libddwaf 1.24.1.0.1-arm64-darwin → 1.24.1.1.0-arm64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2777036186023f0cb57302c5e7803cb118c2d4b482eab098abcf247e6739289
-  data.tar.gz: 25fe4e393d11e3efe3403fbea34b2cba9ea9dd4d365d175467c93260e566056c
+  metadata.gz: 20a320cedc5fb4c6d94dc099b6a7bafc64affb79eb93cf1dce2780e86c3ee469
+  data.tar.gz: e8930d8fbd01f9bccb5bec8e5083c1dd9cd46af38e293b847e0fb4783fc9bd34
 SHA512:
-  metadata.gz: a0e4cd4c6de88eb36b69ab03554749950fe59e3e2c5b66484165766fba32b5a85dbc8c828bf321e842ba03f199e0a78cd06c5dd42c78b66cef25dc309886c230
-  data.tar.gz: ca30f1b14e0e31edea04af6f9a309f533c1fe7258f682f6f676ea0f77af185fe6b01743f56cc108e4b7aa263972ff1067dfe54015c3e3a5cd6e4c2c645241ac3
+  metadata.gz: 3fd4185e435715d19d2ed3580286e3837a7560de3324ef9c253605a060ab84959879dbd92c1572d476668a48e796243480e1b803577bce77661dd6886769fabe
+  data.tar.gz: 471a5a438ecb9dcab06a0f6a68271e8429fc67436c1f89112e4ac5a795e3ec300d33e851022323ce12b27a80c0492f28cdb0cb1ac4c17010bc4ffc1f3ec01b9d

data/CHANGELOG.md

@@ -1,4 +1,16 @@
-# Unreleased v1.23.0.0.0
+# Unreleased
+
+# 2025-08-15 v1.24.1.1.0
+
+## Added
+
+- Add `LibDDWAF::Object#input_truncated?` method that returns true if the input object was truncated during conversion to libddwaf object
+
+## Changed
+
+- Change `Handle#known_addresses` to cache the result
+
+# 2025-05-20 v1.24.1.0.0
 
 ## Added
 

data/README.md

@@ -0,0 +1,124 @@
+# libddwaf Ruby bindings
+
+``libddwaf-rb`` is library exposing the libddwaf C++ library to Ruby, packaging it in a multiplatform gem.
+
+For the libddwaf implementation, see this repository:
+ - [``libddwaf``: libddwaf](https://github.com/DataDog/libddwaf.git)
+
+
+
+## Rake tasks
+
+### Outline
+
+A typical workflow is as follows:
+
+```
+rake fetch    # fetch prebuilt libddwaf binaries tarball in vendor/libddwaf
+rake extract  # extract downloaded tarball in vendor/libddwaf
+rake spec     # run rspec
+rake binary   # build the gem
+```
+
+Note that each depends on the previous one, but `fetch` and `extract` are lazy, which proves useful to produce manual builds.
+
+### Platform selection
+
+By default the above will automatically use the local Ruby platform.
+
+Since libddwaf binary builds are available upstream, it's possible to build gems for any platform on any other platform. To that end `fetch`, `extract`, and `binary` can take an argument to specify the Ruby platform for which these operations should apply:
+
+```
+rake fetch[x86_64-linux-musl]
+rake extract[x86_64-linux-musl]
+rake binary[x86_64-linux-musl]
+```
+
+Of course you can't force the platform for `rspec` since that requires running code; see the Docker section below for ways to achieve that.
+
+Note that zsh gives special meaning to brackets, therefore you may need to quote the argument:
+
+```
+rake 'fetch[x86_64-linux-musl]'
+```
+
+Available platforms are:
+
+```
+x86_64-linux-musl   # Alpine build: targets musl-based Linux
+x86_64-linux-gnu    # Debian build: targets glibc-based Linux
+x86_64-linux        # Portable build: targets multiple linux libc
+x86_64-darwin       # Darwin build: targets macOS
+aarch64-linux-musl  # Same as above, for ARMv8
+aarch64-linux-gnu   # Same as above, for ARMv8
+aarch64-linux       # Same as above, for ARMv8
+arm64-darwin        # Same as above, for Apple Silicon
+java                # JRuby build, universal
+```
+
+Note: since it is not (yet) possible to package gems for the `java` Ruby platform any other way than `java`, it has to package all the native architectures.
+
+In addition, options can be specified for the portable build:
+
+```
+rake binary[x86_64-linux:gnu+musl]  # Combined build: combine musl and glibc builds, selecting one at runtime
+rake binary[x86_64-linux:llvm]      # Hybrid build: linked to llvm static libs and built against a musl sysroot
+```
+
+See upstream libddwaf for details about the [hybrid portable build](https://github.com/DataDog/libddwaf/blob/master/docker/libddwaf/README.md).
+
+## Testing with Docker
+
+Unless using Docker for Mac, remember to enable foreign CPU emulation via QEMU:
+
+```
+# aarch64 on x86_64 hardware
+docker run --privileged --rm tonistiigi/binfmt --install arm64
+# x86_64 on aarch64 hardware
+docker run --privileged --rm tonistiigi/binfmt --install amd64
+```
+
+Then you can substitute e.g `--platform linux/x86_64` with `--platform linux/aarch64` below.
+
+### GNU (Debian)
+
+```
+# this is too old for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.1 sh -c 'rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+# these are fine for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.2 sh -c 'rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.3 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.4 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.5 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.6 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.7 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.0 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.1 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+```
+
+### musl (Alpine)
+
+```
+# these are too old for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.1-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.2-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+# these are fine for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.3-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.4-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.5-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.6-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.7-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.0-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.1-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.1-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+```
+
+### JRuby
+
+```
+# these are too old for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" jruby:9.2.8.0 sh -c 'apt-get update && apt-get install -y build-essential git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" jruby:9.3.0.0 sh -c 'apt-get update && apt-get install -y build-essential git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+# this is fine for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" jruby:9.3.4.0 sh -c 'apt-get update && apt-get install -y build-essential git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+```

