libddwaf 1.24.1.0.0-aarch64-linux → 1.24.1.0.3-aarch64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8a2147bdf3ead8a6fa593cbe6a78ece2e40878d0800ee847f1b046bb33f8ebbf
-  data.tar.gz: b84d02a4d4d83862f417426a2ab62b5c97e2c049622da655688a47e61a4490fd
+  metadata.gz: 94f0f27a08d18b3e1d41ad75c96edd62c01d1d22c2d69e5d6c8f2f4f98bd8172
+  data.tar.gz: 732d929052278441c9b5d95cd7f9ad1a52917d4af267b5803d7e90e7760d5532
 SHA512:
-  metadata.gz: e48cee9b25b6934322dadfa5985296aa260d88e3ad912b8ab6ca9424d9e61f85f6dc9a969daba2e104b17959ea1b6e522cbef212c44df884d3eec65a95126afb
-  data.tar.gz: f5b91dd01bc99761abdadfdc28c9021c85f3abd57eb967aa05f7dfcc1aea6a3837fedf7666e12659259b84eb58e500dcabeb1ca19264b9e8e23055c4e7495d68
+  metadata.gz: 43139856cbb68e3be10d6d35aa412783a9396f2038f48f39ec297f2db13046e0185fd2a24e581bf2cb2b0294d9e461a4d9416023208f4468fe58b7778d4c875e
+  data.tar.gz: d1f5f32f20ad0abbb544e66dec7e81f655fd1892eca8a3d89f0be771abbab85eacecc50c08fa590e754cbf2b3b48089798c6e28edf84b2b400d84b4c67879284

data/README.md

@@ -0,0 +1,124 @@
+# libddwaf Ruby bindings
+
+``libddwaf-rb`` is library exposing the libddwaf C++ library to Ruby, packaging it in a multiplatform gem.
+
+For the libddwaf implementation, see this repository:
+ - [``libddwaf``: libddwaf](https://github.com/DataDog/libddwaf.git)
+
+
+
+## Rake tasks
+
+### Outline
+
+A typical workflow is as follows:
+
+```
+rake fetch    # fetch prebuilt libddwaf binaries tarball in vendor/libddwaf
+rake extract  # extract downloaded tarball in vendor/libddwaf
+rake spec     # run rspec
+rake binary   # build the gem
+```
+
+Note that each depends on the previous one, but `fetch` and `extract` are lazy, which proves useful to produce manual builds.
+
+### Platform selection
+
+By default the above will automatically use the local Ruby platform.
+
+Since libddwaf binary builds are available upstream, it's possible to build gems for any platform on any other platform. To that end `fetch`, `extract`, and `binary` can take an argument to specify the Ruby platform for which these operations should apply:
+
+```
+rake fetch[x86_64-linux-musl]
+rake extract[x86_64-linux-musl]
+rake binary[x86_64-linux-musl]
+```
+
+Of course you can't force the platform for `rspec` since that requires running code; see the Docker section below for ways to achieve that.
+
+Note that zsh gives special meaning to brackets, therefore you may need to quote the argument:
+
+```
+rake 'fetch[x86_64-linux-musl]'
+```
+
+Available platforms are:
+
+```
+x86_64-linux-musl   # Alpine build: targets musl-based Linux
+x86_64-linux-gnu    # Debian build: targets glibc-based Linux
+x86_64-linux        # Portable build: targets multiple linux libc
+x86_64-darwin       # Darwin build: targets macOS
+aarch64-linux-musl  # Same as above, for ARMv8
+aarch64-linux-gnu   # Same as above, for ARMv8
+aarch64-linux       # Same as above, for ARMv8
+arm64-darwin        # Same as above, for Apple Silicon
+java                # JRuby build, universal
+```
+
+Note: since it is not (yet) possible to package gems for the `java` Ruby platform any other way than `java`, it has to package all the native architectures.
+
+In addition, options can be specified for the portable build:
+
+```
+rake binary[x86_64-linux:gnu+musl]  # Combined build: combine musl and glibc builds, selecting one at runtime
+rake binary[x86_64-linux:llvm]      # Hybrid build: linked to llvm static libs and built against a musl sysroot
+```
+
+See upstream libddwaf for details about the [hybrid portable build](https://github.com/DataDog/libddwaf/blob/master/docker/libddwaf/README.md).
+
+## Testing with Docker
+
+Unless using Docker for Mac, remember to enable foreign CPU emulation via QEMU:
+
+```
+# aarch64 on x86_64 hardware
+docker run --privileged --rm tonistiigi/binfmt --install arm64
+# x86_64 on aarch64 hardware
+docker run --privileged --rm tonistiigi/binfmt --install amd64
+```
+
+Then you can substitute e.g `--platform linux/x86_64` with `--platform linux/aarch64` below.
+
+### GNU (Debian)
+
+```
+# this is too old for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.1 sh -c 'rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+# these are fine for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.2 sh -c 'rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.3 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.4 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.5 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.6 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.7 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.0 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.1 sh -c 'rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+```
+
+### musl (Alpine)
+
+```
+# these are too old for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.1-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.2-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler -v "~> 1.17" && bundle install && bundle exec rake spec'
+# these are fine for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.3-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.4-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.5-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.6-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:2.7-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.0-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.1-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" ruby:3.1-alpine sh -c 'apk update && apk add build-base git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+```
+
+### JRuby
+
+```
+# these are too old for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" jruby:9.2.8.0 sh -c 'apt-get update && apt-get install -y build-essential git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" jruby:9.3.0.0 sh -c 'apt-get update && apt-get install -y build-essential git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+# this is fine for aarch64
+docker run --rm -it --platform linux/x86_64 -v "${PWD}":"${PWD}" -w "${PWD}" jruby:9.3.4.0 sh -c 'apt-get update && apt-get install -y build-essential git && rm -fv Gemfile.lock && gem install bundler:2.2.22 && bundle install && bundle exec rake spec'
+```

