libddwaf 1.24.1.2.1-arm64-darwin → 1.25.1.0.1-arm64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5275d4f1ff861c6abb346748bbc7b7071d529b9381a77b513f9c57d1bca5fd0d
-  data.tar.gz: 4b67b98d8c1c0628deb594dfaab853b4dba5d2f72116f60572e1a0b9bd9a97be
+  metadata.gz: 29da4a380625b6e851ffaf8497211f0fd69c01e02bd6238d14092ed294fc1ed5
+  data.tar.gz: b7d5945a29a8773c18534d598069232732c4dce7bee385a5c609c1f8d04c427a
 SHA512:
-  metadata.gz: 13b0012d3ff0b3def7500a215144b56fc1289a223227261a555eb7e09315a6682d64b93ced8be5b33ad09b503b0e5ac0c04b97c805c96036d9e3cce4164ca851
-  data.tar.gz: 566de2ae665281c21e5471412d89c63ea4927c2a4e2ed97e9b45b8a2563a0f5ea6d53017ff8b2828bf034d39cdcd45bab2285eefb3e5977638a270b67822af49
+  metadata.gz: 757a45d304154e1cb1ae907176d4d287b1a46e549b135e0a3f1005edc138b802d1f18976719c44b7c62927ae6d92269e5ae1878463472b9e2b08fa31820f1bd6
+  data.tar.gz: f88dde8ae0d58d1d7dd50f2c98c9c637ea3e3a25c80713323c52521f6c22f3f8479890cd71a9c8cad9afc5078d34ce420779282fbb930786acd1f7c9d9e6893f

data/CHANGELOG.md

@@ -1,5 +1,25 @@
 # Unreleased
 
+# 2025-09-18 v1.25.1.0.1
+
+## Fixed
+
+- Fix handling of unsuccessful `ddwaf_run` call and result conversion
+
+# 2025-09-16 v1.25.1.0.0
+
+## Added
+
+- Add `Result#keep?` method
+
+## Changed
+
+- Change `LibDDWAF::Object#input_truncated?` to `LibDDWAF::Object#truncated?` method
+- Change `LibDDWAF::Object#mark_as_input_truncated?` to `LibDDWAF::Object#mark_truncated?` method
+- Change `Result#timeout` to `Result#timeout?` method
+- Change `Result#derivatives` to `Result#attributes` method
+- Change `Result#total_runtime` to `Result#duration` method
+
 # 2025-09-15 v1.24.1.2.1
 
 ## Fixed

data/lib/datadog/appsec/waf/context.rb

@@ -6,7 +6,16 @@ module Datadog
       # Ruby representation of the ddwaf_context in libddwaf
       # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/BINDING_IMPL_NOTES.md?plain=1#L125-L158
       class Context
-        RESULT_CODE = {
+        EMPTY_RESULT = {
+          "events" => [],     #: ::Array[WAF::output]
+          "actions" => {},    #: ::Hash[::String, WAF::output]
+          "attributes" => {}, #: ::Hash[::String, WAF::output]
+          "duration" => 0,
+          "timeout" => false,
+          "keep" => false
+        }.freeze
+        SUCCESS_RESULT_CODES = %i[ddwaf_ok ddwaf_match].freeze
+        RESULT_CODE_TO_STATUS = {
           ddwaf_ok: :ok,
           ddwaf_match: :match,
           ddwaf_err_internal: :err_internal,
@@ -69,18 +78,28 @@ module Datadog
             raise ConversionError, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
           end
 
-          result_obj = LibDDWAF::Result.new
+          result_obj = LibDDWAF::Object.new
           raise LibDDWAFError, "Could not create result object" if result_obj.null?
 
           code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
+          result = Converter.object_to_ruby(result_obj)
+
+          # NOTE: In case of the error, `libddwaf` will not "fill" the result
+          #       object, so it will be empty and the conversion of it will return
+          #       `nil`, but that is not a conversion issue.
+          if SUCCESS_RESULT_CODES.include?(code) && result.nil?
+            raise ConversionError, "Could not convert result into object: #{code}"
+          end
 
+          result ||= EMPTY_RESULT
           result = Result.new(
-            RESULT_CODE[code],
-            Converter.object_to_ruby(result_obj[:events]),
-            result_obj[:total_runtime],
-            result_obj[:timeout],
-            Converter.object_to_ruby(result_obj[:actions]),
-            Converter.object_to_ruby(result_obj[:derivatives])
+            status: RESULT_CODE_TO_STATUS[code],
+            events: result["events"],
+            actions: result["actions"],
+            attributes: result["attributes"],
+            duration: result["duration"],
+            timeout: result["timeout"],
+            keep: result["keep"]
           )
 
           if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
@@ -89,7 +108,7 @@ module Datadog
 
           result
         ensure
-          LibDDWAF.ddwaf_result_free(result_obj) if result_obj
+          LibDDWAF.ddwaf_object_free(result_obj) if result_obj
           LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
         end
 

