diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c index 8945ba0cfc..0248a72b69 100644 --- a/appsec/src/extension/commands/client_init.c +++ b/appsec/src/extension/commands/client_init.c @@ -169,7 +169,7 @@ static dd_result _pack_command( double se_sample_rate = get_global_DD_API_SECURITY_REQUEST_SAMPLE_RATE(); if (se_sample_rate >= MIN_SE_SAMPLE_RATE) { - mpack_write_bool(w, true); + mpack_write_bool(w, get_global_DD_EXPERIMENTAL_API_SECURITY_ENABLED()); dd_mpack_write_lstr(w, "sample_rate"); mpack_write(w, se_sample_rate); diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h index d349fdbb92..11a165f783 100644 --- a/appsec/src/extension/configuration.h +++ b/appsec/src/extension/configuration.h @@ -62,6 +62,7 @@ extern bool runtime_config_first_init; CONFIG(CUSTOM(STRING), DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING, "safe", .parser = dd_parse_automated_user_events_tracking) \ CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "") \ CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "") \ + CONFIG(BOOL, DD_EXPERIMENTAL_API_SECURITY_ENABLED, "false") \ CONFIG(DOUBLE, DD_API_SECURITY_REQUEST_SAMPLE_RATE, "0.1") // clang-format on diff --git a/appsec/tests/extension/inc/mock_helper.php b/appsec/tests/extension/inc/mock_helper.php index 888fb521da..344bf7e215 100644 --- a/appsec/tests/extension/inc/mock_helper.php +++ b/appsec/tests/extension/inc/mock_helper.php @@ -139,6 +139,17 @@ function get_commands() { } } + function get_command($command) { + $commands = $this->get_commands(); + foreach($commands as $c) { + if ($c[0] == $command) { + return $c; + } + } + + return []; + } + function print_commands($sort = true) { $commands = $this->get_commands(); if (!is_array($commands)) { diff --git a/appsec/tests/extension/rinit_rshutdown_basic.phpt b/appsec/tests/extension/rinit_rshutdown_basic.phpt index 0ed364bbec..c7956b98e2 100644 Binary files a/appsec/tests/extension/rinit_rshutdown_basic.phpt and b/appsec/tests/extension/rinit_rshutdown_basic.phpt differ diff --git a/appsec/tests/extension/schema_extraction_01.phpt b/appsec/tests/extension/schema_extraction_01.phpt new file mode 100644 index 0000000000..8cbea1239b --- /dev/null +++ b/appsec/tests/extension/schema_extraction_01.phpt @@ -0,0 +1,28 @@ +--TEST-- +Default schema extraction configurations +--FILE-- +get_command('client_init'); + +var_dump($clientInit[1][5]['schema_extraction']); +?> +--EXPECTF-- +bool(true) +bool(true) +array(2) { + ["enabled"]=> + bool(false) + ["sample_rate"]=> + float(0.1) +} diff --git a/appsec/tests/extension/schema_extraction_02.phpt b/appsec/tests/extension/schema_extraction_02.phpt new file mode 100644 index 0000000000..273a5eba7f --- /dev/null +++ b/appsec/tests/extension/schema_extraction_02.phpt @@ -0,0 +1,31 @@ +--TEST-- +Schema extraction configured +--ENV-- +DD_EXPERIMENTAL_API_SECURITY_ENABLED=true +DD_API_SECURITY_REQUEST_SAMPLE_RATE=0.5 +--FILE-- +get_command('client_init'); + +var_dump($clientInit[1][5]['schema_extraction']); +?> +--EXPECTF-- +bool(true) +bool(true) +array(2) { + ["enabled"]=> + bool(true) + ["sample_rate"]=> + float(0.5) +} diff --git a/appsec/tests/extension/schema_extraction_03.phpt b/appsec/tests/extension/schema_extraction_03.phpt new file mode 100644 index 0000000000..b8b49bd78d --- /dev/null +++ b/appsec/tests/extension/schema_extraction_03.phpt @@ -0,0 +1,31 @@ +--TEST-- +Schema extraction is disabled when sample rate is 0 +--ENV-- +DD_EXPERIMENTAL_API_SECURITY_ENABLED=true +DD_API_SECURITY_REQUEST_SAMPLE_RATE=0 +--FILE-- +get_command('client_init'); + +var_dump($clientInit[1][5]['schema_extraction']); +?> +--EXPECTF-- +bool(true) +bool(true) +array(2) { + ["enabled"]=> + bool(false) + ["sample_rate"]=> + float(0) +}