RubyGems - libddwaf - Versions diffs - 1.15.0.0.0-x86_64-linux → 1.18.0.0.1-x86_64-linux - Mend

libddwaf 1.15.0.0.0-x86_64-linux → 1.18.0.0.1-x86_64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/lib/datadog/appsec/waf/context.rb +126 -0
data/lib/datadog/appsec/waf/converter.rb +172 -0
data/lib/datadog/appsec/waf/handle.rb +108 -0
data/lib/datadog/appsec/waf/lib_ddwaf.rb +313 -0
data/lib/datadog/appsec/waf/result.rb +33 -0
data/lib/datadog/appsec/waf/version.rb +2 -2
data/lib/datadog/appsec/waf.rb +17 -679
data/vendor/libddwaf/libddwaf-1.18.0-linux-x86_64/lib/libddwaf.so +0 -0
metadata +9 -4
data/vendor/libddwaf/libddwaf-1.15.0-linux-x86_64/lib/libddwaf.so +0 -0

data/lib/datadog/appsec/waf.rb CHANGED Viewed

@@ -1,458 +1,26 @@
-require 'ffi'
-require 'json'
+# frozen_string_literal: true
+require 'datadog/appsec/waf/lib_ddwaf'
+require 'datadog/appsec/waf/converter'
+require 'datadog/appsec/waf/result'
+require 'datadog/appsec/waf/context'
+require 'datadog/appsec/waf/handle'
 require 'datadog/appsec/waf/version'
 module Datadog
   module AppSec
-    # rubocop:disable Metrics/ModuleLength
     module WAF
-      module LibDDWAF
-        class Error < StandardError
-          attr_reader :diagnostics
-          def initialize(msg, diagnostics: nil)
-            @diagnostics = diagnostics
-          end
-        end
-        extend ::FFI::Library
-        def self.local_os
-          if RUBY_ENGINE == 'jruby'
-            os_name = java.lang.System.get_property('os.name')
-            os = case os_name
-                 when /linux/i then 'linux'
-                 when /mac/i   then 'darwin'
-                 else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
-                 end
-            return os
-          end
-          Gem::Platform.local.os
-        end
-        def self.local_version
-          return nil unless local_os == 'linux'
-          # Old rubygems don't handle non-gnu linux correctly
-          return $1 if RUBY_PLATFORM =~ /linux-(.+)$/
-          'gnu'
-        end
-        def self.local_cpu
-          if RUBY_ENGINE == 'jruby'
-            os_arch = java.lang.System.get_property('os.arch')
-            cpu = case os_arch
-                  when 'amd64' then 'x86_64'
-                  when 'aarch64' then 'aarch64'
-                  else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
-                  end
-            return cpu
-          end
-          Gem::Platform.local.cpu
-        end
-        def self.source_dir
-          __dir__ || raise('__dir__ is nil: eval?')
-        end
-        def self.vendor_dir
-          File.join(source_dir, '../../../vendor')
-        end
-        def self.libddwaf_vendor_dir
-          File.join(vendor_dir, 'libddwaf')
-        end
-        def self.shared_lib_triplet(version: local_version)
-          version ? "#{local_os}-#{version}-#{local_cpu}" : "#{local_os}-#{local_cpu}"
-        end
-        def self.libddwaf_dir
-          default = File.join(libddwaf_vendor_dir,
-                              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
-          candidates = [
-            default
-          ]
-          if local_os == 'linux'
-            candidates << File.join(libddwaf_vendor_dir,
-                                    "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
-          end
-          candidates.find { |d| Dir.exist?(d) } || default
-        end
-        def self.shared_lib_extname
-          Gem::Platform.local.os == 'darwin' ? '.dylib' : '.so'
-        end
-        def self.shared_lib_path
-          File.join(libddwaf_dir, 'lib', "libddwaf#{shared_lib_extname}")
-        end
-        ffi_lib [shared_lib_path]
-        # version
-        attach_function :ddwaf_get_version, [], :string
-        # ddwaf::object data structure
-        DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid,  0,
-                              :ddwaf_obj_signed,   1 << 0,
-                              :ddwaf_obj_unsigned, 1 << 1,
-                              :ddwaf_obj_string,   1 << 2,
-                              :ddwaf_obj_array,    1 << 3,
-                              :ddwaf_obj_map,      1 << 4,
-                              :ddwaf_obj_bool,     1 << 5,
-                              :ddwaf_obj_float,    1 << 6,
-                              :ddwaf_obj_null,     1 << 7
-        typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
-        typedef :pointer, :charptr
-        typedef :pointer, :charptrptr
-        class UInt32Ptr < ::FFI::Struct
-          layout :value, :uint32
-        end
-        typedef UInt32Ptr.by_ref, :uint32ptr
-        class UInt64Ptr < ::FFI::Struct
-          layout :value, :uint64
-        end
+      module_function
-        typedef UInt64Ptr.by_ref, :uint64ptr
-        class SizeTPtr < ::FFI::Struct
-          layout :value, :size_t
-        end
