Add schema extraction enabling flag

appsec/src/extension/commands/client_init.c

@@ -169,7 +169,7 @@ static dd_result _pack_command(
 
     double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE();
     if (se_sample_rate >= MIN_SE_SAMPLE_RATE) {
-        mpack_write_bool(w, true);
+        mpack_write_bool(w, get_global_DD_EXPERIMENTAL_API_SECURITY_ENABLED());
 
         dd_mpack_write_lstr(w, "sample_rate");
         mpack_write(w, se_sample_rate);

appsec/src/extension/configuration.h

@@ -62,6 +62,7 @@ extern bool runtime_config_first_init;
     CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking)       \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "")                                                                          \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "")                                                                          \
+    CONFIG(BOOL, DD_EXPERIMENTAL_API_SECURITY_ENABLED, "false")                                                                       \
     CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1")
 // clang-format on
 

appsec/tests/extension/inc/mock_helper.php

@@ -139,6 +139,17 @@ function get_commands() {
         }
     }
 
+    function get_command($command) {
+        $commands = $this->get_commands();
+        foreach($commands as $c) {
+            if ($c[0] == $command) {
+                return $c;
+            }
+        }
+
+        return [];
+    }
+
     function print_commands($sort = true) {
         $commands = $this->get_commands();
         if (!is_array($commands)) {

appsec/tests/extension/schema_extraction_01.phpt

@@ -0,0 +1,28 @@
+--TEST--
+Default schema extraction configurations
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown,get_formatted_runtime_id};
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []]))
+]);
+
+var_dump(rinit());
+var_dump(rshutdown());
+
+$clientInit = $helper->get_command('client_init');
+
+var_dump($clientInit[1][5]['schema_extraction']);
+?>
+--EXPECTF--
+bool(true)
+bool(true)
+array(2) {
+  ["enabled"]=>
+  bool(false)
+  ["sample_rate"]=>
+  float(0.1)
+}

appsec/tests/extension/schema_extraction_02.phpt

@@ -0,0 +1,31 @@
+--TEST--
+Schema extraction configured
+--ENV--
+DD_EXPERIMENTAL_API_SECURITY_ENABLED=true
+DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.5
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown,get_formatted_runtime_id};
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []]))
+]);
+
+var_dump(rinit());
+var_dump(rshutdown());
+
+$clientInit = $helper->get_command('client_init');
+
+var_dump($clientInit[1][5]['schema_extraction']);
+?>
+--EXPECTF--
+bool(true)
+bool(true)
+array(2) {
+  ["enabled"]=>
+  bool(true)
+  ["sample_rate"]=>
+  float(0.5)
+}

appsec/tests/extension/schema_extraction_03.phpt

@@ -0,0 +1,31 @@
+--TEST--
+Schema extraction is disabled when sample rate is 0
+--ENV--
+DD_EXPERIMENTAL_API_SECURITY_ENABLED=true
+DD_API_SECURITY_REQUEST_SAMPLE_RATE=0
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown,get_formatted_runtime_id};
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []]))
+]);
+
+var_dump(rinit());
+var_dump(rshutdown());
+
+$clientInit = $helper->get_command('client_init');
+
+var_dump($clientInit[1][5]['schema_extraction']);
+?>
+--EXPECTF--
+bool(true)
+bool(true)
+array(2) {
+  ["enabled"]=>
+  bool(false)
+  ["sample_rate"]=>
+  float(0)
+}