libddwaf 1.24.1.2.1-arm64-darwin → 1.25.1.0.1-arm64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/lib/datadog/appsec/waf/context.rb +28 -9
- data/lib/datadog/appsec/waf/converter.rb +4 -4
- data/lib/datadog/appsec/waf/lib_ddwaf.rb +1 -13
- data/lib/datadog/appsec/waf/result.rb +21 -9
- data/lib/datadog/appsec/waf/version.rb +2 -2
- data/sig/datadog/appsec/waf/context.rbs +14 -3
- data/sig/datadog/appsec/waf/converter.rbs +9 -2
- data/sig/datadog/appsec/waf/errors.rbs +2 -2
- data/sig/datadog/appsec/waf/handle_builder.rbs +1 -1
- data/sig/datadog/appsec/waf/lib_ddwaf.rbs +3 -5
- data/sig/datadog/appsec/waf/result.rbs +29 -12
- data/sig/datadog/appsec/waf.rbs +10 -7
- data/vendor/libddwaf/{libddwaf-1.24.1-darwin-arm64 → libddwaf-1.25.1-darwin-arm64}/lib/libddwaf.dylib +0 -0
- metadata +7 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 29da4a380625b6e851ffaf8497211f0fd69c01e02bd6238d14092ed294fc1ed5
|
4
|
+
data.tar.gz: b7d5945a29a8773c18534d598069232732c4dce7bee385a5c609c1f8d04c427a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 757a45d304154e1cb1ae907176d4d287b1a46e549b135e0a3f1005edc138b802d1f18976719c44b7c62927ae6d92269e5ae1878463472b9e2b08fa31820f1bd6
|
7
|
+
data.tar.gz: f88dde8ae0d58d1d7dd50f2c98c9c637ea3e3a25c80713323c52521f6c22f3f8479890cd71a9c8cad9afc5078d34ce420779282fbb930786acd1f7c9d9e6893f
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,25 @@
|
|
1
1
|
# Unreleased
|
2
2
|
|
3
|
+
# 2025-09-18 v1.25.1.0.1
|
4
|
+
|
5
|
+
## Fixed
|
6
|
+
|
7
|
+
- Fix handling of unsuccessful `ddwaf_run` call and result conversion
|
8
|
+
|
9
|
+
# 2025-09-16 v1.25.1.0.0
|
10
|
+
|
11
|
+
## Added
|
12
|
+
|
13
|
+
- Add `Result#keep?` method
|
14
|
+
|
15
|
+
## Changed
|
16
|
+
|
17
|
+
- Change `LibDDWAF::Object#input_truncated?` to `LibDDWAF::Object#truncated?` method
|
18
|
+
- Change `LibDDWAF::Object#mark_as_input_truncated?` to `LibDDWAF::Object#mark_truncated?` method
|
19
|
+
- Change `Result#timeout` to `Result#timeout?` method
|
20
|
+
- Change `Result#derivatives` to `Result#attributes` method
|
21
|
+
- Change `Result#total_runtime` to `Result#duration` method
|
22
|
+
|
3
23
|
# 2025-09-15 v1.24.1.2.1
|
4
24
|
|
5
25
|
## Fixed
|
@@ -6,7 +6,16 @@ module Datadog
|
|
6
6
|
# Ruby representation of the ddwaf_context in libddwaf
|
7
7
|
# See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/BINDING_IMPL_NOTES.md?plain=1#L125-L158
|
8
8
|
class Context
|
9
|
-
|
9
|
+
EMPTY_RESULT = {
|
10
|
+
"events" => [], #: ::Array[WAF::output]
|
11
|
+
"actions" => {}, #: ::Hash[::String, WAF::output]
|
12
|
+
"attributes" => {}, #: ::Hash[::String, WAF::output]
|
13
|
+
"duration" => 0,
|
14
|
+
"timeout" => false,
|
15
|
+
"keep" => false
|
16
|
+
}.freeze
|
17
|
+
SUCCESS_RESULT_CODES = %i[ddwaf_ok ddwaf_match].freeze
|
18
|
+
RESULT_CODE_TO_STATUS = {
|
10
19
|
ddwaf_ok: :ok,
|
11
20
|
ddwaf_match: :match,
|
12
21
|
ddwaf_err_internal: :err_internal,
|
@@ -69,18 +78,28 @@ module Datadog
|
|
69
78
|
raise ConversionError, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
|
70
79
|
end
|
71
80
|
|
72
|
-
result_obj = LibDDWAF::
|
81
|
+
result_obj = LibDDWAF::Object.new
|
73
82
|
raise LibDDWAFError, "Could not create result object" if result_obj.null?