-        typedef SizeTPtr.by_ref, :sizeptr
-        class ObjectValueUnion < ::FFI::Union
-          layout :stringValue, :charptr,
-                 :uintValue,   :uint64,
-                 :intValue,    :int64,
-                 :array,       :pointer,
-                 :boolean,     :bool,
-                 :f64,         :double
-        end
-        class Object < ::FFI::Struct
-          layout :parameterName,       :charptr,
-                 :parameterNameLength, :uint64,
-                 :valueUnion,          ObjectValueUnion,
-                 :nbEntries,           :uint64,
-                 :type,                :ddwaf_obj_type
-        end
-        typedef Object.by_ref, :ddwaf_object
-        ## setters
-        attach_function :ddwaf_object_invalid, [:ddwaf_object], :ddwaf_object
-        attach_function :ddwaf_object_string, [:ddwaf_object, :string], :ddwaf_object
-        attach_function :ddwaf_object_stringl, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
-        attach_function :ddwaf_object_stringl_nc, [:ddwaf_object, :charptr, :size_t], :ddwaf_object
-        attach_function :ddwaf_object_string_from_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
-        attach_function :ddwaf_object_string_from_signed, [:ddwaf_object, :int64], :ddwaf_object
-        attach_function :ddwaf_object_unsigned, [:ddwaf_object, :uint64], :ddwaf_object
-        attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
-        attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
-        attach_function :ddwaf_object_null, [:ddwaf_object], :ddwaf_object
-        attach_function :ddwaf_object_float, [:ddwaf_object, :double], :ddwaf_object
-        attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
-        attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
-        attach_function :ddwaf_object_map, [:ddwaf_object], :ddwaf_object
-        attach_function :ddwaf_object_map_add, [:ddwaf_object, :string, :pointer], :bool
-        attach_function :ddwaf_object_map_addl, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
-        attach_function :ddwaf_object_map_addl_nc, [:ddwaf_object, :charptr, :size_t, :pointer], :bool
-        ## getters
-        attach_function :ddwaf_object_type, [:ddwaf_object], DDWAF_OBJ_TYPE
-        attach_function :ddwaf_object_size, [:ddwaf_object], :uint64
-        attach_function :ddwaf_object_length, [:ddwaf_object], :size_t
-        attach_function :ddwaf_object_get_key, [:ddwaf_object, :sizeptr], :charptr
-        attach_function :ddwaf_object_get_string, [:ddwaf_object, :sizeptr], :charptr
-        attach_function :ddwaf_object_get_unsigned, [:ddwaf_object], :uint64
-        attach_function :ddwaf_object_get_signed, [:ddwaf_object], :int64
-        attach_function :ddwaf_object_get_index, [:ddwaf_object, :size_t], :ddwaf_object
-        attach_function :ddwaf_object_get_bool, [:ddwaf_object], :bool
-        attach_function :ddwaf_object_get_float, [:ddwaf_object], :double
-        ## freeers
-        ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
-        ObjectNoFree = ::FFI::Pointer::NULL
-        # main handle
-        typedef :pointer, :ddwaf_handle
-        typedef Object.by_ref, :ddwaf_rule
-        callback :ddwaf_object_free_fn, [:ddwaf_object], :void
-        class Config < ::FFI::Struct
-          class Limits < ::FFI::Struct
-            layout :max_container_size,  :uint32,
-                   :max_container_depth, :uint32,
-                   :max_string_length,   :uint32
-          end
-          class Obfuscator < ::FFI::Struct
-            layout :key_regex,   :pointer, # should be :charptr
-                   :value_regex, :pointer  # should be :charptr
-          end
-          layout :limits,     Limits,
-                 :obfuscator, Obfuscator,
-                 :free_fn,    :pointer #:ddwaf_object_free_fn
-        end
-        typedef Config.by_ref, :ddwaf_config
-        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_object], :ddwaf_handle
-        attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
-        attach_function :ddwaf_destroy, [:ddwaf_handle], :void
-        attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
-        # updating
-        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
-                              :ddwaf_err_invalid_object,   -2,
-                              :ddwaf_err_invalid_argument, -1,
-                              :ddwaf_ok,                    0,
-                              :ddwaf_match,                 1
-        typedef DDWAF_RET_CODE, :ddwaf_ret_code
-        # running
-        typedef :pointer, :ddwaf_context
-        attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
-        attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
-        class Result < ::FFI::Struct
-          layout :timeout,       :bool,
-                 :events,        Object,
