libddwaf 1.3.0.1.0-x86_64-linux → 1.5.1.0.0-x86_64-linux

data/lib/datadog/appsec/waf.rb

@@ -32,12 +32,22 @@ module Datadog
           Gem::Platform.local.os
         end
 
+        def self.local_version
+          return nil unless local_os == 'linux'
+
+          # Old rubygems don't handle non-gnu linux correctly
+          return $1 if RUBY_PLATFORM =~ /linux-(.+)$/
+
+          'gnu'
+        end
+
         def self.local_cpu
           if RUBY_ENGINE == 'jruby'
             os_arch = java.lang.System.get_property('os.arch')
 
             cpu = case os_arch
                   when 'amd64' then 'x86_64'
+                  when 'aarch64' then 'aarch64'
                   else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
                   end
 
@@ -47,27 +57,50 @@ module Datadog
           Gem::Platform.local.cpu
         end
 
+        def self.source_dir
+          __dir__ || raise('__dir__ is nil: eval?')
+        end
+
+        def self.vendor_dir
+          File.join(source_dir, '../../../vendor')
+        end
+
+        def self.libddwaf_vendor_dir
+          File.join(vendor_dir, 'libddwaf')
+        end
+
+        def self.shared_lib_triplet(version: local_version)
+          version ? "#{local_os}-#{version}-#{local_cpu}" : "#{local_os}-#{local_cpu}"
+        end
+
+        def self.libddwaf_dir
+          default = File.join(libddwaf_vendor_dir,
+                              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
+          candidates = [
+            default
+          ]
+
+          if local_os == 'linux'
+            candidates << File.join(libddwaf_vendor_dir,
+                                    "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
+          end
+
+          candidates.find { |d| Dir.exist?(d) } || default
+        end
+
         def self.shared_lib_extname
           Gem::Platform.local.os == 'darwin' ? '.dylib' : '.so'
         end
 
         def self.shared_lib_path
-          File.join(__dir__, "../../../vendor/libddwaf/libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}/lib/libddwaf#{shared_lib_extname}")
+          File.join(libddwaf_dir, 'lib', "libddwaf#{shared_lib_extname}")
         end
 
         ffi_lib [shared_lib_path]
 
         # version
 
-        class Version < ::FFI::Struct
-          layout :major, :uint16,
-                 :minor, :uint16,
-                 :patch, :uint16
-        end
-
-        typedef Version.by_ref, :ddwaf_version
-
-        attach_function :ddwaf_get_version, [:ddwaf_version], :void
+        attach_function :ddwaf_get_version, [], :string
 
         # ddwaf::object data structure
 
@@ -76,7 +109,9 @@ module Datadog
                               :ddwaf_obj_unsigned, 1 << 1,
                               :ddwaf_obj_string,   1 << 2,
                               :ddwaf_obj_array,    1 << 3,
-                              :ddwaf_obj_map,      1 << 4
+                              :ddwaf_obj_map,      1 << 4,
+                              :ddwaf_obj_bool,     1 << 5
+        typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
 
         typedef :pointer, :charptr
         typedef :pointer, :charptrptr
@@ -103,7 +138,8 @@ module Datadog
           layout :stringValue, :charptr,
                  :uintValue,   :uint64,
                  :intValue,    :int64,
-                 :array,       :pointer
+                 :array,       :pointer,
+                 :boolean,     :bool
         end
 
         class Object < ::FFI::Struct
@@ -111,7 +147,7 @@ module Datadog
                  :parameterNameLength, :uint64,
                  :valueUnion,          ObjectValueUnion,
                  :nbEntries,           :uint64,
-                 :type,                DDWAF_OBJ_TYPE
+                 :type,                :ddwaf_obj_type
         end
 
         typedef Object.by_ref, :ddwaf_object
@@ -126,6 +162,7 @@ module Datadog
         attach_function :ddwaf_object_signed, [:ddwaf_object, :int64], :ddwaf_object
         attach_function :ddwaf_object_unsigned_force, [:ddwaf_object, :uint64], :ddwaf_object
         attach_function :ddwaf_object_signed_force, [:ddwaf_object, :int64], :ddwaf_object
+        attach_function :ddwaf_object_bool, [:ddwaf_object, :bool], :ddwaf_object
 
         attach_function :ddwaf_object_array, [:ddwaf_object], :ddwaf_object
         attach_function :ddwaf_object_array_add, [:ddwaf_object, :ddwaf_object], :bool
@@ -156,6 +193,8 @@ module Datadog
         typedef :pointer, :ddwaf_handle
         typedef Object.by_ref, :ddwaf_rule
 