|
74
83
|
|
75
84
|
code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
|
85
|
+
result = Converter.object_to_ruby(result_obj)
|
86
|
+
|
87
|
+
# NOTE: In case of the error, `libddwaf` will not "fill" the result
|
88
|
+
# object, so it will be empty and the conversion of it will return
|
89
|
+
# `nil`, but that is not a conversion issue.
|
90
|
+
if SUCCESS_RESULT_CODES.include?(code) && result.nil?
|
91
|
+
raise ConversionError, "Could not convert result into object: #{code}"
|
92
|
+
end
|
76
93
|
|
94
|
+
result ||= EMPTY_RESULT
|
77
95
|
result = Result.new(
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
96
|
+
status: RESULT_CODE_TO_STATUS[code],
|
97
|
+
events: result["events"],
|
98
|
+
actions: result["actions"],
|
99
|
+
attributes: result["attributes"],
|
100
|
+
duration: result["duration"],
|
101
|
+
timeout: result["timeout"],
|
102
|
+
keep: result["keep"]
|
84
103
|
)
|
85
104
|
|
86
105
|
if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
|
@@ -89,7 +108,7 @@ module Datadog
|
|
89
108
|
|
90
109
|
result
|
91
110
|
ensure
|
92
|
-
LibDDWAF.
|
111
|
+
LibDDWAF.ddwaf_object_free(result_obj) if result_obj
|
93
112
|
LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
|
94
113
|
end
|
95
114
|
|
@@ -164,19 +164,19 @@ module Datadog
|
|
164
164
|
when :ddwaf_obj_float
|
165
165
|
obj[:valueUnion][:f64]
|
166
166
|
when :ddwaf_obj_array
|
167
|
-
(0...obj[:nbEntries]).each.with_object([]) do |i, a|
|
167
|
+
(0...obj[:nbEntries]).each.with_object([]) do |i, a| #$ ::Array[WAF::output]
|
168
168
|
ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
|
169
169
|
e = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
|
170
|
-
a << e
|
170
|
+
a << e
|
171
171
|
end
|
172
172
|
when :ddwaf_obj_map
|
173
|
-
(0...obj[:nbEntries]).each.with_object({}) do |i, h|
|
173
|
+
(0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::output]
|
174
174
|
ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
|
175
175
|
o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
|
176
176
|
l = o[:parameterNameLength]
|
177
177
|
k = o[:parameterName].read_bytes(l)
|
178
178
|
v = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
|
179
|
-
h[k] = v
|
179
|
+
h[k] = v
|
180
180
|
end
|
181
181
|
end
|
182
182
|
end
|
@@ -253,21 +253,9 @@ module Datadog
|
|
253
253
|
attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
|
254
254
|
attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
|
255
255
|
|
256
|
-
# Ruby representation of ddwaf_result
|
257
|
-
# See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
|
258
|
-
class Result < ::FFI::Struct
|
259
|
-
layout :timeout, :bool,
|
260
|
-
:events, Object,
|
261
|
-
:actions, Object,
|
262
|
-
:derivatives, Object,
|
263
|
-
:total_runtime, :uint64
|
264
|
-
end
|
265
|
-
|
266
|
-
typedef Result.by_ref, :ddwaf_result
|
267
256
|
typedef :uint64, :timeout_us
|
268
257
|
|
269
|
-
attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :
|
270
|
-
attach_function :ddwaf_result_free, [:ddwaf_result], :void
|
258
|
+
attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_object, :timeout_us], :ddwaf_ret_code, blocking: true
