libddwaf 1.24.1.2.0-aarch64-linux → 1.25.1.0.0-aarch64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/lib/datadog/appsec/waf/context.rb +15 -9
  4. data/lib/datadog/appsec/waf/converter.rb +25 -28
  5. data/lib/datadog/appsec/waf/lib_ddwaf.rb +5 -17
  6. data/lib/datadog/appsec/waf/result.rb +20 -9
  7. data/lib/datadog/appsec/waf/version.rb +2 -2
  8. data/libddwaf.gemspec +1 -1
  9. data/sig/datadog/appsec/waf/converter.rbs +2 -2
  10. data/sig/datadog/appsec/waf/lib_ddwaf.rbs +3 -7
  11. data/sig/datadog/appsec/waf/result.rbs +24 -10
  12. data/sig/datadog/appsec/waf.rbs +5 -5
  13. data/vendor/libddwaf/{libddwaf-1.24.1-linux-aarch64 → libddwaf-1.25.1-linux-aarch64}/lib/libddwaf.so +0 -0
  14. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a3526444338b6ceddafd5b5a4e2afb4f0de5d6d33aa18cf03f5d38732ae15fbd
4
- data.tar.gz: 3a19c8fc34c62a0fce545cae348e094beebb2cbd51ec779a53265ea10cf1735d
3
+ metadata.gz: bf067f5efb9e5b29211e08e3e791cdf500b456493596d318da8386f4df402fbd
4
+ data.tar.gz: b8c716ecd2baa95db37f1c0d061a16d64d739cfb33f128e477514f95db92da08
5
5
  SHA512:
6
- metadata.gz: 0ccb7f15b348b3e056257c2d7e1f2d9908528a6ea5f1fd6fa4aad19317a0ae35afa2dc9b0e7ef08d4a9c241a070584d1ae981700d40ae970559cdef136c609e8
7
- data.tar.gz: 63e84ee58a8a4ae9673d1fb7904444a3bcdc448739270cf7b6b9c47c6302538d8bd6d26c9b857b585beca9ce0e73e8b1782432066e8205a844d8b3262bf3f5f6
6
+ metadata.gz: 794e99122b3e3fe68d1ceb8f477ca9991358d772bfba7875dea589b17ad838b7e3948df9584caa8e4ad838bdc472b2c8405194ca4817d2392b1ae14d32b5b86e
7
+ data.tar.gz: d397d3e95c4c25c1df91d66694e80cb79e9c6b51fe4bea8417058b5efd93221a011b5593493857c32dac266da224c4defc92b5a4d7b757859391579787d4fba6
data/CHANGELOG.md CHANGED
@@ -1,5 +1,25 @@
1
1
  # Unreleased
2
2
 
3
+ # 2025-09-16 v1.25.1.0.0
4
+
5
+ ## Added
6
+
7
+ - Add `Result#keep?` method
8
+
9
+ ## Changed
10
+
11
+ - Change `LibDDWAF::Object#input_truncated?` to `LibDDWAF::Object#truncated?` method
12
+ - Change `LibDDWAF::Object#mark_as_input_truncated?` to `LibDDWAF::Object#mark_truncated?` method
13
+ - Change `Result#timeout` to `Result#timeout?` method
14
+ - Change `Result#derivatives` to `Result#attributes` method
15
+ - Change `Result#total_runtime` to `Result#duration` method
16
+
17
+ # 2025-09-15 v1.24.1.2.1
18
+
19
+ ## Fixed
20
+
21
+ - Fix conversion of non-string Hash keys with potential size truncation
22
+
3
23
  # 2025-09-02 v1.24.1.2.0
4
24
 
5
25
  ## Added
data/lib/datadog/appsec/waf/context.rb CHANGED
@@ -69,27 +69,33 @@ module Datadog
69
69
  raise ConversionError, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
70
70
  end
71
71
 
72
- result_obj = LibDDWAF::Result.new
72
+ result_obj = LibDDWAF::Object.new
73
73
  raise LibDDWAFError, "Could not create result object" if result_obj.null?
74
74
 
75
75
  code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
76
+ result = Converter.object_to_ruby(result_obj) #: ::Hash[::String, WAF::data]
77
+
78
+ if result.nil?
79
+ raise ConversionError, "Could not convert result into object: #{code}"
80
+ end
76
81
 
77
82
  result = Result.new(
78
- RESULT_CODE[code],
79
- Converter.object_to_ruby(result_obj[:events]),
80
- result_obj[:total_runtime],
81
- result_obj[:timeout],
82
- Converter.object_to_ruby(result_obj[:actions]),
83
- Converter.object_to_ruby(result_obj[:derivatives])
83
+ status: RESULT_CODE[code],
84
+ events: result["events"],
85
+ actions: result["actions"],
86
+ attributes: result["attributes"],
87
+ duration: result["duration"], #: ::Integer
88
+ timeout: result["timeout"], #: bool
89
+ keep: result["keep"] #: bool
84
90
  )
85
91
 
