diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c index 0d8de9217e..41a7bf6d8e 100644 --- a/appsec/src/extension/commands/client_init.c +++ b/appsec/src/extension/commands/client_init.c @@ -160,24 +160,10 @@ static dd_result _pack_command( w, ZSTR_VAL(get_global_DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP())); dd_mpack_write_lstr(w, "schema_extraction"); - mpack_start_map(w, 2); + mpack_start_map(w, 1); dd_mpack_write_lstr(w, "enabled"); - -#define MIN_SE_SAMPLE_RATE 0.0001 - - double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE(); - if (se_sample_rate >= MIN_SE_SAMPLE_RATE) { - mpack_write_bool(w, true); - - dd_mpack_write_lstr(w, "sample_rate"); - mpack_write(w, se_sample_rate); - } else { - mpack_write_bool(w, false); - - dd_mpack_write_lstr(w, "sample_rate"); - mpack_write(w, 0.0); - } + mpack_write_bool(w, get_global_DD_API_SECURITY_ENABLED()); mpack_finish_map(w); diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h index a317c55ca1..42e1300b3c 100644 --- a/appsec/src/extension/configuration.h +++ b/appsec/src/extension/configuration.h @@ -63,7 +63,7 @@ extern bool runtime_config_first_init; CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking) \ CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "") \ CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "") \ - CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1") + CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true") // clang-format on #define CALIAS CONFIG diff --git a/appsec/src/helper/engine_settings.hpp b/appsec/src/helper/engine_settings.hpp index e9bdf91012..dd38a8243d 100644 --- a/appsec/src/helper/engine_settings.hpp +++ b/appsec/src/helper/engine_settings.hpp @@ -16,12 +16,12 @@ namespace dds { struct schema_extraction_settings { static constexpr double default_sample_rate = 0.1; // 10% of requests - static constexpr bool default_enabled = false; + static constexpr bool default_enabled = true; bool enabled = default_enabled; double sample_rate = default_sample_rate; - MSGPACK_DEFINE_MAP(enabled, sample_rate); + MSGPACK_DEFINE_MAP(enabled); }; /* engine_settings are currently the same for the whole client session. diff --git a/appsec/tests/extension/api_security_env_variables.phpt b/appsec/tests/extension/api_security_env_variables.phpt index f387cb6be5..de963c97a7 100644 --- a/appsec/tests/extension/api_security_env_variables.phpt +++ b/appsec/tests/extension/api_security_env_variables.phpt @@ -1,10 +1,10 @@ --TEST-- Set and test API security ini settings --ENV-- -DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.8 +DD_API_SECURITY_ENABLED=false --FILE-- --EXPECTF-- -string(3) "0.8" +string(5) "false" diff --git a/appsec/tests/extension/rinit_rshutdown_basic.phpt b/appsec/tests/extension/rinit_rshutdown_basic.phpt index 0ed364bbec..f934bb159a 100644 Binary files a/appsec/tests/extension/rinit_rshutdown_basic.phpt and b/appsec/tests/extension/rinit_rshutdown_basic.phpt differ diff --git a/appsec/tests/helper/broker_test.cpp b/appsec/tests/helper/broker_test.cpp index b4e7bef2a6..ca8528449a 100644 --- a/appsec/tests/helper/broker_test.cpp +++ b/appsec/tests/helper/broker_test.cpp @@ -303,11 +303,9 @@ TEST(BrokerTest, RecvClientInit) pack_str(packer, "value_regex"); pack_str(packer, "schema_extraction"); - packer.pack_map(2); + packer.pack_map(1); pack_str(packer, "enabled"); packer.pack_true(); - pack_str(packer, "sample_rate"); - packer.pack_double(0.5); packer.pack_map(4); // 7. rc_settings pack_str(packer, "enabled"); @@ -355,7 +353,7 @@ TEST(BrokerTest, RecvClientInit) EXPECT_STREQ( command.engine_settings.obfuscator_value_regex.c_str(), "value_regex"); EXPECT_EQ(command.engine_settings.schema_extraction.enabled, true); - EXPECT_EQ(command.engine_settings.schema_extraction.sample_rate, 0.5); + EXPECT_EQ(command.engine_settings.schema_extraction.sample_rate, 0.1); // RC settings EXPECT_EQ(command.rc_settings.enabled, true);