RubyGems - libddwaf - Versions diffs - 1.22.0.0.4 → 1.24.1.0.0 - Mend

libddwaf 1.22.0.0.4 → 1.24.1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

checksums.yaml +4 -4
data/.github/ISSUE_TEMPLATE/bug.md +32 -0
data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
data/.github/actions/docker-build-ruby/Dockerfile +5 -0
data/.github/actions/docker-build-ruby/Dockerfile.alpine +7 -0
data/.github/actions/docker-build-ruby/Dockerfile.jruby +6 -0
data/.github/actions/docker-build-ruby/action.yml +46 -0
data/.github/workflows/lint.yml +34 -0
data/.github/workflows/package.yml +130 -0
data/.github/workflows/test-for-memory-leaks.yml +15 -0
data/.github/workflows/test.yml +123 -0
data/.gitignore +10 -0
data/.steepignore +4 -0
data/CHANGELOG.md +21 -2
data/CONTRIBUTING.md +84 -0
data/Dockerfile +11 -0
data/Steepfile +21 -0
data/lib/datadog/appsec/waf/context.rb +24 -38
data/lib/datadog/appsec/waf/converter.rb +62 -69
data/lib/datadog/appsec/waf/errors.rb +19 -0
data/lib/datadog/appsec/waf/handle.rb +30 -77
data/lib/datadog/appsec/waf/handle_builder.rb +91 -0
data/lib/datadog/appsec/waf/lib_ddwaf.rb +94 -97
data/lib/datadog/appsec/waf/version.rb +3 -3
data/lib/datadog/appsec/waf.rb +9 -7
data/lib/libddwaf.rb +1 -1
data/libddwaf.gemspec +8 -13
data/shell.nix +35 -0
data/sig/datadog/appsec/waf/context.rbs +5 -15
data/sig/datadog/appsec/waf/errors.rbs +20 -0
data/sig/datadog/appsec/waf/handle.rbs +6 -27
data/sig/datadog/appsec/waf/handle_builder.rbs +23 -0
data/sig/datadog/appsec/waf/lib_ddwaf.rbs +19 -17
metadata +23 -10
data/vendor/libddwaf/libddwaf-1.22.0-darwin-arm64/lib/libddwaf.dylib +0 -0
data/vendor/libddwaf/libddwaf-1.22.0-darwin-x86_64/lib/libddwaf.dylib +0 -0
data/vendor/libddwaf/libddwaf-1.22.0-linux-aarch64/lib/libddwaf.so +0 -0
data/vendor/libddwaf/libddwaf-1.22.0-linux-x86_64/lib/libddwaf.so +0 -0

