libddwaf 1.25.1.0.0-arm64-darwin → 1.25.1.1.0-arm64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0140e8d3b2530a2aea78e8f345612e712e6313fa8ecd1c5c9236f441538bf5ab
-  data.tar.gz: 496fce585a336d2925c7ef6bf191e41579663d5350005920754e3c24a8f27f7f
+  metadata.gz: c2f86f8104fb75e40fe1257dbc7bb880d3169b0657b974f543bffa34695187ba
+  data.tar.gz: 9c641a479725a12f8f45e7fb9e93640747eb2094a3d438c508157f2e9d811e6b
 SHA512:
-  metadata.gz: 9e2fd9015d7b089678a63469d6d73cc5171e1421c2d137d77b644832e25cfcc82e3089b7ebce1fcd3ea756f0582fea372788292144f2d937ec1fcbacfa3ffd6c
-  data.tar.gz: d6d6fe836c2044c44f3d00a785604fc1b5f8f647ea33fdc3b11bf7b9aa8ed80d9c3ca43aa7f5fdd75232918654b203964017d8b03324f6eacb2b92e6a198744c
+  metadata.gz: 55e303fc93d4834b7cf67ba6ee131b5044d6164eea418d28164517b41dd45454c7cf6f44b88c6845bdcbb7792fc804d77e1b6905b03d2d63a221b8043a4e4166
+  data.tar.gz: afab34467bb649dc1d190b3a43bd856e6647d26f38719eb63d630d44f7eb70a398ce573a6ae86d677418ecd97192052e67fb99ac99ad4935dd8aa73b001080d8

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Unreleased
 
+# 2025-09-24 v1.25.1.1.0
+
+## Changed
+
+- Change coersion of the values in WAF rules to use `libddwaf` primitives
+
+# 2025-09-18 v1.25.1.0.1
+
+## Fixed
+
+- Fix handling of unsuccessful `ddwaf_run` call and result conversion
+
 # 2025-09-16 v1.25.1.0.0
 
 ## Added

data/lib/datadog/appsec/waf/context.rb

@@ -6,7 +6,16 @@ module Datadog
       # Ruby representation of the ddwaf_context in libddwaf
       # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/BINDING_IMPL_NOTES.md?plain=1#L125-L158
       class Context
-        RESULT_CODE = {
+        EMPTY_RESULT = {
+          "events" => [],     #: WAF::events
+          "actions" => {},    #: WAF::actions
+          "attributes" => {}, #: WAF::attributes
+          "duration" => 0,
+          "timeout" => false,
+          "keep" => false
+        }.freeze
+        SUCCESS_RESULT_CODES = %i[ddwaf_ok ddwaf_match].freeze
+        RESULT_CODE_TO_STATUS = {
           ddwaf_ok: :ok,
           ddwaf_match: :match,
           ddwaf_err_internal: :err_internal,
@@ -73,20 +82,24 @@ module Datadog
           raise LibDDWAFError, "Could not create result object" if result_obj.null?
 
           code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
-          result = Converter.object_to_ruby(result_obj) #: ::Hash[::String, WAF::data]
+          result = Converter.object_to_ruby(result_obj)
 
-          if result.nil?
+          # NOTE: In case of the error, `libddwaf` will not "fill" the result
+          #       object, so it will be empty and the conversion of it will return
+          #       `nil`, but that is not a conversion issue.
+          if SUCCESS_RESULT_CODES.include?(code) && result.nil?
             raise ConversionError, "Could not convert result into object: #{code}"
           end
 
+          result ||= EMPTY_RESULT
           result = Result.new(
-            status: RESULT_CODE[code],
+            status: RESULT_CODE_TO_STATUS[code],
             events: result["events"],
             actions: result["actions"],
             attributes: result["attributes"],
-            duration: result["duration"], #: ::Integer
-            timeout: result["timeout"],   #: bool
-            keep: result["keep"]          #: bool
+            duration: result["duration"],
+            timeout: result["timeout"],
+            keep: result["keep"]
           )
 
           if persistent_data_obj.truncated? || ephemeral_data_obj.truncated?