data/lib/datadog/appsec/waf/converter.rb

@@ -8,7 +8,7 @@ module Datadog
         module_function
 
         # standard:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
-        def ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
+        def ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, top_obj: nil, coerce: true)
           case val
           when Array
             obj = LibDDWAF::Object.new
@@ -16,19 +16,25 @@ module Datadog
             raise ConversionError, "Could not convert into object: #{val}" if res.null?
 
             max_index = max_container_size - 1 if max_container_size
-            unless max_container_depth == 0
+            if max_container_depth == 0
+              top_obj&.mark_as_input_truncated!
+            else
               val.each.with_index do |e, i|
                 member = Converter.ruby_to_object(
                   e,
                   max_container_size: max_container_size,
                   max_container_depth: (max_container_depth - 1 if max_container_depth),
                   max_string_length: max_string_length,
+                  top_obj: top_obj || obj,
                   coerce: coerce
                 )
                 e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
                 raise ConversionError, "Could not add to array object: #{e.inspect}" unless e_res
 
-                break val if max_index && i >= max_index
+                if max_index && i >= max_index
+                  (top_obj || obj).mark_as_input_truncated!
+                  break val
+                end
               end
             end
 
@@ -39,24 +45,33 @@ module Datadog
             raise ConversionError, "Could not convert into object: #{val}" if res.null?
 
             max_index = max_container_size - 1 if max_container_size
-            unless max_container_depth == 0
+            if max_container_depth == 0
+              top_obj&.mark_as_input_truncated!
+            else
               val.each.with_index do |e, i|
                 # for Steep, which doesn't handle |(k, v), i|
                 k = e[0]
                 v = e[1]
 
-                k = k.to_s[0, max_string_length] if max_string_length
+                if max_string_length && k.length > max_string_length
+                  k = k.to_s[0, max_string_length]
+                  (top_obj || obj).mark_as_input_truncated!
+                end
                 member = Converter.ruby_to_object(
                   v,
                   max_container_size: max_container_size,
                   max_container_depth: (max_container_depth - 1 if max_container_depth),
                   max_string_length: max_string_length,
+                  top_obj: top_obj || obj,
                   coerce: coerce
                 )
                 kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.bytesize, member)
                 raise ConversionError, "Could not add to map object: #{k.inspect} => #{v.inspect}" unless kv_res
 
-                break val if max_index && i >= max_index
+                if max_index && i >= max_index
+                  (top_obj || obj).mark_as_input_truncated!
+                  break val
+                end
               end
             end
 
@@ -64,15 +79,21 @@ module Datadog
           when String
             obj = LibDDWAF::Object.new
             encoded_val = val.to_s.encode(Encoding::UTF_8, invalid: :replace, undef: :replace)
-            val = encoded_val[0, max_string_length] if max_string_length
-            str = val.to_s
+            if max_string_length && encoded_val.length > max_string_length
+              encoded_val = encoded_val[0, max_string_length]
+              (top_obj || obj).mark_as_input_truncated!
+            end
+            str = encoded_val.to_s
             res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
             raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           when Symbol
             obj = LibDDWAF::Object.new
-            val = val.to_s[0, max_string_length] if max_string_length
+            if max_string_length
+              val = val.to_s[0, max_string_length]
+              (top_obj || obj).mark_as_input_truncated!
+            end
             str = val.to_s
             res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
             raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?