data/lib/datadog/appsec/waf/lib_ddwaf.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
-require 'ffi'
-require 'datadog/appsec/waf/version'
+require "ffi"
+require "datadog/appsec/waf/version"
 module Datadog
   module AppSec
@@ -9,28 +9,27 @@ module Datadog
       # FFI-binding for C-libddwaf
       # See https://github.com/DataDog/libddwaf
       module LibDDWAF
-        # An exception binding raises in most of the cases
-        class Error < StandardError
-          attr_reader :diagnostics
+        DEFAULT_MAX_CONTAINER_SIZE = 256
+        DEFAULT_MAX_CONTAINER_DEPTH = 20
+        DEFAULT_MAX_STRING_LENGTH = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point
-          def initialize(msg, diagnostics: nil)
-            @diagnostics = diagnostics
+        DDWAF_MAX_CONTAINER_SIZE = 256
+        DDWAF_MAX_CONTAINER_DEPTH = 20
+        DDWAF_MAX_STRING_LENGTH = 4096
-            super(msg)
-          end
-        end
+        DDWAF_RUN_TIMEOUT = 5000
         extend ::FFI::Library
         def self.local_os
-          if RUBY_ENGINE == 'jruby'
-            os_name = java.lang.System.get_property('os.name')
+          if RUBY_ENGINE == "jruby"
+            os_name = java.lang.System.get_property("os.name")
             os = case os_name
-                 when /linux/i then 'linux'
-                 when /mac/i   then 'darwin'
-                 else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
-                 end
+            when /linux/i then "linux"
+            when /mac/i then "darwin"
+            else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
+            end
             return os
           end
@@ -39,23 +38,23 @@ module Datadog
         end
         def self.local_version
-          return nil unless local_os == 'linux'
+          return nil unless local_os == "linux"
           # Old rubygems don't handle non-gnu linux correctly
           return ::Regexp.last_match(1) if RUBY_PLATFORM =~ /linux-(.+)$/
-          'gnu'
+          "gnu"
         end
         def self.local_cpu
-          if RUBY_ENGINE == 'jruby'
-            os_arch = java.lang.System.get_property('os.arch')
+          if RUBY_ENGINE == "jruby"
+            os_arch = java.lang.System.get_property("os.arch")
             cpu = case os_arch
-                  when 'amd64' then 'x86_64'
-                  when 'aarch64' then local_os == 'darwin' ? 'arm64' : 'aarch64'
-                  else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
-                  end
+            when "amd64" then "x86_64"
+            when "aarch64" then (local_os == "darwin") ? "arm64" : "aarch64"
+            else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
+            end
             return cpu
           end
@@ -64,15 +63,15 @@ module Datadog
         end
         def self.source_dir
-          __dir__ || raise('__dir__ is nil: eval?')
+          __dir__ || raise("__dir__ is nil: eval?")
         end
         def self.vendor_dir
-          File.join(source_dir, '../../../../vendor')
+          File.join(source_dir, "../../../../vendor")
         end
         def self.libddwaf_vendor_dir
-          File.join(vendor_dir, 'libddwaf')
+          File.join(vendor_dir, "libddwaf")
         end
         def self.shared_lib_triplet(version: local_version)
@@ -81,34 +80,31 @@ module Datadog
         def self.libddwaf_dir
           default = File.join(libddwaf_vendor_dir,
-                              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
+            "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
           candidates = [
             default
           ]
-          if local_os == 'linux'
+          if local_os == "linux"
             candidates << File.join(libddwaf_vendor_dir,
-                                    "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
+              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
           end
           candidates.find { |d| Dir.exist?(d) } || default
         end
         def self.shared_lib_extname
-          if Gem::Platform.local.os == 'darwin'
-            '.dylib'
-          elsif Gem::Platform.local.os == 'java' && java.lang.System.get_property('os.name').match(/mac/i)
-            '.dylib'
+          if Gem::Platform.local.os == "darwin"
+            ".dylib"
+          elsif Gem::Platform.local.os == "java" && java.lang.System.get_property("os.name").match(/mac/i)
+            ".dylib"
           else
-            '.so'
+            ".so"
           end
         end
         def self.shared_lib_path
-          variant = "#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}"
-          libddwaf_dir = File.join(source_dir, "../../../../vendor/libddwaf/libddwaf-#{variant}")
-          File.join(libddwaf_dir, 'lib', "libddwaf#{shared_lib_extname}")
+          File.join(libddwaf_dir, "lib", "libddwaf#{shared_lib_extname}")
         end
         ffi_lib [shared_lib_path]
@@ -119,15 +115,15 @@ module Datadog
         # ddwaf::object data structure
-        DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid,  0,
-                              :ddwaf_obj_signed,   1 << 0,
-                              :ddwaf_obj_unsigned, 1 << 1,
-                              :ddwaf_obj_string,   1 << 2,
-                              :ddwaf_obj_array,    1 << 3,
-                              :ddwaf_obj_map,      1 << 4,
-                              :ddwaf_obj_bool,     1 << 5,
-                              :ddwaf_obj_float,    1 << 6,
-                              :ddwaf_obj_null,     1 << 7
+        DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid, 0,
+          :ddwaf_obj_signed, 1 << 0,
+          :ddwaf_obj_unsigned, 1 << 1,
+          :ddwaf_obj_string, 1 << 2,
+          :ddwaf_obj_array, 1 << 3,
+          :ddwaf_obj_map, 1 << 4,
+          :ddwaf_obj_bool, 1 << 5,
+          :ddwaf_obj_float, 1 << 6,
+          :ddwaf_obj_null, 1 << 7
         typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
@@ -158,21 +154,21 @@ module Datadog
         # Ruby representation of C union
         class ObjectValueUnion < ::FFI::Union