data/lib/datadog/appsec/waf/converter.rb

@@ -164,19 +164,19 @@ module Datadog
           when :ddwaf_obj_float
             obj[:valueUnion][:f64]
           when :ddwaf_obj_array
-            (0...obj[:nbEntries]).each.with_object([]) do |i, a|
+            (0...obj[:nbEntries]).each.with_object([]) do |i, a| #$ ::Array[WAF::opaque]
               ptr = obj[:valueUnion][:array] + i * LibDDWAF::Object.size
               e = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
-              a << e # steep:ignore
+              a << e
             end
           when :ddwaf_obj_map
-            (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::data]
+            (0...obj[:nbEntries]).each.with_object({}) do |i, h| #$ ::Hash[::String, WAF::opaque]
               ptr = obj[:valueUnion][:array] + i * Datadog::AppSec::WAF::LibDDWAF::Object.size
               o = Datadog::AppSec::WAF::LibDDWAF::Object.new(ptr)
               l = o[:parameterNameLength]
               k = o[:parameterName].read_bytes(l)
               v = Converter.object_to_ruby(LibDDWAF::Object.new(ptr))
-              h[k] = v # steep:ignore
+              h[k] = v
             end
           end
         end

data/lib/datadog/appsec/waf/handle_builder.rb

@@ -58,7 +58,7 @@ module Datadog
         def add_or_update_config(config, path:)
           ensure_pointer_presence!
 
-          config_obj = Converter.ruby_to_object(config)
+          config_obj = Converter.ruby_to_object(config, coerce: false)
           diagnostics_obj = LibDDWAF::Object.new
 
           LibDDWAF.ddwaf_builder_add_or_update_config(@builder_ptr, path, path.length, config_obj, diagnostics_obj)

data/lib/datadog/appsec/waf/result.rb

@@ -14,8 +14,9 @@ module Datadog
           @actions = actions
           @attributes = attributes
           @duration = duration
-          @timeout = timeout
-          @keep = keep
+
+          @keep = !!keep
+          @timeout = !!timeout
           @input_truncated = false
         end
 
@@ -42,8 +43,8 @@ module Datadog
             actions: @actions,
             attributes: @attributes,
             duration: @duration,
-            timeout: @timeout,
             keep: @keep,
+            timeout: @timeout,
             input_truncated: @input_truncated
           }
         end

data/lib/datadog/appsec/waf/version.rb

@@ -5,7 +5,7 @@ module Datadog
         BASE_STRING = "1.25.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.0.0"
+        STRING = "#{BASE_STRING}.1.0"
         MINIMUM_RUBY_VERSION = "2.5"
       end
     end

data/sig/datadog/appsec/waf/context.rbs

@@ -6,13 +6,24 @@ module Datadog
 
         @retained: Array[untyped]
 
-        RESULT_CODE: ::Hash[::Symbol, ::Symbol]
+        EMPTY_RESULT: {
+          "events" => WAF::events,
+          "actions" => WAF::actions,
+          "attributes" => WAF::attributes,
+          "duration" => ::Integer,
+          "timeout" => bool,
+          "keep" => bool
+        }
+
+        SUCCESS_RESULT_CODES: ::Array[::Symbol]
+
+        RESULT_CODE_TO_STATUS: ::Hash[::Symbol, ::Symbol]
 
         def initialize: (::FFI::Pointer context_ptr) -> void
 
         def finalize!: () -> void
 
-        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
+        def run: (WAF::input persistent_data, WAF::input ephemeral_data, ?::Integer timeout) -> Result
 
         private
 

data/sig/datadog/appsec/waf/converter.rbs

@@ -2,9 +2,16 @@ module Datadog
   module AppSec
     module WAF
       module Converter
-        def self?.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?top_obj: LibDDWAF::Object?, ?coerce: bool?) -> LibDDWAF::Object
+        def self?.ruby_to_object: (
+          top val,
+          ?max_container_size: ::Integer?,
+          ?max_container_depth: ::Integer?,
+          ?max_string_length: ::Integer?,
+          ?top_obj: LibDDWAF::Object?,
+          ?coerce: bool?
+        ) -> LibDDWAF::Object
 
-        def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
+        def self?.object_to_ruby: (LibDDWAF::Object obj) -> WAF::opaque
       end
     end
   end

data/sig/datadog/appsec/waf/errors.rbs

@@ -11,9 +11,9 @@ module Datadog
       end
 
       class LibDDWAFError < Error
-        attr_reader diagnostics: WAF::data
+        attr_reader diagnostics: WAF::opaque
 