-                 :actions,       Object,
-                 :derivatives,   Object,
-                 :total_runtime, :uint64
-        end
-        typedef Result.by_ref, :ddwaf_result
-        typedef :uint64, :timeout_us
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
-        attach_function :ddwaf_result_free, [:ddwaf_result], :void
-        # logging
-        DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
-                               :ddwaf_log_debug,
-                               :ddwaf_log_info,
-                               :ddwaf_log_warn,
-                               :ddwaf_log_error,
-                               :ddwaf_log_off
-        typedef DDWAF_LOG_LEVEL, :ddwaf_log_level
-        callback :ddwaf_log_cb, [:ddwaf_log_level, :string, :string, :uint, :charptr, :uint64], :void
-        attach_function :ddwaf_set_log_cb, [:ddwaf_log_cb, :ddwaf_log_level], :bool
-        DEFAULT_MAX_CONTAINER_SIZE  = 256
-        DEFAULT_MAX_CONTAINER_DEPTH = 20
-        DEFAULT_MAX_STRING_LENGTH   = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point)
-        DDWAF_MAX_CONTAINER_SIZE  = 256
-        DDWAF_MAX_CONTAINER_DEPTH = 20
-        DDWAF_MAX_STRING_LENGTH   = 4096
-        DDWAF_RUN_TIMEOUT = 5000
-      end
-      def self.version
+      def version
         LibDDWAF.ddwaf_get_version
       end
-      # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
-      def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
-        case val
-        when Array
-          obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_array(obj)
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
-          end
-          max_index = max_container_size - 1 if max_container_size
-          val.each.with_index do |e, i|
-            member = ruby_to_object(e,
-                                    max_container_size: max_container_size,
-                                    max_container_depth: (max_container_depth - 1 if max_container_depth),
-                                    max_string_length: max_string_length,
-                                    coerce: coerce)
-            e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
-            unless e_res
-              fail LibDDWAF::Error, "Could not add to array object: #{e.inspect}"
-            end
-            break val if max_index && i >= max_index
-          end unless max_container_depth == 0
-          obj
-        when Hash
-          obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_map(obj)
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
-          end
+      def log_callback(level, func, file, line, message, len)
+        return if WAF.logger.nil?
-          max_index = max_container_size - 1 if max_container_size
-          val.each.with_index do |e, i|
-            k, v = e[0], e[1] # for Steep, which doesn't handle |(k, v), i|
-            k = k.to_s[0, max_string_length] if max_string_length
-            member = ruby_to_object(v,
-                                    max_container_size: max_container_size,
-                                    max_container_depth: (max_container_depth - 1 if max_container_depth),
-                                    max_string_length: max_string_length,
-                                    coerce: coerce)
-            kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.bytesize, member)
-            unless kv_res
-              fail LibDDWAF::Error, "Could not add to map object: #{k.inspect} => #{v.inspect}"
-            end
-            break val if max_index && i >= max_index
-          end unless max_container_depth == 0
-          obj
-        when String
-          obj = LibDDWAF::Object.new
-          encoded_val = val.to_s.encode('utf-8', invalid: :replace, undef: :replace)
-          val = encoded_val[0, max_string_length] if max_string_length
-          str = val.to_s
-          res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-          end
-          obj
-        when Symbol
-          obj = LibDDWAF::Object.new
-          val = val.to_s[0, max_string_length] if max_string_length
-          str = val.to_s
-          res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-          end
-          obj
-        when Integer
-          obj = LibDDWAF::Object.new
-          res = if coerce
-                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
-                elsif val < 0
-                  LibDDWAF.ddwaf_object_signed(obj, val)
-                else
-                  LibDDWAF.ddwaf_object_unsigned(obj, val)
-                end
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-          end
-          obj
-        when Float
-          obj = LibDDWAF::Object.new
-          res = if coerce
-                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
-                else
-                  LibDDWAF.ddwaf_object_float(obj, val)