data/lib/datadog/appsec/waf/converter.rb

@@ -164,19 +164,19 @@ module Datadog
           when :ddwaf_obj_float
             obj[:valueUnion][:f64]
           when :ddwaf_obj_array
-            (0...obj[:nbEntries]).each.with_object([]) do |i, a|
+            (0...obj[:nbEntries]).each.with_object([]) do |i, a| #$ ::Array[WAF::output]
               ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
               e = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
-              a << e # steep:ignore
+              a << e
             end
           when :ddwaf_obj_map
-            (0...obj[:nbEntries]).each.with_object({}) do |i, h|
+            (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::output]
               ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
               o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
               l = o[:parameterNameLength]
               k = o[:parameterName].read_bytes(l)
               v = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
-              h[k] = v # steep:ignore
+              h[k] = v
             end
           end
         end

data/lib/datadog/appsec/waf/lib_ddwaf.rb

@@ -253,21 +253,9 @@ module Datadog
         attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
 
-        # Ruby representation of ddwaf_result
-        # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
-        class Result < ::FFI::Struct
-          layout :timeout, :bool,
-            :events, Object,
-            :actions, Object,
-            :derivatives, Object,
-            :total_runtime, :uint64
-        end
-
-        typedef Result.by_ref, :ddwaf_result
         typedef :uint64, :timeout_us
 
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
-        attach_function :ddwaf_result_free, [:ddwaf_result], :void
+        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_object, :timeout_us], :ddwaf_ret_code, blocking: true
 
         # logging
 

data/lib/datadog/appsec/waf/result.rb

@@ -4,17 +4,19 @@ module Datadog
   module AppSec
     module WAF
       # Ruby representation of the ddwaf_result of a libddwaf run.
-      # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L159-L173
+      # See https://github.com/DataDog/libddwaf/blob/8dbee187ff74a0aa25e1bcbdde51677f77930e1b/include/ddwaf.h#L277-L290
       class Result
-        attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
+        attr_reader :status, :events, :actions, :attributes, :duration
 
-        def initialize(status, events, total_runtime, timeout, actions, derivatives)
+        def initialize(status:, events:, actions:, attributes:, duration:, timeout:, keep:)
           @status = status
           @events = events
-          @total_runtime = total_runtime
-          @timeout = timeout
           @actions = actions
-          @derivatives = derivatives
+          @attributes = attributes
+          @duration = duration
+
+          @keep = !!keep
+          @timeout = !!timeout
           @input_truncated = false
         end
 
@@ -22,6 +24,14 @@ module Datadog
           @input_truncated = true
         end
 
+        def timeout?
+          @timeout
+        end
+
+        def keep?
+          @keep
+        end
+
         def input_truncated?
           @input_truncated
         end
@@ -30,10 +40,12 @@ module Datadog
           {
             status: @status,
             events: @events,
-            total_runtime: @total_runtime,
-            timeout: @timeout,
             actions: @actions,
-            derivatives: @derivatives
+            attributes: @attributes,
+            duration: @duration,
+            keep: @keep,
+            timeout: @timeout,
+            input_truncated: @input_truncated
           }
         end
       end

data/lib/datadog/appsec/waf/version.rb

@@ -2,10 +2,10 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = "1.24.1"
+        BASE_STRING = "1.25.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.2.1"
+        STRING = "#{BASE_STRING}.0.1"
         MINIMUM_RUBY_VERSION = "2.5"
       end
     end

data/sig/datadog/appsec/waf/context.rbs

@@ -4,15 +4,26 @@ module Datadog
       class Context
         @context_ptr: ::FFI::Pointer
 
-        @retained: Array[untyped]
+        @retained: Array[top]
 
-        RESULT_CODE: ::Hash[::Symbol, ::Symbol]
+        EMPTY_RESULT: {
+          "events" => ::Array[WAF::output],
+          "actions" => ::Hash[::String, WAF::output],
+          "attributes" => ::Hash[::String, WAF::output],
+          "duration" => ::Integer,
+          "timeout" => bool,
+          "keep" => bool
+        }
+
+        SUCCESS_RESULT_CODES: ::Array[::Symbol]
+
+        RESULT_CODE_TO_STATUS: ::Hash[::Symbol, ::Symbol]
 
         def initialize: (::FFI::Pointer context_ptr) -> void
 
         def finalize!: () -> void
 
-        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
+        def run: (WAF::input persistent_data, WAF::input ephemeral_data, ?::Integer timeout) -> Result
 
         private
 

data/sig/datadog/appsec/waf/converter.rbs

@@ -2,9 +2,16 @@ module Datadog
   module AppSec
     module WAF
       module Converter
-        def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
+        def self?.ruby_to_object: (
+          top val,
+          ?max_container_size: ::Integer?,
+          ?max_container_depth: ::Integer?,
+          ?max_string_length: ::Integer?,
+          ?top_obj: LibDDWAF::Object?,
+          ?coerce: bool?
+        ) -> LibDDWAF::Object
 
