983a838db6d9c2b14319574c86  libddwaf-1.8.0-darwin-x86_64.tar.gz
+b86ff8893f4e53a6753c3991125faf31d366cdeb93d17067756dd9ce8e44f42c  libddwaf-1.8.0-linux-aarch64.tar.gz
+10a2a4a53cb03827ce605753e6bb113176bcd4bbc6f546e1bf7c0e0d076dc3fb  libddwaf-1.8.0-linux-x86_64.tar.gz
+2a1aca6b67614c6199e775bb22c6c67544d55bd6487b824ae0899cd42399f3f7  libddwaf-1.7.0-darwin-arm64.tar.gz
+f91f587c679183a2d9c22d0e90f2275760d544f84ff2aff2b54d897d563e93e6  libddwaf-1.7.0-darwin-x86_64.tar.gz
+3db729225f3a21eab5ad6996b7b4d261e1fda2904148424ae37de4a97837f6ba  libddwaf-1.7.0-linux-aarch64.tar.gz
+854fda937a0ca298795a79e63623a762afe013fd3f76b6aae58eee1211b56da5  libddwaf-1.7.0-linux-x86_64.tar.gz
+e0a990b9d62aae46d0cf726fdb77550e42e95bb04660d8c0099fd42356fb251c  libddwaf-1.6.2-darwin-arm64.tar.gz
+6c29cc7729fd04821e19cecfa9bd5180d863baeb44a12a24ea2aa3a6d06c39c6  libddwaf-1.6.2-darwin-x86_64.tar.gz
+db08e8c7f3e949e17c57934efa3ac10c9241ab4786b4ba2996c24df58f7cb3f0  libddwaf-1.6.2-linux-aarch64.tar.gz
+a667df7c9a7ae36ab6eecf759845abdb4dcc8ebb593a43af0698eb70aa9f89ca  libddwaf-1.6.2-linux-x86_64.tar.gz
+a1518e7a4d93842e1edb07b7b878b36063b3cd073b02e02610d3e5274378cb54  libddwaf-1.6.1-darwin-arm64.tar.gz
+aeb6e4698522fb73bfda1a61b1ace7c65bcc7d6cd95e336786cf5f8016e26049  libddwaf-1.6.1-darwin-x86_64.tar.gz
+8b7bfd3a078500fdf0f7667deb0d87df6122f9ca52fb33195f19cd3303817033  libddwaf-1.6.1-linux-aarch64.tar.gz
+fbd4d7a97d5fbc4d5bf10a2041dcd30296deb708e680efe85c3023c6db07ba37  libddwaf-1.6.1-linux-x86_64.tar.gz
+817567043187e797fe7ce102dd3c5f8d5c6e4c19a76bbced5ab183dbf091a4d8  libddwaf-1.5.1-darwin-arm64.tar.gz
+17052d22a29853edad9d064edfc4e9978a4f32d4d9c7d6f62d7e0bab3a775845  libddwaf-1.5.1-darwin-x86_64.tar.gz
+73b18be793ba2efcae7b7a43c5e7c3ed94a0b2bbb7c56b177ca698c4a378fbd6  libddwaf-1.5.1-linux-aarch64.tar.gz
+782f5c0cff725d5afbbea2a255a2690397a8d85cff0199626ff5f0197d6813ee  libddwaf-1.5.1-linux-x86_64.tar.gz
+cd5bce11dee1951b5c72dbaa862a7c04cefecadff6737231b4da979994f47883  libddwaf-1.3.0-darwin-arm64.tar.gz
+7c1a66308d8977233761ad35cccf96bdd3c6ef3b7b3e7e978176abfe626d96d5  libddwaf-1.3.0-darwin-x86_64.tar.gz
+f173e4037a55ea8abbe05728672bea9707579a4ae75f2ceee8e64d560da312a8  libddwaf-1.3.0-linux-aarch64.tar.gz
+54da81f96a11cc40fd40f1adb569d4d41651da27c0a123202d71823a661a14b6  libddwaf-1.3.0-linux-x86_64.tar.gz
+5be84523ab84230344abff397dfd0fc7445c6619d41402601da3b81b62f15e34  libddwaf-1.2.1-darwin-arm64.tar.gz
+2c3ff1eadc4d9d3fc2fdca6f8795409dd9f11f12e3d98108c59fb6c3d34b0bdf  libddwaf-1.2.1-darwin-x86_64.tar.gz
+88111f8f33b5206ac60a6b886c1cda5197ba085f48c5c2cbe5ff3eafb7baa461  libddwaf-1.2.1-linux-aarch64.tar.gz
+108dce1c96625890709b0d2e65b9bbf6cdbf9e6b570d071f2fe6170f8ff00f32  libddwaf-1.2.1-linux-x86_64.tar.gz
+1476e94e6a2a9dc1bec749fa58a9f55d21e31aec78295ec66b444cdfef51ea2b  libddwaf-1.2.0-darwin-arm64.tar.gz
+f0b5ddf958d6a69903e03033380929cad67b663cf525ce51fa2b3a1d7fd23918  libddwaf-1.2.0-darwin-x86_64.tar.gz
+e4bb190ba2c815a819f405f2d0b6aeea88299ebe831e0752393f8b20014a6cae  libddwaf-1.2.0-linux-aarch64.tar.gz
+ce8f5f549a98475b1e793df8886e1fdff608c0cbf0cb4372590b0ec4b384c405  libddwaf-1.2.0-linux-x86_64.tar.gz
+7318aefea7150fb85886cac1523052a2503af7f1c4c12beaacd6276ea334e83f  libddwaf-1.1.0-darwin-arm64.tar.gz
+01501b3effcd1d08ae4d4544b9be9674dfe093cc2b7f11f176879c91f374c8f8  libddwaf-1.1.0-darwin-x86_64.tar.gz
+160dc8ddb7ce475cd5860fd6c34cb61915b436deb9f0990c9d65dea144ac6d26  libddwaf-1.1.0-linux-aarch64.tar.gz