data/lib/datadog/appsec/waf/handle.rb

@@ -45,7 +45,6 @@ module Datadog
           return [] if count == 0 # list is null
 
           list.get_array_of_string(0, count[:value])
-          # TODO: garbage collect the count?
         end
 
         private

data/lib/datadog/appsec/waf/lib_ddwaf.rb

@@ -37,15 +37,6 @@ module Datadog
           Gem::Platform.local.os
         end
 
-        def self.local_version
-          return nil unless local_os == "linux"
-
-          # Old rubygems don't handle non-gnu linux correctly
-          return ::Regexp.last_match(1) if RUBY_PLATFORM =~ /linux-(.+)$/
-
-          "gnu"
-        end
-
         def self.local_cpu
           if RUBY_ENGINE == "jruby"
             os_arch = java.lang.System.get_property("os.arch")
@@ -66,33 +57,6 @@ module Datadog
           __dir__ || raise("__dir__ is nil: eval?")
         end
 
-        def self.vendor_dir
-          File.join(source_dir, "../../../../vendor")
-        end
-
-        def self.libddwaf_vendor_dir
-          File.join(vendor_dir, "libddwaf")
-        end
-
-        def self.shared_lib_triplet(version: local_version)
-          version ? "#{local_os}-#{version}-#{local_cpu}" : "#{local_os}-#{local_cpu}"
-        end
-
-        def self.libddwaf_dir
-          default = File.join(libddwaf_vendor_dir,
-            "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet}")
-          candidates = [
-            default
-          ]
-
-          if local_os == "linux"
-            candidates << File.join(libddwaf_vendor_dir,
-              "libddwaf-#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{shared_lib_triplet(version: nil)}")
-          end
-
-          candidates.find { |d| Dir.exist?(d) } || default
-        end
-
         def self.shared_lib_extname
           if Gem::Platform.local.os == "darwin"
             ".dylib"
@@ -104,6 +68,9 @@ module Datadog
         end
 
         def self.shared_lib_path
+          variant = "#{Datadog::AppSec::WAF::VERSION::BASE_STRING}-#{local_os}-#{local_cpu}"
+          libddwaf_dir = File.join(source_dir, "../../../../vendor/libddwaf/libddwaf-#{variant}")
+
           File.join(libddwaf_dir, "lib", "libddwaf#{shared_lib_extname}")
         end
 