-        def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
+        def initialize: (::String msg, ?diagnostics: WAF::opaque?) -> void
       end
     end
   end

data/sig/datadog/appsec/waf/handle_builder.rbs

@@ -10,7 +10,7 @@ module Datadog
 
         def build_handle: () -> Handle
 
-        def add_or_update_config: (data config, path: ::String) -> data
+        def add_or_update_config: (WAF::input config, path: ::String) -> WAF::opaque
 
         def remove_config_at_path: (::String path) -> bool
 

data/sig/datadog/appsec/waf/lib_ddwaf.rbs

@@ -58,6 +58,8 @@ module Datadog
         end
 
         class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          @truncated: bool
+
           def truncated?: () -> bool
 
           def mark_truncated!: () -> bool

data/sig/datadog/appsec/waf/result.rbs

@@ -4,11 +4,11 @@ module Datadog
       class Result
         @status: ::Symbol
 
-        @events: WAF::data
+        @events: WAF::events
 
-        @actions: WAF::data
+        @actions: WAF::actions
 
-        @attributes: WAF::data
+        @attributes: WAF::attributes
 
         @duration: ::Integer
 
@@ -20,19 +20,19 @@ module Datadog
 
         attr_reader status: ::Symbol
 
-        attr_reader events: WAF::data
+        attr_reader events: WAF::events
 
-        attr_reader actions: WAF::data
+        attr_reader actions: WAF::actions
 
-        attr_reader attributes: WAF::data
+        attr_reader attributes: WAF::attributes
 
         attr_reader duration: ::Integer
 
         def initialize: (
           status: ::Symbol,
-          events: WAF::data,
-          actions: WAF::data,
-          attributes: WAF::data,
+          events: WAF::events,
+          actions: WAF::actions,
+          attributes: WAF::attributes,
           duration: ::Integer,
           timeout: bool,
           keep: bool
@@ -46,7 +46,7 @@ module Datadog
 
         def input_truncated?: () -> bool
 
-        def to_h: () -> ::Hash[::Symbol, WAF::data]
+        def to_h: () -> ::Hash[::Symbol, (::Symbol | WAF::opaque)]
       end
     end
   end

data/sig/datadog/appsec/waf.rbs

@@ -1,17 +1,57 @@
 module Datadog
   module AppSec
     module WAF
-      type data = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[data] | ::Hash[(::String | ::Symbol | nil), data]
+      type input = nil | bool | ::String | ::Symbol | ::Integer | ::Float | ::Array[input] | ::Hash[input, input]
       type known_addresses = ::Array[::String]
-      type diagnostics = ::Hash[::String, untyped]
-
-      def self?.version: () -> ::String
+      type result = {
+        "keep" => bool,
+        "events" => events,
+        "actions" => actions,
+        "attributes" => attributes,
+        "timeout" => bool,
+        # NOTE: Schema defines it as a `number`, but we alway get it as `Integer`
+        #       That will be fixed in the libddwaf specs
+        "duration" => ::Integer
+      }
+      type events = ::Array[event]
+      type event = {"rule" => rule, "rule_matches" => ::Array[rule_match]}
+      type rule = {
+        "id" => ::String,
+        "name" => ::String,
+        "tags" => {
+          "type" => ::String,
+          # optional key
+          "category" => ::String?
+        },
+        # optional key
+        "on_match" => ::Array[::String]?
+      }
+      type rule_match = {
+        "operator" => ::String,
+        "operator_value" => ::String,
+        "parameters" => ::Array[rule_match_parameter]
+      }
+      type rule_match_parameter = {
+        "address" => ::String,
+        "key_path" => ::Array[::String | ::Integer],
+        "value" => ::String,
+        "highlight" => ::Array[::String]
+      }
+      type actions = ::Hash[::String, action]
+      type action = ::Hash[::String, ::String]
+      type attributes = ::Hash[::String, opaque]
+      type opaque = nil | bool | ::String | ::Integer | ::Float | ::Array[opaque] | ::Hash[::String, opaque]
 
       self.@logger: ::Logger
+
       self.@log_callback: LibDDWAF::ddwaf_log_cb
 
+      def self?.version: () -> ::String
+
       def self?.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+
       def self?.logger: () -> ::Logger
+
       def self?.logger=: (::Logger logger) -> void
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.25.1.0.0
+  version: 1.25.1.1.0
 platform: arm64-darwin
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-16 00:00:00.000000000 Z
+date: 2025-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi