libddwaf 1.25.1.0.0-arm64-darwin → 1.25.1.1.0-arm64-darwin

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0140e8d3b2530a2aea78e8f345612e712e6313fa8ecd1c5c9236f441538bf5ab
4
- data.tar.gz: 496fce585a336d2925c7ef6bf191e41579663d5350005920754e3c24a8f27f7f
3
+ metadata.gz: c2f86f8104fb75e40fe1257dbc7bb880d3169b0657b974f543bffa34695187ba
4
+ data.tar.gz: 9c641a479725a12f8f45e7fb9e93640747eb2094a3d438c508157f2e9d811e6b
5
5
  SHA512:
6
- metadata.gz: 9e2fd9015d7b089678a63469d6d73cc5171e1421c2d137d77b644832e25cfcc82e3089b7ebce1fcd3ea756f0582fea372788292144f2d937ec1fcbacfa3ffd6c
7
- data.tar.gz: d6d6fe836c2044c44f3d00a785604fc1b5f8f647ea33fdc3b11bf7b9aa8ed80d9c3ca43aa7f5fdd75232918654b203964017d8b03324f6eacb2b92e6a198744c
6
+ metadata.gz: 55e303fc93d4834b7cf67ba6ee131b5044d6164eea418d28164517b41dd45454c7cf6f44b88c6845bdcbb7792fc804d77e1b6905b03d2d63a221b8043a4e4166
7
+ data.tar.gz: afab34467bb649dc1d190b3a43bd856e6647d26f38719eb63d630d44f7eb70a398ce573a6ae86d677418ecd97192052e67fb99ac99ad4935dd8aa73b001080d8
data/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # Unreleased
2
2
 
3
+ # 2025-09-24 v1.25.1.1.0
4
+
5
+ ## Changed
6
+
7
+ - Change coersion of the values in WAF rules to use `libddwaf` primitives
8
+
9
+ # 2025-09-18 v1.25.1.0.1
10
+
11
+ ## Fixed
12
+
13
+ - Fix handling of unsuccessful `ddwaf_run` call and result conversion
14
+
3
15
  # 2025-09-16 v1.25.1.0.0
4
16
 
5
17
  ## Added
@@ -6,7 +6,16 @@ module Datadog
6
6
  # Ruby representation of the ddwaf_context in libddwaf
7
7
  # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/BINDING_IMPL_NOTES.md?plain=1#L125-L158
8
8
  class Context
9
- RESULT_CODE = {
9
+ EMPTY_RESULT = {
10
+ "events" => [], #: WAF::events
11
+ "actions" => {}, #: WAF::actions
12
+ "attributes" => {}, #: WAF::attributes
13
+ "duration" => 0,
14
+ "timeout" => false,
15
+ "keep" => false
16
+ }.freeze
17
+ SUCCESS_RESULT_CODES = %i[ddwaf_ok ddwaf_match].freeze
18
+ RESULT_CODE_TO_STATUS = {
10
19
  ddwaf_ok: :ok,
11
20
  ddwaf_match: :match,
12
21
  ddwaf_err_internal: :err_internal,
@@ -73,20 +82,24 @@ module Datadog
73
82
  raise LibDDWAFError, "Could not create result object" if result_obj.null?
74
83
 
75
84
  code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
76
- result = Converter.object_to_ruby(result_obj) #: ::Hash[::String, WAF::data]
85
+ result = Converter.object_to_ruby(result_obj)
77
86
 
78
- if result.nil?
87
+ # NOTE: In case of the error, `libddwaf` will not "fill" the result
88
+ # object, so it will be empty and the conversion of it will return
89
+ # `nil`, but that is not a conversion issue.
90
+ if SUCCESS_RESULT_CODES.include?(code) && result.nil?
79
91
  raise ConversionError, "Could not convert result into object: #{code}"
80
92
  end
81
93
 
94
+ result ||= EMPTY_RESULT
82
95
  result = Result.new(
83
- status: RESULT_CODE[code],
96
+ status: RESULT_CODE_TO_STATUS[code],
84
97
  events: result["events"],
85
98
  actions: result["actions"],
86
99
  attributes: result["attributes"],
87
- duration: result["duration"], #: ::Integer
88
- timeout: result["timeout"], #: bool
89
- keep: result["keep"] #: bool
100
+ duration: result["duration"],
101
+ timeout: result["timeout"],
102
+ keep: result["keep"]
90
103
  )
91
104
 