data/lib/datadog/appsec/waf/handle.rb

@@ -37,6 +37,8 @@ module Datadog
         #
         # @return [Array<String>] the list of known addresses
         def known_addresses
+          return @known_addresses if defined?(@known_addresses)
+
           ensure_pointer_presence!
 
           count = LibDDWAF::UInt32Ptr.new
@@ -44,8 +46,7 @@ module Datadog
 
           return [] if count == 0 # list is null
 
-          list.get_array_of_string(0, count[:value])
-          # TODO: garbage collect the count?
+          @known_addresses = list.get_array_of_string(0, count[:value]).compact
         end
 
         private

data/lib/datadog/appsec/waf/lib_ddwaf.rb

@@ -37,15 +37,6 @@ module Datadog
           Gem::Platform.local.os
         end
 
-        def self.local_version
-          return nil unless local_os == "linux"
-
-          # Old rubygems don't handle non-gnu linux correctly
-          return ::Regexp.last_match(1) if RUBY_PLATFORM =~ /linux-(.+)$/
-
-          "gnu"
-        end
-
         def self.local_cpu
           if RUBY_ENGINE == "jruby"
             os_arch = java.lang.System.get_property("os.arch")
@@ -66,33 +57,6 @@ module Datadog
           __dir__ || raise("__dir__ is nil: eval?")
         end
 
-        def self.vendor_dir
-          File.join(source_dir, "../../../../vendor")
-        end
-
-        def self.libddwaf_vendor_dir
-          File.join(vendor_dir, "libddwaf")
-        end
-
-        def self.shared_lib_triplet(version: local_version)
-          version ? "#{local_os}-#{version}-#{local_cpu}" : "#{local_os}-#{local_cpu}"
-        end
-
-        def self.libddwaf_dir
-          default = File.join(libddwaf_vendor_dir,
-            "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
-          candidates = [
-            default
-          ]
-
-          if local_os == "linux"
-            candidates << File.join(libddwaf_vendor_dir,
-              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
-          end
-
-          candidates.find { |d| Dir.exist?(d) } || default
-        end
-
         def self.shared_lib_extname
           if Gem::Platform.local.os == "darwin"
             ".dylib"
@@ -104,6 +68,9 @@ module Datadog
         end
 
         def self.shared_lib_path
+          variant = "#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}"
+          libddwaf_dir = File.join(source_dir, "../../../../vendor/libddwaf/libddwaf-#{variant}")
+
           File.join(libddwaf_dir, "lib", "libddwaf#{shared_lib_extname}")
         end
 
@@ -169,6 +136,14 @@ module Datadog
             :valueUnion, ObjectValueUnion,
             :nbEntries, :uint64,
             :type, :ddwaf_obj_type
+
+          def input_truncated?
+            @input_truncated == true
+          end
+
+          def mark_as_input_truncated!
+            @input_truncated = true
+          end
         end
 
         typedef Object.by_ref, :ddwaf_object

data/lib/datadog/appsec/waf/version.rb

@@ -5,7 +5,7 @@ module Datadog
         BASE_STRING = "1.24.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.0.1"
+        STRING = "#{BASE_STRING}.1.0"
         MINIMUM_RUBY_VERSION = "2.5"
       end
     end

data/libddwaf.gemspec

@@ -0,0 +1,43 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "datadog/appsec/waf/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "libddwaf"
+  spec.version = Datadog::AppSec::WAF::VERSION::STRING
+  spec.required_ruby_version = [">= #{Datadog::AppSec::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
+  spec.required_rubygems_version = ">= 2.0.0"
+  spec.authors = ["Datadog, Inc."]
+  spec.email = ["dev@datadoghq.com"]
+
+  spec.summary = "Datadog WAF"
+  spec.description = <<-EOS.gsub(/^[\s]+/, "")
+    libddwaf packages a WAF implementation in C++, exposed to Ruby
+  EOS
+
+  spec.homepage = "https://github.com/DataDog/libddwaf-rb"
+  spec.license = "BSD-3-Clause"
+
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  end
+
+  libddwaf_version = Datadog::AppSec::WAF::VERSION::BASE_STRING
+
+  spec.files = ["libddwaf.gemspec"]
+  spec.files.concat(Dir.glob("lib/**/*.rb"))
+  spec.files.concat(Dir.glob("{vendor/rbs,sig}/**/*.rbs"))
+  spec.files.concat(Dir.glob("{README,CHANGELOG,LICENSE,NOTICE}*"))
+  spec.files.concat(%W[
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-darwin-arm64/lib/libddwaf.dylib
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-darwin-x86_64/lib/libddwaf.dylib
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-linux-aarch64/lib/libddwaf.so
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-linux-x86_64/lib/libddwaf.so
+  ])
+
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "ffi", "~> 1.0"
+end

data/sig/datadog/appsec/waf/context.rbs

@@ -0,0 +1,29 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Context
+        @context_ptr: ::FFI::Pointer
+
+        @retained: Array[untyped]
+
+        RESULT_CODE: ::Hash[::Symbol, ::Symbol]
+
+        def initialize: (::FFI::Pointer context_ptr) -> void
+
+        def finalize!: () -> void
+
+        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
+
+        private
+
+        def ensure_pointer_presence!: () -> void
+
+        def retained: () -> Array[untyped]
+
+        def retain: (top object) -> void
+
+        def release: (top object) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/converter.rbs

@@ -0,0 +1,11 @@
+module Datadog
+  module AppSec
+    module WAF
+      module Converter
+        def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
+
+        def self.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/errors.rbs

@@ -0,0 +1,20 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Error < StandardError
+      end
+
+      class InstanceFinalizedError < Error
+      end
+
+      class ConversionError < Error
+      end
+
+      class LibDDWAFError < Error
+        attr_reader diagnostics: WAF::data
+
+        def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/handle.rbs

@@ -0,0 +1,21 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Handle
+        @handle_ptr: ::FFI::Pointer
+
+        def initialize: (::FFI::Pointer handle_ptr) -> void
+
+        def finalize!: () -> void
+
+        def build_context: () -> Context
+
+        def known_addresses: () -> known_addresses
+
+        private
+
+        def ensure_pointer_presence!: () -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/handle_builder.rbs

@@ -0,0 +1,23 @@
+module Datadog
+  module AppSec
+    module WAF
+      class HandleBuilder
+        @builder_ptr: ::FFI::Pointer
+
+        def initialize: (?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
+
+        def finalize!: () -> void
+
+        def build_handle: () -> Handle
+
+        def add_or_update_config: (data config, path: ::String) -> data
+
+        def remove_config_at_path: (::String path) -> bool
+
+        private
+
+        def ensure_pointer_presence!: () -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/lib_ddwaf.rbs