|
271
259
|
|
272
260
|
# logging
|
273
261
|
|
@@ -4,17 +4,19 @@ module Datadog
|
|
4
4
|
module AppSec
|
5
5
|
module WAF
|
6
6
|
# Ruby representation of the ddwaf_result of a libddwaf run.
|
7
|
-
# See https://github.com/DataDog/libddwaf/blob/
|
7
|
+
# See https://github.com/DataDog/libddwaf/blob/8dbee187ff74a0aa25e1bcbdde51677f77930e1b/include/ddwaf.h#L277-L290
|
8
8
|
class Result
|
9
|
-
attr_reader :status, :events, :
|
9
|
+
attr_reader :status, :events, :actions, :attributes, :duration
|
10
10
|
|
11
|
-
def initialize(status
|
11
|
+
def initialize(status:, events:, actions:, attributes:, duration:, timeout:, keep:)
|
12
12
|
@status = status
|
13
13
|
@events = events
|
14
|
-
@total_runtime = total_runtime
|
15
|
-
@timeout = timeout
|
16
14
|
@actions = actions
|
17
|
-
@
|
15
|
+
@attributes = attributes
|
16
|
+
@duration = duration
|
17
|
+
|
18
|
+
@keep = !!keep
|
19
|
+
@timeout = !!timeout
|
18
20
|
@input_truncated = false
|
19
21
|
end
|
20
22
|
|
@@ -22,6 +24,14 @@ module Datadog
|
|
22
24
|
@input_truncated = true
|
23
25
|
end
|
24
26
|
|
27
|
+
def timeout?
|
28
|
+
@timeout
|
29
|
+
end
|
30
|
+
|
31
|
+
def keep?
|
32
|
+
@keep
|
33
|
+
end
|
34
|
+
|
25
35
|
def input_truncated?
|
26
36
|
@input_truncated
|
27
37
|
end
|
@@ -30,10 +40,12 @@ module Datadog
|
|
30
40
|
{
|
31
41
|
status: @status,
|
32
42
|
events: @events,
|
33
|
-
total_runtime: @total_runtime,
|
34
|
-
timeout: @timeout,
|
35
43
|
actions: @actions,
|
36
|
-
|
44
|
+
attributes: @attributes,
|
45
|
+
duration: @duration,
|
46
|
+
keep: @keep,
|
47
|
+
timeout: @timeout,
|
48
|
+
input_truncated: @input_truncated
|
37
49
|
}
|
38
50
|
end
|
39
51
|
end
|
@@ -2,10 +2,10 @@ module Datadog
|
|
2
2
|
module AppSec
|
3
3
|
module WAF
|
4
4
|
module VERSION
|
5
|
-
BASE_STRING = "1.
|
5
|
+
BASE_STRING = "1.25.1"
|
6
6
|
# NOTE: Every change to the `BASE_STRING` should be accompanied
|
7
7
|
# by a reset of the patch version in the `STRING` below.
|
8
|
-
STRING = "#{BASE_STRING}.
|
8
|
+
STRING = "#{BASE_STRING}.0.1"
|
9
9
|
MINIMUM_RUBY_VERSION = "2.5"
|
10
10
|
end
|
11
11
|
end
|
@@ -4,15 +4,26 @@ module Datadog
|
|
4
4
|
class Context
|
5
5
|
@context_ptr: ::FFI::Pointer
|
6
6
|
|
7
|
-
@retained: Array[
|
7
|
+
@retained: Array[top]
|
8
8
|
|
9
|
-
|
9
|
+
EMPTY_RESULT: {
|
10
|
+
"events" => ::Array[WAF::output],
|
11
|
+
"actions" => ::Hash[::String, WAF::output],
|
12
|
+
"attributes" => ::Hash[::String, WAF::output],
|
13
|
+
"duration" => ::Integer,
|
14
|
+
"timeout" => bool,
|
15
|
+
"keep" => bool
|
16
|
+
}
|
17
|
+
|
18
|
+
SUCCESS_RESULT_CODES: ::Array[::Symbol]
|
19
|
+
|
20
|
+
RESULT_CODE_TO_STATUS: ::Hash[::Symbol, ::Symbol]
|
10
21
|
|
11
22
|
def initialize: (::FFI::Pointer context_ptr) -> void
|
12
23
|
|
13
24
|
def finalize!: () -> void
|
14
25
|
|
15
|
-
def run: (WAF::
|
26
|
+
def run: (WAF::input persistent_data, WAF::input ephemeral_data, ?::Integer timeout) -> Result
|
16
27
|
|
17
28
|
private
|
18
29
|
|
@@ -2,9 +2,16 @@ module Datadog
|
|
2
2
|
module AppSec
|
3
3
|
module WAF
|
4
4
|
module Converter
|
5
|
-
def self
|
5
|
+
def self?.ruby_to_object: (
|
6
|
+
top val,
|
7
|
+
?max_container_size: ::Integer?,
|
8
|
+
?max_container_depth: ::Integer?,
|
9
|
+
?max_string_length: ::Integer?,
|
10
|
+
?top_obj: LibDDWAF::Object?,
|
11
|
+
?coerce: bool?
