libddwaf 1.22.0.0.2-x86_64-linux → 1.24.1.0.0-x86_64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4bf20792078486560d67a98ca124b9e1e17e9eec09886b8faed0ba2140d37280
-  data.tar.gz: d007cbf04a52a7ef86c4f3d4616bcf8d23d59cfd7f8f0dea3c749d998f88c955
+  metadata.gz: c1973e8e5005a0c2a06f6fb1f479ccdb405fc935a73641dfe26f623cd0eae2f3
+  data.tar.gz: 0b9fc7a24984318b544ca933100d9169577b6c131cebf3db8ffd29141f90b285
 SHA512:
-  metadata.gz: 1e613570d1efbb20888795153300f9dadd3386c8839d6747979042db8781594186cc443a2ffece557af97946e7de6196781a3c4704c37767fdf1debefe5bae86
-  data.tar.gz: ddbc65f83a6384e6c07c6b7c9d4fe7e64b68f80de3a7b26c5bb9ac1b33530c9a65d577f917b4c4b20f387d8446b7869438c78485842dfeb91d966f03a7085c22
+  metadata.gz: d78fef9052216d6be2e5ef65e6c683df7fbd50943014164744f2530acb28f852515f1c7079b5a9a139f8ee07788543fd15e2104f7f654d5fe34d0eebc4ed5846
+  data.tar.gz: c313fd77f70b3d250b5fe6d62eb3544b4c5c27d3bb5faa14446ad1c3497b34a02700f126b582988703280b0f907861b9021958557227a75ad9399b2d6f57d174

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+# Unreleased v1.23.0.0.0
+
+## Added
+
+- Add `HandleBuilder` class for managing libddwaf configuration and building WAF handles
+- Add Error classes:
+  - `LibDDWAFError` for libddwaf errors
+  - `ConversionError` for conversion errors
+  - `InstanceFinalizedError` that is raised when attempting to run methods on finalized instances
+
+## Changed
+
+- Change `Handle` instantiation - now it should be done using `HandleBuilder#build_handle` method
+- Change `Context` instantiation - now is should be done using `Handle#build_context` method
+- Change configuration of Limits and obfuscation - it is now done when initializing `HandleBuilder`
+- Change `Context#run` to return a `Result` object instead of an tuple with code and result
+
+## Removed
+
+- Remove `WAF::Handle#merge` method - the configuration is now handled by `HandleBuilder`
+
 # 2025-02-20 v.1.18.0.0.1
 
 - Fixed memory-leak in `Datadog::AppSec::WAF::Context#run` when non-empty ephemeral data passed
@@ -12,7 +33,6 @@
 - Update to libddwaf 1.14.0
 - Add support for `Float` and `Nil` scalar values when converting from ruby to WAF Object and vice versa.
 
-
 # 2023-08-29 v.1.11.0.0.0
 
 - Update to libddwaf 1.11.0
@@ -21,7 +41,6 @@
 - Changed `Datadog::AppSec::WAF::Result#data` to `Datadog::AppSec::WAF::Result#events`. (Breaking change)
   The schema of the events variable can be found [here](https://github.com/DataDog/libddwaf/blob/master/schema/events.json)
 
-
 # 2023-08-28 v.1.10.0.0.0
 
 - Update to libddwaf 1.10.0

data/lib/datadog/appsec/waf/context.rb

@@ -14,20 +14,16 @@ module Datadog
           ddwaf_err_invalid_argument: :err_invalid_argument
         }.freeze
 
-        attr_reader :context_obj
-
-        def initialize(handle)
-          handle_obj = handle.handle_obj
-          retain(handle)
-
-          @context_obj = LibDDWAF.ddwaf_context_init(handle_obj)
-          raise LibDDWAF::Error, 'Could not create context' if @context_obj.null?
-
-          validate!
+        def initialize(context_ptr)
+          @context_ptr = context_ptr
         end
 
-        def finalize
-          invalidate!
+        # Destroys the WAF context and sets the pointer to nil.
+        #
+        # The instance becomes unusable after this method is called.
+        def finalize!
+          context_ptr_to_destroy = @context_ptr
+          @context_ptr = nil
 
           retained.each do |retained_obj|
             next unless retained_obj.is_a?(LibDDWAF::Object)
@@ -36,11 +32,17 @@ module Datadog
           end
 
           retained.clear
-          LibDDWAF.ddwaf_context_destroy(context_obj)
+          LibDDWAF.ddwaf_context_destroy(context_ptr_to_destroy)
         end
 
+        # Runs the WAF context with the given persistent and ephemeral data.
+        #
+        # @raise [ConversionError] if the conversion of persistent or ephemeral data fails
+        # @raise [LibDDWAFError] if libddwaf could not create the result object
+        #
+        # @return [Result] the result of the WAF run
         def run(persistent_data, ephemeral_data, timeout = LibDDWAF::DDWAF_RUN_TIMEOUT)
-          valid!
+          ensure_pointer_presence!
 