86
- if persistent_data_obj.input_truncated? || ephemeral_data_obj.input_truncated?
92
+ if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
87
93
  result.mark_input_truncated!
88
94
  end
89
95
 
90
96
  result
91
97
  ensure
92
- LibDDWAF.ddwaf_result_free(result_obj) if result_obj
98
+ LibDDWAF.ddwaf_object_free(result_obj) if result_obj
93
99
  LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
94
100
  end
95
101
 
data/lib/datadog/appsec/waf/converter.rb CHANGED
@@ -15,11 +15,15 @@ module Datadog
15
15
  res = LibDDWAF.ddwaf_object_array(obj)
16
16
  raise ConversionError, "Could not convert into object: #{val}" if res.null?
17
17
 
18
- max_index = max_container_size - 1 if max_container_size
19
18
  if max_container_depth == 0
20
- top_obj&.mark_as_input_truncated!
19
+ top_obj&.mark_truncated!
21
20
  else
22
21
  val.each.with_index do |e, i|
22
+ if max_container_size && i >= max_container_size
23
+ (top_obj || obj).mark_truncated!
24
+ break val
25
+ end
26
+
23
27
  member = Converter.ruby_to_object(
24
28
  e,
25
29
  max_container_size: max_container_size,
@@ -30,11 +34,6 @@ module Datadog
30
34
  )
31
35
  e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
32
36
  raise ConversionError, "Could not add to array object: #{e.inspect}" unless e_res
33
-
34
- if max_index && i >= max_index
35
- (top_obj || obj).mark_as_input_truncated!
36
- break val
37
- end
38
37
  end
39
38
  end
40
39
 
@@ -44,18 +43,22 @@ module Datadog
44
43
  res = LibDDWAF.ddwaf_object_map(obj)
45
44
  raise ConversionError, "Could not convert into object: #{val}" if res.null?
46
45
 
47
- max_index = max_container_size - 1 if max_container_size
48
46
  if max_container_depth == 0
49
- top_obj&.mark_as_input_truncated!
47
+ top_obj&.mark_truncated!
50
48
  else
51
49
  val.each.with_index do |e, i|
50
+ if max_container_size && i >= max_container_size
51
+ (top_obj || obj).mark_truncated!
52
+ break val
53
+ end
54
+
52
55
  # for Steep, which doesn't handle |(k, v), i|
53
- k = e[0]
56
+ k = e[0].to_s
54
57
  v = e[1]
55
58
 
56
59
  if max_string_length && k.length > max_string_length
57
- k = k.to_s[0, max_string_length]
58
- (top_obj || obj).mark_as_input_truncated!
60
+ k = k[0, max_string_length]
61
+ (top_obj || obj).mark_truncated!
59
62
  end
60
63
  member = Converter.ruby_to_object(
61
64
  v,
@@ -65,13 +68,8 @@ module Datadog
65
68
  top_obj: top_obj || obj,
66
69
  coerce: coerce
67
70
  )
68
- kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.bytesize, member)
69
- raise ConversionError, "Could not add to map object: #{k.inspect} => #{v.inspect}" unless kv_res
70
-
71
- if max_index && i >= max_index
72
- (top_obj || obj).mark_as_input_truncated!
73
- break val
74
- end
71
+ kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k, k.bytesize, member)
72
+ raise ConversionError, "Could not add to map object: #{e[0].inspect} => #{v.inspect}" unless kv_res
75
73
  end
76
74
  end
77
75
 
@@ -80,21 +78,20 @@ module Datadog
80
78
  obj = LibDDWAF::Object.new
81
79
  encoded_val = val.to_s.encode(Encoding::UTF_8, invalid: :replace, undef: :replace)
82
80
  if max_string_length && encoded_val.length > max_string_length
83
- encoded_val = encoded_val[0, max_string_length]
84
- (top_obj || obj).mark_as_input_truncated!
81
+ encoded_val = encoded_val[0, max_string_length] #: String
82
+ (top_obj || obj).mark_truncated!
85
83
  end
86
- str = encoded_val.to_s
87
- res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
84
+ res = LibDDWAF.ddwaf_object_stringl(obj, encoded_val, encoded_val.bytesize)
88
85
  raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
89
86
 
90
87
  obj
91
88
  when Symbol
92
89
  obj = LibDDWAF::Object.new
93
- if max_string_length
94
- val = val.to_s[0, max_string_length]
95
- (top_obj || obj).mark_as_input_truncated!
96
- end
97
90
  str = val.to_s
91
+ if max_string_length && str.length > max_string_length
92
+ str = str[0, max_string_length] #: String
93
+ (top_obj || obj).mark_truncated!
94
+ end
98
95
  res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
99
96
  raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
100
97
 