+        callback :ddwaf_object_free_fn, [:ddwaf_object], :void
+
         class Config < ::FFI::Struct
           class Limits < ::FFI::Struct
             layout :max_container_size,  :uint32,
@@ -169,7 +208,8 @@ module Datadog
           end
 
           layout :limits,     Limits,
-                 :obfuscator, Obfuscator
+                 :obfuscator, Obfuscator,
+                 :free_fn,    :pointer #:ddwaf_object_free_fn
         end
 
         typedef Config.by_ref, :ddwaf_config
@@ -190,33 +230,43 @@ module Datadog
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
 
         attach_function :ddwaf_required_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
+        attach_function :ddwaf_required_rule_data_ids, [:ddwaf_handle, UInt32Ptr], :charptrptr
+
+        # updating
+
+        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
+                              :ddwaf_err_invalid_object,   -2,
+                              :ddwaf_err_invalid_argument, -1,
+                              :ddwaf_ok,                    0,
+                              :ddwaf_match,                 1
+        typedef DDWAF_RET_CODE, :ddwaf_ret_code
+
+        attach_function :ddwaf_update_rule_data, [:ddwaf_handle, :ddwaf_object], :ddwaf_ret_code
+        attach_function :ddwaf_toggle_rules, [:ddwaf_handle, :ddwaf_object], :ddwaf_ret_code
 
         # running
 
         typedef :pointer, :ddwaf_context
 
-        callback :ddwaf_object_free_fn, [:ddwaf_object], :void
-
-        attach_function :ddwaf_context_init, [:ddwaf_handle, :ddwaf_object_free_fn], :ddwaf_context
+        attach_function :ddwaf_context_init, [:ddwaf_handle], :ddwaf_context
         attach_function :ddwaf_context_destroy, [:ddwaf_context], :void
 
-        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
-                              :ddwaf_err_invalid_object,   -2,
-                              :ddwaf_err_invalid_argument, -1,
-                              :ddwaf_good,                  0,
-                              :ddwaf_monitor,               1,
-                              :ddwaf_block,                 2
+        class ResultActions < ::FFI::Struct
+          layout :array, :charptrptr,
+                 :size,  :uint32
+        end
 
         class Result < ::FFI::Struct
           layout :timeout,          :bool,
                  :data,             :string,
+                 :actions,          ResultActions,
                  :total_runtime,    :uint64
         end
 
         typedef Result.by_ref, :ddwaf_result
         typedef :uint64, :timeout_us
 
-        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], DDWAF_RET_CODE, blocking: true
+        attach_function :ddwaf_run, [:ddwaf_context, :ddwaf_object, :ddwaf_result, :timeout_us], :ddwaf_ret_code, blocking: true
         attach_function :ddwaf_result_free, [:ddwaf_result], :void
 
         # logging
@@ -227,20 +277,28 @@ module Datadog
                                :ddwaf_log_warn,
                                :ddwaf_log_error,
                                :ddwaf_log_off
+        typedef DDWAF_LOG_LEVEL, :ddwaf_log_level
+
+        callback :ddwaf_log_cb, [:ddwaf_log_level, :string, :string, :uint, :charptr, :uint64], :void
 
-        callback :ddwaf_log_cb, [DDWAF_LOG_LEVEL, :string, :string, :uint, :charptr, :uint64], :void
+        attach_function :ddwaf_set_log_cb, [:ddwaf_log_cb, :ddwaf_log_level], :bool
 
-        attach_function :ddwaf_set_log_cb, [:ddwaf_log_cb, DDWAF_LOG_LEVEL], :bool
+        DEFAULT_MAX_CONTAINER_SIZE  = 0
+        DEFAULT_MAX_CONTAINER_DEPTH = 0
+        DEFAULT_MAX_STRING_LENGTH   = 0
+
+        DDWAF_MAX_CONTAINER_SIZE  = 256
+        DDWAF_MAX_CONTAINER_DEPTH = 20
+        DDWAF_MAX_STRING_LENGTH   = 4096
+
+        DDWAF_RUN_TIMEOUT = 5000
       end
 
       def self.version
-        version = LibDDWAF::Version.new
-        LibDDWAF.ddwaf_get_version(version.pointer)
-
-        [version[:major], version[:minor], version[:patch]]
+        LibDDWAF.ddwaf_get_version
       end
 
-      def self.ruby_to_object(val)
+      def self.ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
         case val
         when Array
           obj = LibDDWAF::Object.new
@@ -249,12 +307,20 @@ module Datadog
             fail LibDDWAF::Error, "Could not convert into object: #{val}"
           end
 
-          val.each do |e|
-            res = LibDDWAF.ddwaf_object_array_add(obj, ruby_to_object(e))
-            unless res
-              fail LibDDWAF::Error, "Could not add to map object: #{k.inspect} => #{v.inspect}"
+          max_index = max_container_size - 1 if max_container_size
+          val.each.with_index do |e, i|
+            member = ruby_to_object(e,
+                                    max_container_size: max_container_size,
+                                    max_container_depth: (max_container_depth - 1 if max_container_depth),
+                                    max_string_length: max_string_length,
+                                    coerce: coerce)
+            e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
+            unless e_res
+              fail LibDDWAF::Error, "Could not add to array object: #{e.inspect}"
             end
-          end
+
+            break val if max_index && i >= max_index
+          end unless max_container_depth == 0
 
           obj
         when Hash
@@ -264,35 +330,56 @@ module Datadog
             fail LibDDWAF::Error, "Could not convert into object: #{val}"
           end
 
-          val.each do |k, v|
-            res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.size, ruby_to_object(v))
-            unless res
+          max_index = max_container_size - 1 if max_container_size
+          val.each.with_index do |e, i|
+            k, v = e[0], e[1] # for Steep, which doesn't handle |(k, v), i|
+
+            k = k.to_s[0, max_string_length] if max_string_length
+            member = ruby_to_object(v,
+                                    max_container_size: max_container_size,
+                                    max_container_depth: (max_container_depth - 1 if max_container_depth),
+                                    max_string_length: max_string_length,
+                                    coerce: coerce)
+            kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.bytesize, member)
+            unless kv_res
               fail LibDDWAF::Error, "Could not add to map object: #{k.inspect} => #{v.inspect}"
             end
-          end
+
+            break val if max_index && i >= max_index
+          end unless max_container_depth == 0
 
           obj
         when String
           obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_stringl(obj, val, val.size)
+          val = val.to_s[0, max_string_length] if max_string_length
+          str = val.to_s
+          res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
           if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
 
           obj
         when Symbol
           obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_stringl(obj, val.to_s, val.size)
+          val = val.to_s[0, max_string_length] if max_string_length
+          str = val.to_s
+          res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
           if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
 
           obj
         when Integer
           obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
+          res = if coerce
+                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
+                elsif val < 0
+                  LibDDWAF.ddwaf_object_signed_force(obj, val)
+                else
+                  LibDDWAF.ddwaf_object_unsigned_force(obj, val)
+                end
           if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
 
           obj
@@ -300,15 +387,19 @@ module Datadog
           obj = LibDDWAF::Object.new
           res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
           if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
 
           obj
         when TrueClass, FalseClass
           obj = LibDDWAF::Object.new
-          res = LibDDWAF.ddwaf_object_string(obj, val.to_s)
+          res = if coerce
+                  LibDDWAF.ddwaf_object_string(obj, val.to_s)
+                else
+                  LibDDWAF.ddwaf_object_bool(obj, val)
+                end
           if res.null?
-            fail LibDDWAF::Error, "Could not convert into object: #{val}"
+            fail LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
           end
 
           obj
@@ -321,6 +412,8 @@ module Datadog
         case obj[:type]
         when :ddwaf_obj_invalid
           nil
+        when :ddwaf_obj_bool
+          obj[:valueUnion][:boolean]
         when :ddwaf_obj_string
           obj[:valueUnion][:stringValue].read_bytes(obj[:nbEntries])
         when :ddwaf_obj_signed
@@ -345,21 +438,47 @@ module Datadog
         end
       end
 
+      def self.log_callback(level, func, file, line, message, len)
+        return if logger.nil?
+
+        logger.debug do
+          {
+            level: level,
+            func: func,
+            file: file,
+            line: line,
+            message: message.read_bytes(len)
+          }.inspect
+        end
+      end
+
+      def self.logger
+        @logger
+      end
+
       def self.logger=(logger)
-        @log_cb = proc do |level, func, file, line, message, len|
-          logger.debug { { level: level, func: func, file: file, line: line, message: message.read_bytes(len) }.inspect }
+        unless @log_callback
+          log_callback = method(:log_callback)
+          Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(log_callback, :ddwaf_log_trace)
+
+          # retain logging proc if set properly
+          @log_callback = log_callback
         end
 
-        Datadog::AppSec::WAF::LibDDWAF.ddwaf_set_log_cb(@log_cb, :ddwaf_log_trace)
+        @logger = logger
       end
 
