From 97aca8bf851dfda4a96eedeae406bb4241731ac8 Mon Sep 17 00:00:00 2001
From: Anil Mahtani <929854+Anilm3@users.noreply.github.com>
Date: Tue, 5 Dec 2023 09:27:40 +0000
Subject: [PATCH] Remove experimental API security config variable

---
 appsec/src/extension/commands/client_init.c     | 17 ++++++++++++++---
 appsec/src/extension/configuration.h            |  1 -
 .../extension/api_security_env_variables.phpt   |  3 ---
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c
index 35d856a6bab..8945ba0cfca 100644
--- a/appsec/src/extension/commands/client_init.c
+++ b/appsec/src/extension/commands/client_init.c
@@ -164,10 +164,21 @@ static dd_result _pack_command(
     mpack_start_map(w, 2);
 
     dd_mpack_write_lstr(w, "enabled");
-    mpack_write_bool(w, get_global_DD_EXPERIMENTAL_API_SECURITY_ENABLED());
 
-    dd_mpack_write_lstr(w, "sample_rate");
-    mpack_write(w, get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE());
+#define MIN_SE_SAMPLE_RATE 0.0001
+
+    double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE();
+    if (se_sample_rate >= MIN_SE_SAMPLE_RATE) {
+        mpack_write_bool(w, true);
+
+        dd_mpack_write_lstr(w, "sample_rate");
+        mpack_write(w, se_sample_rate);
+    } else {
+        mpack_write_bool(w, false);
+
+        dd_mpack_write_lstr(w, "sample_rate");
+        mpack_write(w, 0.0);
+    }
 
     mpack_finish_map(w);
 
diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h
index 11a165f783f..d349fdbb92f 100644
--- a/appsec/src/extension/configuration.h
+++ b/appsec/src/extension/configuration.h
@@ -62,7 +62,6 @@ extern bool runtime_config_first_init;
     CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking)       \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "")                                                                          \
     CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "")                                                                          \
-    CONFIG(BOOL, DD_EXPERIMENTAL_API_SECURITY_ENABLED, "false")                                                                       \
     CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1")
 // clang-format on
 
diff --git a/appsec/tests/extension/api_security_env_variables.phpt b/appsec/tests/extension/api_security_env_variables.phpt
index 8cfffe0b702..f387cb6be58 100644
--- a/appsec/tests/extension/api_security_env_variables.phpt
+++ b/appsec/tests/extension/api_security_env_variables.phpt
@@ -1,13 +1,10 @@
 --TEST--
 Set and test API security ini settings
 --ENV--
-DD_EXPERIMENTAL_API_SECURITY_ENABLED=1
 DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.8
 --FILE--
 <?php
-var_dump(ini_get("datadog.experimental_api_security_enabled"));
 var_dump(ini_get("datadog.api_security_request_sample_rate"));
 ?>
 --EXPECTF--
-string(1) "1"
 string(3) "0.8"