           layout :stringValue, :charptr,
-                 :uintValue,   :uint64,
-                 :intValue,    :int64,
-                 :array,       :pointer,
-                 :boolean,     :bool,
-                 :f64,         :double
+            :uintValue, :uint64,
+            :intValue, :int64,
+            :array, :pointer,
+            :boolean, :bool,
+            :f64, :double
         end
         # Ruby representation of ddwaf_object
         # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L94C1-L115C3
         class Object < ::FFI::Struct
-          layout :parameterName,       :charptr,
-                 :parameterNameLength, :uint64,
-                 :valueUnion,          ObjectValueUnion,
-                 :nbEntries,           :uint64,
-                 :type,                :ddwaf_obj_type
+          layout :parameterName, :charptr,
+            :parameterNameLength, :uint64,
+            :valueUnion, ObjectValueUnion,
+            :nbEntries, :uint64,
+            :type, :ddwaf_obj_type
         end
         typedef Object.by_ref, :ddwaf_object
@@ -217,51 +213,62 @@ module Datadog
         ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
         ObjectNoFree = ::FFI::Pointer::NULL
-        # main handle
+        # handle builder
+        typedef :pointer, :ddwaf_builder
         typedef :pointer, :ddwaf_handle
-        typedef Object.by_ref, :ddwaf_rule
+        typedef :pointer, :ddwaf_diagnostics
         callback :ddwaf_object_free_fn, [:ddwaf_object], :void
         # Ruby representation of ddwaf_config
         # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L129-L152
-        class Config < ::FFI::Struct
+        class HandleBuilderConfig < ::FFI::Struct
           # Ruby representation of ddwaf_config_limits
           # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L131-L138
           class Limits < ::FFI::Struct
-            layout :max_container_size,  :uint32,
-                   :max_container_depth, :uint32,
-                   :max_string_length,   :uint32
+            layout :max_container_size, :uint32,
+              :max_container_depth, :uint32,
+              :max_string_length, :uint32
           end
           # Ruby representation of ddwaf_config_obfuscator
           # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L141-L146
           class Obfuscator < ::FFI::Struct
-            layout :key_regex,   :pointer, # should be :charptr
-                   :value_regex, :pointer  # should be :charptr
+            layout :key_regex, :pointer, # should be :charptr
+              :value_regex, :pointer  # should be :charptr
           end
-          layout :limits,     Limits,
-                 :obfuscator, Obfuscator,
-                 :free_fn,    :pointer # :ddwaf_object_free_fn
+          layout :limits, Limits,
+            :obfuscator, Obfuscator,
+            :free_fn, :pointer # :ddwaf_object_free_fn
         end
-        typedef Config.by_ref, :ddwaf_config
+        typedef HandleBuilderConfig.by_ref, :ddwaf_config
+        attach_function :ddwaf_builder_init, [:ddwaf_config], :ddwaf_builder
+        attach_function :ddwaf_builder_destroy, [:ddwaf_builder], :void
+        attach_function :ddwaf_builder_add_or_update_config, [:ddwaf_builder, :string, :size_t, :ddwaf_object, :ddwaf_diagnostics], :bool
+        attach_function :ddwaf_builder_remove_config, [:ddwaf_builder, :string, :size_t], :bool
+        attach_function :ddwaf_builder_build_instance, [:ddwaf_builder], :ddwaf_handle
+        # handle
+        callback :ddwaf_object_free_fn, [:ddwaf_object], :void
-        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_object], :ddwaf_handle
-        attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
         attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
         # updating
-        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
-                              :ddwaf_err_invalid_object,   -2,
-                              :ddwaf_err_invalid_argument, -1,
-                              :ddwaf_ok,                    0,
-                              :ddwaf_match,                 1
+        DDWAF_RET_CODE = enum :ddwaf_err_internal, -3,
+          :ddwaf_err_invalid_object, -2,
+          :ddwaf_err_invalid_argument, -1,
+          :ddwaf_ok, 0,
+          :ddwaf_match, 1
         typedef DDWAF_RET_CODE, :ddwaf_ret_code
         # running
@@ -274,11 +281,11 @@ module Datadog
         # Ruby representation of ddwaf_result
         # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
         class Result < ::FFI::Struct
-          layout :timeout,       :bool,
-                 :events,        Object,
-                 :actions,       Object,
-                 :derivatives,   Object,
-                 :total_runtime, :uint64
+          layout :timeout, :bool,
+            :events, Object,
+            :actions, Object,
+            :derivatives, Object,
+            :total_runtime, :uint64
         end
         typedef Result.by_ref, :ddwaf_result
@@ -290,26 +297,16 @@ module Datadog
         # logging
         DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
-                               :ddwaf_log_debug,
-                               :ddwaf_log_info,
-                               :ddwaf_log_warn,
-                               :ddwaf_log_error,
-                               :ddwaf_log_off
+          :ddwaf_log_debug,
+          :ddwaf_log_info,
+          :ddwaf_log_warn,
+          :ddwaf_log_error,
+          :ddwaf_log_off
         typedef DDWAF_LOG_LEVEL, :ddwaf_log_level
         callback :ddwaf_log_cb, [:ddwaf_log_level, :string, :string, :uint, :charptr, :uint64], :void
         attach_function :ddwaf_set_log_cb, [:ddwaf_log_cb, :ddwaf_log_level], :bool
-        DEFAULT_MAX_CONTAINER_SIZE  = 256
-        DEFAULT_MAX_CONTAINER_DEPTH = 20
-        DEFAULT_MAX_STRING_LENGTH   = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point)
-        DDWAF_MAX_CONTAINER_SIZE  = 256
-        DDWAF_MAX_CONTAINER_DEPTH = 20
-        DDWAF_MAX_STRING_LENGTH   = 4096
-        DDWAF_RUN_TIMEOUT = 5000
       end
     end
   end