92
105
  if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?
@@ -164,19 +164,19 @@ module Datadog
164
164
  when :ddwaf_obj_float
165
165
  obj[:valueUnion][:f64]
166
166
  when :ddwaf_obj_array
167
- (0...obj[:nbEntries]).each.with_object([]) do |i, a|
167
+ (0...obj[:nbEntries]).each.with_object([]) do |i, a| #$ ::Array[WAF::opaque]
168
168
  ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
169
169
  e = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
170
- a << e # steep:ignore
170
+ a << e
171
171
  end
172
172
  when :ddwaf_obj_map
173
- (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::data]
173
+ (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::opaque]
174
174
  ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
175
175
  o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
176
176
  l = o[:parameterNameLength]
177
177
  k = o[:parameterName].read_bytes(l)
178
178
  v = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
179
- h[k] = v # steep:ignore
179
+ h[k] = v
180
180
  end
181
181
  end
182
182
  end
@@ -58,7 +58,7 @@ module Datadog
58
58
  def add_or_update_config(config, path:)
59
59
  ensure_pointer_presence!
60
60
 
61
- config_obj = Converter.ruby_to_object(config)
61
+ config_obj = Converter.ruby_to_object(config, coerce: false)
62
62
  diagnostics_obj = LibDDWAF::Object.new
63
63
 
64
64
  LibDDWAF.ddwaf_builder_add_or_update_config(@builder_ptr, path, path.length, config_obj, diagnostics_obj)
@@ -14,8 +14,9 @@ module Datadog
14
14
  @actions = actions
15
15
  @attributes = attributes
16
16
  @duration = duration
17
- @timeout = timeout
18
- @keep = keep
17
+
18
+ @keep = !!keep
19
+ @timeout = !!timeout
19
20
  @input_truncated = false
20
21
  end
21
22
 
@@ -42,8 +43,8 @@ module Datadog
42
43
  actions: @actions,
43
44
  attributes: @attributes,
44
45
  duration: @duration,
45
- timeout: @timeout,
46
46
  keep: @keep,
47
+ timeout: @timeout,
47
48
  input_truncated: @input_truncated
48
49
  }
49
50
  end
@@ -5,7 +5,7 @@ module Datadog
5
5
  BASE_STRING = "1.25.1"
6
6
  # NOTE: Every change to the `BASE_STRING` should be accompanied
7
7
  # by a reset of the patch version in the `STRING` below.
8
- STRING = "#{BASE_STRING}.0.0"
8
+ STRING = "#{BASE_STRING}.1.0"
9
9
  MINIMUM_RUBY_VERSION = "2.5"
10
10
  end
11
11
  end
@@ -6,13 +6,24 @@ module Datadog
6
6
 
7
7
  @retained: Array[untyped]
8
8
 
9
- RESULT_CODE: ::Hash[::Symbol, ::Symbol]
9
+ EMPTY_RESULT: {
10
+ "events" => WAF::events,
11
+ "actions" => WAF::actions,
12
+ "attributes" => WAF::attributes,
13
+ "duration" => ::Integer,
14
+ "timeout" => bool,
15
+ "keep" => bool
16
+ }
17
+
18
+ SUCCESS_RESULT_CODES: ::Array[::Symbol]
19
+
20
+ RESULT_CODE_TO_STATUS: ::Hash[::Symbol, ::Symbol]
10
21
 
11
22
  def initialize: (::FFI::Pointer context_ptr) -> void
12
23
 
13
24
  def finalize!: () -> void
14
25
 
15
- def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
26
+ def run: (WAF::input persistent_data, WAF::input ephemeral_data, ?::Integer timeout) -> Result
16
27
 
17
28
  private
18
29
 
@@ -2,9 +2,16 @@ module Datadog
2
2
  module AppSec
3
3
  module WAF
4
4
  module Converter
5
- def self?.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
5
+ def self?.ruby_to_object: (
6
+ top val,
7
+ ?max_container_size: ::Integer?,
8
+ ?max_container_depth: ::Integer?,
9
+ ?max_string_length: ::Integer?,
10
+ ?top_obj: LibDDWAF::Object?,
11
+ ?coerce: bool?
12
+ ) -> LibDDWAF::Object
6
13
 
7
- def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
14
+ def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::opaque
8
15
  end
9
16
  end
10
17
  end
@@ -11,9 +11,9 @@ module Datadog
11
11
  end
12
12
 
13
13
  class LibDDWAFError < Error
14
- attr_reader diagnostics: WAF::data
14
+ attr_reader diagnostics: WAF::opaque
15
15
 
16
- def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
16
+ def initialize: (::String msg, ?diagnostics: WAF::opaque?) -> void
17
17
  end
18
18
  end
19
19
  end
@@ -10,7 +10,7 @@ module Datadog
10
10
 
11
11
  def build_handle: () -> Handle
12
12
 
13
- def add_or_update_config: (data config, path: ::String) -> data
13
+ def add_or_update_config: (WAF::input config, path: ::String) -> WAF::opaque
14
14
 