+      RESULT_CODE = {
+        ddwaf_err_internal:         :err_internal,
+        ddwaf_err_invalid_object:   :err_invalid_object,
+        ddwaf_err_invalid_argument: :err_invalid_argument,
+        ddwaf_ok:                   :ok,
+        ddwaf_match:                :match,
+      }
+
       class Handle
         attr_reader :handle_obj
 
-        DEFAULT_MAX_CONTAINER_SIZE  = 0
-        DEFAULT_MAX_CONTAINER_DEPTH = 0
-        DEFAULT_MAX_STRING_LENGTH   = 0
-
         attr_reader :ruleset_info
 
         def initialize(rule, limits: {}, obfuscator: {})
@@ -372,12 +491,14 @@ module Datadog
           if config_obj.null?
             fail LibDDWAF::Error, 'Could not create config struct'
           end
+          retain(config_obj)
 
-          config_obj[:limits][:max_container_size]  = limits[:max_container_size]  || DEFAULT_MAX_CONTAINER_SIZE
-          config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || DEFAULT_MAX_CONTAINER_DEPTH
-          config_obj[:limits][:max_string_length]   = limits[:max_string_length]   || DEFAULT_MAX_STRING_LENGTH
+          config_obj[:limits][:max_container_size]  = limits[:max_container_size]  || LibDDWAF::DEFAULT_MAX_CONTAINER_SIZE
+          config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || LibDDWAF::DEFAULT_MAX_CONTAINER_DEPTH
+          config_obj[:limits][:max_string_length]   = limits[:max_string_length]   || LibDDWAF::DEFAULT_MAX_STRING_LENGTH
           config_obj[:obfuscator][:key_regex]       = FFI::MemoryPointer.from_string(obfuscator[:key_regex])   if obfuscator[:key_regex]
           config_obj[:obfuscator][:value_regex]     = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
+          config_obj[:free_fn] = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
 
           ruleset_info = LibDDWAF::RuleSetInfo.new
 
@@ -394,19 +515,21 @@ module Datadog
             fail LibDDWAF::Error.new('Could not create handle', ruleset_info: @ruleset_info)
           end
 
-          ObjectSpace.define_finalizer(self, Handle.finalizer(handle_obj))
+          validate!
         ensure
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_ruleset_info_free(ruleset_info) if ruleset_info
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
         end
 
-        def self.finalizer(handle_obj)
-          proc do |object_id|
-            Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
-          end
+        def finalize
+          invalidate!
+
+          Datadog::AppSec::WAF::LibDDWAF.ddwaf_destroy(handle_obj)
         end
 
         def required_addresses
+          valid!
+
           count = Datadog::AppSec::WAF::LibDDWAF::UInt32Ptr.new
           list = Datadog::AppSec::WAF::LibDDWAF.ddwaf_required_addresses(handle_obj, count)
 
@@ -414,48 +537,102 @@ module Datadog
 
           list.get_array_of_string(0, count[:value])
         end
+
+        def update_rule_data(data)
+          res = Datadog::AppSec::WAF::LibDDWAF.ddwaf_update_rule_data(@handle_obj, Datadog::AppSec::WAF.ruby_to_object(data, coerce: false))
+
+          RESULT_CODE[res]
+        end
+
+        def toggle_rules(map)
+          res = Datadog::AppSec::WAF::LibDDWAF.ddwaf_toggle_rules(@handle_obj, Datadog::AppSec::WAF.ruby_to_object(map, coerce: false))
+
+          RESULT_CODE[res]
+        end
+
+        private
+
+        def validate!
+          @valid = true
+        end
+
+        def invalidate!
+          @valid = false
+        end
+
+        def valid?
+          @valid
+        end
+
+        def valid!
+          return if valid?
+
+          fail LibDDWAF::Error, "Attempt to use an invalid instance: #{inspect}"
+        end
+
+        def retained
+          @retained ||= []
+        end
+
+        def retain(object)
+          retained << object
+        end
+
+        def release(object)
+          retained.delete(object)
+        end
       end
 
-      Result = Struct.new(:action, :data, :total_runtime, :timeout)
+      class Result
+        attr_reader :status, :data, :total_runtime, :timeout, :actions
+
+        def initialize(status, data, total_runtime, timeout, actions)
+          @status = status
+          @data = data
+          @total_runtime = total_runtime
+          @timeout = timeout
+          @actions = actions
+        end
+      end
 
       class Context
         attr_reader :context_obj
 
         def initialize(handle)
           handle_obj = handle.handle_obj
-          free_func = Datadog::AppSec::WAF::LibDDWAF::ObjectNoFree
+          retain(handle)
 