|
12
|
+
) -> LibDDWAF::Object
|
6
13
|
|
7
|
-
def self
|
14
|
+
def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::output
|
8
15
|
end
|
9
16
|
end
|
10
17
|
end
|
@@ -11,9 +11,9 @@ module Datadog
|
|
11
11
|
end
|
12
12
|
|
13
13
|
class LibDDWAFError < Error
|
14
|
-
attr_reader diagnostics: WAF::
|
14
|
+
attr_reader diagnostics: WAF::output
|
15
15
|
|
16
|
-
def initialize: (::String msg, ?diagnostics: WAF::
|
16
|
+
def initialize: (::String msg, ?diagnostics: WAF::output?) -> void
|
17
17
|
end
|
18
18
|
end
|
19
19
|
end
|
@@ -10,7 +10,7 @@ module Datadog
|
|
10
10
|
|
11
11
|
def build_handle: () -> Handle
|
12
12
|
|
13
|
-
def add_or_update_config: (
|
13
|
+
def add_or_update_config: (WAF::input config, path: ::String) -> WAF::output
|
14
14
|
|
15
15
|
def remove_config_at_path: (::String path) -> bool
|
16
16
|
|
@@ -58,6 +58,8 @@ module Datadog
|
|
58
58
|
end
|
59
59
|
|
60
60
|
class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
|
61
|
+
@truncated: bool
|
62
|
+
|
61
63
|
def truncated?: () -> bool
|
62
64
|
|
63
65
|
def mark_truncated!: () -> bool
|
@@ -139,11 +141,7 @@ module Datadog
|
|
139
141
|
def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
|
140
142
|
def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
|
141
143
|
|
142
|
-
|
143
|
-
end
|
144
|
-
|
145
|
-
def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
|
146
|
-
def self.ddwaf_result_free: (Result) -> void
|
144
|
+
def self.ddwaf_run: (::FFI::Pointer, Object, Object, Object, ::Integer) -> ::Symbol
|
147
145
|
|
148
146
|
# logging
|
149
147
|
|
@@ -2,37 +2,54 @@ module Datadog
|
|
2
2
|
module AppSec
|
3
3
|
module WAF
|
4
4
|
class Result
|
5
|
+
type list = ::Array[WAF::output]
|
6
|
+
type map = ::Hash[::String, WAF::output]
|
7
|
+
|
5
8
|
@status: ::Symbol
|
6
9
|
|
7
|
-
@events:
|
10
|
+
@events: list
|
8
11
|
|
9
|
-
@
|
12
|
+
@actions: map
|
10
13
|
|
11
|
-
@
|
14
|
+
@attributes: map
|
12
15
|
|
13
|
-
@
|
16
|
+
@duration: ::Integer
|
17
|
+
|
18
|
+
@timeout: bool
|
14
19
|
|
15
|
-
@
|
20
|
+
@keep: bool
|
16
21
|
|
17
22
|
@input_truncated: bool
|
18
23
|
|
19
24
|
attr_reader status: ::Symbol
|
20
25
|
|
21
|
-
attr_reader events:
|
26
|
+
attr_reader events: list
|
22
27
|
|
23
|
-
attr_reader
|
28
|
+
attr_reader actions: map
|
24
29
|
|
25
|
-
attr_reader
|
30
|
+
attr_reader attributes: map
|
26
31
|
|
27
|
-
attr_reader
|
32
|
+
attr_reader duration: ::Integer
|
28
33
|
|
29
|
-
|
30
|
-
|
31
|
-
|
34
|
+
def initialize: (
|
35
|
+
status: ::Symbol,
|
36
|
+
events: list,
|
37
|
+
actions: map,
|
38
|
+
attributes: map,
|
39
|
+
duration: ::Integer,
|
40
|
+
timeout: bool,
|
41
|
+
keep: bool
|
42
|
+