           persistent_data_obj = Converter.ruby_to_object(
             persistent_data,
@@ -50,7 +52,7 @@ module Datadog
             coerce: false
           )
           if persistent_data_obj.null?
-            raise LibDDWAF::Error, "Could not convert persistent data: #{persistent_data.inspect}"
+            raise ConversionError, "Could not convert persistent data: #{persistent_data.inspect}"
           end
 
           # retain C objects in memory for subsequent calls to run
@@ -64,15 +66,15 @@ module Datadog
             coerce: false
           )
           if ephemeral_data_obj.null?
-            raise LibDDWAF::Error, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
+            raise ConversionError, "Could not convert ephemeral data: #{ephemeral_data.inspect}"
           end
 
           result_obj = LibDDWAF::Result.new
-          raise LibDDWAF::Error, 'Could not create result object' if result_obj.null?
+          raise LibDDWAFError, "Could not create result object" if result_obj.null?
 
-          code = LibDDWAF.ddwaf_run(@context_obj, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
+          code = LibDDWAF.ddwaf_run(@context_ptr, persistent_data_obj, ephemeral_data_obj, result_obj, timeout)
 
-          result = Result.new(
+          Result.new(
             RESULT_CODE[code],
             Converter.object_to_ruby(result_obj[:events]),
             result_obj[:total_runtime],
@@ -80,8 +82,6 @@ module Datadog
             Converter.object_to_ruby(result_obj[:actions]),
             Converter.object_to_ruby(result_obj[:derivatives])
           )
-
-          [RESULT_CODE[code], result]
         ensure
           LibDDWAF.ddwaf_result_free(result_obj) if result_obj
           LibDDWAF.ddwaf_object_free(ephemeral_data_obj) if ephemeral_data_obj
@@ -89,24 +89,10 @@ module Datadog
 
         private
 
-        # FIXME: Rename into something which reflect that it's impossible to run
-        #        libddwaf on finalized context (closed)
-        def validate!
-          @valid = true
-        end
-
-        def invalidate!
-          @valid = false
-        end
-
-        def valid?
-          @valid
-        end
-
-        def valid!
-          return if valid?
+        def ensure_pointer_presence!
+          return if @context_ptr
 
-          raise LibDDWAF::Error, "Attempt to use an invalid instance: #{inspect}"
+          raise InstanceFinalizedError, "Cannot use WAF context after it has been finalized"
         end
 
         def retained

data/lib/datadog/appsec/waf/converter.rb

@@ -7,66 +7,67 @@ module Datadog
       module Converter
         module_function
 
-        # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
+        # standard:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
         def ruby_to_object(val, max_container_size: nil, max_container_depth: nil, max_string_length: nil, coerce: true)
           case val
           when Array
             obj = LibDDWAF::Object.new
             res = LibDDWAF.ddwaf_object_array(obj)
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val}"
-            end
+            raise ConversionError, "Could not convert into object: #{val}" if res.null?
 
             max_index = max_container_size - 1 if max_container_size
-            val.each.with_index do |e, i| # rubocop:disable Style/MultilineIfModifier
-              member = Converter.ruby_to_object(e,
-                                                max_container_size: max_container_size,
-                                                max_container_depth: (max_container_depth - 1 if max_container_depth),
-                                                max_string_length: max_string_length,
-                                                coerce: coerce)
-              e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
-              raise LibDDWAF::Error, "Could not add to array object: #{e.inspect}" unless e_res
-
-              break val if max_index && i >= max_index
-            end unless max_container_depth == 0
+            unless max_container_depth == 0
+              val.each.with_index do |e, i|
+                member = Converter.ruby_to_object(
+                  e,
+                  max_container_size: max_container_size,
+                  max_container_depth: (max_container_depth - 1 if max_container_depth),
+                  max_string_length: max_string_length,
+                  coerce: coerce
+                )
+                e_res = LibDDWAF.ddwaf_object_array_add(obj, member)
+                raise ConversionError, "Could not add to array object: #{e.inspect}" unless e_res
+
+                break val if max_index && i >= max_index
+              end
+            end
 
             obj
           when Hash
             obj = LibDDWAF::Object.new
             res = LibDDWAF.ddwaf_object_map(obj)
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val}"
-            end
+            raise ConversionError, "Could not convert into object: #{val}" if res.null?
 