+909f3d3f442b13d46d6862f61685ea63156c61564674740ba8af8b7f8c9b5267  libddwaf-1.1.0-linux-x86_64.tar.gz
+242a046a235120c851cd473f53a264235e9747f17f4a93b747b50f4fd40a75de  libddwaf-1.0.18-darwin-arm64.tar.gz
+4daa5c6ff3ab5150a7cab9522cd5e65e3aa3c611ecda7b36fb081f8794bbca28  libddwaf-1.0.18-darwin-x86_64.tar.gz
+63ed8e663133e7be32f63a16ed73900220b5b31c8937d9b05549641231a34a04  libddwaf-1.0.18-linux-aarch64.tar.gz
+ae667f31cfa69f9f85c2fe4d963285361a5893d9bec3d5328a3ac9453c4cdd11  libddwaf-1.0.18-linux-x86_64.tar.gz
+fb5653468dd402f0b06ac305b2efe50e4341422d0e40d13ebb3c3d1989733b57  libddwaf-1.0.17-darwin-arm64.tar.gz
+06ea6692d18b85d3ec152026d955de3aa96b969a7d7ffad93cda87bce4dfa43e  libddwaf-1.0.17-darwin-x86_64.tar.gz
+cd29cf1815fe70861a2332d479f367d999c69c0e0a723a88bcffc93ff1c367ae  libddwaf-1.0.17-linux-aarch64.tar.gz
+af7e6205269871c2226eb131e3702d0f505f91fe40eb0aec1982c9cb90636e6e  libddwaf-1.0.17-linux-x86_64.tar.gz
+e369a137c4d86ec6d70ba97c5d9105fcdf265a1694b04b1791fbe14f1866e8de  libddwaf-1.0.16-darwin-arm64.tar.gz
+bbf4c596ee7e8139c2d22e7da79aea71d2aebdbc4181218bfbbd4dee4d8d28e6  libddwaf-1.0.16-darwin-x86_64.tar.gz
+9b421356ca8dfbaae150c0528237ba6ec27c72d933a1e8ec02bfd991791032ea  libddwaf-1.0.16-linux-aarch64.tar.gz
+21857275be172cd0dce7550ecda20585290d22f72f9be754abc52d8e62b6096d  libddwaf-1.0.16-linux-x86_64.tar.gz
+7340915f1bcfa56c2fcc9998c7811f22b9f98c9ff68d559425a378cc300ba373  libddwaf-1.0.15-darwin-arm64.tar.gz
+83b1d8bb58a80f3b4e8d3aeb952382053a95f4a57b49aa22c4c114f366643664  libddwaf-1.0.15-darwin-x86_64.tar.gz
+10867711c069ffffc24c6badd6de8fb38eb1ec99377092706b954b94cd4e9325  libddwaf-1.0.15-linux-aarch64.tar.gz
+346627afe7e8957deff41a973a36e1f3a8172611aa11a642ad8f2b5619fdc7c6  libddwaf-1.0.15-linux-x86_64.tar.gz
+8bda9b34f7d6e56973c7f227f4a1537a300f3d8c0e73274d285484d0fdd16da2  libddwaf-1.0.14-darwin-arm64.tar.gz
+6444ac85dc4dfc9ffb398649329f2a2cbe069e71fd983e87e8128b348eeff17c  libddwaf-1.0.14-darwin-x86_64.tar.gz
+6b9699bcbf5903f32d38db6e683add3e12f0d781165fac3fa11eab25dd79ac9c  libddwaf-1.0.14-linux-aarch64.tar.gz
+fedc4d4fc4bfde7731acf56a06c0dec2b489d75f79e2f8062c7c4311c6476b77  libddwaf-1.0.14-linux-x86_64.tar.gz
+a1be729493d4e9936ae488e1d1278a863f427d593dcf55a03dade3cd2ac07b9c  libddwaf-1.0.13-darwin-arm64.tar.gz
+54bc542bb3c9900d22fd69a8df32345d5ce2f69f45ded6cc4d1445a4b7ea1ebd  libddwaf-1.0.13-darwin-x86_64.tar.gz
+30b19db220b83707533440a5e912edbc9ea068e9e62f40d401923ea9097856cf  libddwaf-1.0.13-linux-aarch64.tar.gz
+80b6f6f66dde8fea645e020e779d4e3860435b88270f27d8b18677cf2a422920  libddwaf-1.0.13-linux-x86_64.tar.gz
+e1a40846db2ce0e99b21198ff5edb239ed8e2d4857e8e42fffb3c8e574bd6ece  libddwaf-1.0.12-darwin-arm64.tar.gz
+2a809bf7dcf3f5d86409f0b18f8ec9f8e6c9a4a913f321bb68d65abad280170d  libddwaf-1.0.12-darwin-x86_64.tar.gz
+a1f4a5022bbcafa4d31de31be7789d00b81b361377d0f62f419873122d8be228  libddwaf-1.0.12-linux-aarch64.tar.gz
+1b5ba745b6b1c19261844d33c60c9dbea5f4303e27b1a03ad2e855e83491d70c  libddwaf-1.0.12-linux-x86_64.tar.gz
+03f1edc01a18379b7ec6c967225a50224c5cc463b5982d64aad9f68c2c1e6823  libddwaf-1.0.11-darwin-arm64.tar.gz
+0f046ccc789e1ddf06923ac09c0eabd68e0e45a6ab51d0bb7171b583034871ad  libddwaf-1.0.11-darwin-x86_64.tar.gz
+af21751b2f53b3ddbaecdacda281e585642448702edc100a47b972f4939137b5  libddwaf-1.0.11-linux-aarch64.tar.gz
+d1a3e49c96c272620b0c5f82f9fa68fcfa871dddf2a38f9d3af374e742a1e0c0  libddwaf-1.0.11-linux-x86_64.tar.gz

