libddwaf 1.24.1.2.1 → 1.25.1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '029b3d9c81bc6161f7080edb546d4de3820769540747788f766638dd28472776'
-  data.tar.gz: 336fa61a91724299d961cbb03f12347cf51c6cf4f72a05e72f9368e077045c60
+  metadata.gz: 01670d4445892bdf889e3a2e00bbaa9b59931ff385f3f503ec529f0fc83a6837
+  data.tar.gz: 020d15ce0f7452a568a6307183358cbb74de49fda3ebd2cd0da120340de686ad
 SHA512:
-  metadata.gz: a658fc7175a4e87599844a60712284743d4a765d700c3584f9a84acb15f2f230613085be8b7a563090fdffe150640cf5af18d547e08880d68b99bf93259f5e95
-  data.tar.gz: a7616a7818f46cdb402fe0e7b111b927e990e4f5e274a191877685070facf0df85ff91f292b7a88b75272905a7069f7b2e285c17099e8fac0911d3b192baf2c8
+  metadata.gz: 6a9f480d301dd36765d9865f491adc0d158d7486fc44b52c949a916b6096369dfdea69895d1ac23a64b85af4deea95a66325e2cc500eccfe9075ece3607aee13
+  data.tar.gz: 2166ec0d0898e7b543cc0c9759f1d1ec9f4368f9b34c4731c6ef8525c7382a58e59904b012b923dc5df5ee614c8eac8744d90b5479fdb7aadab25cb162fd61b4

data/CHANGELOG.md

@@ -1,5 +1,31 @@
 # Unreleased
 
+# 2025-09-24 v1.25.1.1.0
+
+## Changed
+
+- Change coersion of the values in WAF rules to use `libddwaf` primitives
+
+# 2025-09-18 v1.25.1.0.1
+
+## Fixed
+
+- Fix handling of unsuccessful `ddwaf_run` call and result conversion
+
+# 2025-09-16 v1.25.1.0.0
+
+## Added
+
+- Add `Result#keep?` method
+
+## Changed
+
+- Change `LibDDWAF::Object#input_truncated?` to `LibDDWAF::Object#truncated?` method
+- Change `LibDDWAF::Object#mark_as_input_truncated?` to `LibDDWAF::Object#mark_truncated?` method
+- Change `Result#timeout` to `Result#timeout?` method
+- Change `Result#derivatives` to `Result#attributes` method
+- Change `Result#total_runtime` to `Result#duration` method
+
 # 2025-09-15 v1.24.1.2.1
 
 ## Fixed

data/lib/datadog/appsec/waf/context.rb

@@ -6,7 +6,16 @@ module Datadog
       # Ruby representation of the ddwaf_context in libddwaf
       # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/BINDING_IMPL_NOTES.md?plain=1#L125-L158
       class Context
-        RESULT_CODE = {
+        EMPTY_RESULT = {
+          "events" => [],     #: WAF::events
+          "actions" => {},    #: WAF::actions
+          "attributes" => {}, #: WAF::attributes
+          "duration" => 0,
+          "timeout" => false,
+          "keep" => false
+        }.freeze
+        SUCCESS_RESULT_CODES = %i[ddwaf_ok ddwaf_match].freeze
+        RESULT_CODE_TO_STATUS = {
           ddwaf_ok: :ok,
           ddwaf_match: :match,
           ddwaf_err_internal: :err_internal,
@@ -69,18 +78,28 @@ module Datadog
             raise ConversionError, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
           end
 
-          result_obj = LibDDWAF::Result.new
+          result_obj = LibDDWAF::Object.new
           raise LibDDWAFError, "Could not create result object" if result_obj.null?
 
           code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
+          result = Converter.object_to_ruby(result_obj)
+
+          # NOTE: In case of the error, `libddwaf` will not "fill" the result
+          #       object, so it will be empty and the conversion of it will return
+          #       `nil`, but that is not a conversion issue.
+          if SUCCESS_RESULT_CODES.include?(code) && result.nil?
+            raise ConversionError, "Could not convert result into object: #{code}"
+          end
 
+          result ||= EMPTY_RESULT
           result = Result.new(
-            RESULT_CODE[code],
-            Converter.object_to_ruby(result_obj[:events]),
-            result_obj[:total_runtime],
-            result_obj[:timeout],
-            Converter.object_to_ruby(result_obj[:actions]),
-            Converter.object_to_ruby(result_obj[:derivatives])
+            status: RESULT_CODE_TO_STATUS[code],
+            events: result["events"],
+            actions: result["actions"],
+            attributes: result["attributes"],
+            duration: result["duration"],
+            timeout: result["timeout"],
+            keep: result["keep"]
           )
 
           if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
@@ -89,7 +108,7 @@ module Datadog
 
           result
         ensure
-          LibDDWAF.ddwaf_result_free(result_obj) if result_obj
+          LibDDWAF.ddwaf_object_free(result_obj) if result_obj
           LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
         end
 

data/lib/datadog/appsec/waf/converter.rb

@@ -164,19 +164,19 @@ module Datadog
           when :ddwaf_obj_float
             obj[:valueUnion][:f64]
           when :ddwaf_obj_array
-            (0...obj[:nbEntries]).each.with_object([]) do |i, a|
+            (0...obj[:nbEntries]).each.with_object([]) do |i, a| #$ ::Array[WAF::opaque]
               ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
               e = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
-              a << e # steep:ignore
+              a << e
             end
           when :ddwaf_obj_map
-            (0...obj[:nbEntries]).each.with_object({}) do |i, h|
+            (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::opaque]
               ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
               o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
               l = o[:parameterNameLength]
               k = o[:parameterName].read_bytes(l)
               v = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
-              h[k] = v # steep:ignore
+              h[k] = v
             end
           end
         end

data/lib/datadog/appsec/waf/handle_builder.rb

@@ -58,7 +58,7 @@ module Datadog
         def add_or_update_config(config, path:)
           ensure_pointer_presence!
 
-          config_obj = Converter.ruby_to_object(config)
+          config_obj = Converter.ruby_to_object(config, coerce: false)
           diagnostics_obj = LibDDWAF::Object.new
 
           LibDDWAF.ddwaf_builder_add_or_update_config(@builder_ptr, path, path.length, config_obj, diagnostics_obj)

data/lib/datadog/appsec/waf/lib_ddwaf.rb

@@ -253,21 +253,9 @@ module Datadog
         attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
 
-        # Ruby representation of ddwaf_result
-        # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
-        class Result < ::FFI::Struct
-          layout :timeout, :bool,
-            :events, Object,
-            :actions, Object,
-            :derivatives, Object,
-            :total_runtime, :uint64
-        end
-
-        typedef Result.by_ref, :ddwaf_result
         typedef :uint64, :timeout_us
 
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
-        attach_function :ddwaf_result_free, [:ddwaf_result], :void
+        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_object, :ddwaf_object, :timeout_us], :ddwaf_ret_code, blocking: true
 
         # logging
 

data/lib/datadog/appsec/waf/result.rb

@@ -4,17 +4,19 @@ module Datadog
   module AppSec
     module WAF
       # Ruby representation of the ddwaf_result of a libddwaf run.
-      # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L159-L173
+      # See https://github.com/DataDog/libddwaf/blob/8dbee187ff74a0aa25e1bcbdde51677f77930e1b/include/ddwaf.h#L277-L290
       class Result
-        attr_reader :status, :events, :total_runtime, :timeout, :actions, :derivatives
+        attr_reader :status, :events, :actions, :attributes, :duration
 
-        def initialize(status, events, total_runtime, timeout, actions, derivatives)
+        def initialize(status:, events:, actions:, attributes:, duration:, timeout:, keep:)
           @status = status
           @events = events
-          @total_runtime = total_runtime
-          @timeout = timeout
           @actions = actions
-          @derivatives = derivatives
+          @attributes = attributes
+          @duration = duration
+
+          @keep = !!keep
+          @timeout = !!timeout
           @input_truncated = false
         end
 
@@ -22,6 +24,14 @@ module Datadog
           @input_truncated = true
         end
 
+        def timeout?
+          @timeout
+        end
+
+        def keep?
+          @keep
+        end
+
         def input_truncated?
           @input_truncated
         end
@@ -30,10 +40,12 @@ module Datadog
           {
             status: @status,
             events: @events,
-            total_runtime: @total_runtime,
-            timeout: @timeout,
             actions: @actions,
-            derivatives: @derivatives
+            attributes: @attributes,
+            duration: @duration,
+            keep: @keep,
+            timeout: @timeout,
+            input_truncated: @input_truncated
           }
         end
       end

data/lib/datadog/appsec/waf/version.rb

@@ -2,10 +2,10 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = "1.24.1"
+        BASE_STRING = "1.25.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.2.1"
+        STRING = "#{BASE_STRING}.1.0"
         MINIMUM_RUBY_VERSION = "2.5"
       end
     end

data/sig/datadog/appsec/waf/context.rbs

@@ -6,13 +6,24 @@ module Datadog
 
         @retained: Array[untyped]
 
-        RESULT_CODE: ::Hash[::Symbol, ::Symbol]
+        EMPTY_RESULT: {
+          "events" => WAF::events,
+          "actions" => WAF::actions,
+          "attributes" => WAF::attributes,
+          "duration" => ::Integer,
+          "timeout" => bool,
+          "keep" => bool
+        }
+
+        SUCCESS_RESULT_CODES: ::Array[::Symbol]
+
+        RESULT_CODE_TO_STATUS: ::Hash[::Symbol, ::Symbol]
 
         def initialize: (::FFI::Pointer context_ptr) -> void
 
         def finalize!: () -> void
 
-        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
+        def run: (WAF::input persistent_data, WAF::input ephemeral_data, ?::Integer timeout) -> Result
 
         private
 

data/sig/datadog/appsec/waf/converter.rbs

@@ -2,9 +2,16 @@ module Datadog
   module AppSec
     module WAF
       module Converter
-        def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
+        def self?.ruby_to_object: (
+          top val,
+          ?max_container_size: ::Integer?,
+          ?max_container_depth: ::Integer?,
+          ?max_string_length: ::Integer?,
+          ?top_obj: LibDDWAF::Object?,
+          ?coerce: bool?
+        ) -> LibDDWAF::Object
 
-        def self.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
+        def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::opaque
       end
     end
   end

data/sig/datadog/appsec/waf/errors.rbs

@@ -11,9 +11,9 @@ module Datadog
       end
 
       class LibDDWAFError < Error
-        attr_reader diagnostics: WAF::data
+        attr_reader diagnostics: WAF::opaque
 
-        def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
+        def initialize: (::String msg, ?diagnostics: WAF::opaque?) -> void
       end
     end
   end

data/sig/datadog/appsec/waf/handle_builder.rbs

@@ -10,7 +10,7 @@ module Datadog
 
         def build_handle: () -> Handle
 
-        def add_or_update_config: (data config, path: ::String) -> data
+        def add_or_update_config: (WAF::input config, path: ::String) -> WAF::opaque
 
         def remove_config_at_path: (::String path) -> bool
 

data/sig/datadog/appsec/waf/lib_ddwaf.rbs

@@ -58,6 +58,8 @@ module Datadog
         end
 
         class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          @truncated: bool
+
           def truncated?: () -> bool
 
           def mark_truncated!: () -> bool
@@ -139,11 +141,7 @@ module Datadog
         def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
         def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
 
-        class Result < ::FFI::Struct[::FFI::AbstractMemory, untyped]
-        end
-
-        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
-        def self.ddwaf_result_free: (Result) -> void
+        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Object, ::Integer) -> ::Symbol
 
         # logging
 

data/sig/datadog/appsec/waf/result.rbs

@@ -4,35 +4,49 @@ module Datadog
       class Result
         @status: ::Symbol
 
-        @events: WAF::data
+        @events: WAF::events
 
-        @total_runtime: ::Float
+        @actions: WAF::actions
 
-        @timeout: bool
+        @attributes: WAF::attributes
+
+        @duration: ::Integer
 
-        @actions: WAF::data
+        @timeout: bool
 
-        @derivatives: WAF::data
+        @keep: bool
 
         @input_truncated: bool
 
         attr_reader status: ::Symbol
 
-        attr_reader events: WAF::data
-
-        attr_reader total_runtime: ::Float
+        attr_reader events: WAF::events
 
-        attr_reader timeout: bool
+        attr_reader actions: WAF::actions
 
-        attr_reader actions: WAF::data
+        attr_reader attributes: WAF::attributes
 
-        attr_reader derivatives: WAF::data
+        attr_reader duration: ::Integer
 