             max_index = max_container_size - 1 if max_container_size
-            val.each.with_index do |e, i| # rubocop:disable Style/MultilineIfModifier
-              # for Steep, which doesn't handle |(k, v), i|
-              k, v = e[0], e[1] # rubocop:disable Style/ParallelAssignment
-
-              k = k.to_s[0, max_string_length] if max_string_length
-              member = Converter.ruby_to_object(v,
-                                                max_container_size: max_container_size,
-                                                max_container_depth: (max_container_depth - 1 if max_container_depth),
-                                                max_string_length: max_string_length,
-                                                coerce: coerce)
-              kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.bytesize, member)
-              unless kv_res
-                raise LibDDWAF::Error, "Could not add to map object: #{k.inspect} => #{v.inspect}"
+            unless max_container_depth == 0
+              val.each.with_index do |e, i|
+                # for Steep, which doesn't handle |(k, v), i|
+                k = e[0]
+                v = e[1]
+
+                k = k.to_s[0, max_string_length] if max_string_length
+                member = Converter.ruby_to_object(
+                  v,
+                  max_container_size: max_container_size,
+                  max_container_depth: (max_container_depth - 1 if max_container_depth),
+                  max_string_length: max_string_length,
+                  coerce: coerce
+                )
+                kv_res = LibDDWAF.ddwaf_object_map_addl(obj, k.to_s, k.to_s.bytesize, member)
+                raise ConversionError, "Could not add to map object: #{k.inspect} => #{v.inspect}" unless kv_res
+
+                break val if max_index && i >= max_index
               end
-
-              break val if max_index && i >= max_index
-            end unless max_container_depth == 0
+            end
 
             obj
           when String
             obj = LibDDWAF::Object.new
-            encoded_val = val.to_s.encode('utf-8', invalid: :replace, undef: :replace)
+            encoded_val = val.to_s.encode(Encoding::UTF_8, invalid: :replace, undef: :replace)
             val = encoded_val[0, max_string_length] if max_string_length
             str = val.to_s
             res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-            end
+            raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           when Symbol
@@ -74,67 +75,58 @@ module Datadog
             val = val.to_s[0, max_string_length] if max_string_length
             str = val.to_s
             res = LibDDWAF.ddwaf_object_stringl(obj, str, str.bytesize)
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
-            end
+            raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           when Integer
             obj = LibDDWAF::Object.new
             res = if coerce
-                    LibDDWAF.ddwaf_object_string(obj, val.to_s)
-                  elsif val < 0
-                    LibDDWAF.ddwaf_object_signed(obj, val)
-                  else
-                    LibDDWAF.ddwaf_object_unsigned(obj, val)
-                  end
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
+              LibDDWAF.ddwaf_object_string(obj, val.to_s)
+            elsif val < 0
+              LibDDWAF.ddwaf_object_signed(obj, val)
+            else
+              LibDDWAF.ddwaf_object_unsigned(obj, val)
             end
+            raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           when Float
             obj = LibDDWAF::Object.new
             res = if coerce
-                    LibDDWAF.ddwaf_object_string(obj, val.to_s)
-                  else
-                    LibDDWAF.ddwaf_object_float(obj, val)
-                  end
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
+              LibDDWAF.ddwaf_object_string(obj, val.to_s)
+            else
+              LibDDWAF.ddwaf_object_float(obj, val)
             end
+            raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           when TrueClass, FalseClass
             obj = LibDDWAF::Object.new
             res = if coerce
-                    LibDDWAF.ddwaf_object_string(obj, val.to_s)
-                  else
-                    LibDDWAF.ddwaf_object_bool(obj, val)
-                  end
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
+              LibDDWAF.ddwaf_object_string(obj, val.to_s)
+            else
+              LibDDWAF.ddwaf_object_bool(obj, val)
             end
+            raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           when NilClass
             obj = LibDDWAF::Object.new
             res = if coerce
-                    LibDDWAF.ddwaf_object_string(obj, '')
-                  else
-                    LibDDWAF.ddwaf_object_null(obj)
-                  end
-            if res.null?
-              raise LibDDWAF::Error, "Could not convert into object: #{val.inspect}"
+              LibDDWAF.ddwaf_object_string(obj, "")
+            else
+              LibDDWAF.ddwaf_object_null(obj)
             end
+            raise ConversionError, "Could not convert into object: #{val.inspect}" if res.null?
 
             obj
           else
-            Converter.ruby_to_object('')
+            Converter.ruby_to_object("")
           end
         end
-        # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
+        # standard:enable Metrics/MethodLength,Metrics/CyclomaticComplexity
 
+        # standard:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
         def object_to_ruby(obj)
           case obj[:type]
           when :ddwaf_obj_invalid, :ddwaf_obj_null
@@ -170,6 +162,7 @@ module Datadog
             end
           end
         end
+        # standard:enable Metrics/MethodLength,Metrics/CyclomaticComplexity
       end
     end
   end

data/lib/datadog/appsec/waf/errors.rb

@@ -0,0 +1,19 @@
+module Datadog
+  module AppSec
+    module WAF
+      Error = Class.new(StandardError)
+      InstanceFinalizedError = Class.new(Error)
+      ConversionError = Class.new(Error)
+
+      class LibDDWAFError < Error
+        attr_reader :diagnostics
+
+        def initialize(msg, diagnostics: nil)
+          @diagnostics = diagnostics
+
+          super(msg)
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/waf/handle.rb