data/sig/datadog/appsec/waf.rbs

@@ -10,6 +10,18 @@ module Datadog
 
         extend ::FFI::Library
 
+        def self.typedef: [T < ::FFI::Type, N, R, C] (T old, Symbol | ::FFI::DataConverter[N, R, C] add, ?untyped) -> T
+           | (Symbol old, Symbol add, ?untyped) -> (::FFI::Type | ::FFI::Enum)
+           | [X < ::FFI::DataConverter[N, R, C], N, R, C] (X old, Symbol add, ?untyped) -> ::FFI::Type::Mapped[X, N, R, C]
+           | (:enum old, Array[Symbol | Integer] add, ?untyped) -> ::FFI::Enum
+           | (:enum old, Symbol | ::FFI::Type add, Array[Symbol | Integer] info) -> ::FFI::Enum
+           | (untyped, ::Symbol) -> void
+
+        def self.callback: (::Symbol name, Array[::FFI::Library::ffi_lib_type] params, ::FFI::Library::ffi_lib_type ret) -> ::FFI::CallbackInfo
+
+        def self.enum: (*(Symbol | Integer) args) -> ::FFI::Enum
+                     | (Array[Symbol | Integer] values) -> ::FFI::Enum
+ 
         def self.local_os: () -> ::String
         def self.local_cpu: () -> ::String
         def self.local_version: () -> (::String | nil)
@@ -29,19 +41,19 @@ module Datadog
 
         DDWAF_OBJ_TYPE: ::FFI::Enum
 
-        class UInt32Ptr < ::FFI::Struct
+        class UInt32Ptr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
         end
 
-        class UInt64Ptr < ::FFI::Struct
+        class UInt64Ptr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
         end
 
-        class SizeTPtr < ::FFI::Struct
+        class SizeTPtr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
         end
 
-        class ObjectValueUnion < ::FFI::Union
+        class ObjectValueUnion < ::FFI::Union[::FFI::AbstractMemory, untyped]
         end
 
-        class Object < ::FFI::Struct
+        class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
         end
 
         # setters
@@ -88,11 +100,11 @@ module Datadog
 
         # main handle
 
-        class Config < ::FFI::Struct
-          class Limits < ::FFI::Struct
+        class Config < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          class Limits < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
           end
 
-          class Obfuscator < ::FFI::Struct
+          class Obfuscator < ::FFI::Struct[::FFI::AbstractMemory, ::FFI::Pointer]
           end
         end
 
@@ -100,7 +112,7 @@ module Datadog
         def self.ddwaf_update: (::FFI::Pointer, LibDDWAF::Object, LibDDWAF::Object) -> ::FFI::Pointer
         def self.ddwaf_destroy: (::FFI::Pointer) -> void
 