data/lib/datadog/appsec/waf/version.rb CHANGED Viewed

@@ -2,11 +2,11 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.22.0'
+        BASE_STRING = "1.24.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.0.4"
-        MINIMUM_RUBY_VERSION = '2.5'
+        STRING = "#{BASE_STRING}.0.0"
+        MINIMUM_RUBY_VERSION = "2.5"
       end
     end
   end

data/lib/datadog/appsec/waf.rb CHANGED Viewed

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
-require 'datadog/appsec/waf/lib_ddwaf'
-require 'datadog/appsec/waf/converter'
-require 'datadog/appsec/waf/result'
-require 'datadog/appsec/waf/context'
-require 'datadog/appsec/waf/handle'
-require 'datadog/appsec/waf/version'
+require "datadog/appsec/waf/lib_ddwaf"
+require "datadog/appsec/waf/handle_builder"
+require "datadog/appsec/waf/handle"
+require "datadog/appsec/waf/converter"
+require "datadog/appsec/waf/errors"
+require "datadog/appsec/waf/result"
+require "datadog/appsec/waf/context"
+require "datadog/appsec/waf/version"
 module Datadog
   module AppSec

data/lib/libddwaf.rb CHANGED Viewed

	@@ -1 +1 @@
1	- require 'datadog/appsec/waf'
1	+ require "datadog/appsec/waf"

