Add DD_API_SECURITY_ENABLED flag

appsec/src/extension/commands/client_init.c

@@ -160,24 +160,10 @@ static dd_result _pack_command(
         w, ZSTR_VAL(get_global_DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP()));
 
     dd_mpack_write_lstr(w, "schema_extraction");
-    mpack_start_map(w, 2);
+    mpack_start_map(w, 1);
 
     dd_mpack_write_lstr(w, "enabled");
-
-#define MIN_SE_SAMPLE_RATE 0.0001
-
-    double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE();
-    if (se_sample_rate >= MIN_SE_SAMPLE_RATE) {
-        mpack_write_bool(w, true);
-
-        dd_mpack_write_lstr(w, "sample_rate");
-        mpack_write(w, se_sample_rate);
-    } else {
-        mpack_write_bool(w, false);
-
-        dd_mpack_write_lstr(w, "sample_rate");
-        mpack_write(w, 0.0);
-    }
+    mpack_write_bool(w, get_global_DD_API_SECURITY_ENABLED());
 
     mpack_finish_map(w);
 

appsec/src/extension/configuration.h

@@ -63,7 +63,7 @@ extern bool runtime_config_first_init;
     CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking)       \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "")                                                                          \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "")                                                                          \
-    CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1")
+    CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true")
 // clang-format on
 
 #define CALIAS CONFIG

appsec/src/helper/engine_settings.hpp

@@ -16,12 +16,12 @@ namespace dds {
 
 struct schema_extraction_settings {
     static constexpr double default_sample_rate = 0.1; // 10% of requests
-    static constexpr bool default_enabled = false;
+    static constexpr bool default_enabled = true;
 
     bool enabled = default_enabled;
     double sample_rate = default_sample_rate;
 
-    MSGPACK_DEFINE_MAP(enabled, sample_rate);
+    MSGPACK_DEFINE_MAP(enabled);
 };
 
 /* engine_settings are currently the same for the whole client session.

appsec/tests/extension/api_security_env_variables.phpt

@@ -1,10 +1,10 @@
 --TEST--
 Set and test API security ini settings
 --ENV--
-DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.8
+DD_API_SECURITY_ENABLED=false
 --FILE--
 <?php
-var_dump(ini_get("datadog.api_security_request_sample_rate"));
+var_dump(ini_get("datadog.api_security_enabled"));
 ?>
 --EXPECTF--
-string(3) "0.8"
+string(5) "false"

appsec/tests/helper/broker_test.cpp

@@ -303,11 +303,9 @@ TEST(BrokerTest, RecvClientInit)
     pack_str(packer, "value_regex");
 
     pack_str(packer, "schema_extraction");
-    packer.pack_map(2);
+    packer.pack_map(1);
     pack_str(packer, "enabled");
     packer.pack_true();
-    pack_str(packer, "sample_rate");
-    packer.pack_double(0.5);
 
     packer.pack_map(4); // 7. rc_settings
     pack_str(packer, "enabled");
@@ -355,7 +353,7 @@ TEST(BrokerTest, RecvClientInit)
     EXPECT_STREQ(
         command.engine_settings.obfuscator_value_regex.c_str(), "value_regex");
     EXPECT_EQ(command.engine_settings.schema_extraction.enabled, true);
-    EXPECT_EQ(command.engine_settings.schema_extraction.sample_rate, 0.5);
+    EXPECT_EQ(command.engine_settings.schema_extraction.sample_rate, 0.1);
 
     // RC settings
     EXPECT_EQ(command.rc_settings.enabled, true);