@@ -6,101 +6,54 @@ module Datadog
       # Ruby representation of the ddwaf_handle in libddwaf
       # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/BINDING_IMPL_NOTES.md?plain=1#L4-L19
       class Handle
-        attr_reader :handle_obj, :diagnostics, :config
-
-        def initialize(rule, limits: {}, obfuscator: {})
-          rule_obj = Converter.ruby_to_object(rule)
-          if rule_obj.null? || rule_obj[:type] == :ddwaf_object_invalid
-            raise LibDDWAF::Error, "Could not convert object #{rule.inspect}"
-          end
-
-          config_obj = Datadog::AppSec::WAF::LibDDWAF::Config.new
-          if config_obj.null?
-            raise LibDDWAF::Error, 'Could not create config struct'
-          end
-
-          config_obj[:limits][:max_container_size]  = limits[:max_container_size]  || LibDDWAF::DEFAULT_MAX_CONTAINER_SIZE
-          config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || LibDDWAF::DEFAULT_MAX_CONTAINER_DEPTH
-          config_obj[:limits][:max_string_length]   = limits[:max_string_length]   || LibDDWAF::DEFAULT_MAX_STRING_LENGTH
-          config_obj[:obfuscator][:key_regex]       = FFI::MemoryPointer.from_string(obfuscator[:key_regex])   if obfuscator[:key_regex]
-          config_obj[:obfuscator][:value_regex]     = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
-          config_obj[:free_fn] = LibDDWAF::ObjectNoFree
-
-          @config = config_obj
-
-          diagnostics_obj = LibDDWAF::Object.new
-
-          @handle_obj = LibDDWAF.ddwaf_init(rule_obj, config_obj, diagnostics_obj)
-
-          @diagnostics = Converter.object_to_ruby(diagnostics_obj)
+        def initialize(handle_ptr)
+          @handle_ptr = handle_ptr
+        end
 
-          if @handle_obj.null?
-            raise LibDDWAF::Error.new('Could not create handle', diagnostics: @diagnostics)
-          end
+        # Destroys the WAF handle and sets the pointer to nil.
+        #
+        # The instance becomes unusable after this method is called.
+        def finalize!
+          handle_ptr_to_destroy = @handle_ptr
+          @handle_ptr = nil
 
-          validate!
-        ensure
-          LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
-          LibDDWAF.ddwaf_object_free(rule_obj) if rule_obj
+          LibDDWAF.ddwaf_destroy(handle_ptr_to_destroy)
         end
 
-        def finalize
-          invalidate!
+        # Builds a WAF context.
+        #
+        # @raise [LibDDWAFError] if libddwaf could not create the context.
+        # @return [Handle] the WAF handle
+        def build_context
+          ensure_pointer_presence!
+
+          context_obj = LibDDWAF.ddwaf_context_init(@handle_ptr)
+          raise LibDDWAFError, "Could not create context" if context_obj.null?
 
-          LibDDWAF.ddwaf_destroy(handle_obj)
+          Context.new(context_obj)
         end
 
-        def required_addresses
-          valid!
+        # Returns the list of known addresses in the WAF handle.
+        #
+        # @return [Array<String>] the list of known addresses
+        def known_addresses
+          ensure_pointer_presence!
 
           count = LibDDWAF::UInt32Ptr.new
-          list = LibDDWAF.ddwaf_known_addresses(handle_obj, count)
+          list = LibDDWAF.ddwaf_known_addresses(@handle_ptr, count)
 
           return [] if count == 0 # list is null
 
           list.get_array_of_string(0, count[:value])
-        end
-
-        def merge(data)
-          data_obj = Converter.ruby_to_object(data, coerce: false)
-          diagnostics_obj = LibDDWAF::Object.new
-          new_handle = LibDDWAF.ddwaf_update(handle_obj, data_obj, diagnostics_obj)
-
-          return if new_handle.null?
-
-          diagnostics = Converter.object_to_ruby(diagnostics_obj)
-          new_from_handle(new_handle, diagnostics, config)
-        ensure
-          LibDDWAF.ddwaf_object_free(data_obj) if data_obj
-          LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
+          # TODO: garbage collect the count?
         end
 
         private
 
-        def new_from_handle(handle_object, diagnostics, config)
-          obj = Handle.allocate
-          obj.instance_variable_set(:@handle_obj, handle_object)
-          obj.instance_variable_set(:@diagnostics, diagnostics)
-          obj.instance_variable_set(:@config, config)
-          obj
-        end
-
-        def validate!
-          @valid = true
-        end
-
-        def invalidate!
-          @valid = false
-        end
-
-        def valid?
-          @valid
-        end
-
-        def valid!
-          return if valid?
+        def ensure_pointer_presence!
+          return if @handle_ptr
 
-          raise LibDDWAF::Error, "Attempt to use an invalid instance: #{inspect}"
+          raise InstanceFinalizedError, "Cannot use WAF handle after it has been finalized"
         end
       end
     end

data/lib/datadog/appsec/waf/handle_builder.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module Datadog
+  module AppSec
+    module WAF
+      # This class represents the libddwaf WAF builder, which is used to generate WAF handles.
+      #
+      # It handles merging of potentially overlapping configurations.
+      class HandleBuilder
+        def initialize(limits: {}, obfuscator: {})
+          handle_config_obj = LibDDWAF::HandleBuilderConfig.new
+          if handle_config_obj.null?
+            raise LibDDWAFError, "Could not create config struct"
+          end
+
+          handle_config_obj[:limits][:max_container_size] = limits[:max_container_size] || LibDDWAF::DEFAULT_MAX_CONTAINER_SIZE
+          handle_config_obj[:limits][:max_container_depth] = limits[:max_container_depth] || LibDDWAF::DEFAULT_MAX_CONTAINER_DEPTH
+          handle_config_obj[:limits][:max_string_length] = limits[:max_string_length] || LibDDWAF::DEFAULT_MAX_STRING_LENGTH
+
+          handle_config_obj[:obfuscator][:key_regex] = FFI::MemoryPointer.from_string(obfuscator[:key_regex]) if obfuscator[:key_regex]
+          handle_config_obj[:obfuscator][:value_regex] = FFI::MemoryPointer.from_string(obfuscator[:value_regex]) if obfuscator[:value_regex]
+          handle_config_obj[:free_fn] = LibDDWAF::ObjectNoFree
+
+          @builder_ptr = LibDDWAF.ddwaf_builder_init(handle_config_obj)
+        end
+
+        # Destroys the WAF builder and sets the pointer to nil.
+        #
+        # The instance becomes unusable after this method is called.
+        def finalize!
+          builder_ptr_to_destroy = @builder_ptr
+          @builder_ptr = nil
+
+          LibDDWAF.ddwaf_builder_destroy(builder_ptr_to_destroy)
+        end
+
+        # Builds a WAF handle from the current state of the builder.
+        #
+        # @raise [LibDDWAFError] if no rules were added to the builder before building the handle
+        # @return [Handle] the WAF handle
+        def build_handle
+          ensure_pointer_presence!
+
+          handle_obj = LibDDWAF.ddwaf_builder_build_instance(@builder_ptr)
+          raise LibDDWAFError, "Could not create handle" if handle_obj.null?
+
+          Handle.new(handle_obj)
+        end
+
+        # :section: Configuration management methods
+        # methods for adding, updating, and removing configurations from the WAF handle builder.
+
+        # Adds or updates a configuration in the WAF handle builder for the given path.
+        #
+        # @return [Hash] diagnostics object
+        # NOTE: default config that was read from file at application startup
+        # has to be removed before adding configurations obtained through Remote Configuration.
+        def add_or_update_config(config, path:)
+          ensure_pointer_presence!
+
+          config_obj = Converter.ruby_to_object(config)
+          diagnostics_obj = LibDDWAF::Object.new
+
+          LibDDWAF.ddwaf_builder_add_or_update_config(@builder_ptr, path, path.length, config_obj, diagnostics_obj)
+
+          Converter.object_to_ruby(diagnostics_obj)
+        ensure
+          LibDDWAF.ddwaf_object_free(config_obj) if config_obj
+          LibDDWAF.ddwaf_object_free(diagnostics_obj) if diagnostics_obj
+        end
+
+        # Removes a configuration from the WAF handle builder for the given path.
+        #
+        # @return [Boolean] true if the configuration was removed, false otherwise
+        def remove_config_at_path(path)
+          ensure_pointer_presence!
+
+          LibDDWAF.ddwaf_builder_remove_config(@builder_ptr, path, path.length)
+        end
+
+        private
+
+        def ensure_pointer_presence!
+          return if @builder_ptr
+
+          raise InstanceFinalizedError, "Cannot use WAF handle builder after it has been finalized"
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/waf/lib_ddwaf.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'ffi'
-require 'datadog/appsec/waf/version'
+require "ffi"
+require "datadog/appsec/waf/version"
 
 module Datadog
   module AppSec
@@ -9,28 +9,27 @@ module Datadog
       # FFI-binding for C-libddwaf
       # See https://github.com/DataDog/libddwaf
       module LibDDWAF
-        # An exception binding raises in most of the cases
-        class Error < StandardError
-          attr_reader :diagnostics
+        DEFAULT_MAX_CONTAINER_SIZE = 256
+        DEFAULT_MAX_CONTAINER_DEPTH = 20
+        DEFAULT_MAX_STRING_LENGTH = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point
 
