wip

smola · smola · commit 4af764e337a0 · 2025-03-26T15:58:11.000+01:00
diff --git a/dd-java-agent/appsec/build.gradle b/dd-java-agent/appsec/build.gradle
@@ -82,7 +82,7 @@ ext {
     'com.datadog.appsec.config.AppSecFeatures.ApiSecurity',
     'com.datadog.appsec.config.AppSecFeatures.AutoUserInstrum',
     'com.datadog.appsec.event.ReplaceableEventProducerService',
-    'com.datadog.appsec.api.security.ApiSecurityRequestSampler.NoOp',
+    'com.datadog.appsec.api.security.ApiSecuritySampler.NoOp',
   ]
   excludedClassesBranchCoverage = [
     'com.datadog.appsec.gateway.GatewayBridge',
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java
@@ -1,6 +1,7 @@
 package com.datadog.appsec;
 
-import com.datadog.appsec.api.security.ApiSecurityRequestSampler;
+import com.datadog.appsec.api.security.ApiSecuritySampler;
+import com.datadog.appsec.api.security.ApiSecuritySamplerImpl;
 import com.datadog.appsec.api.security.AppSecSpanPostProcessor;
 import com.datadog.appsec.blocking.BlockingServiceImpl;
 import com.datadog.appsec.config.AppSecConfigService;
@@ -68,13 +69,14 @@ private static void doStart(SubscriptionService gw, SharedCommunicationObjects s
     EventDispatcher eventDispatcher = new EventDispatcher();
     REPLACEABLE_EVENT_PRODUCER.replaceEventProducerService(eventDispatcher);
 
-    ApiSecurityRequestSampler requestSampler;
+    ApiSecuritySampler requestSampler;
     if (Config.get().isApiSecurityEnabled()) {
-      requestSampler = new ApiSecurityRequestSampler();
+      // TODO: Address support for 1-click enablement
+      requestSampler = new ApiSecuritySamplerImpl();
       SpanPostProcessor.Holder.INSTANCE =
           new AppSecSpanPostProcessor(requestSampler, REPLACEABLE_EVENT_PRODUCER);
     } else {
-      requestSampler = new ApiSecurityRequestSampler.NoOp();
+      requestSampler = new ApiSecuritySampler.NoOp();
     }
 
     ConfigurationPoller configurationPoller = sco.configurationPoller(config);
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecuritySampler.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecuritySampler.java
@@ -0,0 +1,35 @@
+package com.datadog.appsec.api.security;
+
+import com.datadog.appsec.gateway.AppSecRequestContext;
+import javax.annotation.Nonnull;
+
+public interface ApiSecuritySampler {
+  /**
+   * Prepare a request context for later sampling decision. This method should be called at request
+   * end, and is thread-safe. If a request can potentially be sampled, this method will return true.
+   * If this method returns true, the caller MUST call {@link #releaseOne()} once the context is not
+   * needed anymore.
+   */
+  boolean preSampleRequest(final @Nonnull AppSecRequestContext ctx);
+
+  /** Get the final sampling decision. This method is NOT required to be thread-safe. */
+  boolean sampleRequest(AppSecRequestContext ctx);
+
+  /** Release one permit for the sampler. This must be called after processing a span. */
+  void releaseOne();
+
+  final class NoOp implements ApiSecuritySampler {
+    @Override
+    public boolean preSampleRequest(@Nonnull AppSecRequestContext ctx) {
+      return false;
+    }
+
+    @Override
+    public boolean sampleRequest(AppSecRequestContext ctx) {
+      return false;
+    }
+
+    @Override
+    public void releaseOne() {}
+  }
+}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecuritySamplerImpl.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecuritySamplerImpl.java
@@ -12,9 +12,9 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-public class ApiSecurityRequestSampler {
+public class ApiSecuritySamplerImpl implements ApiSecuritySampler {
 
-  private static final Logger log = LoggerFactory.getLogger(ApiSecurityRequestSampler.class);
+  private static final Logger log = LoggerFactory.getLogger(ApiSecuritySamplerImpl.class);
 