-        def self.ddwaf_required_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
+        def self.ddwaf_known_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
         def self.ddwaf_rule_data_ids: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
 
         # updating
@@ -112,10 +124,10 @@ module Datadog
         def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
         def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
 
-        class Result < ::FFI::Struct
+        class Result < ::FFI::Struct[::FFI::AbstractMemory, untyped]
         end
 
-        def self.ddwaf_run: (::FFI::Pointer, Object, Result, ::Integer) -> ::Symbol
+        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
         def self.ddwaf_result_free: (Result) -> void
 
         # logging
@@ -163,7 +175,7 @@ module Datadog
 
         def initialize: (data rule, ?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
         def finalize: () -> untyped
-        def required_addresses: () -> ::Array[::String]
+        def required_addresses: () -> ::Array[::String?]
         def merge: (untyped data) -> Handle?
 
         private
@@ -194,7 +206,7 @@ module Datadog
         def initialize: (Handle handle) -> void
         def finalize: () -> void
 
-        def run: (data input, ?::Integer timeout) -> ::Array[top]
+        def run: (data persistent_data, data ephemeral_data, ?::Integer timeout) -> ::Array[top]
 
         private
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.14.0.0.0
+  version: 1.15.0.0.0
 platform: ruby
 authors:
 - Datadog, Inc.
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-13 00:00:00.000000000 Z
+date: 2024-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -35,10 +35,15 @@ extra_rdoc_files: []
 files:
 - ".github/ISSUE_TEMPLATE/bug.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/actions/docker-build-ruby/Dockerfile"
+- ".github/actions/docker-build-ruby/Dockerfile.alpine"
+- ".github/actions/docker-build-ruby/Dockerfile.jruby"
+- ".github/actions/docker-build-ruby/action.yml"
 - ".github/workflows/lint.yml"
 - ".github/workflows/package.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
+- ".steepignore"
 - CHANGELOG.md
 - CONTRIBUTING.md
 - LICENSE
@@ -51,12 +56,12 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
+- libddwaf-releases.sha256
 - libddwaf.gemspec
 - shell.nix
 - sig/datadog/appsec/waf.rbs
 - sig/datadog/appsec/waf/version.rbs
 - sig/libddwaf.rbs
-- vendor/rbs/ffi/0/ffi.rbs
 - vendor/rbs/gem/0/gem.rbs
 - vendor/rbs/jruby/0/jruby.rbs
 homepage: https://github.com/DataDog/libddwaf-rb
@@ -64,7 +69,7 @@ licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -72,15 +77,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.5.21
+signing_key:
 specification_version: 4
 summary: Datadog WAF
 test_files: []

data/vendor/rbs/ffi/0/ffi.rbs

@@ -1,62 +0,0 @@
-module FFI
-  module Type
-    class Builtin
-    end
-
-    class Mapped
-    end
-  end
-
-  class AbstractMemory
-    def get_array_of_string: (::Integer, ::Integer) -> Array[String]
-    def read_bytes: (::Integer) -> ::String
-  end
-
-  class Pointer < AbstractMemory
-    NULL: Pointer
-
-    def null?: () -> bool
-  end
-
-  class MemoryPointer < Pointer
-    def self.from_string: (::String) -> MemoryPointer
-  end
-
-  class Enum
-  end
-
-  class Union
-    def self.layout: (*(Symbol | Integer)) -> void
-  end
-
-  type union = top # TODO: handle user-defined unions
-
-  class Struct
-    # TODO: layout args are actually "Symbol | Union, Integer, *(Symbol | Union, Integer)"
-    def self.layout: (*(Symbol | Integer | union)) -> void
-    def self.by_ref: () -> Type::Mapped
-    def self.size: () -> Integer
-
-    def null?: () -> bool
-    def initialize: (?Pointer) -> void
-    def []: (Symbol) -> untyped
-    def []=: (Symbol, untyped) -> untyped
-    def pointer: () -> Pointer
-  end
-
-  class Function < Pointer
-  end
-
-  module Library
-    # these can be worked around by typedef'ing to a Symbol
-    type enum = top # TODO: handle user-defined enum constants
-    type ref = top # TODO: handle by_ref references
-    type typedef = top # TODO: handle non-builtin types
-
-    def ffi_lib: (Array[String]) -> void
-    def typedef: (ref | Symbol, Symbol) -> (Type::Builtin | Type::Mapped | typedef)
-    def attach_function: (Symbol, Array[Symbol | Struct | enum], Symbol | Enum, ?blocking: bool) -> Function
-    def callback: (Symbol, Array[Symbol | Enum | Struct], Symbol | Enum) -> Function
-    def enum: (*untyped) -> Enum
-  end
-end