remove block waf

Author: jandro996

dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecuritySamplerImpl.java

@@ -61,16 +61,12 @@ public boolean preSampleRequest(final @Nonnull AppSecRequestContext ctx) {
 
     // If route is absent, use http.endpoint as fallback (RFC-1076)
     if (route == null) {
-      // Don't sample blocked requests - they represent attacks, not valid API endpoints
-      if (ctx.isWafBlocked()) {
-        return false;
-      }
       final int statusCode = ctx.getResponseStatus();
       // Don't use endpoint for 404 responses as a failsafe
       if (statusCode == 404) {
         return false;
       }
-      // Try to get or compute the endpoint
+      // Try to get or compute the endpoint (computed once and cached)
       route = ctx.getOrComputeEndpoint();
       if (route == null) {
         return false;

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/ApiSecuritySamplerTest.groovy

@@ -117,51 +117,20 @@ class ApiSecuritySamplerTest extends DDSpecification {
     !preSampled
   }
 
-  void 'preSampleRequest with null route and blocked request does not sample'() {
-    given:
-    def ctx = createContextWithUrl(null, 'GET', 403, 'http://localhost:8080/admin/users')
-    ctx.setWafBlocked()  // Request was blocked by AppSec
-    def sampler = new ApiSecuritySamplerImpl()
-
-    when:
-    def preSampled = sampler.preSampleRequest(ctx)
-
-    then:
-    !preSampled  // Blocked requests should not be sampled
-  }
-
-  void 'preSampleRequest with null route and 403 non-blocked API does sample'() {
+  void 'preSampleRequest with null route and non-404 status does sample'() {
     given:
     def ctx = createContextWithUrl(null, 'GET', 403, 'http://localhost:8080/api/forbidden-resource')
-    // NOT calling setWafBlocked() - this is a legitimate API that returns 403
     def sampler = new ApiSecuritySamplerImpl()
 
     when:
     def preSampled = sampler.preSampleRequest(ctx)
 
     then:
-    preSampled  // Legitimate APIs that return 403 should be sampled
+    preSampled  // Non-404 responses should be sampled when endpoint is available
     ctx.getOrComputeEndpoint() != null
     ctx.getApiSecurityEndpointHash() != null
   }
 
-  void 'preSampleRequest with null route and blocked request with different status codes does not sample'() {
-    given:
-    def ctx200 = createContextWithUrl(null, 'GET', 200, 'http://localhost:8080/attack')
-    ctx200.setWafBlocked()
-    def ctx500 = createContextWithUrl(null, 'GET', 500, 'http://localhost:8080/attack')
-    ctx500.setWafBlocked()
-    def sampler = new ApiSecuritySamplerImpl()
-
-    when:
-    def preSampled200 = sampler.preSampleRequest(ctx200)
-    def preSampled500 = sampler.preSampleRequest(ctx500)
-
-    then:
-    !preSampled200  // Blocked requests should not be sampled regardless of status code
-    !preSampled500
-  }
-
   void 'second request with same endpoint is not sampled'() {
     given:
     def ctx1 = createContextWithUrl(null, 'GET', 200, 'http://localhost:8080/api/users/123')
@@ -596,21 +565,6 @@ class ApiSecuritySamplerTest extends DDSpecification {
     ctx.getApiSecurityEndpointHash() == null // But hash was never set because sampling failed
   }
 
-  void 'RFC-1076: blocked request with valid endpoint does not sample'() {
-    given:
-    def ctx = createContextWithUrl(null, 'POST', 403, 'http://localhost:8080/api/admin/users')
-    ctx.setWafBlocked() // Request blocked by AppSec WAF
-    def sampler = new ApiSecuritySamplerImpl()
-
-    when:
-    def preSampled = sampler.preSampleRequest(ctx)
-
-    then:
-    !preSampled
-    // Blocked requests represent attacks, not legitimate API endpoints
-    ctx.getApiSecurityEndpointHash() == null
-  }
-
   // Helper method to compute hash same way as ApiSecuritySamplerImpl
   private static long computeApiHash(final String route, final String method, final int statusCode) {
     long result = 17