   /**
    * A maximum number of request contexts we'll keep open past the end of request at any given time.
@@ -34,14 +34,14 @@ public class ApiSecurityRequestSampler {
   private final TimeSource timeSource;
   private final Semaphore counter = new Semaphore(MAX_POST_PROCESSING_TASKS);
 
-  public ApiSecurityRequestSampler() {
+  public ApiSecuritySamplerImpl() {
     this(
         MAX_SIZE,
         (long) (Config.get().getApiSecuritySampleDelay() * 1_000),
         SystemTimeSource.INSTANCE);
   }
 
-  public ApiSecurityRequestSampler(
+  public ApiSecuritySamplerImpl(
       int capacity, long expirationTimeInMs, @Nonnull TimeSource timeSource) {
     this.capacity = capacity;
     this.expirationTimeInMs = expirationTimeInMs;
@@ -50,12 +50,7 @@ public ApiSecurityRequestSampler(
     this.timeSource = timeSource;
   }
 
-  /**
-   * Prepare a request context for later sampling decision. This method should be called at request
-   * end, and is thread-safe. If a request can potentially be sampled, this method will return true.
-   * If this method returns true, the caller MUST call {@link #releaseOne()} once the context is not
-   * needed anymore.
-   */
+  @Override
   public boolean preSampleRequest(final @Nonnull AppSecRequestContext ctx) {
     final String route = ctx.getRoute();
     if (route == null) {
@@ -87,6 +82,7 @@ public boolean preSampleRequest(final @Nonnull AppSecRequestContext ctx) {
   }
 
   /** Get the final sampling decision. This method is NOT thread-safe. */
+  @Override
   public boolean sampleRequest(AppSecRequestContext ctx) {
     if (ctx == null) {
       return false;
@@ -99,7 +95,7 @@ public boolean sampleRequest(AppSecRequestContext ctx) {
     return updateApiAccessIfExpired(hash);
   }
 
-  /** Release one permit for the sampler. This must be called after processing a span. */
+  @Override
   public void releaseOne() {
     counter.release();
   }
@@ -173,20 +169,4 @@ private long computeApiHash(final String route, final String method, final int s
     result = 31 * result + statusCode;
     return result;
   }
-
-  public static final class NoOp extends ApiSecurityRequestSampler {
-    public NoOp() {
-      super(0, 0, SystemTimeSource.INSTANCE);
-    }
-
-    @Override
-    public boolean preSampleRequest(@Nonnull AppSecRequestContext ctx) {
-      return false;
-    }
-
-    @Override
-    public boolean sampleRequest(AppSecRequestContext ctx) {
-      return false;
-    }
-  }
 }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/AppSecSpanPostProcessor.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/AppSecSpanPostProcessor.java
@@ -21,11 +21,10 @@
 public class AppSecSpanPostProcessor implements SpanPostProcessor {
 
   private static final Logger log = LoggerFactory.getLogger(AppSecSpanPostProcessor.class);
-  private final ApiSecurityRequestSampler sampler;
+  private final ApiSecuritySampler sampler;
   private final EventProducerService producerService;
 
-  public AppSecSpanPostProcessor(
-      ApiSecurityRequestSampler sampler, EventProducerService producerService) {
+  public AppSecSpanPostProcessor(ApiSecuritySampler sampler, EventProducerService producerService) {
     this.sampler = sampler;
     this.producerService = producerService;
   }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
@@ -7,7 +7,7 @@
 import static com.datadog.appsec.gateway.AppSecRequestContext.RESPONSE_HEADERS_ALLOW_LIST;
 
 import com.datadog.appsec.AppSecSystem;
-import com.datadog.appsec.api.security.ApiSecurityRequestSampler;
+import com.datadog.appsec.api.security.ApiSecuritySampler;
 import com.datadog.appsec.config.TraceSegmentPostProcessor;
 import com.datadog.appsec.event.EventProducerService;
 import com.datadog.appsec.event.EventProducerService.DataSubscriberInfo;
@@ -83,7 +83,7 @@ public class GatewayBridge {
 
   private final SubscriptionService subscriptionService;
   private final EventProducerService producerService;
-  private final ApiSecurityRequestSampler requestSampler;
+  private final ApiSecuritySampler requestSampler;
   private final List<TraceSegmentPostProcessor> traceSegmentPostProcessors;
 
   // subscriber cache
@@ -109,7 +109,7 @@ public class GatewayBridge {
   public GatewayBridge(
       SubscriptionService subscriptionService,
       EventProducerService producerService,
-      ApiSecurityRequestSampler requestSampler,
+      ApiSecuritySampler requestSampler,
       List<TraceSegmentPostProcessor> traceSegmentPostProcessors) {
     this.subscriptionService = subscriptionService;
     this.producerService = producerService;
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/ApiSecuritySamplerTest.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/ApiSecuritySamplerTest.groovy
@@ -4,12 +4,12 @@ import com.datadog.appsec.gateway.AppSecRequestContext
 import datadog.trace.api.time.ControllableTimeSource
 import datadog.trace.test.util.DDSpecification
 
-class ApiSecurityRequestSamplerTest extends DDSpecification {
+class ApiSecuritySamplerTest extends DDSpecification {
 
   void 'happy path with single request'() {
     given:
-    def ctx = createContext('route1', 'GET', 200)
-    def sampler = new ApiSecurityRequestSampler()
+    final ctx = createContext('route1', 'GET', 200)
+    final sampler = new ApiSecuritySamplerImpl()
 
     when:
     final preSampled = sampler.preSampleRequest(ctx)
@@ -29,7 +29,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
     given:
     AppSecRequestContext ctx1 = createContext('route1', 'GET', 200)
     AppSecRequestContext ctx2 = createContext('route1', 'GET', 200)
-    def sampler = new ApiSecurityRequestSampler()
+    final sampler = new ApiSecuritySamplerImpl()
 
     when:
     final preSampled1 = sampler.preSampleRequest(ctx1)
@@ -52,7 +52,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
     given:
     final ctx1 = Spy(createContext('route2', 'GET', 200))
     final ctx2 = Spy(createContext('route3', 'GET', 200))
-    final sampler = new ApiSecurityRequestSampler()
+    final sampler = new ApiSecuritySamplerImpl()
     assert sampler.MAX_POST_PROCESSING_TASKS > 0
 
     when: 'exhaust the maximum number of concurrent contexts'
@@ -82,7 +82,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
   void 'preSampleRequest with null route'() {
     given:
     def ctx = createContext(null, 'GET', 200)
-    def sampler = new ApiSecurityRequestSampler()
+    def sampler = new ApiSecuritySamplerImpl()
 
     when:
     def preSampled = sampler.preSampleRequest(ctx)
@@ -94,7 +94,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
   void 'preSampleRequest with null method'() {
     given:
     def ctx = createContext('route1', null, 200)
-    def sampler = new ApiSecurityRequestSampler()
+    def sampler = new ApiSecuritySamplerImpl()
 
     when:
     def preSampled = sampler.preSampleRequest(ctx)
@@ -106,7 +106,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
   void 'preSampleRequest with 0 status code'() {
     given:
     def ctx = createContext('route1', 'GET', 0)
-    def sampler = new ApiSecurityRequestSampler()
+    def sampler = new ApiSecuritySamplerImpl()
 
     when:
     def preSampled = sampler.preSampleRequest(ctx)
@@ -117,7 +117,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
 
   void 'sampleRequest with null context throws'() {
     given:
-    def sampler = new ApiSecurityRequestSampler()
+    def sampler = new ApiSecuritySamplerImpl()
 
     when:
     sampler.preSampleRequest(null)
@@ -128,7 +128,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
 
   void 'sampleRequest without prior preSampleRequest never works'() {
     given:
-    def sampler = new ApiSecurityRequestSampler()
+    def sampler = new ApiSecuritySamplerImpl()
     def ctx = createContext('route1', 'GET', 200)
 
     when:
@@ -147,7 +147,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
     timeSource.set(0)
     final long expirationTimeInMs = 10L
     final long expirationTimeInNs = expirationTimeInMs * 1_000_000
-    def sampler = new ApiSecurityRequestSampler(10, expirationTimeInMs, timeSource)
+    def sampler = new ApiSecuritySamplerImpl(10, expirationTimeInMs, timeSource)
 
     when:
     def sampled = sampler.sampleRequest(ctx)
@@ -175,7 +175,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
     timeSource.set(0)
     final long expirationTimeInMs = 10_000
     final int maxCapacity = 10
-    ApiSecurityRequestSampler sampler = new ApiSecurityRequestSampler(10, expirationTimeInMs, timeSource)
+    ApiSecuritySamplerImpl sampler = new ApiSecuritySamplerImpl(10, expirationTimeInMs, timeSource)
 
     expect:
     for (int i = 0; i < maxCapacity * 10; i++) {
@@ -194,7 +194,7 @@ class ApiSecurityRequestSamplerTest extends DDSpecification {
     timeSource.set(0)
     final long expirationTimeInMs = 10_000
     final int maxCapacity = 10
-    ApiSecurityRequestSampler sampler = new ApiSecurityRequestSampler(10, expirationTimeInMs, timeSource)
+    ApiSecuritySamplerImpl sampler = new ApiSecuritySamplerImpl(10, expirationTimeInMs, timeSource)
 
     expect:
     for (int i = 0; i < maxCapacity * 10; i++) {
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/AppSecSpanPostProcessorTest.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/AppSecSpanPostProcessorTest.groovy
@@ -13,7 +13,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'schema extracted on happy path'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def subInfo = Mock(EventProducerService.DataSubscriberInfo)
     def span = Mock(AgentSpan)
@@ -44,7 +44,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'no schema extracted if sampling is false'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def span = Mock(AgentSpan)
     def reqCtx = Mock(RequestContext)
@@ -68,7 +68,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'permit is released even if request context close throws'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def span = Mock(AgentSpan)
     def reqCtx = Mock(RequestContext)
@@ -95,7 +95,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'context is cleaned up on timeout'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def span = Mock(AgentSpan)
     def reqCtx = Mock(RequestContext)
@@ -118,7 +118,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'process null request context does nothing'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def span = Mock(AgentSpan)
     def processor = new AppSecSpanPostProcessor(sampler, producer)
@@ -134,7 +134,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'process null appsec request context does nothing'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def span = Mock(AgentSpan)
     def reqCtx = Mock(RequestContext)
@@ -152,7 +152,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'process already closed context does nothing'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def span = Mock(AgentSpan)
     def reqCtx = Mock(RequestContext)
@@ -172,7 +172,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'process throws on null span'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def processor = new AppSecSpanPostProcessor(sampler, producer)
 
@@ -186,7 +186,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'empty event subscription does not break the process'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def subInfo = Mock(EventProducerService.DataSubscriberInfo)
     def span = Mock(AgentSpan)
@@ -215,7 +215,7 @@ class AppSecSpanPostProcessorTest extends DDSpecification {
 
   void 'expired event subscription does not break the process'() {
     given:
-    def sampler = Mock(ApiSecurityRequestSampler)
+    def sampler = Mock(ApiSecuritySamplerImpl)
     def producer = Mock(EventProducerService)
     def subInfo = Mock(EventProducerService.DataSubscriberInfo)
     def span = Mock(AgentSpan)
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ ext {`
`82`	`82`	`'com.datadog.appsec.config.AppSecFeatures.ApiSecurity',`
`83`	`83`	`'com.datadog.appsec.config.AppSecFeatures.AutoUserInstrum',`
`84`	`84`	`'com.datadog.appsec.event.ReplaceableEventProducerService',`
`85`		`- 'com.datadog.appsec.api.security.ApiSecurityRequestSampler.NoOp',`
	`85`	`+ 'com.datadog.appsec.api.security.ApiSecuritySampler.NoOp',`
`86`	`86`	`]`
`87`	`87`	`excludedClassesBranchCoverage = [`
`88`	`88`	`'com.datadog.appsec.gateway.GatewayBridge',`