@@ -0,0 +1,161 @@
+module Datadog
+  module AppSec
+    module WAF
+      module LibDDWAF
+        DEFAULT_MAX_CONTAINER_SIZE: ::Integer
+        DEFAULT_MAX_CONTAINER_DEPTH: ::Integer
+        DEFAULT_MAX_STRING_LENGTH: ::Integer
+
+        DDWAF_MAX_CONTAINER_SIZE: ::Integer
+        DDWAF_MAX_CONTAINER_DEPTH: ::Integer
+        DDWAF_MAX_STRING_LENGTH: ::Integer
+
+        DDWAF_RUN_TIMEOUT: ::Integer
+
+        extend ::FFI::Library
+
+        def self.typedef: [T < ::FFI::Type, N, R, C] (T old, Symbol | ::FFI::DataConverter[N, R, C] add, ?untyped) -> T
+           | (Symbol old, Symbol add, ?untyped) -> (::FFI::Type | ::FFI::Enum)
+           | [X < ::FFI::DataConverter[N, R, C], N, R, C] (X old, Symbol add, ?untyped) -> ::FFI::Type::Mapped[X, N, R, C]
+           | (:enum old, Array[Symbol | Integer] add, ?untyped) -> ::FFI::Enum
+           | (:enum old, Symbol | ::FFI::Type add, Array[Symbol | Integer] info) -> ::FFI::Enum
+           | (untyped, ::Symbol) -> void
+
+        def self.callback: (::Symbol name, Array[::FFI::Library::ffi_lib_type] params, ::FFI::Library::ffi_lib_type ret) -> ::FFI::CallbackInfo
+
+        def self.enum: (*(Symbol | Integer) args) -> ::FFI::Enum
+                     | (Array[Symbol | Integer] values) -> ::FFI::Enum
+
+        def self.local_os: () -> ::String
+        def self.local_cpu: () -> ::String
+        def self.local_version: () -> (::String | nil)
+        def self.source_dir: () -> ::String
+        def self.vendor_dir: () -> ::String
+        def self.libddwaf_vendor_dir: () -> ::String
+        def self.shared_lib_triplet: (?version: ::String?) -> ::String
+        def self.libddwaf_dir: () -> ::String
+        def self.shared_lib_extname: () -> ::String
+        def self.shared_lib_path: () -> ::String
+
+        # version
+
+        def self.ddwaf_get_version: () -> ::String
+
+        # ddwaf::object data structure
+
+        DDWAF_OBJ_TYPE: ::FFI::Enum
+
+        class UInt32Ptr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+        end
+
+        class UInt64Ptr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+        end
+
+        class SizeTPtr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+        end
+
+        class ObjectValueUnion < ::FFI::Union[::FFI::AbstractMemory, untyped]
+        end
+
+        class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          def input_truncated?: () -> bool
+
+          def mark_as_input_truncated!: () -> bool
+        end
+
+        # setters
+
+        def self.ddwaf_object_invalid: (LibDDWAF::Object) -> ::FFI::Pointer
+        def self.ddwaf_object_string: (LibDDWAF::Object, ::String) -> ::FFI::Pointer
+        def self.ddwaf_object_stringl: (LibDDWAF::Object, ::String, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_stringl_nc: (LibDDWAF::Object, ::String, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_unsigned: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_signed: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_string_from_unsigned: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_string_from_signed: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_bool: (LibDDWAF::Object, bool) -> ::FFI::Pointer
+        def self.ddwaf_object_float: (LibDDWAF::Object, ::Float) -> ::FFI::Pointer
+        def self.ddwaf_object_null: (LibDDWAF::Object) -> ::FFI::Pointer
+
+        def self.ddwaf_object_array: (LibDDWAF::Object) -> ::FFI::Pointer
+        def self.ddwaf_object_array_add: (LibDDWAF::Object, LibDDWAF::Object) -> bool
+
+        def self.ddwaf_object_map: (LibDDWAF::Object) -> ::FFI::Pointer
+        def self.ddwaf_object_map_add: (LibDDWAF::Object, ::String, LibDDWAF::Object) -> bool
+        def self.ddwaf_object_map_addl: (LibDDWAF::Object, ::String, ::Integer, LibDDWAF::Object) -> bool
+        def self.ddwaf_object_map_addl_nc: (LibDDWAF::Object, ::String, ::Integer, LibDDWAF::Object) -> bool
+
+        # getters
+
+        def self.ddwaf_object_type: (LibDDWAF::Object) -> ::FFI::Enum
+        def self.ddwaf_object_size: (LibDDWAF::Object) -> ::Integer
+        def self.ddwaf_object_length: (LibDDWAF::Object) -> ::Integer
+        def self.ddwaf_object_get_key: (LibDDWAF::Object, SizeTPtr) -> ::String
+        def self.ddwaf_object_get_string: (LibDDWAF::Object, SizeTPtr) -> ::String
+        def self.ddwaf_object_get_unsigned: (LibDDWAF::Object, SizeTPtr) -> ::Integer
+        def self.ddwaf_object_get_signed: (LibDDWAF::Object, SizeTPtr) -> ::Integer
+        def self.ddwaf_object_get_index: (LibDDWAF::Object, ::Integer) -> LibDDWAF::Object
+        def self.ddwaf_object_get_bool: (LibDDWAF::Object) -> bool
+        def self.ddwaf_object_get_float: (LibDDWAF::Object) -> ::Float
+
+        # freeers
+
+        def self.ddwaf_object_free: (LibDDWAF::Object) -> void
+
+        ObjectFree: ::FFI::Function
+        ObjectNoFree: ::FFI::Pointer
+
+        # handle builder
+
+        def self.ddwaf_builder_init: (HandleBuilderConfig) -> ::FFI::Pointer
+        def self.ddwaf_builder_destroy: (::FFI::Pointer) -> void
+
+        def self.ddwaf_builder_add_or_update_config: (::FFI::Pointer, ::String, ::Integer, LibDDWAF::Object, LibDDWAF::Object) -> bool
+        def self.ddwaf_builder_remove_config: (::FFI::Pointer, ::String, ::Integer) -> bool
+
+        def self.ddwaf_builder_build_instance: (::FFI::Pointer) -> ::FFI::Pointer
+
+        # main handle
+
+        class HandleBuilderConfig < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          class Limits < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+          end
+
+          class Obfuscator < ::FFI::Struct[::FFI::AbstractMemory, ::FFI::Pointer]
+          end
+        end
+
+        def self.ddwaf_destroy: (::FFI::Pointer) -> void
+
+        def self.ddwaf_known_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
+        def self.ddwaf_rule_data_ids: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
+
+        # updating
+
+        DDWAF_RET_CODE: ::FFI::Enum
+
+        # running
+
+        def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
+        def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
+
+        class Result < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+        end
+
+        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
+        def self.ddwaf_result_free: (Result) -> void
+
+        # logging
+
+        DDWAF_LOG_LEVEL: ::FFI::Enum
+
+        type ddwaf_log_level = ::Symbol
+
+        # TODO: signature is as below but steep 1.1 does not yet support method/proc/block mapping
+        # type ddwaf_log_cb = ^(ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+        type ddwaf_log_cb = ::Method | ::Proc
+        def self.ddwaf_set_log_cb: (ddwaf_log_cb, ddwaf_log_level) -> bool
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/result.rbs