-        def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
+        def initialize: (
+          status: ::Symbol,
+          events: WAF::events,
+          actions: WAF::actions,
+          attributes: WAF::attributes,
+          duration: ::Integer,
+          timeout: bool,
+          keep: bool
+        ) -> void
 
         def mark_input_truncated!: () -> bool
 
+        def timeout?: () -> bool
+
+        def keep?: () -> bool
+
         def input_truncated?: () -> bool
+
+        def to_h: () -> ::Hash[::Symbol, (::Symbol | WAF::opaque)]
       end
     end
   end

data/sig/datadog/appsec/waf.rbs

@@ -1,18 +1,58 @@
 module Datadog
   module AppSec
     module WAF
-      type data = String | Symbol | Integer | Float | TrueClass | FalseClass | Array[data] | Hash[(String | Symbol | nil), data] | nil
+      type input = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[input] | ::Hash[input, input]
       type known_addresses = ::Array[::String]
-      type diagnostics = ::Hash[::String, untyped]
-
-      def self.version: () -> ::String
+      type result = {
+        "keep" => bool,
+        "events" => events,
+        "actions" => actions,
+        "attributes" => attributes,
+        "timeout" => bool,
+        # NOTE: Schema defines it as a `number`, but we alway get it as `Integer`
+        #       That will be fixed in the libddwaf specs
+        "duration" => ::Integer
+      }
+      type events = ::Array[event]
+      type event = {"rule" => rule, "rule_matches" => ::Array[rule_match]}
+      type rule = {
+        "id" => ::String,
+        "name" => ::String,
+        "tags" => {
+          "type" => ::String,
+          # optional key
+          "category" => ::String?
+        },
+        # optional key
+        "on_match" => ::Array[::String]?
+      }
+      type rule_match = {
+        "operator" => ::String,
+        "operator_value" => ::String,
+        "parameters" => ::Array[rule_match_parameter]
+      }
+      type rule_match_parameter = {
+        "address" => ::String,
+        "key_path" => ::Array[::String | ::Integer],
+        "value" => ::String,
+        "highlight" => ::Array[::String]
+      }
+      type actions = ::Hash[::String, action]
+      type action = ::Hash[::String, ::String]
+      type attributes = ::Hash[::String, opaque]
+      type opaque = nil | bool | ::String | ::Integer | ::Float | ::Array[opaque] | ::Hash[::String, opaque]
 
       self.@logger: ::Logger
+
       self.@log_callback: LibDDWAF::ddwaf_log_cb
 
-      def self.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
-      def self.logger: () -> ::Logger
-      def self.logger=: (::Logger logger) -> void
+      def self?.version: () -> ::String
+
+      def self?.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+
+      def self?.logger: () -> ::Logger
+
+      def self?.logger=: (::Logger logger) -> void
     end
   end
 end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.24.1.2.1
+  version: 1.25.1.1.0
 platform: ruby
 authors:
 - Datadog, Inc.
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-15 00:00:00.000000000 Z
+date: 2025-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -60,10 +61,10 @@ files:
 - sig/datadog/appsec/waf/result.rbs
 - sig/datadog/appsec/waf/version.rbs
 - sig/libddwaf.rbs
-- vendor/libddwaf/libddwaf-1.24.1-darwin-arm64/lib/libddwaf.dylib
-- vendor/libddwaf/libddwaf-1.24.1-darwin-x86_64/lib/libddwaf.dylib
-- vendor/libddwaf/libddwaf-1.24.1-linux-aarch64/lib/libddwaf.so
-- vendor/libddwaf/libddwaf-1.24.1-linux-x86_64/lib/libddwaf.so
+- vendor/libddwaf/libddwaf-1.25.1-darwin-arm64/lib/libddwaf.dylib
+- vendor/libddwaf/libddwaf-1.25.1-darwin-x86_64/lib/libddwaf.dylib
+- vendor/libddwaf/libddwaf-1.25.1-linux-aarch64/lib/libddwaf.so
+- vendor/libddwaf/libddwaf-1.25.1-linux-x86_64/lib/libddwaf.so
 - vendor/rbs/gem/0/gem.rbs
 - vendor/rbs/jruby/0/jruby.rbs
 homepage: https://github.com/DataDog/libddwaf-rb
@@ -71,6 +72,7 @@ licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -85,7 +87,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.5.21
+signing_key:
 specification_version: 4
 summary: Datadog WAF
 test_files: []