-                end
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-          end
-          obj
-        when TrueClass, FalseClass
-          obj = LibDDWAF::Object.new
-          res = if coerce
-                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
-                else
-                  LibDDWAF.ddwaf_object_bool(obj, val)
-                end
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-          end
-          obj
-        when NilClass
-          obj = LibDDWAF::Object.new
-          res = if coerce
-                  LibDDWAF.ddwaf_object_string(obj, '')
-                else
-                  LibDDWAF.ddwaf_object_null(obj)
-                end
-          if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-          end
-          obj
-        else
-          ruby_to_object(''.freeze)
-        end
-      end
-      # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
-      def self.object_to_ruby(obj)
-        case obj[:type]
-        when :ddwaf_obj_invalid, :ddwaf_obj_null
-          nil
-        when :ddwaf_obj_bool
-          obj[:valueUnion][:boolean]
-        when :ddwaf_obj_string
-          obj[:valueUnion][:stringValue].read_bytes(obj[:nbEntries])
-        when :ddwaf_obj_signed
-          obj[:valueUnion][:intValue]
-        when :ddwaf_obj_unsigned
-          obj[:valueUnion][:uintValue]
-        when :ddwaf_obj_float
-          obj[:valueUnion][:f64]
-        when :ddwaf_obj_array
-          (0...obj[:nbEntries]).each.with_object([]) do |i, a|
-            ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
-            e = object_to_ruby(LibDDWAF::Object.new(ptr))
-            a << e # steep:ignore
-          end
-        when :ddwaf_obj_map
-          (0...obj[:nbEntries]).each.with_object({}) do |i, h|
-            ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
-            o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
-            l = o[:parameterNameLength]
-            k = o[:parameterName].read_bytes(l)
-            v = object_to_ruby(LibDDWAF::Object.new(ptr))
-            h[k] = v # steep:ignore
-          end
-        end
-      end
-      def self.log_callback(level, func, file, line, message, len)
-        return if logger.nil?
-        logger.debug do
+        WAF.logger.debug do
           {
             level: level,
             func: func,
@@ -463,14 +31,14 @@ module Datadog
         end
       end
-      def self.logger
+      def logger
         @logger
       end
-      def self.logger=(logger)
+      def logger=(logger)
         unless @log_callback
-          log_callback = method(:log_callback)
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(log_callback, :ddwaf_log_trace)
+          log_callback = WAF.method(:log_callback)
+          LibDDWAF.ddwaf_set_log_cb(log_callback, :ddwaf_log_trace)
           # retain logging proc if set properly
           @log_callback = log_callback
@@ -478,236 +46,6 @@ module Datadog
         @logger = logger
       end
-      RESULT_CODE = {
-        ddwaf_err_internal:         :err_internal,
-        ddwaf_err_invalid_object:   :err_invalid_object,
-        ddwaf_err_invalid_argument: :err_invalid_argument,
-        ddwaf_ok:                   :ok,
-        ddwaf_match:                :match,
-      }
-      class Handle
-        attr_reader :handle_obj, :diagnostics, :config
-        def initialize(rule, limits: {}, obfuscator: {})
-          rule_obj = Datadog::AppSec::WAF.ruby_to_object(rule)
-          if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
-            fail LibDDWAF::Error, "Could not convert object #{rule.inspect}"
-          end
-          config_obj = Datadog::AppSec::WAF::LibDDWAF::Config.new
-          if config_obj.null?
-            fail LibDDWAF::Error, 'Could not create config struct'
-          end
-          config_obj[:limits][:max_container_size]  = limits[:max_container_size]  || LibDDWAF::DEFAULT_MAX_CONTAINER_SIZE
-          config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || LibDDWAF::DEFAULT_MAX_CONTAINER_DEPTH
-          config_obj[:limits][:max_string_length]   = limits[:max_string_length]   || LibDDWAF::DEFAULT_MAX_STRING_LENGTH
-          config_obj[:obfuscator][:key_regex]       = FFI::MemoryPointer.from_string(obfuscator[:key_regex])   if obfuscator[:key_regex]
-          config_obj[:obfuscator][:value_regex]     = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
-          config_obj[:free_fn] = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
-          @config = config_obj
-          diagnostics_obj = Datadog::AppSec::WAF::LibDDWAF::Object.new
-          @handle_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_init(rule_obj, config_obj, diagnostics_obj)
-          @diagnostics = Datadog::AppSec::WAF.object_to_ruby(diagnostics_obj)
-          if @handle_obj.null?