) -> void
|
32
43
|
|
33
44
|
def mark_input_truncated!: () -> bool
|
34
45
|
|
46
|
+
def timeout?: () -> bool
|
47
|
+
|
48
|
+
def keep?: () -> bool
|
49
|
+
|
35
50
|
def input_truncated?: () -> bool
|
51
|
+
|
52
|
+
def to_h: () -> ::Hash[::Symbol, (::Symbol | WAF::output)]
|
36
53
|
end
|
37
54
|
end
|
38
55
|
end
|
data/sig/datadog/appsec/waf.rbs
CHANGED
@@ -1,18 +1,21 @@
|
|
1
1
|
module Datadog
|
2
2
|
module AppSec
|
3
3
|
module WAF
|
4
|
-
type
|
4
|
+
type input = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[input] | ::Hash[input, input]
|
5
|
+
type output = nil | bool | ::String | ::Integer | ::Float | ::Array[output] | ::Hash[::String, output]
|
5
6
|
type known_addresses = ::Array[::String]
|
6
|
-
type diagnostics = ::Hash[::String, untyped]
|
7
|
-
|
8
|
-
def self.version: () -> ::String
|
9
7
|
|
10
8
|
self.@logger: ::Logger
|
9
|
+
|
11
10
|
self.@log_callback: LibDDWAF::ddwaf_log_cb
|
12
11
|
|
13
|
-
def self
|
14
|
-
|
15
|
-
def self
|
12
|
+
def self?.version: () -> ::String
|
13
|
+
|
14
|
+
def self?.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
|
15
|
+
|
16
|
+
def self?.logger: () -> ::Logger
|
17
|
+
|
18
|
+
def self?.logger=: (::Logger logger) -> void
|
16
19
|
end
|
17
20
|
end
|
18
21
|
end
|
Binary file
|
metadata
CHANGED
@@ -1,13 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libddwaf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.25.1.0.1
|
5
5
|
platform: arm64-darwin
|
6
6
|
authors:
|
7
7
|
- Datadog, Inc.
|
8
|
+
autorequire:
|
8
9
|
bindir: bin
|
9
10
|
cert_chain: []
|
10
|
-
date: 2025-09-
|
11
|
+
date: 2025-09-18 00:00:00.000000000 Z
|
11
12
|
dependencies:
|
12
13
|
- !ruby/object:Gem::Dependency
|
13
14
|
name: ffi
|
@@ -60,7 +61,7 @@ files:
|
|
60
61
|
- sig/datadog/appsec/waf/result.rbs
|
61
62
|
- sig/datadog/appsec/waf/version.rbs
|
62
63
|
- sig/libddwaf.rbs
|
63
|
-
- vendor/libddwaf/libddwaf-1.
|
64
|
+
- vendor/libddwaf/libddwaf-1.25.1-darwin-arm64/lib/libddwaf.dylib
|
64
65
|
- vendor/rbs/gem/0/gem.rbs
|
65
66
|
- vendor/rbs/jruby/0/jruby.rbs
|
66
67
|
homepage: https://github.com/DataDog/libddwaf-rb
|
@@ -68,6 +69,7 @@ licenses:
|
|
68
69
|
- BSD-3-Clause
|
69
70
|
metadata:
|
70
71
|
allowed_push_host: https://rubygems.org
|
72
|
+
post_install_message:
|
71
73
|
rdoc_options: []
|
72
74
|
require_paths:
|
73
75
|
- lib
|
@@ -82,7 +84,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
82
84
|
- !ruby/object:Gem::Version
|
83
85
|
version: 2.0.0
|
84
86
|
requirements: []
|
85
|
-
rubygems_version: 3.
|
87
|
+
rubygems_version: 3.5.21
|
88
|
+
signing_key:
|
86
89
|
specification_version: 4
|
87
90
|
summary: Datadog WAF
|
88
91
|
test_files: []
|