Add DD_API_SECURITY_ENABLED flag (#2532)

DataDog · Feb 27, 2024 · 48ba7d7 · 48ba7d7
1 parent 380774d
commit 48ba7d7
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 9 deletions.
diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c
@@ -163,19 +163,14 @@ static dd_result _pack_command(
     mpack_start_map(w, 2);
 
     dd_mpack_write_lstr(w, "enabled");
+    mpack_write_bool(w, get_global_DD_API_SECURITY_ENABLED());
 
+    dd_mpack_write_lstr(w, "sample_rate");
 #define MIN_SE_SAMPLE_RATE 0.0001
-
     double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE();
     if (se_sample_rate >= MIN_SE_SAMPLE_RATE) {
-        mpack_write_bool(w, true);
-
-        dd_mpack_write_lstr(w, "sample_rate");
         mpack_write(w, se_sample_rate);
     } else {
-        mpack_write_bool(w, false);
-
-        dd_mpack_write_lstr(w, "sample_rate");
         mpack_write(w, 0.0);
     }
 

diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h
@@ -63,7 +63,8 @@ extern bool runtime_config_first_init;
     CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking)       \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "")                                                                          \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "")                                                                          \
-    CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1")
+    CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1", .ini_change = zai_config_system_ini_change)                            \
+    CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true", .ini_change = zai_config_system_ini_change)
 // clang-format on
 
 #define CALIAS CONFIG

diff --git a/appsec/tests/extension/api_security_env_variables.phpt b/appsec/tests/extension/api_security_env_variables.phpt
@@ -1,10 +1,13 @@
 --TEST--
 Set and test API security ini settings
 --ENV--
+DD_API_SECURITY_ENABLED=false
 DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.8
 --FILE--
 <?php
-var_dump(ini_get("datadog.api_security_request_sample_rate"));
+var_dump(ini_get("datadog.api_security_enabled"));
+var_dump(ini_get("datadog.api_security_request_sample_rate"))
 ?>
 --EXPECTF--
+string(5) "false"
 string(3) "0.8"