Merge pull request #4931 from DataDog/appsec-enable-endpoint-collection-by-default

y9v · web-flow · commit a42da25a9331 · 2025-10-08T16:32:24.000+02:00
Enable Endpoint Collection feature by default
diff --git a/lib/datadog/appsec/configuration/settings.rb b/lib/datadog/appsec/configuration/settings.rb
@@ -357,7 +357,7 @@ def self.add_settings!(base)
                   option :enabled do |o|
                     o.type :bool, nilable: true
                     o.env 'DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED'
-                    o.default false
+                    o.default true
                   end
                 end
 
diff --git a/lib/datadog/appsec/contrib/rails/patcher.rb b/lib/datadog/appsec/contrib/rails/patcher.rb
@@ -152,11 +152,13 @@ def report_routes_via_telemetry(routes)
 
             return unless Datadog.configuration.appsec.api_security.endpoint_collection.enabled
 
-            GUARD_ROUTES_REPORTING_ONCE_PER_APP[self].run do
+            GUARD_ROUTES_REPORTING_ONCE_PER_APP[::Rails.application].run do
               AppSec.telemetry.app_endpoints_loaded(
                 APISecurity::EndpointCollection::RailsRoutesSerializer.new(routes).to_enum
               )
             end
+          rescue => e
+            AppSec.telemetry.report(e, description: 'failed to report application endpoints')
           end
 
           def setup_security
diff --git a/spec/datadog/appsec/configuration/settings_spec.rb b/spec/datadog/appsec/configuration/settings_spec.rb
@@ -1023,7 +1023,7 @@ def patcher
               ClimateControl.modify('DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED' => nil) { example.run }
             end
 
-            it { expect(settings.appsec.api_security.endpoint_collection.enabled).to eq(false) }
+            it { expect(settings.appsec.api_security.endpoint_collection.enabled).to eq(true) }
           end
 
           context 'when DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED is set to true' do
diff --git a/spec/datadog/appsec/integration/contrib/rails/endpoint_collection_spec.rb b/spec/datadog/appsec/integration/contrib/rails/endpoint_collection_spec.rb
@@ -145,6 +145,18 @@ def initialize(files, dirs = {}, &block)
     Datadog::AppSec::APISecurity::Sampler.reset!
   end
 
+  before(:each) do
+    # reset guard that only allows routes to be reported once
+    Datadog::AppSec::Contrib::Rails::Patcher::GUARD_ROUTES_REPORTING_ONCE_PER_APP[Rails.application]
+      .instance_variable_set(:@ran_once, false)
+  end
+
+  it 'rescues exceptions' do
+    expect(Datadog::AppSec.telemetry).to receive(:app_endpoints_loaded).and_raise(StandardError)
+
+    ActiveSupport.run_load_hooks(:after_routes_loaded, Rails.application)
+  end
+
   it 'reports routes via telemetry' do
     ActiveSupport.run_load_hooks(:after_routes_loaded, Rails.application)
 