@@ -173,7 +170,7 @@ module Datadog
173
170
  a << e # steep:ignore
174
171
  end
175
172
  when :ddwaf_obj_map
176
- (0...obj[:nbEntries]).each.with_object({}) do |i, h|
173
+ (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::data]
177
174
  ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
178
175
  o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
179
176
  l = o[:parameterNameLength]
data/lib/datadog/appsec/waf/lib_ddwaf.rb CHANGED
@@ -137,12 +137,12 @@ module Datadog
137
137
  :nbEntries, :uint64,
138
138
  :type, :ddwaf_obj_type
139
139
 
140
- def input_truncated?
141
- @input_truncated == true
140
+ def truncated?
141
+ @truncated == true
142
142
  end
143
143
 
144
- def mark_as_input_truncated!
145
- @input_truncated = true
144
+ def mark_truncated!
145
+ @truncated = true
146
146
  end
147
147
  end
148
148
 
@@ -253,21 +253,9 @@ module Datadog
253
253
  attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
254
254
  attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
255
255
 
256
- # Ruby representation of ddwaf_result
257
- # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
258
- class Result < ::FFI::Struct
259
- layout :timeout, :bool,
260
- :events, Object,
261
- :actions, Object,
262
- :derivatives, Object,
263
- :total_runtime, :uint64
264
- end
265
-
266
- typedef Result.by_ref, :ddwaf_result
267
256
  typedef :uint64, :timeout_us
268
257
 
269
- attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
270
- attach_function :ddwaf_result_free, [:ddwaf_result], :void
258
+ attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_object, :timeout_us], :ddwaf_ret_code, blocking: true
271
259
 
272
260
  # logging
273
261
 
data/lib/datadog/appsec/waf/result.rb CHANGED
@@ -4,17 +4,18 @@ module Datadog
4
4
  module AppSec
5
5
  module WAF
6
6
  # Ruby representation of the ddwaf_result of a libddwaf run.
7
- # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L159-L173
7
+ # See https://github.com/DataDog/libddwaf/blob/8dbee187ff74a0aa25e1bcbdde51677f77930e1b/include/ddwaf.h#L277-L290
8
8
  class Result
9
- attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
9
+ attr_reader :status, :events, :actions, :attributes, :duration
10
10
 
11
- def initialize(status, events, total_runtime, timeout, actions, derivatives)
11
+ def initialize(status:, events:, actions:, attributes:, duration:, timeout:, keep:)
12
12
  @status = status
13
13
  @events = events
14
- @total_runtime = total_runtime
15
- @timeout = timeout
16
14
  @actions = actions
17
- @derivatives = derivatives
15
+ @attributes = attributes
16
+ @duration = duration
17
+ @timeout = timeout
18
+ @keep = keep
18
19
  @input_truncated = false
19
20
  end
20
21
 
@@ -22,6 +23,14 @@ module Datadog
22
23
  @input_truncated = true
23
24
  end
24
25
 
26
+ def timeout?
27
+ @timeout
28
+ end
29
+
30
+ def keep?
31
+ @keep
32
+ end
33
+
25
34
  def input_truncated?
26
35
  @input_truncated
27
36
  end
@@ -30,10 +39,12 @@ module Datadog
30
39
  {
31
40
  status: @status,
32
41
  events: @events,
33
- total_runtime: @total_runtime,
34
- timeout: @timeout,
35
42
  actions: @actions,
36
- derivatives: @derivatives
43
+ attributes: @attributes,
44
+ duration: @duration,
45
+ timeout: @timeout,
46
+ keep: @keep,
47
+ input_truncated: @input_truncated
37
48
  }
38
49
  end
39
50
  end
data/lib/datadog/appsec/waf/version.rb CHANGED
@@ -2,10 +2,10 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module VERSION
5
- BASE_STRING = "1.24.1"
5
+ BASE_STRING = "1.25.1"
6
6
  # NOTE: Every change to the `BASE_STRING` should be accompanied
7
7
  # by a reset of the patch version in the `STRING` below.
8
- STRING = "#{BASE_STRING}.2.0"
8
+ STRING = "#{BASE_STRING}.0.0"
9
9
  MINIMUM_RUBY_VERSION = "2.5"
10
10
  end
11
11
  end
data/libddwaf.gemspec CHANGED
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
11
11
  spec.email = ["dev@datadoghq.com"]
12
12
 
13
13
  spec.summary = "Datadog WAF"
14
- spec.description = <<-EOS.gsub(/^[\s]+/, "")
14
+ spec.description = <<-EOS.gsub(/^\s+/, "")
15
15
  libddwaf packages a WAF implementation in C++, exposed to Ruby
16
16
  EOS
17
17
 
data/sig/datadog/appsec/waf/converter.rbs CHANGED
@@ -2,9 +2,9 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module Converter
5
- def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
5
+ def self?.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
6
6
 