-          def initialize(msg, diagnostics: nil)
-            @diagnostics = diagnostics
+        DDWAF_MAX_CONTAINER_SIZE = 256
+        DDWAF_MAX_CONTAINER_DEPTH = 20
+        DDWAF_MAX_STRING_LENGTH = 4096
 
-            super(msg)
-          end
-        end
+        DDWAF_RUN_TIMEOUT = 5000
 
         extend ::FFI::Library
 
         def self.local_os
-          if RUBY_ENGINE == 'jruby'
-            os_name = java.lang.System.get_property('os.name')
+          if RUBY_ENGINE == "jruby"
+            os_name = java.lang.System.get_property("os.name")
 
             os = case os_name
-                 when /linux/i then 'linux'
-                 when /mac/i   then 'darwin'
-                 else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
-                 end
+            when /linux/i then "linux"
+            when /mac/i then "darwin"
+            else raise Error, "unsupported JRuby os.name: #{os_name.inspect}"
+            end
 
             return os
           end
@@ -39,23 +38,23 @@ module Datadog
         end
 
         def self.local_version
-          return nil unless local_os == 'linux'
+          return nil unless local_os == "linux"
 
           # Old rubygems don't handle non-gnu linux correctly
           return ::Regexp.last_match(1) if RUBY_PLATFORM =~ /linux-(.+)$/
 
-          'gnu'
+          "gnu"
         end
 
         def self.local_cpu
-          if RUBY_ENGINE == 'jruby'
-            os_arch = java.lang.System.get_property('os.arch')
+          if RUBY_ENGINE == "jruby"
+            os_arch = java.lang.System.get_property("os.arch")
 
             cpu = case os_arch
-                  when 'amd64' then 'x86_64'
-                  when 'aarch64' then local_os == 'darwin' ? 'arm64' : 'aarch64'
-                  else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
-                  end
+            when "amd64" then "x86_64"
+            when "aarch64" then (local_os == "darwin") ? "arm64" : "aarch64"
+            else raise Error, "unsupported JRuby os.arch: #{os_arch.inspect}"
+            end
 
             return cpu
           end
@@ -64,15 +63,15 @@ module Datadog
         end
 
         def self.source_dir
-          __dir__ || raise('__dir__ is nil: eval?')
+          __dir__ || raise("__dir__ is nil: eval?")
         end
 
         def self.vendor_dir
-          File.join(source_dir, '../../../../vendor')
+          File.join(source_dir, "../../../../vendor")
         end
 
         def self.libddwaf_vendor_dir
-          File.join(vendor_dir, 'libddwaf')
+          File.join(vendor_dir, "libddwaf")
         end
 
         def self.shared_lib_triplet(version: local_version)
@@ -81,31 +80,31 @@ module Datadog
 
         def self.libddwaf_dir
           default = File.join(libddwaf_vendor_dir,
-                              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
+            "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
           candidates = [
             default
           ]
 
-          if local_os == 'linux'
+          if local_os == "linux"
             candidates << File.join(libddwaf_vendor_dir,
-                                    "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
+              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
           end
 
           candidates.find { |d| Dir.exist?(d) } || default
         end
 
         def self.shared_lib_extname
-          if Gem::Platform.local.os == 'darwin'
-            '.dylib'
-          elsif Gem::Platform.local.os == 'java' && java.lang.System.get_property('os.name').match(/mac/i)
-            '.dylib'
+          if Gem::Platform.local.os == "darwin"
+            ".dylib"
+          elsif Gem::Platform.local.os == "java" && java.lang.System.get_property("os.name").match(/mac/i)
+            ".dylib"
           else
-            '.so'
+            ".so"
           end
         end
 
         def self.shared_lib_path
-          File.join(libddwaf_dir, 'lib', "libddwaf#{shared_lib_extname}")
+          File.join(libddwaf_dir, "lib", "libddwaf#{shared_lib_extname}")
         end
 
         ffi_lib [shared_lib_path]
@@ -116,15 +115,15 @@ module Datadog
 
         # ddwaf::object data structure
 
-        DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid,  0,
-                              :ddwaf_obj_signed,   1 << 0,
-                              :ddwaf_obj_unsigned, 1 << 1,
-                              :ddwaf_obj_string,   1 << 2,
-                              :ddwaf_obj_array,    1 << 3,
-                              :ddwaf_obj_map,      1 << 4,
-                              :ddwaf_obj_bool,     1 << 5,
-                              :ddwaf_obj_float,    1 << 6,
-                              :ddwaf_obj_null,     1 << 7
+        DDWAF_OBJ_TYPE = enum :ddwaf_obj_invalid, 0,
+          :ddwaf_obj_signed, 1 << 0,
+          :ddwaf_obj_unsigned, 1 << 1,
+          :ddwaf_obj_string, 1 << 2,
+          :ddwaf_obj_array, 1 << 3,
+          :ddwaf_obj_map, 1 << 4,
+          :ddwaf_obj_bool, 1 << 5,
+          :ddwaf_obj_float, 1 << 6,
+          :ddwaf_obj_null, 1 << 7
 
