Skip to content

Enable Endpoint Collection feature by default #4931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 8, 2025
Merged

Enable Endpoint Collection feature by default #4931

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
217e3e8
Add a safeguard for Endpoint Collection
y9v Oct 2, 2025
6b4d281
Enable AppSec Endpoint Collection by default
y9v Oct 2, 2025
df5562b
Fix code style for Endpoint Collection integration spec
y9v Oct 2, 2025
8f44c50
Fix Endpoint Collection spec expectations
y9v Oct 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/datadog/appsec/configuration/settings.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -357,7 +357,7 @@ def self.add_settings!(base)
option :enabled do |o|
o.type :bool, nilable: true
o.env 'DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED'
o.default false
o.default true
end
end

Expand Down
4 changes: 3 additions & 1 deletion lib/datadog/appsec/contrib/rails/patcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,11 +152,13 @@ def report_routes_via_telemetry(routes)

return unless Datadog.configuration.appsec.api_security.endpoint_collection.enabled

GUARD_ROUTES_REPORTING_ONCE_PER_APP[self].run do
GUARD_ROUTES_REPORTING_ONCE_PER_APP[::Rails.application].run do
AppSec.telemetry.app_endpoints_loaded(
APISecurity::EndpointCollection::RailsRoutesSerializer.new(routes).to_enum
)
end
rescue => e
AppSec.telemetry.report(e, description: 'failed to report application endpoints')
end

def setup_security
Expand Down
2 changes: 1 addition & 1 deletion spec/datadog/appsec/configuration/settings_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1023,7 +1023,7 @@ def patcher
ClimateControl.modify('DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED' => nil) { example.run }
end

it { expect(settings.appsec.api_security.endpoint_collection.enabled).to eq(false) }
it { expect(settings.appsec.api_security.endpoint_collection.enabled).to eq(true) }
end

context 'when DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED is set to true' do
Expand Down
12 changes: 12 additions & 0 deletions spec/datadog/appsec/integration/contrib/rails/endpoint_collection_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,18 @@ def initialize(files, dirs = {}, &block)
Datadog::AppSec::APISecurity::Sampler.reset!
end

before(:each) do
# reset guard that only allows routes to be reported once
Datadog::AppSec::Contrib::Rails::Patcher::GUARD_ROUTES_REPORTING_ONCE_PER_APP[Rails.application]
.instance_variable_set(:@ran_once, false)
end

it 'rescues exceptions' do
allow(Datadog::AppSec.telemetry).to receive(:app_endpoints_loaded).and_raise(StandardError)

ActiveSupport.run_load_hooks(:after_routes_loaded, Rails.application)
end

it 'reports routes via telemetry' do
ActiveSupport.run_load_hooks(:after_routes_loaded, Rails.application)

Expand Down
Loading