data/lib/datadog/appsec/waf/version.rb

@@ -5,7 +5,7 @@ module Datadog
         BASE_STRING = "1.24.1"
         # NOTE: Every change to the `BASE_STRING` should be accompanied
         #       by a reset of the patch version in the `STRING` below.
-        STRING = "#{BASE_STRING}.0.0"
+        STRING = "#{BASE_STRING}.0.3"
         MINIMUM_RUBY_VERSION = "2.5"
       end
     end

data/libddwaf.gemspec

@@ -0,0 +1,43 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "datadog/appsec/waf/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "libddwaf"
+  spec.version = Datadog::AppSec::WAF::VERSION::STRING
+  spec.required_ruby_version = [">= #{Datadog::AppSec::WAF::VERSION::MINIMUM_RUBY_VERSION}"]
+  spec.required_rubygems_version = ">= 2.0.0"
+  spec.authors = ["Datadog, Inc."]
+  spec.email = ["dev@datadoghq.com"]
+
+  spec.summary = "Datadog WAF"
+  spec.description = <<-EOS.gsub(/^[\s]+/, "")
+    libddwaf packages a WAF implementation in C++, exposed to Ruby
+  EOS
+
+  spec.homepage = "https://github.com/DataDog/libddwaf-rb"
+  spec.license = "BSD-3-Clause"
+
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  end
+
+  libddwaf_version = Datadog::AppSec::WAF::VERSION::BASE_STRING
+
+  spec.files = ["libddwaf.gemspec"]
+  spec.files.concat(Dir.glob("lib/**/*.rb"))
+  spec.files.concat(Dir.glob("{vendor/rbs,sig}/**/*.rbs"))
+  spec.files.concat(Dir.glob("{README,CHANGELOG,LICENSE,NOTICE}*"))
+  spec.files.concat(%W[
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-darwin-arm64/lib/libddwaf.dylib
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-darwin-x86_64/lib/libddwaf.dylib
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-linux-aarch64/lib/libddwaf.so
+    vendor/libddwaf/libddwaf-#{libddwaf_version}-linux-x86_64/lib/libddwaf.so
+  ])
+
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "ffi", "~> 1.0"
+end

data/sig/datadog/appsec/waf/context.rbs

@@ -0,0 +1,29 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Context
+        @context_ptr: ::FFI::Pointer
+
+        @retained: Array[untyped]
+
+        RESULT_CODE: ::Hash[::Symbol, ::Symbol]
+
+        def initialize: (::FFI::Pointer context_ptr) -> void
+
+        def finalize!: () -> void
+
+        def run: (WAF::data persistent_data, WAF::data ephemeral_data, ?::Integer timeout) -> Result
+
+        private
+
+        def ensure_pointer_presence!: () -> void
+
+        def retained: () -> Array[untyped]
+
+        def retain: (top object) -> void
+
+        def release: (top object) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/converter.rbs

@@ -0,0 +1,11 @@
+module Datadog
+  module AppSec
+    module WAF
+      module Converter
+        def self.ruby_to_object: (top val, ?max_container_size: ::Integer?, ?max_container_depth: ::Integer?, ?max_string_length: ::Integer?, ?coerce: bool?) -> LibDDWAF::Object
+
+        def self.object_to_ruby: (LibDDWAF::Object obj) -> WAF::data
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/errors.rbs

@@ -0,0 +1,20 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Error < StandardError
+      end
+
+      class InstanceFinalizedError < Error
+      end
+
+      class ConversionError < Error
+      end
+
+      class LibDDWAFError < Error
+        attr_reader diagnostics: WAF::data
+
+        def initialize: (::String msg, ?diagnostics: WAF::data?) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/handle.rbs

@@ -0,0 +1,21 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Handle
+        @handle_ptr: ::FFI::Pointer
+
+        def initialize: (::FFI::Pointer handle_ptr) -> void
+
+        def finalize!: () -> void
+
+        def build_context: () -> Context
+
+        def known_addresses: () -> ::Array[::String?]
+
+        private
+
+        def ensure_pointer_presence!: () -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/handle_builder.rbs

@@ -0,0 +1,23 @@
+module Datadog
+  module AppSec
+    module WAF
+      class HandleBuilder
+        @builder_ptr: ::FFI::Pointer
+
+        def initialize: (?limits: ::Hash[::Symbol, ::Integer], ?obfuscator: ::Hash[::Symbol, ::String]) -> void
+
+        def finalize!: () -> void
+
+        def build_handle: () -> Handle
+
+        def add_or_update_config: (data config, path: ::String) -> data
+
+        def remove_config_at_path: (::String path) -> bool
+
+        private
+
+        def ensure_pointer_presence!: () -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/lib_ddwaf.rbs

@@ -0,0 +1,158 @@
+module Datadog
+  module AppSec
+    module WAF
+      module LibDDWAF
+        DEFAULT_MAX_CONTAINER_SIZE: ::Integer
+        DEFAULT_MAX_CONTAINER_DEPTH: ::Integer
+        DEFAULT_MAX_STRING_LENGTH: ::Integer
+
+        DDWAF_MAX_CONTAINER_SIZE: ::Integer
+        DDWAF_MAX_CONTAINER_DEPTH: ::Integer
+        DDWAF_MAX_STRING_LENGTH: ::Integer
+
+        DDWAF_RUN_TIMEOUT: ::Integer
+
+        extend ::FFI::Library
+
+        def self.typedef: [T < ::FFI::Type, N, R, C] (T old, Symbol | ::FFI::DataConverter[N, R, C] add, ?untyped) -> T
+           | (Symbol old, Symbol add, ?untyped) -> (::FFI::Type | ::FFI::Enum)
+           | [X < ::FFI::DataConverter[N, R, C], N, R, C] (X old, Symbol add, ?untyped) -> ::FFI::Type::Mapped[X, N, R, C]
+           | (:enum old, Array[Symbol | Integer] add, ?untyped) -> ::FFI::Enum
+           | (:enum old, Symbol | ::FFI::Type add, Array[Symbol | Integer] info) -> ::FFI::Enum
+           | (untyped, ::Symbol) -> void
+
+        def self.callback: (::Symbol name, Array[::FFI::Library::ffi_lib_type] params, ::FFI::Library::ffi_lib_type ret) -> ::FFI::CallbackInfo
+
+        def self.enum: (*(Symbol | Integer) args) -> ::FFI::Enum
+                     | (Array[Symbol | Integer] values) -> ::FFI::Enum
+
+        def self.local_os: () -> ::String
+        def self.local_cpu: () -> ::String
+        def self.local_version: () -> (::String | nil)
+        def self.source_dir: () -> ::String
+        def self.vendor_dir: () -> ::String
+        def self.libddwaf_vendor_dir: () -> ::String
+        def self.shared_lib_triplet: (?version: ::String?) -> ::String
+        def self.libddwaf_dir: () -> ::String
+        def self.shared_lib_extname: () -> ::String
+        def self.shared_lib_path: () -> ::String
+
+        # version
+
+        def self.ddwaf_get_version: () -> ::String
+
+        # ddwaf::object data structure
+
+        DDWAF_OBJ_TYPE: ::FFI::Enum
+
+        class UInt32Ptr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+        end
+
+        class UInt64Ptr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+        end
+
+        class SizeTPtr < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+        end
+
+        class ObjectValueUnion < ::FFI::Union[::FFI::AbstractMemory, untyped]
+        end
+
+        class Object < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+        end
+
+        # setters
+
+        def self.ddwaf_object_invalid: (LibDDWAF::Object) -> ::FFI::Pointer
+        def self.ddwaf_object_string: (LibDDWAF::Object, ::String) -> ::FFI::Pointer
+        def self.ddwaf_object_stringl: (LibDDWAF::Object, ::String, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_stringl_nc: (LibDDWAF::Object, ::String, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_unsigned: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_signed: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_string_from_unsigned: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_string_from_signed: (LibDDWAF::Object, ::Integer) -> ::FFI::Pointer