         typedef DDWAF_OBJ_TYPE, :ddwaf_obj_type
 
@@ -155,21 +154,21 @@ module Datadog
         # Ruby representation of C union
         class ObjectValueUnion < ::FFI::Union
           layout :stringValue, :charptr,
-                 :uintValue,   :uint64,
-                 :intValue,    :int64,
-                 :array,       :pointer,
-                 :boolean,     :bool,
-                 :f64,         :double
+            :uintValue, :uint64,
+            :intValue, :int64,
+            :array, :pointer,
+            :boolean, :bool,
+            :f64, :double
         end
 
         # Ruby representation of ddwaf_object
         # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L94C1-L115C3
         class Object < ::FFI::Struct
-          layout :parameterName,       :charptr,
-                 :parameterNameLength, :uint64,
-                 :valueUnion,          ObjectValueUnion,
-                 :nbEntries,           :uint64,
-                 :type,                :ddwaf_obj_type
+          layout :parameterName, :charptr,
+            :parameterNameLength, :uint64,
+            :valueUnion, ObjectValueUnion,
+            :nbEntries, :uint64,
+            :type, :ddwaf_obj_type
         end
 
         typedef Object.by_ref, :ddwaf_object
@@ -214,51 +213,62 @@ module Datadog
         ObjectFree = attach_function :ddwaf_object_free, [:ddwaf_object], :void
         ObjectNoFree = ::FFI::Pointer::NULL
 
-        # main handle
+        # handle builder
 
+        typedef :pointer, :ddwaf_builder
         typedef :pointer, :ddwaf_handle
-        typedef Object.by_ref, :ddwaf_rule
+        typedef :pointer, :ddwaf_diagnostics
 
         callback :ddwaf_object_free_fn, [:ddwaf_object], :void
 
         # Ruby representation of ddwaf_config
         # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L129-L152
-        class Config < ::FFI::Struct
+        class HandleBuilderConfig < ::FFI::Struct
           # Ruby representation of ddwaf_config_limits
           # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L131-L138
           class Limits < ::FFI::Struct
-            layout :max_container_size,  :uint32,
-                   :max_container_depth, :uint32,
-                   :max_string_length,   :uint32
+            layout :max_container_size, :uint32,
+              :max_container_depth, :uint32,
+              :max_string_length, :uint32
           end
 
           # Ruby representation of ddwaf_config_obfuscator
           # https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L141-L146
           class Obfuscator < ::FFI::Struct
-            layout :key_regex,   :pointer, # should be :charptr
-                   :value_regex, :pointer  # should be :charptr
+            layout :key_regex, :pointer, # should be :charptr
+              :value_regex, :pointer  # should be :charptr
           end
 
-          layout :limits,     Limits,
-                 :obfuscator, Obfuscator,
-                 :free_fn,    :pointer # :ddwaf_object_free_fn
+          layout :limits, Limits,
+            :obfuscator, Obfuscator,
+            :free_fn, :pointer # :ddwaf_object_free_fn
         end
 
-        typedef Config.by_ref, :ddwaf_config
+        typedef HandleBuilderConfig.by_ref, :ddwaf_config
+
+        attach_function :ddwaf_builder_init, [:ddwaf_config], :ddwaf_builder
+        attach_function :ddwaf_builder_destroy, [:ddwaf_builder], :void
+
+        attach_function :ddwaf_builder_add_or_update_config, [:ddwaf_builder, :string, :size_t, :ddwaf_object, :ddwaf_diagnostics], :bool
+        attach_function :ddwaf_builder_remove_config, [:ddwaf_builder, :string, :size_t], :bool
+
+        attach_function :ddwaf_builder_build_instance, [:ddwaf_builder], :ddwaf_handle
+
+        # handle
+
+        callback :ddwaf_object_free_fn, [:ddwaf_object], :void
 
-        attach_function :ddwaf_init, [:ddwaf_rule, :ddwaf_config, :ddwaf_object], :ddwaf_handle
-        attach_function :ddwaf_update, [:ddwaf_handle, :ddwaf_object, :ddwaf_object], :ddwaf_handle
         attach_function :ddwaf_destroy, [:ddwaf_handle], :void
 
         attach_function :ddwaf_known_addresses, [:ddwaf_handle, UInt32Ptr], :charptrptr
 
         # updating
 
-        DDWAF_RET_CODE = enum :ddwaf_err_internal,         -3,
-                              :ddwaf_err_invalid_object,   -2,
-                              :ddwaf_err_invalid_argument, -1,
-                              :ddwaf_ok,                    0,
-                              :ddwaf_match,                 1
+        DDWAF_RET_CODE = enum :ddwaf_err_internal, -3,
+          :ddwaf_err_invalid_object, -2,
+          :ddwaf_err_invalid_argument, -1,
+          :ddwaf_ok, 0,
+          :ddwaf_match, 1
         typedef DDWAF_RET_CODE, :ddwaf_ret_code
 
