diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java index 7ac6211a854..d6666ef8db1 100644 --- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java +++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java @@ -11,7 +11,7 @@ public class ApiSecurityDownstreamSamplerImpl implements ApiSecurityDownstreamSa private final double threshold; public ApiSecurityDownstreamSamplerImpl() { - this(Config.get().getApiSecurityDownstreamRequestAnalysisSampleRate()); + this(Config.get().getApiSecurityDownstreamRequestBodyAnalysisSampleRate()); } public ApiSecurityDownstreamSamplerImpl(final double rate) { diff --git a/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy b/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy index 76ca71b1289..4f5ea32984d 100644 --- a/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy +++ b/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy @@ -55,7 +55,7 @@ abstract class AbstractAppSecServerSmokeTest extends AbstractServerSmokeTest { // disable AppSec rate limit "-Ddd.appsec.trace.rate.limit=-1", // disable http client sampling - "-Ddd.api-security.downstream.request.analysis.sample_rate=1" + "-Ddd.api-security.downstream.request.body.analysis.sample_rate=1" ] + (System.getProperty('smoke_test.appsec.enabled') == 'inactive' ? // enable remote config so that appsec is partially enabled (rc is now enabled by default) [ diff --git a/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java b/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java index 91151166b62..49251171ebb 100644 --- a/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java +++ b/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java @@ -120,7 +120,7 @@ public final class ConfigDefaults { static final float DEFAULT_API_SECURITY_SAMPLE_DELAY = 30.0f; static final boolean DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_ENABLED = true; static final int DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT = 300; - static final double DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE = 0.5D; + static final double DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE = 0.5D; static final int DEFAULT_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS = 1; static final boolean DEFAULT_APPSEC_RASP_ENABLED = true; static final boolean DEFAULT_APPSEC_STACK_TRACE_ENABLED = true; diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java index e495117861a..9be72750ac7 100644 --- a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java +++ b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java @@ -34,6 +34,8 @@ public final class AppSecConfig { "api-security.endpoint.collection.message.limit"; public static final String API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE = "api-security.downstream.request.analysis.sample_rate"; + public static final String API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE = + "api-security.downstream.request.body.analysis.sample_rate"; public static final String API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS = "api-security.max.downstream.request.body.analysis"; diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index d8410864868..47dd855b00b 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -7,7 +7,7 @@ import static datadog.trace.api.ConfigDefaults.DEFAULT_AGENT_TIMEOUT; import static datadog.trace.api.ConfigDefaults.DEFAULT_AGENT_WRITER_TYPE; import static datadog.trace.api.ConfigDefaults.DEFAULT_ANALYTICS_SAMPLE_RATE; -import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE; +import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE; import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENABLED; import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_ENABLED; import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT; @@ -199,6 +199,7 @@ import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_MAX_MESSAGES_LENGTH; import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_TIMEOUT; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE; +import static datadog.trace.api.config.AppSecConfig.API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED_EXPERIMENTAL; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENDPOINT_COLLECTION_ENABLED; @@ -973,7 +974,7 @@ public static String getHostName() { private final boolean apiSecurityEndpointCollectionEnabled; private final int apiSecurityEndpointCollectionMessageLimit; private final int apiSecurityMaxDownstreamRequestBodyAnalysis; - private final double apiSecurityDownstreamRequestAnalysisSampleRate; + private final double apiSecurityDownstreamRequestBodyAnalysisSampleRate; private final IastDetectionMode iastDetectionMode; private final int iastMaxConcurrentRequests; @@ -2146,10 +2147,11 @@ PROFILING_DATADOG_PROFILER_ENABLED, isDatadogProfilerSafeInCurrentEnvironment()) configProvider.getInteger( API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS, DEFAULT_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS); - apiSecurityDownstreamRequestAnalysisSampleRate = + apiSecurityDownstreamRequestBodyAnalysisSampleRate = configProvider.getDouble( - API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE, - DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE); + API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, + DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, + API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE); iastDebugEnabled = configProvider.getBoolean(IAST_DEBUG_ENABLED, DEFAULT_IAST_DEBUG_ENABLED); @@ -3670,8 +3672,8 @@ public int getApiSecurityMaxDownstreamRequestBodyAnalysis() { return apiSecurityMaxDownstreamRequestBodyAnalysis; } - public double getApiSecurityDownstreamRequestAnalysisSampleRate() { - return apiSecurityDownstreamRequestAnalysisSampleRate; + public double getApiSecurityDownstreamRequestBodyAnalysisSampleRate() { + return apiSecurityDownstreamRequestBodyAnalysisSampleRate; } public boolean isApiSecurityEndpointCollectionEnabled() { diff --git a/metadata/supported-configurations.json b/metadata/supported-configurations.json index 634ab20cf98..c52e1470ac9 100644 --- a/metadata/supported-configurations.json +++ b/metadata/supported-configurations.json @@ -17,6 +17,7 @@ "DD_API_KEY": ["A"], "DD_API_KEY_FILE": ["A"], "DD_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE": ["A"], + "DD_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE": ["A"], "DD_API_SECURITY_ENABLED": ["A"], "DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED": ["A"], "DD_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT": ["A"], diff --git a/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java b/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java index 0f25c548f5b..ef7a29b4072 100644 --- a/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java +++ b/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java @@ -248,6 +248,10 @@ public double getDouble(String key, double defaultValue) { return get(key, defaultValue, Double.class); } + public double getDouble(String key, double defaultValue, String... aliases) { + return get(key, defaultValue, Double.class, aliases); + } + private T get(String key, T defaultValue, Class type, String... aliases) { if (collectConfig) { reportDefault(key, defaultValue);