+        def self.ddwaf_object_bool: (LibDDWAF::Object, bool) -> ::FFI::Pointer
+        def self.ddwaf_object_float: (LibDDWAF::Object, ::Float) -> ::FFI::Pointer
+        def self.ddwaf_object_null: (LibDDWAF::Object) -> ::FFI::Pointer
+
+        def self.ddwaf_object_array: (LibDDWAF::Object) -> ::FFI::Pointer
+        def self.ddwaf_object_array_add: (LibDDWAF::Object, LibDDWAF::Object) -> bool
+
+        def self.ddwaf_object_map: (LibDDWAF::Object) -> ::FFI::Pointer
+        def self.ddwaf_object_map_add: (LibDDWAF::Object, ::String, LibDDWAF::Object) -> bool
+        def self.ddwaf_object_map_addl: (LibDDWAF::Object, ::String, ::Integer, LibDDWAF::Object) -> bool
+        def self.ddwaf_object_map_addl_nc: (LibDDWAF::Object, ::String, ::Integer, LibDDWAF::Object) -> bool
+
+        # getters
+
+        def self.ddwaf_object_type: (LibDDWAF::Object) -> ::FFI::Enum
+        def self.ddwaf_object_size: (LibDDWAF::Object) -> ::Integer
+        def self.ddwaf_object_length: (LibDDWAF::Object) -> ::Integer
+        def self.ddwaf_object_get_key: (LibDDWAF::Object, SizeTPtr) -> ::String
+        def self.ddwaf_object_get_string: (LibDDWAF::Object, SizeTPtr) -> ::String
+        def self.ddwaf_object_get_unsigned: (LibDDWAF::Object, SizeTPtr) -> ::Integer
+        def self.ddwaf_object_get_signed: (LibDDWAF::Object, SizeTPtr) -> ::Integer
+        def self.ddwaf_object_get_index: (LibDDWAF::Object, ::Integer) -> LibDDWAF::Object
+        def self.ddwaf_object_get_bool: (LibDDWAF::Object) -> bool
+        def self.ddwaf_object_get_float: (LibDDWAF::Object) -> ::Float
+
+        # freeers
+
+        def self.ddwaf_object_free: (LibDDWAF::Object) -> void
+
+        ObjectFree: ::FFI::Function
+        ObjectNoFree: ::FFI::Pointer
+
+        # handle builder
+
+        def self.ddwaf_builder_init: (HandleBuilderConfig) -> ::FFI::Pointer
+        def self.ddwaf_builder_destroy: (::FFI::Pointer) -> void
+
+        def self.ddwaf_builder_add_or_update_config: (::FFI::Pointer, ::String, ::Integer, LibDDWAF::Object, LibDDWAF::Object) -> bool
+        def self.ddwaf_builder_remove_config: (::FFI::Pointer, ::String, ::Integer) -> bool
+
+        def self.ddwaf_builder_build_instance: (::FFI::Pointer) -> ::FFI::Pointer
+
+        # main handle
+
+        class HandleBuilderConfig < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+          class Limits < ::FFI::Struct[::FFI::AbstractMemory, ::Integer]
+          end
+
+          class Obfuscator < ::FFI::Struct[::FFI::AbstractMemory, ::FFI::Pointer]
+          end
+        end
+
+        def self.ddwaf_destroy: (::FFI::Pointer) -> void
+
+        def self.ddwaf_known_addresses: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
+        def self.ddwaf_rule_data_ids: (::FFI::Pointer, UInt32Ptr) -> ::FFI::Pointer
+
+        # updating
+
+        DDWAF_RET_CODE: ::FFI::Enum
+
+        # running
+
+        def self.ddwaf_context_init: (::FFI::Pointer) -> ::FFI::Pointer
+        def self.ddwaf_context_destroy: (::FFI::Pointer) -> void
+
+        class Result < ::FFI::Struct[::FFI::AbstractMemory, untyped]
+        end
+
+        def self.ddwaf_run: (::FFI::Pointer, Object, Object, Result, ::Integer) -> ::Symbol
+        def self.ddwaf_result_free: (Result) -> void
+
+        # logging
+
+        DDWAF_LOG_LEVEL: ::FFI::Enum
+
+        type ddwaf_log_level = ::Symbol
+
+        # TODO: signature is as below but steep 1.1 does not yet support method/proc/block mapping
+        # type ddwaf_log_cb = ^(ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+        type ddwaf_log_cb = ::Method | ::Proc
+        def self.ddwaf_set_log_cb: (ddwaf_log_cb, ddwaf_log_level) -> bool
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/result.rbs