@@ -0,0 +1,33 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Result
+        @status: ::Symbol
+
+        @events: WAF::data
+
+        @total_runtime: ::Float
+
+        @timeout: bool
+
+        @actions: WAF::data
+
+        @derivatives: WAF::data
+
+        attr_reader status: ::Symbol
+
+        attr_reader events: WAF::data
+
+        attr_reader total_runtime: ::Float
+
+        attr_reader timeout: bool
+
+        attr_reader actions: WAF::data
+
+        attr_reader derivatives: WAF::data
+
+        def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/version.rbs

@@ -0,0 +1,13 @@
+module Datadog
+  module AppSec
+    module WAF
+      module VERSION
+        BASE_STRING: ::String
+
+        STRING: ::String
+
+        MINIMUM_RUBY_VERSION: ::String
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf.rbs

@@ -0,0 +1,18 @@
+module Datadog
+  module AppSec
+    module WAF
+      type data = String | Symbol | Integer | Float | TrueClass | FalseClass | Array[data] | Hash[(String | Symbol | nil), data] | nil
+      type known_addresses = ::Array[::String]
+      type diagnostics = ::Hash[::String, untyped]
+
+      def self.version: () -> ::String
+
+      self.@logger: ::Logger
+      self.@log_callback: LibDDWAF::ddwaf_log_cb
+
+      def self.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+      def self.logger: () -> ::Logger
+      def self.logger=: (::Logger logger) -> void
+    end
+  end
+end

data/vendor/rbs/gem/0/gem.rbs

@@ -0,0 +1,7 @@
+class Gem::Platform
+  def self.local: () -> Gem::Platform
+
+  def os: () -> String
+  def cpu: () -> String
+  def version: () -> String
+end

data/vendor/rbs/jruby/0/jruby.rbs

@@ -0,0 +1,3 @@
+module Kernel
+  def java: () -> untyped
+end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.24.1.0.1
+  version: 1.24.1.1.0
 platform: arm64-darwin
 authors:
 - Datadog, Inc.
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-21 00:00:00.000000000 Z
+date: 2025-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -39,6 +38,7 @@ files:
 - LICENSE.Apache
 - LICENSE.BSD3
 - NOTICE
+- README.md
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/context.rb
 - lib/datadog/appsec/waf/converter.rb
@@ -49,13 +49,25 @@ files:
 - lib/datadog/appsec/waf/result.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
+- libddwaf.gemspec
+- sig/datadog/appsec/waf.rbs
+- sig/datadog/appsec/waf/context.rbs
+- sig/datadog/appsec/waf/converter.rbs
+- sig/datadog/appsec/waf/errors.rbs
+- sig/datadog/appsec/waf/handle.rbs
+- sig/datadog/appsec/waf/handle_builder.rbs
+- sig/datadog/appsec/waf/lib_ddwaf.rbs
+- sig/datadog/appsec/waf/result.rbs
+- sig/datadog/appsec/waf/version.rbs
+- sig/libddwaf.rbs
 - vendor/libddwaf/libddwaf-1.24.1-darwin-arm64/lib/libddwaf.dylib
+- vendor/rbs/gem/0/gem.rbs
+- vendor/rbs/jruby/0/jruby.rbs
 homepage: https://github.com/DataDog/libddwaf-rb
 licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -70,8 +82,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.5.21
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Datadog WAF
 test_files: []