From 91397e36666d665a15d7b021872ce682d0e74a4c Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Thu, 16 May 2024 10:05:10 +0200 Subject: [PATCH] introduce a new propagated span tag _dd.p.appsec: 1 providing the knowledge to downstream services that the current distributed trace is containing at least one ASM event and must inherit from the given force-keep priority indeed. --- .../java/com/datadog/appsec/gateway/GatewayBridge.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java index 040f3e8527d..7e39a44dd82 100644 --- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java +++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java @@ -1,9 +1,6 @@ package com.datadog.appsec.gateway; import static com.datadog.appsec.event.data.MapDataBundle.Builder.CAPACITY_6_10; -import static com.datadog.appsec.gateway.AppSecRequestContext.DEFAULT_REQUEST_HEADERS_ALLOW_LIST; -import static com.datadog.appsec.gateway.AppSecRequestContext.REQUEST_HEADERS_ALLOW_LIST; -import static com.datadog.appsec.gateway.AppSecRequestContext.RESPONSE_HEADERS_ALLOW_LIST; import com.datadog.appsec.AppSecSystem; import com.datadog.appsec.api.security.ApiSecurityRequestSampler; @@ -145,6 +142,12 @@ public void init() { traceSeg.setTagTop(DDTags.MANUAL_KEEP, true); traceSeg.setTagTop("appsec.event", true); traceSeg.setTagTop("network.client.ip", ctx.getPeerAddress()); + // If APM is disabled Provide the knowledge to downstream services that the current + // distributed trace is containing at least one ASM event and must inherit from the + // given force-keep priority indeed + if (!Config.get().isTraceEnabled()) { + traceSeg.setTagTop("_dd.p.appsec", 1); + } // Reflect client_ip as actor.ip for backward compatibility Object clientIp = spanInfo.getTags().get(Tags.HTTP_CLIENT_IP);