From 48ba7d73c1f3cca7b061a1752b93fc1b26326b96 Mon Sep 17 00:00:00 2001
From: Alejandro Estringana Ruiz <alejandro.estringanaruiz@datadoghq.com>
Date: Tue, 27 Feb 2024 15:11:46 +0100
Subject: [PATCH] Add DD_API_SECURITY_ENABLED flag (#2532)

---
 appsec/src/extension/commands/client_init.c            | 9 ++-------
 appsec/src/extension/configuration.h                   | 3 ++-
 appsec/tests/extension/api_security_env_variables.phpt | 5 ++++-
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c
index 0d8de9217e..1329561a67 100644
--- a/appsec/src/extension/commands/client_init.c
+++ b/appsec/src/extension/commands/client_init.c
@@ -163,19 +163,14 @@ static dd_result _pack_command(
     mpack_start_map(w, 2);
 
     dd_mpack_write_lstr(w, "enabled");
+    mpack_write_bool(w, get_global_DD_API_SECURITY_ENABLED());
 
+    dd_mpack_write_lstr(w, "sample_rate");
 #define MIN_SE_SAMPLE_RATE 0.0001
-
     double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE();
     if (se_sample_rate >= MIN_SE_SAMPLE_RATE) {
-        mpack_write_bool(w, true);
-
-        dd_mpack_write_lstr(w, "sample_rate");
         mpack_write(w, se_sample_rate);
     } else {
-        mpack_write_bool(w, false);
-
-        dd_mpack_write_lstr(w, "sample_rate");
         mpack_write(w, 0.0);
     }
 
diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h
index a317c55ca1..9bc3a3a5d0 100644
--- a/appsec/src/extension/configuration.h
+++ b/appsec/src/extension/configuration.h
@@ -63,7 +63,8 @@ extern bool runtime_config_first_init;
     CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking)       \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "")                                                                          \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "")                                                                          \
-    CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1")
+    CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1", .ini_change = zai_config_system_ini_change)                            \
+    CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true", .ini_change = zai_config_system_ini_change)
 // clang-format on
 
 #define CALIAS CONFIG
diff --git a/appsec/tests/extension/api_security_env_variables.phpt b/appsec/tests/extension/api_security_env_variables.phpt
index f387cb6be5..e174db04bc 100644
--- a/appsec/tests/extension/api_security_env_variables.phpt
+++ b/appsec/tests/extension/api_security_env_variables.phpt
@@ -1,10 +1,13 @@
 --TEST--
 Set and test API security ini settings
 --ENV--
+DD_API_SECURITY_ENABLED=false
 DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.8
 --FILE--
 <?php
-var_dump(ini_get("datadog.api_security_request_sample_rate"));
+var_dump(ini_get("datadog.api_security_enabled"));
+var_dump(ini_get("datadog.api_security_request_sample_rate"))
 ?>
 --EXPECTF--
+string(5) "false"
 string(3) "0.8"