         # running
@@ -271,11 +281,11 @@ module Datadog
         # Ruby representation of ddwaf_result
         # See https://github.com/DataDog/libddwaf/blob/10e3a1dfc7bc9bb8ab11a09a9f8b6b339eaf3271/include/ddwaf.h#L154-L173
         class Result < ::FFI::Struct
-          layout :timeout,       :bool,
-                 :events,        Object,
-                 :actions,       Object,
-                 :derivatives,   Object,
-                 :total_runtime, :uint64
+          layout :timeout, :bool,
+            :events, Object,
+            :actions, Object,
+            :derivatives, Object,
+            :total_runtime, :uint64
         end
 
         typedef Result.by_ref, :ddwaf_result
@@ -287,26 +297,16 @@ module Datadog
         # logging
 
         DDWAF_LOG_LEVEL = enum :ddwaf_log_trace,
-                               :ddwaf_log_debug,
-                               :ddwaf_log_info,
-                               :ddwaf_log_warn,
-                               :ddwaf_log_error,
-                               :ddwaf_log_off
+          :ddwaf_log_debug,
+          :ddwaf_log_info,
+          :ddwaf_log_warn,
+          :ddwaf_log_error,
+          :ddwaf_log_off
         typedef DDWAF_LOG_LEVEL, :ddwaf_log_level
 
         callback :ddwaf_log_cb, [:ddwaf_log_level, :string, :string, :uint, :charptr, :uint64], :void
 
         attach_function :ddwaf_set_log_cb, [:ddwaf_log_cb, :ddwaf_log_level], :bool
-
-        DEFAULT_MAX_CONTAINER_SIZE  = 256
-        DEFAULT_MAX_CONTAINER_DEPTH = 20
-        DEFAULT_MAX_STRING_LENGTH   = 16_384 # in bytes, UTF-8 worst case being 4x size in terms of code point)
-
-        DDWAF_MAX_CONTAINER_SIZE  = 256
-        DDWAF_MAX_CONTAINER_DEPTH = 20
-        DDWAF_MAX_STRING_LENGTH   = 4096
-
-        DDWAF_RUN_TIMEOUT = 5000
       end
     end
   end

data/lib/datadog/appsec/waf/version.rb

@@ -2,11 +2,11 @@ module Datadog
   module AppSec
     module WAF
       module VERSION
-        BASE_STRING = '1.22.0'
+        BASE_STRING = "1.24.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.0.2"
-        MINIMUM_RUBY_VERSION = '2.5'
+        STRING = "#{BASE_STRING}.0.0"
+        MINIMUM_RUBY_VERSION = "2.5"
       end
     end
   end

data/lib/datadog/appsec/waf.rb

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
-require 'datadog/appsec/waf/lib_ddwaf'
-
-require 'datadog/appsec/waf/converter'
-require 'datadog/appsec/waf/result'
-require 'datadog/appsec/waf/context'
-require 'datadog/appsec/waf/handle'
-require 'datadog/appsec/waf/version'
+require "datadog/appsec/waf/lib_ddwaf"
+
+require "datadog/appsec/waf/handle_builder"
+require "datadog/appsec/waf/handle"
+require "datadog/appsec/waf/converter"
+require "datadog/appsec/waf/errors"
+require "datadog/appsec/waf/result"
+require "datadog/appsec/waf/context"
+require "datadog/appsec/waf/version"
 
 module Datadog
   module AppSec

data/lib/libddwaf.rb

@@ -1 +1 @@
-require 'datadog/appsec/waf'
+require "datadog/appsec/waf"

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.22.0.0.2
+  version: 1.24.1.0.0
 platform: x86_64-linux
 authors:
 - Datadog, Inc.
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-15 00:00:00.000000000 Z
+date: 2025-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -42,18 +41,19 @@ files:
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/context.rb
 - lib/datadog/appsec/waf/converter.rb
+- lib/datadog/appsec/waf/errors.rb
 - lib/datadog/appsec/waf/handle.rb
+- lib/datadog/appsec/waf/handle_builder.rb
 - lib/datadog/appsec/waf/lib_ddwaf.rb
 - lib/datadog/appsec/waf/result.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
-- vendor/libddwaf/libddwaf-1.22.0-linux-x86_64/lib/libddwaf.so
+- vendor/libddwaf/libddwaf-1.24.1-linux-x86_64/lib/libddwaf.so
 homepage: https://github.com/DataDog/libddwaf-rb
 licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -68,8 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.5.21
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Datadog WAF
 test_files: []