-          @context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj, free_func)
+          @context_obj = Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_init(handle_obj)
           if @context_obj.null?
             fail LibDDWAF::Error, 'Could not create context'
           end
 
-          @input_objs = []
-
-          ObjectSpace.define_finalizer(self, Context.finalizer(context_obj, @input_objs))
+          validate!
         end
 
-        def self.finalizer(context_obj, input_objs)
-          proc do |object_id|
-            input_objs.each do |input_obj|
-              Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(input_obj)
-            end
-            Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
+        def finalize
+          invalidate!
+
+          retained.each do |retained_obj|
+            next unless retained_obj.is_a?(Datadog::AppSec::WAF::LibDDWAF::Object)
+
+            Datadog::AppSec::WAF::LibDDWAF.ddwaf_object_free(retained_obj)
           end
+
+          Datadog::AppSec::WAF::LibDDWAF.ddwaf_context_destroy(context_obj)
         end
 
-        DEFAULT_TIMEOUT_US = 10_0000
-        ACTION_MAP_OUT = {
-          ddwaf_err_internal:         :err_internal,
-          ddwaf_err_invalid_object:   :err_invalid_object,
-          ddwaf_err_invalid_argument: :err_invalid_argument,
-          ddwaf_good:                 :good,
-          ddwaf_monitor:              :monitor,
-          ddwaf_block:                :block,
-        }
+        def run(input, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
+          valid!
+
+          max_container_size  = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
+          max_container_depth = LibDDWAF::DDWAF_MAX_CONTAINER_DEPTH
+          max_string_length   = LibDDWAF::DDWAF_MAX_CONTAINER_SIZE
 
-        def run(input, timeout = DEFAULT_TIMEOUT_US)
-          input_obj = Datadog::AppSec::WAF.ruby_to_object(input)
+          input_obj = Datadog::AppSec::WAF.ruby_to_object(input,
+                                                          max_container_size: max_container_size,
+                                                          max_container_depth: max_container_depth,
+                                                          max_string_length: max_string_length)
           if input_obj.null?
             fail LibDDWAF::Error, "Could not convert input: #{input.inspect}"
           end
@@ -466,21 +643,60 @@ module Datadog
           end
 
           # retain C objects in memory for subsequent calls to run
-          @input_objs << input_obj
+          retain(input_obj)
 
           code = Datadog::AppSec::WAF::LibDDWAF.ddwaf_run(@context_obj, input_obj, result_obj, timeout)
 
+          actions = if result_obj[:actions][:size] > 0
+                      result_obj[:actions][:array].get_array_of_string(0, result_obj[:actions][:size])
+                    else
+                      []
+                    end
+
           result = Result.new(
-            ACTION_MAP_OUT[code],
+            RESULT_CODE[code],
             (JSON.parse(result_obj[:data]) if result_obj[:data] != nil),
             result_obj[:total_runtime],
             result_obj[:timeout],
+            actions,
           )
 
-          [ACTION_MAP_OUT[code], result]
+          [RESULT_CODE[code], result]
         ensure
           Datadog::AppSec::WAF::LibDDWAF.ddwaf_result_free(result_obj) if result_obj
         end
+
+        private
+
+        def validate!
+          @valid = true
+        end
+
+        def invalidate!
+          @valid = false
+        end
+
+        def valid?
+          @valid
+        end
+
+        def valid!
+          return if valid?
+
+          fail LibDDWAF::Error, "Attempt to use an invalid instance: #{inspect}"
+        end
+
+        def retained
+          @retained ||= []
+        end
+
+        def retain(object)
+          retained << object
+        end
+
+        def release(object)
+          retained.delete(object)
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.3.0.1.0
+  version: 1.5.1.0.0
 platform: x86_64-linux
 authors:
 - Datadog, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-29 00:00:00.000000000 Z
+date: 2022-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -33,6 +33,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - LICENSE
 - LICENSE-3rdparty.csv
 - LICENSE.Apache
@@ -41,9 +42,8 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
-- vendor/libddwaf/libddwaf-1.3.0-linux-x86_64/include/ddwaf.h
-- vendor/libddwaf/libddwaf-1.3.0-linux-x86_64/lib/libddwaf.so
-homepage: https://github.com/DataDog/libddwaf
+- vendor/libddwaf/libddwaf-1.5.1-linux-x86_64/lib/libddwaf.so
+homepage: https://github.com/DataDog/libddwaf-rb
 licenses:
 - BSD-3-Clause
 metadata: