From 89b7f0bbd386df36388fadffa076c9560a58086e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20=C3=81lvarez=20=C3=81lvarez?= Date: Fri, 17 Oct 2025 12:17:43 +0200 Subject: [PATCH 1/4] Rename request body sample rate config variable --- .../ApiSecurityDownstreamSamplerImpl.java | 2 +- .../appsec/AbstractAppSecServerSmokeTest.groovy | 2 +- .../java/datadog/trace/api/ConfigDefaults.java | 2 +- .../datadog/trace/api/config/AppSecConfig.java | 4 ++-- .../src/main/java/datadog/trace/api/Config.java | 16 ++++++++-------- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java index 7ac6211a854..d6666ef8db1 100644 --- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java +++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityDownstreamSamplerImpl.java @@ -11,7 +11,7 @@ public class ApiSecurityDownstreamSamplerImpl implements ApiSecurityDownstreamSa private final double threshold; public ApiSecurityDownstreamSamplerImpl() { - this(Config.get().getApiSecurityDownstreamRequestAnalysisSampleRate()); + this(Config.get().getApiSecurityDownstreamRequestBodyAnalysisSampleRate()); } public ApiSecurityDownstreamSamplerImpl(final double rate) { diff --git a/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy b/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy index 76ca71b1289..4f5ea32984d 100644 --- a/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy +++ b/dd-smoke-tests/appsec/src/main/groovy/datadog/smoketest/appsec/AbstractAppSecServerSmokeTest.groovy @@ -55,7 +55,7 @@ abstract class AbstractAppSecServerSmokeTest extends AbstractServerSmokeTest { // disable AppSec rate limit "-Ddd.appsec.trace.rate.limit=-1", // disable http client sampling - "-Ddd.api-security.downstream.request.analysis.sample_rate=1" + "-Ddd.api-security.downstream.request.body.analysis.sample_rate=1" ] + (System.getProperty('smoke_test.appsec.enabled') == 'inactive' ? // enable remote config so that appsec is partially enabled (rc is now enabled by default) [ diff --git a/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java b/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java index 91151166b62..49251171ebb 100644 --- a/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java +++ b/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java @@ -120,7 +120,7 @@ public final class ConfigDefaults { static final float DEFAULT_API_SECURITY_SAMPLE_DELAY = 30.0f; static final boolean DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_ENABLED = true; static final int DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT = 300; - static final double DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE = 0.5D; + static final double DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE = 0.5D; static final int DEFAULT_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS = 1; static final boolean DEFAULT_APPSEC_RASP_ENABLED = true; static final boolean DEFAULT_APPSEC_STACK_TRACE_ENABLED = true; diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java index e495117861a..bb3bc315fc4 100644 --- a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java +++ b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java @@ -32,8 +32,8 @@ public final class AppSecConfig { "api-security.endpoint.collection.enabled"; public static final String API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT = "api-security.endpoint.collection.message.limit"; - public static final String API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE = - "api-security.downstream.request.analysis.sample_rate"; + public static final String API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE = + "api-security.downstream.request.body.analysis.sample_rate"; public static final String API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS = "api-security.max.downstream.request.body.analysis"; diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index d8410864868..de05194c5c3 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -7,7 +7,7 @@ import static datadog.trace.api.ConfigDefaults.DEFAULT_AGENT_TIMEOUT; import static datadog.trace.api.ConfigDefaults.DEFAULT_AGENT_WRITER_TYPE; import static datadog.trace.api.ConfigDefaults.DEFAULT_ANALYTICS_SAMPLE_RATE; -import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE; +import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE; import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENABLED; import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_ENABLED; import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT; @@ -198,7 +198,7 @@ import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_MAX_CONTENT_SIZE; import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_MAX_MESSAGES_LENGTH; import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_TIMEOUT; -import static datadog.trace.api.config.AppSecConfig.API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE; +import static datadog.trace.api.config.AppSecConfig.API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED_EXPERIMENTAL; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENDPOINT_COLLECTION_ENABLED; @@ -973,7 +973,7 @@ public static String getHostName() { private final boolean apiSecurityEndpointCollectionEnabled; private final int apiSecurityEndpointCollectionMessageLimit; private final int apiSecurityMaxDownstreamRequestBodyAnalysis; - private final double apiSecurityDownstreamRequestAnalysisSampleRate; + private final double apiSecurityDownstreamRequestBodyAnalysisSampleRate; private final IastDetectionMode iastDetectionMode; private final int iastMaxConcurrentRequests; @@ -2146,10 +2146,10 @@ PROFILING_DATADOG_PROFILER_ENABLED, isDatadogProfilerSafeInCurrentEnvironment()) configProvider.getInteger( API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS, DEFAULT_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS); - apiSecurityDownstreamRequestAnalysisSampleRate = + apiSecurityDownstreamRequestBodyAnalysisSampleRate = configProvider.getDouble( - API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE, - DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE); + API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, + DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE); iastDebugEnabled = configProvider.getBoolean(IAST_DEBUG_ENABLED, DEFAULT_IAST_DEBUG_ENABLED); @@ -3670,8 +3670,8 @@ public int getApiSecurityMaxDownstreamRequestBodyAnalysis() { return apiSecurityMaxDownstreamRequestBodyAnalysis; } - public double getApiSecurityDownstreamRequestAnalysisSampleRate() { - return apiSecurityDownstreamRequestAnalysisSampleRate; + public double getApiSecurityDownstreamRequestBodyAnalysisSampleRate() { + return apiSecurityDownstreamRequestBodyAnalysisSampleRate; } public boolean isApiSecurityEndpointCollectionEnabled() { From ba2d2ab1ec278db4a8c8a521382ced515f9b51e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20=C3=81lvarez=20=C3=81lvarez?= Date: Fri, 17 Oct 2025 15:27:33 +0200 Subject: [PATCH 2/4] Maintain old variable for a bit --- .../src/main/java/datadog/trace/api/config/AppSecConfig.java | 2 ++ internal-api/src/main/java/datadog/trace/api/Config.java | 3 ++- .../trace/bootstrap/config/provider/ConfigProvider.java | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java index bb3bc315fc4..9be72750ac7 100644 --- a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java +++ b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java @@ -32,6 +32,8 @@ public final class AppSecConfig { "api-security.endpoint.collection.enabled"; public static final String API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT = "api-security.endpoint.collection.message.limit"; + public static final String API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE = + "api-security.downstream.request.analysis.sample_rate"; public static final String API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE = "api-security.downstream.request.body.analysis.sample_rate"; public static final String API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS = diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index de05194c5c3..ce7bc3ef870 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -2149,7 +2149,8 @@ PROFILING_DATADOG_PROFILER_ENABLED, isDatadogProfilerSafeInCurrentEnvironment()) apiSecurityDownstreamRequestBodyAnalysisSampleRate = configProvider.getDouble( API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, - DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE); + DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, + API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE); iastDebugEnabled = configProvider.getBoolean(IAST_DEBUG_ENABLED, DEFAULT_IAST_DEBUG_ENABLED); diff --git a/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java b/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java index 0f25c548f5b..ef7a29b4072 100644 --- a/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java +++ b/utils/config-utils/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java @@ -248,6 +248,10 @@ public double getDouble(String key, double defaultValue) { return get(key, defaultValue, Double.class); } + public double getDouble(String key, double defaultValue, String... aliases) { + return get(key, defaultValue, Double.class, aliases); + } + private T get(String key, T defaultValue, Class type, String... aliases) { if (collectConfig) { reportDefault(key, defaultValue); From 6c295b06dbdf3a406a68293d6c17faa79972ae8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20=C3=81lvarez=20=C3=81lvarez?= Date: Fri, 31 Oct 2025 09:49:17 +0100 Subject: [PATCH 3/4] Add variable to supported configurations --- metadata/supported-configurations.json | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/supported-configurations.json b/metadata/supported-configurations.json index 634ab20cf98..c52e1470ac9 100644 --- a/metadata/supported-configurations.json +++ b/metadata/supported-configurations.json @@ -17,6 +17,7 @@ "DD_API_KEY": ["A"], "DD_API_KEY_FILE": ["A"], "DD_API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE": ["A"], + "DD_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE": ["A"], "DD_API_SECURITY_ENABLED": ["A"], "DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED": ["A"], "DD_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT": ["A"], From a38383e40dbab61e87be793d09e8d1b5775943e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20=C3=81lvarez=20=C3=81lvarez?= Date: Mon, 3 Nov 2025 01:54:58 +0100 Subject: [PATCH 4/4] Fix alias --- internal-api/src/main/java/datadog/trace/api/Config.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index ce7bc3ef870..47dd855b00b 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -198,6 +198,7 @@ import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_MAX_CONTENT_SIZE; import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_MAX_MESSAGES_LENGTH; import static datadog.trace.api.config.AIGuardConfig.DEFAULT_AI_GUARD_TIMEOUT; +import static datadog.trace.api.config.AppSecConfig.API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED; import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED_EXPERIMENTAL; @@ -2150,7 +2151,7 @@ PROFILING_DATADOG_PROFILER_ENABLED, isDatadogProfilerSafeInCurrentEnvironment()) configProvider.getDouble( API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, DEFAULT_API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE, - API_SECURITY_DOWNSTREAM_REQUEST_BODY_ANALYSIS_SAMPLE_RATE); + API_SECURITY_DOWNSTREAM_REQUEST_ANALYSIS_SAMPLE_RATE); iastDebugEnabled = configProvider.getBoolean(IAST_DEBUG_ENABLED, DEFAULT_IAST_DEBUG_ENABLED);