7
- def self.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
7
+ def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
8
8
  end
9
9
  end
10
10
  end
data/sig/datadog/appsec/waf/lib_ddwaf.rbs CHANGED
@@ -58,9 +58,9 @@ module Datadog
58
58
  end
59
59
 
60
60
  class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
61
- def input_truncated?: () -> bool
61
+ def truncated?: () -> bool
62
62
 
63
- def mark_as_input_truncated!: () -> bool
63
+ def mark_truncated!: () -> bool
64
64
  end
65
65
 
66
66
  # setters
@@ -139,11 +139,7 @@ module Datadog
139
139
  def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
140
140
  def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
141
141
 
142
- class Result < ::FFI::Struct[::FFI::AbstractMemory, untyped]
143
- end
144
-
145
- def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
146
- def self.ddwaf_result_free: (Result) -> void
142
+ def self.ddwaf_run: (::FFI::Pointer, Object, Object, Object, ::Integer) -> ::Symbol
147
143
 
148
144
  # logging
149
145
 
data/sig/datadog/appsec/waf/result.rbs CHANGED
@@ -6,13 +6,15 @@ module Datadog
6
6
 
7
7
  @events: WAF::data
8
8
 
9
- @total_runtime: ::Float
9
+ @actions: WAF::data
10
10
 
11
- @timeout: bool
11
+ @attributes: WAF::data
12
12
 
13
- @actions: WAF::data
13
+ @duration: ::Integer
14
14
 
15
- @derivatives: WAF::data
15
+ @timeout: bool
16
+
17
+ @keep: bool
16
18
 
17
19
  @input_truncated: bool
18
20
 
@@ -20,19 +22,31 @@ module Datadog
20
22
 
21
23
  attr_reader events: WAF::data
22
24
 
23
- attr_reader total_runtime: ::Float
24
-
25
- attr_reader timeout: bool
26
-
27
25
  attr_reader actions: WAF::data
28
26
 
29
- attr_reader derivatives: WAF::data
27
+ attr_reader attributes: WAF::data
28
+
29
+ attr_reader duration: ::Integer
30
30
 
31
- def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
31
+ def initialize: (
32
+ status: ::Symbol,
33
+ events: WAF::data,
34
+ actions: WAF::data,
35
+ attributes: WAF::data,
36
+ duration: ::Integer,
37
+ timeout: bool,
38
+ keep: bool
39
+ ) -> void
32
40
 
33
41
  def mark_input_truncated!: () -> bool
34
42
 
43
+ def timeout?: () -> bool
44
+
45
+ def keep?: () -> bool
46
+
35
47
  def input_truncated?: () -> bool
48
+
49
+ def to_h: () -> ::Hash[::Symbol, WAF::data]
36
50
  end
37
51
  end
38
52
  end
data/sig/datadog/appsec/waf.rbs CHANGED
@@ -1,18 +1,18 @@
1
1
  module Datadog
2
2
  module AppSec
3
3
  module WAF
4
- type data = String | Symbol | Integer | Float | TrueClass | FalseClass | Array[data] | Hash[(String | Symbol | nil), data] | nil
4
+ type data = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[data] | ::Hash[(::String | ::Symbol | nil), data]
5
5
  type known_addresses = ::Array[::String]
6
6
  type diagnostics = ::Hash[::String, untyped]
7
7
 
8
- def self.version: () -> ::String
8
+ def self?.version: () -> ::String
9
9
 
10
10
  self.@logger: ::Logger
11
11
  self.@log_callback: LibDDWAF::ddwaf_log_cb
12
12
 
13
- def self.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
14
- def self.logger: () -> ::Logger
15
- def self.logger=: (::Logger logger) -> void
13
+ def self?.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
14
+ def self?.logger: () -> ::Logger
15
+ def self?.logger=: (::Logger logger) -> void
16
16
  end
17
17
  end
18
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.24.1.2.0
4
+ version: 1.25.1.0.0
5
5
  platform: aarch64-linux
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-09-02 00:00:00.000000000 Z
11
+ date: 2025-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -61,7 +61,7 @@ files:
61
61
  - sig/datadog/appsec/waf/result.rbs
62
62
  - sig/datadog/appsec/waf/version.rbs
63
63
  - sig/libddwaf.rbs
64
- - vendor/libddwaf/libddwaf-1.24.1-linux-aarch64/lib/libddwaf.so
64
+ - vendor/libddwaf/libddwaf-1.25.1-linux-aarch64/lib/libddwaf.so
65
65
  - vendor/rbs/gem/0/gem.rbs
66
66
  - vendor/rbs/jruby/0/jruby.rbs
67
67
  homepage: https://github.com/DataDog/libddwaf-rb