@@ -0,0 +1,33 @@
+module Datadog
+  module AppSec
+    module WAF
+      class Result
+        @status: ::Symbol
+
+        @events: WAF::data
+
+        @total_runtime: ::Float
+
+        @timeout: bool
+
+        @actions: WAF::data
+
+        @derivatives: WAF::data
+
+        attr_reader status: ::Symbol
+
+        attr_reader events: WAF::data
+
+        attr_reader total_runtime: ::Float
+
+        attr_reader timeout: bool
+
+        attr_reader actions: WAF::data
+
+        attr_reader derivatives: WAF::data
+
+        def initialize: (::Symbol status, WAF::data events, ::Float total_runtime, bool timeout, WAF::data actions, WAF::data derivatives) -> void
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf/version.rbs

@@ -0,0 +1,13 @@
+module Datadog
+  module AppSec
+    module WAF
+      module VERSION
+        BASE_STRING: ::String
+
+        STRING: ::String
+
+        MINIMUM_RUBY_VERSION: ::String
+      end
+    end
+  end
+end

data/sig/datadog/appsec/waf.rbs

@@ -0,0 +1,16 @@
+module Datadog
+  module AppSec
+    module WAF
+      type data = String | Symbol | Integer | Float | TrueClass | FalseClass | Array[data] | Hash[(String | Symbol | nil), data] | nil
+
+      def self.version: () -> ::String
+
+      self.@logger: ::Logger
+      self.@log_callback: LibDDWAF::ddwaf_log_cb
+
+      def self.log_callback: (LibDDWAF::ddwaf_log_level, ::String, ::String, ::Integer, ::FFI::Pointer, ::Integer) -> void
+      def self.logger: () -> ::Logger
+      def self.logger=: (::Logger logger) -> void
+    end
+  end
+end

data/vendor/rbs/gem/0/gem.rbs

@@ -0,0 +1,7 @@
+class Gem::Platform
+  def self.local: () -> Gem::Platform
+
+  def os: () -> String
+  def cpu: () -> String
+  def version: () -> String
+end

data/vendor/rbs/jruby/0/jruby.rbs

@@ -0,0 +1,3 @@
+module Kernel
+  def java: () -> untyped
+end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libddwaf
 version: !ruby/object:Gem::Version
-  version: 1.24.1.0.0
+  version: 1.24.1.0.3
 platform: aarch64-linux
 authors:
 - Datadog, Inc.
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-20 00:00:00.000000000 Z
+date: 2025-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -38,6 +39,7 @@ files:
 - LICENSE.Apache
 - LICENSE.BSD3
 - NOTICE
+- README.md
 - lib/datadog/appsec/waf.rb
 - lib/datadog/appsec/waf/context.rb
 - lib/datadog/appsec/waf/converter.rb
@@ -48,12 +50,26 @@ files:
 - lib/datadog/appsec/waf/result.rb
 - lib/datadog/appsec/waf/version.rb
 - lib/libddwaf.rb
+- libddwaf.gemspec
+- sig/datadog/appsec/waf.rbs
+- sig/datadog/appsec/waf/context.rbs
+- sig/datadog/appsec/waf/converter.rbs
+- sig/datadog/appsec/waf/errors.rbs
+- sig/datadog/appsec/waf/handle.rbs
+- sig/datadog/appsec/waf/handle_builder.rbs
+- sig/datadog/appsec/waf/lib_ddwaf.rbs
+- sig/datadog/appsec/waf/result.rbs
+- sig/datadog/appsec/waf/version.rbs
+- sig/libddwaf.rbs
 - vendor/libddwaf/libddwaf-1.24.1-linux-aarch64/lib/libddwaf.so
+- vendor/rbs/gem/0/gem.rbs
+- vendor/rbs/jruby/0/jruby.rbs
 homepage: https://github.com/DataDog/libddwaf-rb
 licenses:
 - BSD-3-Clause
 metadata:
   allowed_push_host: https://rubygems.org
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -68,7 +84,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.5.21
+signing_key:
 specification_version: 4
 summary: Datadog WAF
 test_files: []