data/libddwaf.gemspec CHANGED Viewed

@@ -24,19 +24,14 @@ Gem::Specification.new do |spec|
     raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
   end
-  libddwaf_version = Datadog::AppSec::WAF::VERSION::BASE_STRING
-  spec.files = ["libddwaf.gemspec"]
-  spec.files.concat(Dir.glob("lib/**/*.rb"))
-  spec.files.concat(Dir.glob("{vendor/rbs,sig}/**/*.rbs"))
-  spec.files.concat(Dir.glob("{README,CHANGELOG,LICENSE,NOTICE}*"))
-  spec.files.concat(%W[
-    vendor/libddwaf/libddwaf-#{libddwaf_version}-darwin-arm64/lib/libddwaf.dylib
-    vendor/libddwaf/libddwaf-#{libddwaf_version}-darwin-x86_64/lib/libddwaf.dylib
-    vendor/libddwaf/libddwaf-#{libddwaf_version}-linux-aarch64/lib/libddwaf.so
-    vendor/libddwaf/libddwaf-#{libddwaf_version}-linux-x86_64/lib/libddwaf.so
-  ])
+  spec.files =
+    `git ls-files -z`
+      .split("\x0")
+      .reject { |f| f.match(%r{^(spec|[.]circleci)/}) }
+      .reject do |f|
+      [".dockerignore", ".env", ".rspec", ".rubocop.yml", ".rubocop_todo.yml",
+        ".simplecov", "Gemfile", "Rakefile", "docker-compose.yml"].include?(f)
+    end
   spec.require_paths = ["lib"]
   spec.add_dependency "ffi", "~> 1.0"

data/shell.nix ADDED Viewed

@@ -0,0 +1,35 @@
+{
+  # use the environment channel
+  pkgs ? import <nixpkgs> {},
+  # use a pinned package state
+  pinned ? import(fetchTarball("https://github.com/NixOS/nixpkgs/archive/14d9b465c71.tar.gz")) {},
+}:
+let
+  # specify ruby version to use
+  ruby = pinned.ruby_3_1;
+  # control llvm/clang version (e.g for packages built form source)
+  llvm = pinned.llvmPackages_12;
+in llvm.stdenv.mkDerivation {
+  # unique project name for this environment derivation
+  name = "libddwaf-rb.devshell";
+  buildInputs = [
+    ruby
+  ];
+  shellHook = ''
+    # get major.minor.0 ruby version
+    export RUBY_VERSION="$(ruby -e 'puts RUBY_VERSION.gsub(/\d+$/, "0")')"
+    # make gem install work in-project, compatibly with bundler
+    export GEM_HOME="$(pwd)/vendor/bundle/ruby/$RUBY_VERSION"
+    # make bundle work in-project
+    export BUNDLE_PATH="$(pwd)/vendor/bundle"
+    # enable calling gem scripts without bundle exec
+    export PATH="$GEM_HOME/bin:$PATH"
+  '';
+}

data/sig/datadog/appsec/waf/context.rbs CHANGED Viewed

@@ -2,31 +2,21 @@ module Datadog
   module AppSec
     module WAF
       class Context
-        @context_obj: ::FFI::Pointer
-        @valid: bool
+        @context_ptr: ::FFI::Pointer
         @retained: Array[untyped]
         RESULT_CODE: ::Hash[::Symbol, ::Symbol]
-        attr_reader context_obj: ::FFI::Pointer
-        def initialize: (Handle handle) -> void
+        def initialize: (::FFI::Pointer context_ptr) -> void
-        def finalize: () -> void
+        def finalize!: () -> void
-        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> ::Array[top]
+        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
         private
-        def validate!: () -> void
-        def invalidate!: () -> void
-        def valid?: () -> bool?
-        def valid!: () -> void
+        def ensure_pointer_presence!: () -> void
         def retained: () -> Array[untyped]

data/sig/datadog/appsec/waf/errors.rbs ADDED Viewed

@@ -0,0 +1,20 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Error < StandardError
+      end
+      class InstanceFinalizedError < Error
+      end
+      class ConversionError < Error
+      end
+      class LibDDWAFError < Error
+        attr_reader diagnostics: WAF::data
+        def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/handle.rbs CHANGED Viewed

@@ -2,40 +2,19 @@ module Datadog
   module AppSec
     module WAF
       class Handle
-        @config: LibDDWAF::Config
+        @handle_ptr: ::FFI::Pointer
-        @handle_obj: ::FFI::Pointer
+        def initialize: (::FFI::Pointer handle_ptr) -> void
-        @diagnostics: WAF::data
+        def finalize!: () -> void
-        @valid: bool
+        def build_context: () -> Context
-        attr_reader handle_obj: ::FFI::Pointer
-        attr_reader diagnostics: WAF::data
-        attr_reader config: LibDDWAF::Config
-        def initialize: (data rule, ?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
-        def finalize: () -> void
-        def required_addresses: () -> ::Array[::String?]
-        # TODO: WAF::data
-        def merge: (untyped data) -> Handle?
+        def known_addresses: () -> ::Array[::String?]
         private
-        def new_from_handle: (::FFI::Pointer handle_object, data diagnostics, WAF::LibDDWAF::Config config) -> Handle
-        def validate!: () -> void
-        def invalidate!: () -> void
-        def valid?: () -> bool?
-        def valid!: () -> void
+        def ensure_pointer_presence!: () -> void
       end
     end
   end

