Skip to content

Commit

Permalink
Ensure instrumenter is only active if appsec is not explicitly disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@manuel-alvarez-alvarez
manuel-alvarez-alvarez committed Aug 16, 2024
1 parent fd2148d commit 9dc7948
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
3 changes: 2 additions & 1 deletion ...ter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@ public ElementMatcher<TypeDescription> callerType() {

@Override
public boolean isApplicable(final Set<TargetSystem> enabledSystems) {
return enabledSystems.contains(TargetSystem.IAST) || Config.get().isAppSecRaspEnabled();
return enabledSystems.contains(TargetSystem.IAST)
|| (enabledSystems.contains(TargetSystem.APPSEC) && Config.get().isAppSecRaspEnabled());
}

@Override
Expand Down
14 changes: 9 additions & 5 deletions ...va-agent/instrumentation/iast-instrumenter/src/test/groovy/IastInstrumentationTest.groovy
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import datadog.trace.agent.test.AgentTestRunner
import datadog.trace.agent.tooling.InstrumenterModule
import datadog.trace.api.config.AppSecConfig
import datadog.trace.api.config.IastConfig
import datadog.trace.instrumentation.iastinstrumenter.IastHardcodedSecretListener
import datadog.trace.instrumentation.iastinstrumenter.IastInstrumentation
Expand All @@ -9,6 +10,7 @@ class IastInstrumentationTest extends AgentTestRunner {

void 'test Iast Instrumentation enablement'() {
given:
injectSysConfig(AppSecConfig.APPSEC_RASP_ENABLED, Boolean.toString(rasp))
final instrumentation = new IastInstrumentation()

when:
Expand All @@ -20,11 +22,13 @@ class IastInstrumentationTest extends AgentTestRunner {
applicable == expected

where:
enabledSystems | expected
[] | false
[InstrumenterModule.TargetSystem.APPSEC] | false
[InstrumenterModule.TargetSystem.IAST] | true
[InstrumenterModule.TargetSystem.IAST, InstrumenterModule.TargetSystem.APPSEC] | true
enabledSystems | rasp | expected
[] | false | false
[InstrumenterModule.TargetSystem.APPSEC] | false | false
[InstrumenterModule.TargetSystem.IAST] | false | true
[InstrumenterModule.TargetSystem.APPSEC] | true | true
[InstrumenterModule.TargetSystem.IAST, InstrumenterModule.TargetSystem.APPSEC] | false | true
[InstrumenterModule.TargetSystem.IAST, InstrumenterModule.TargetSystem.APPSEC] | true | true
}

void 'test Iast Instrumentation type matching'() {
Expand Down

0 comments on commit 9dc7948

Please sign in to comment.