@@ -97,8 +97,8 @@ public class AppSecConfigServiceImpl implements AppSecConfigService {
9797 .build ()
9898 .adapter (Types .newParameterizedType (Map .class , String .class , Object .class ));
9999
100- private volatile boolean hasUserWafConfig ;
101- private volatile boolean defaultConfigActivated ;
100+ private boolean hasUserWafConfig ;
101+ private boolean defaultConfigActivated ;
102102 private final AtomicBoolean subscribedToRulesAndData = new AtomicBoolean ();
103103 private final Set <String > usedDDWafConfigKeys =
104104 Collections .newSetFromMap (new ConcurrentHashMap <>());
@@ -107,7 +107,6 @@ public class AppSecConfigServiceImpl implements AppSecConfigService {
107107 private final String DEFAULT_WAF_CONFIG_RULE = "DEFAULT_WAF_CONFIG" ;
108108 private String currentRuleVersion ;
109109 private List <AppSecModule > modulesToUpdateVersionIn ;
110- private long rulesAndDataCapabilities = -1L ;
111110
112111 public AppSecConfigServiceImpl (
113112 Config tracerConfig ,
@@ -135,35 +134,33 @@ private void subscribeConfigurationPoller() {
135134 this .configurationPoller .addConfigurationEndListener (applyRemoteConfigListener );
136135 }
137136
138- private long buildRulesAndDataCapabilities () {
139- if (rulesAndDataCapabilities == -1 ) {
140- rulesAndDataCapabilities =
141- CAPABILITY_ASM_DD_RULES
142- | CAPABILITY_ASM_IP_BLOCKING
143- | CAPABILITY_ASM_EXCLUSIONS
144- | CAPABILITY_ASM_EXCLUSION_DATA
145- | CAPABILITY_ASM_REQUEST_BLOCKING
146- | CAPABILITY_ASM_USER_BLOCKING
147- | CAPABILITY_ASM_CUSTOM_RULES
148- | CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE
149- | CAPABILITY_ASM_TRUSTED_IPS
150- | CAPABILITY_ENDPOINT_FINGERPRINT
151- | CAPABILITY_ASM_SESSION_FINGERPRINT
152- | CAPABILITY_ASM_NETWORK_FINGERPRINT
153- | CAPABILITY_ASM_HEADER_FINGERPRINT ;
154- if (tracerConfig .isAppSecRaspEnabled ()) {
155- rulesAndDataCapabilities |= CAPABILITY_ASM_RASP_SQLI ;
156- rulesAndDataCapabilities |= CAPABILITY_ASM_RASP_SSRF ;
157- rulesAndDataCapabilities |= CAPABILITY_ASM_RASP_CMDI ;
158- rulesAndDataCapabilities |= CAPABILITY_ASM_RASP_SHI ;
159- // RASP LFI is only available in fully enabled mode as it's implemented using callsite
160- // instrumentation
161- if (tracerConfig .getAppSecActivation () == ProductActivation .FULLY_ENABLED ) {
162- rulesAndDataCapabilities |= CAPABILITY_ASM_RASP_LFI ;
163- }
137+ private long getRulesAndDataCapabilities () {
138+ long capabilities =
139+ CAPABILITY_ASM_DD_RULES
140+ | CAPABILITY_ASM_IP_BLOCKING
141+ | CAPABILITY_ASM_EXCLUSIONS
142+ | CAPABILITY_ASM_EXCLUSION_DATA
143+ | CAPABILITY_ASM_REQUEST_BLOCKING
144+ | CAPABILITY_ASM_USER_BLOCKING
145+ | CAPABILITY_ASM_CUSTOM_RULES
146+ | CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE
147+ | CAPABILITY_ASM_TRUSTED_IPS
148+ | CAPABILITY_ENDPOINT_FINGERPRINT
149+ | CAPABILITY_ASM_SESSION_FINGERPRINT
150+ | CAPABILITY_ASM_NETWORK_FINGERPRINT
151+ | CAPABILITY_ASM_HEADER_FINGERPRINT ;
152+ if (tracerConfig .isAppSecRaspEnabled ()) {
153+ capabilities |= CAPABILITY_ASM_RASP_SQLI ;
154+ capabilities |= CAPABILITY_ASM_RASP_SSRF ;
155+ capabilities |= CAPABILITY_ASM_RASP_CMDI ;
156+ capabilities |= CAPABILITY_ASM_RASP_SHI ;
157+ // RASP LFI is only available in fully enabled mode as it's implemented using callsite
158+ // instrumentation
159+ if (tracerConfig .getAppSecActivation () == ProductActivation .FULLY_ENABLED ) {
160+ capabilities |= CAPABILITY_ASM_RASP_LFI ;
164161 }
165162 }
166- return rulesAndDataCapabilities ;
163+ return capabilities ;
167164 }
168165
169166 private void updateRulesAndDataSubscription () {
@@ -182,7 +179,7 @@ private void subscribeRulesAndData() {
182179 this .configurationPoller .addListener (Product .ASM_DD , new AppSecConfigChangesDDListener ());
183180 this .configurationPoller .addListener (Product .ASM_DATA , new AppSecConfigChangesListener ());
184181 this .configurationPoller .addListener (Product .ASM , new AppSecConfigChangesListener ());
185- this .configurationPoller .addCapabilities (buildRulesAndDataCapabilities ());
182+ this .configurationPoller .addCapabilities (getRulesAndDataCapabilities ());
186183 }
187184 }
188185
@@ -191,7 +188,7 @@ private void unsubscribeRulesAndData() {
191188 this .configurationPoller .removeListeners (Product .ASM_DD );
192189 this .configurationPoller .removeListeners (Product .ASM_DATA );
193190 this .configurationPoller .removeListeners (Product .ASM );
194- this .configurationPoller .removeCapabilities (buildRulesAndDataCapabilities ());
191+ this .configurationPoller .removeCapabilities (getRulesAndDataCapabilities ());
195192 }
196193 }
197194
@@ -382,7 +379,6 @@ public void init() {
382379 }
383380 this .mergedAsmFeatures .clear ();
384381 this .usedDDWafConfigKeys .clear ();
385- this .rulesAndDataCapabilities = buildRulesAndDataCapabilities ();
386382
387383 if (wafConfig .isEmpty ()) {
388384 throw new IllegalStateException ("Expected default waf config to be available" );
0 commit comments