data/sig/datadog/appsec/waf/handle_builder.rbs ADDED Viewed

@@ -0,0 +1,23 @@
+module Datadog
+  module AppSec
+    module WAF
+      class HandleBuilder
+        @builder_ptr: ::FFI::Pointer
+        def initialize: (?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
+        def finalize!: () -> void
+        def build_handle: () -> Handle
+        def add_or_update_config: (data config, path: ::String) -> data
+        def remove_config_at_path: (::String path) -> bool
+        private
+        def ensure_pointer_presence!: () -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/lib_ddwaf.rbs CHANGED Viewed

@@ -2,11 +2,15 @@ module Datadog
   module AppSec
     module WAF
       module LibDDWAF
-        class Error < StandardError
-          attr_reader diagnostics: WAF::data
+        DEFAULT_MAX_CONTAINER_SIZE: ::Integer
+        DEFAULT_MAX_CONTAINER_DEPTH: ::Integer
+        DEFAULT_MAX_STRING_LENGTH: ::Integer
-          def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
-        end
+        DDWAF_MAX_CONTAINER_SIZE: ::Integer
+        DDWAF_MAX_CONTAINER_DEPTH: ::Integer
+        DDWAF_MAX_STRING_LENGTH: ::Integer
+        DDWAF_RUN_TIMEOUT: ::Integer
         extend ::FFI::Library
@@ -98,9 +102,19 @@ module Datadog
         ObjectFree: ::FFI::Function
         ObjectNoFree: ::FFI::Pointer
+        # handle builder
+        def self.ddwaf_builder_init: (HandleBuilderConfig) -> ::FFI::Pointer
+        def self.ddwaf_builder_destroy: (::FFI::Pointer) -> void
+        def self.ddwaf_builder_add_or_update_config: (::FFI::Pointer, ::String, ::Integer, LibDDWAF::Object, LibDDWAF::Object) -> bool
+        def self.ddwaf_builder_remove_config: (::FFI::Pointer, ::String, ::Integer) -> bool
+        def self.ddwaf_builder_build_instance: (::FFI::Pointer) -> ::FFI::Pointer
         # main handle
-        class Config < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+        class HandleBuilderConfig < ::FFI::Struct[::FFI::AbstractMemory, untyped]
           class Limits < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
           end
@@ -108,8 +122,6 @@ module Datadog
           end
         end
-        def self.ddwaf_init: (top, Config, Object) -> ::FFI::Pointer
-        def self.ddwaf_update: (::FFI::Pointer, LibDDWAF::Object, LibDDWAF::Object) -> ::FFI::Pointer
         def self.ddwaf_destroy: (::FFI::Pointer) -> void
         def self.ddwaf_known_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
@@ -140,16 +152,6 @@ module Datadog
         # type ddwaf_log_cb = ^(ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
         type ddwaf_log_cb = ::Method | ::Proc
         def self.ddwaf_set_log_cb: (ddwaf_log_cb, ddwaf_log_level) -> bool
-        DEFAULT_MAX_CONTAINER_SIZE: ::Integer
-        DEFAULT_MAX_CONTAINER_DEPTH: ::Integer
-        DEFAULT_MAX_STRING_LENGTH: ::Integer
-        DDWAF_MAX_CONTAINER_SIZE: ::Integer
-        DDWAF_MAX_CONTAINER_DEPTH: ::Integer
-        DDWAF_MAX_STRING_LENGTH: ::Integer
-        DDWAF_RUN_TIMEOUT: ::Integer
       end
     end
   end