15
15
  def remove_config_at_path: (::String path) -> bool
16
16
 
@@ -58,6 +58,8 @@ module Datadog
58
58
  end
59
59
 
60
60
  class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
61
+ @truncated: bool
62
+
61
63
  def truncated?: () -> bool
62
64
 
63
65
  def mark_truncated!: () -> bool
@@ -4,11 +4,11 @@ module Datadog
4
4
  class Result
5
5
  @status: ::Symbol
6
6
 
7
- @events: WAF::data
7
+ @events: WAF::events
8
8
 
9
- @actions: WAF::data
9
+ @actions: WAF::actions
10
10
 
11
- @attributes: WAF::data
11
+ @attributes: WAF::attributes
12
12
 
13
13
  @duration: ::Integer
14
14
 
@@ -20,19 +20,19 @@ module Datadog
20
20
 
21
21
  attr_reader status: ::Symbol
22
22
 
23
- attr_reader events: WAF::data
23
+ attr_reader events: WAF::events
24
24
 
25
- attr_reader actions: WAF::data
25
+ attr_reader actions: WAF::actions
26
26
 
27
- attr_reader attributes: WAF::data
27
+ attr_reader attributes: WAF::attributes
28
28
 
29
29
  attr_reader duration: ::Integer
30
30
 
31
31
  def initialize: (
32
32
  status: ::Symbol,
33
- events: WAF::data,
34
- actions: WAF::data,
35
- attributes: WAF::data,
33
+ events: WAF::events,
34
+ actions: WAF::actions,
35
+ attributes: WAF::attributes,
36
36
  duration: ::Integer,
37
37
  timeout: bool,
38
38
  keep: bool
@@ -46,7 +46,7 @@ module Datadog
46
46
 
47
47
  def input_truncated?: () -> bool
48
48
 
49
- def to_h: () -> ::Hash[::Symbol, WAF::data]
49
+ def to_h: () -> ::Hash[::Symbol, (::Symbol | WAF::opaque)]
50
50
  end
51
51
  end
52
52
  end
@@ -1,17 +1,57 @@
1
1
  module Datadog
2
2
  module AppSec
3
3
  module WAF
4
- type data = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[data] | ::Hash[(::String | ::Symbol | nil), data]
4
+ type input = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[input] | ::Hash[input, input]
5
5
  type known_addresses = ::Array[::String]
6
- type diagnostics = ::Hash[::String, untyped]
7
-
8
- def self?.version: () -> ::String
6
+ type result = {
7
+ "keep" => bool,
8
+ "events" => events,
9
+ "actions" => actions,
10
+ "attributes" => attributes,
11
+ "timeout" => bool,
12
+ # NOTE: Schema defines it as a `number`, but we alway get it as `Integer`
13
+ # That will be fixed in the libddwaf specs
14
+ "duration" => ::Integer
15
+ }
16
+ type events = ::Array[event]
17
+ type event = {"rule" => rule, "rule_matches" => ::Array[rule_match]}
18
+ type rule = {
19
+ "id" => ::String,
20
+ "name" => ::String,
21
+ "tags" => {
22
+ "type" => ::String,
23
+ # optional key
24
+ "category" => ::String?
25
+ },
26
+ # optional key
27
+ "on_match" => ::Array[::String]?
28
+ }
29
+ type rule_match = {
30
+ "operator" => ::String,
31
+ "operator_value" => ::String,
32
+ "parameters" => ::Array[rule_match_parameter]
33
+ }
34
+ type rule_match_parameter = {
35
+ "address" => ::String,
36
+ "key_path" => ::Array[::String | ::Integer],
37
+ "value" => ::String,
38
+ "highlight" => ::Array[::String]
39
+ }
40
+ type actions = ::Hash[::String, action]
41
+ type action = ::Hash[::String, ::String]
42
+ type attributes = ::Hash[::String, opaque]
43
+ type opaque = nil | bool | ::String | ::Integer | ::Float | ::Array[opaque] | ::Hash[::String, opaque]
9
44
 
10
45
  self.@logger: ::Logger
46
+
11
47
  self.@log_callback: LibDDWAF::ddwaf_log_cb
12
48
 
49
+ def self?.version: () -> ::String
50
+
13
51
  def self?.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
52
+
14
53
  def self?.logger: () -> ::Logger
54
+
15
55
  def self?.logger=: (::Logger logger) -> void
16
56
  end
17
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libddwaf
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.25.1.0.0
4
+ version: 1.25.1.1.0
5
5
  platform: arm64-darwin
6
6
  authors:
7
7
  - Datadog, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-09-16 00:00:00.000000000 Z
11
+ date: 2025-09-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi