From 1e69c13c7576ed3a3bf00358bf019e9ebe3cab9b Mon Sep 17 00:00:00 2001
From: Alejandro Estringana Ruiz <alejandro.estringanaruiz@datadoghq.com>
Date: Thu, 22 Feb 2024 12:55:10 +0100
Subject: [PATCH] Add DD_API_SECURITY_ENABLED flag

---
 appsec/src/extension/commands/client_init.c   |  18 ++----------------
 appsec/src/extension/configuration.h          |   2 +-
 appsec/src/helper/engine_settings.hpp         |   4 ++--
 .../extension/api_security_env_variables.phpt |   6 +++---
 .../extension/rinit_rshutdown_basic.phpt      | Bin 5558 -> 5501 bytes
 appsec/tests/helper/broker_test.cpp           |   6 ++----
 6 files changed, 10 insertions(+), 26 deletions(-)

diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c
index 0d8de9217e5..41a7bf6d8e9 100644
--- a/appsec/src/extension/commands/client_init.c
+++ b/appsec/src/extension/commands/client_init.c
@@ -160,24 +160,10 @@ static dd_result _pack_command(
         w, ZSTR_VAL(get_global_DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP()));
 
     dd_mpack_write_lstr(w, "schema_extraction");
-    mpack_start_map(w, 2);
+    mpack_start_map(w, 1);
 
     dd_mpack_write_lstr(w, "enabled");
-
-#define MIN_SE_SAMPLE_RATE 0.0001
-
-    double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE();
-    if (se_sample_rate >= MIN_SE_SAMPLE_RATE) {
-        mpack_write_bool(w, true);
-
-        dd_mpack_write_lstr(w, "sample_rate");
-        mpack_write(w, se_sample_rate);
-    } else {
-        mpack_write_bool(w, false);
-
-        dd_mpack_write_lstr(w, "sample_rate");
-        mpack_write(w, 0.0);
-    }
+    mpack_write_bool(w, get_global_DD_API_SECURITY_ENABLED());
 
     mpack_finish_map(w);
 
diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h
index a317c55ca1b..42e1300b3cf 100644
--- a/appsec/src/extension/configuration.h
+++ b/appsec/src/extension/configuration.h
@@ -63,7 +63,7 @@ extern bool runtime_config_first_init;
     CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking)       \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "")                                                                          \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "")                                                                          \
-    CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1")
+    CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true")
 // clang-format on
 
 #define CALIAS CONFIG
diff --git a/appsec/src/helper/engine_settings.hpp b/appsec/src/helper/engine_settings.hpp
index e9bdf910124..dd38a8243dd 100644
--- a/appsec/src/helper/engine_settings.hpp
+++ b/appsec/src/helper/engine_settings.hpp
@@ -16,12 +16,12 @@ namespace dds {
 
 struct schema_extraction_settings {
     static constexpr double default_sample_rate = 0.1; // 10% of requests
-    static constexpr bool default_enabled = false;
+    static constexpr bool default_enabled = true;
 
     bool enabled = default_enabled;
     double sample_rate = default_sample_rate;
 
-    MSGPACK_DEFINE_MAP(enabled, sample_rate);
+    MSGPACK_DEFINE_MAP(enabled);
 };
 
 /* engine_settings are currently the same for the whole client session.
diff --git a/appsec/tests/extension/api_security_env_variables.phpt b/appsec/tests/extension/api_security_env_variables.phpt
index f387cb6be58..de963c97a72 100644
--- a/appsec/tests/extension/api_security_env_variables.phpt
+++ b/appsec/tests/extension/api_security_env_variables.phpt
@@ -1,10 +1,10 @@
 --TEST--
 Set and test API security ini settings
 --ENV--
-DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.8
+DD_API_SECURITY_ENABLED=false
 --FILE--
 <?php
-var_dump(ini_get("datadog.api_security_request_sample_rate"));
+var_dump(ini_get("datadog.api_security_enabled"));
 ?>
 --EXPECTF--
-string(3) "0.8"
+string(5) "false"
diff --git a/appsec/tests/extension/rinit_rshutdown_basic.phpt b/appsec/tests/extension/rinit_rshutdown_basic.phpt
index 0ed364bbeceec78e7df7ad5ce1aa43f09eb3abaf..f934bb159a1d2f803b48d462d7e5f924825f6ffd 100644
GIT binary patch
delta 12
Ucmdm{{a0(lR?f}uI8Sf`04ZMu^Z)<=

delta 51
zcmeyXwM~1&R?f)@0&GHwxdl0?@kNOxsj&*Sb_xc1hLaOH6({?P3QzvP%RBi#JL~3K
HoQt^u;7<|S

diff --git a/appsec/tests/helper/broker_test.cpp b/appsec/tests/helper/broker_test.cpp
index b4e7bef2a63..ca8528449a1 100644
--- a/appsec/tests/helper/broker_test.cpp
+++ b/appsec/tests/helper/broker_test.cpp
@@ -303,11 +303,9 @@ TEST(BrokerTest, RecvClientInit)
     pack_str(packer, "value_regex");
 
     pack_str(packer, "schema_extraction");
-    packer.pack_map(2);
+    packer.pack_map(1);
     pack_str(packer, "enabled");
     packer.pack_true();
-    pack_str(packer, "sample_rate");
-    packer.pack_double(0.5);
 
     packer.pack_map(4); // 7. rc_settings
     pack_str(packer, "enabled");
@@ -355,7 +353,7 @@ TEST(BrokerTest, RecvClientInit)
     EXPECT_STREQ(
         command.engine_settings.obfuscator_value_regex.c_str(), "value_regex");
     EXPECT_EQ(command.engine_settings.schema_extraction.enabled, true);
-    EXPECT_EQ(command.engine_settings.schema_extraction.sample_rate, 0.5);
+    EXPECT_EQ(command.engine_settings.schema_extraction.sample_rate, 0.1);
 
     // RC settings
     EXPECT_EQ(command.rc_settings.enabled, true);