-            fail LibDDWAF::Error.new('Could not create handle', diagnostics: @diagnostics)
-          end
-          validate!
-        ensure
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
-        end
-        def finalize
-          invalidate!
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
-        end
-        def required_addresses
-          valid!
-          count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
-          list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_known_addresses(handle_obj, count)
-          return [] if count == 0 # list is null
-          list.get_array_of_string(0, count[:value])
-        end
-        def merge(data)
-          data_obj = Datadog::AppSec::WAF.ruby_to_object(data, coerce: false)
-          diagnostics_obj = LibDDWAF::Object.new
-          new_handle = Datadog::AppSec::WAF::LibDDWAF.ddwaf_update(handle_obj, data_obj, diagnostics_obj)
-          return if new_handle.null?
-          diagnostics = Datadog::AppSec::WAF.object_to_ruby(diagnostics_obj)
-          new_from_handle(new_handle, diagnostics, config)
-        ensure
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(data_obj) if data_obj
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
-        end
-        private
-        def new_from_handle(handle_object, diagnostics, config)
-          obj = self.class.allocate
-          obj.instance_variable_set(:@handle_obj, handle_object)
-          obj.instance_variable_set(:@diagnostics, diagnostics)
-          obj.instance_variable_set(:@config, config)
-          obj
-        end
-        def validate!
-          @valid = true
-        end
-        def invalidate!
-          @valid = false
-        end
-        def valid?
-          @valid
-        end
-        def valid!
-          return if valid?
-          fail LibDDWAF::Error, "Attempt to use an invalid instance: #{inspect}"
-        end
-      end
-      class Result
-        attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
-        def initialize(status, events, total_runtime, timeout, actions, derivatives)
-          @status = status
-          @events = events
-          @total_runtime = total_runtime
-          @timeout = timeout
-          @actions = actions
-          @derivatives = derivatives
-        end
-      end
-      class Context
-        attr_reader :context_obj
-        def initialize(handle)
-          handle_obj = handle.handle_obj
-          retain(handle)
-          @context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj)
-          if @context_obj.null?
-            fail LibDDWAF::Error, 'Could not create context'
-          end
-          validate!
-        end
-        def finalize
-          invalidate!
-          retained.each do |retained_obj|
-            next unless retained_obj.is_a?(Datadog::AppSec::WAF::LibDDWAF::Object)
-            Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(retained_obj)
-          end
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
-        end
-        def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
-          valid!
-          persistent_data_obj = Datadog::AppSec::WAF.ruby_to_object(
-            persistent_data,
-            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
-            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
-            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
-            coerce: false
-          )
-          if persistent_data_obj.null?
-            fail LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
-          end
-          # retain C objects in memory for subsequent calls to run
-          retain(persistent_data_obj)
-          ephemeral_data_obj = Datadog::AppSec::WAF.ruby_to_object(
-            ephemeral_data,
-            max_container_size: LibDDWAF::DDWAF_MAX_CONTAINER_SIZE,
-            max_container_depth: LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH,
-            max_string_length: LibDDWAF::DDWAF_MAX_STRING_LENGTH,
-            coerce: false
-          )
-          if ephemeral_data_obj.null?
-            fail LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
-          end
-          result_obj = Datadog::AppSec::WAF::LibDDWAF::Result.new
-          if result_obj.null?
-            fail LibDDWAF::Error, "Could not create result object"
-          end
-          code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
-          result = Result.new(
-            RESULT_CODE[code],
-            Datadog::AppSec::WAF.object_to_ruby(result_obj[:events]),
-            result_obj[:total_runtime],
-            result_obj[:timeout],
-            Datadog::AppSec::WAF.object_to_ruby(result_obj[:actions]),
-            Datadog::AppSec::WAF.object_to_ruby(result_obj[:derivatives]),
-          )
-          [RESULT_CODE[code], result]
-        ensure
-          Datadog::AppSec::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
-        end
-        private
-        def validate!
-          @valid = true
-        end
-        def invalidate!
-          @valid = false
-        end
-        def valid?
-          @valid
-        end
-        def valid!
-          return if valid?
-          fail LibDDWAF::Error, "Attempt to use an invalid instance: #{inspect}"
-        end
-        def retained
-          @retained ||= []
-        end
-        def retain(object)
-          retained << object
-        end
-        def release(object)
-          retained.delete(object)
-        end
-      end
     end
-    # rubocop:enable Metrics/ModuleLength
   end
 end