-        def self.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
+        def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::output
       end
     end
   end

data/sig/datadog/appsec/waf/errors.rbs

@@ -11,9 +11,9 @@ module Datadog
       end
 
       class LibDDWAFError < Error
-        attr_reader diagnostics: WAF::data
+        attr_reader diagnostics: WAF::output
 
-        def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
+        def initialize: (::String msg, ?diagnostics: WAF::output?) -> void
       end
     end
   end

data/sig/datadog/appsec/waf/handle_builder.rbs

@@ -10,7 +10,7 @@ module Datadog
 
         def build_handle: () -> Handle
 
-        def add_or_update_config: (data config, path: ::String) -> data
+        def add_or_update_config: (WAF::input config, path: ::String) -> WAF::output
 
         def remove_config_at_path: (::String path) -> bool
 

data/sig/datadog/appsec/waf/lib_ddwaf.rbs

@@ -58,6 +58,8 @@ module Datadog
         end
 
         class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          @truncated: bool
+
           def truncated?: () -> bool
 
           def mark_truncated!: () -> bool
@@ -139,11 +141,7 @@ module Datadog
         def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
         def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
 
-        class Result < ::FFI::Struct[::FFI::AbstractMemory, untyped]
-        end
-
-        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
-        def self.ddwaf_result_free: (Result) -> void
+        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Object, ::Integer) -> ::Symbol
 
         # logging
 

data/sig/datadog/appsec/waf/result.rbs

@@ -2,37 +2,54 @@ module Datadog
   module AppSec
     module WAF
       class Result
+        type list = ::Array[WAF::output]
+        type map = ::Hash[::String, WAF::output]
+
         @status: ::Symbol
 
-        @events: WAF::data
+        @events: list
 
-        @total_runtime: ::Float
+        @actions: map
 
-        @timeout: bool
+        @attributes: map
 
-        @actions: WAF::data
+        @duration: ::Integer
+
+        @timeout: bool
 
-        @derivatives: WAF::data
+        @keep: bool
 
         @input_truncated: bool
 
         attr_reader status: ::Symbol
 
-        attr_reader events: WAF::data
+        attr_reader events: list
 
-        attr_reader total_runtime: ::Float
+        attr_reader actions: map
 
-        attr_reader timeout: bool
+        attr_reader attributes: map
 
-        attr_reader actions: WAF::data
+        attr_reader duration: ::Integer
 
-        attr_reader derivatives: WAF::data
-
-        def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
+        def initialize: (
+          status: ::Symbol,
+          events: list,
+          actions: map,
+          attributes: map,
+          duration: ::Integer,
+          timeout: bool,
+          keep: bool
+        ) -> void
 
         def mark_input_truncated!: () -> bool
 
+        def timeout?: () -> bool
+
+        def keep?: () -> bool
+
         def input_truncated?: () -> bool
+
+        def to_h: () -> ::Hash[::Symbol, (::Symbol | WAF::output)]
       end
     end
   end

data/sig/datadog/appsec/waf.rbs

@@ -1,18 +1,21 @@
 module Datadog
   module AppSec
     module WAF
-      type data = String | Symbol | Integer | Float | TrueClass | FalseClass | Array[data] | Hash[(String | Symbol | nil), data] | nil
+      type input = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[input] | ::Hash[input, input]
+      type output = nil | bool | ::String | ::Integer | ::Float | ::Array[output] | ::Hash[::String, output]
       type known_addresses = ::Array[::String]
-      type diagnostics = ::Hash[::String, untyped]
-
-      def self.version: () -> ::String
 
       self.@logger: ::Logger
+
       self.@log_callback: LibDDWAF::ddwaf_log_cb
 
-      def self.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
-      def self.logger: () -> ::Logger
-      def self.logger=: (::Logger logger) -> void
+      def self?.version: () -> ::String
+
+      def self?.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+
+      def self?.logger: () -> ::Logger
+
+      def self?.logger=: (::Logger logger) -> void
     end
   end
 end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.24.1.2.1
+  version: 1.25.1.0.1
 platform: arm64-darwin
 authors:
 - Datadog, Inc.
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-15 00:00:00.000000000 Z
+date: 2025-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -60,7 +61,7 @@ files:
 - sig/datadog/appsec/waf/result.rbs
 - sig/datadog/appsec/waf/version.rbs
 - sig/libddwaf.rbs
-- vendor/libddwaf/libddwaf-1.24.1-darwin-arm64/lib/libddwaf.dylib
+- vendor/libddwaf/libddwaf-1.25.1-darwin-arm64/lib/libddwaf.dylib
 - vendor/rbs/gem/0/gem.rbs
 - vendor/rbs/jruby/0/jruby.rbs
 homepage: https://github.com/DataDog/libddwaf-rb
@@ -68,6 +69,7 @@ licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -82,7 +84,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.5.21
+signing_key:
 specification_version: 4
 summary: Datadog WAF
 test_files: []