DataDog · y9v · Sep 17, 2025 · Aug 19, 2025 · Sep 8, 2025 · Sep 8, 2025
@@ -5,14 +5,28 @@ module AppSec
     module Metrics
       # A class responsible for collecting WAF and RASP call metrics.
       class Collector
-        Store = Struct.new(:evals, :matches, :errors, :timeouts, :duration_ns, :duration_ext_ns, keyword_init: true)
+        Store = Struct.new(
+          :evals,
+          :matches,
+          :errors,
+          :timeouts,
+          :duration_ns,
+          :duration_ext_ns,
+          :inputs_truncated,
+          keyword_init: true
+        )
 
         attr_reader :waf, :rasp
 
         def initialize
           @mutex = Mutex.new
-          @waf = Store.new(evals: 0, matches: 0, errors: 0, timeouts: 0, duration_ns: 0, duration_ext_ns: 0)
-          @rasp = Store.new(evals: 0, matches: 0, errors: 0, timeouts: 0, duration_ns: 0, duration_ext_ns: 0)
+
+          @waf = Store.new(
+            evals: 0, matches: 0, errors: 0, timeouts: 0, duration_ns: 0, duration_ext_ns: 0, inputs_truncated: 0
+          )
+          @rasp = Store.new(
+            evals: 0, matches: 0, errors: 0, timeouts: 0, duration_ns: 0, duration_ext_ns: 0, inputs_truncated: 0
+          )
         end
 
         def record_waf(result)
@@ -23,6 +37,7 @@ def record_waf(result)
             @waf.timeouts += 1 if result.timeout?
             @waf.duration_ns += result.duration_ns
             @waf.duration_ext_ns += result.duration_ext_ns
+            @waf.inputs_truncated += 1 if result.input_truncated?
           end
         end
 
@@ -34,6 +49,7 @@ def record_rasp(result)
             @rasp.timeouts += 1 if result.timeout?
             @rasp.duration_ns += result.duration_ns
             @rasp.duration_ext_ns += result.duration_ext_ns
+            @rasp.inputs_truncated += 1 if result.input_truncated?
           end
         end
       end

@@ -18,7 +18,8 @@ def export_waf_request_metrics(metrics, context)
               waf_timeout: metrics.timeouts.positive?.to_s,
               request_blocked: context.interrupted?.to_s,
               block_failure: 'false',
-              rate_limited: (!context.trace.sampled?).to_s
+              rate_limited: (!context.trace.sampled?).to_s,
+              input_truncated: metrics.inputs_truncated.positive?.to_s,
             }
           )
         end

@@ -9,14 +9,15 @@ module Result
         class Base
           attr_reader :events, :actions, :derivatives, :duration_ns, :duration_ext_ns
 
-          def initialize(events:, actions:, derivatives:, timeout:, duration_ns:, duration_ext_ns:)
+          def initialize(events:, actions:, derivatives:, timeout:, duration_ns:, duration_ext_ns:, input_truncated:)
             @events = events
             @actions = actions
             @derivatives = derivatives
 
             @timeout = timeout
             @duration_ns = duration_ns
             @duration_ext_ns = duration_ext_ns
+            @input_truncated = input_truncated
           end
 
           def timeout?
@@ -30,6 +31,10 @@ def match?
           def error?
             raise NotImplementedError
           end
+
+          def input_truncated?
+            @input_truncated
+          end
         end
 
         # A result that indicates a security rule match
@@ -58,11 +63,12 @@ def error?
         class Error
           attr_reader :events, :actions, :derivatives, :duration_ns, :duration_ext_ns
 
-          def initialize(duration_ext_ns:)
+          def initialize(duration_ext_ns:, input_truncated:)
             @events = []
             @actions = @derivatives = {}
             @duration_ns = 0
             @duration_ext_ns = duration_ext_ns
+            @input_truncated = input_truncated
           end
 
           def timeout?
@@ -76,6 +82,10 @@ def match?
           def error?
             true
           end
+
+          def input_truncated?
+            @input_truncated
+          end
         end
       end
     end

@@ -42,7 +42,7 @@ def run(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIME
           report_execution(result)
 
           unless SUCCESSFUL_EXECUTION_CODES.include?(result.status)
-            return Result::Error.new(duration_ext_ns: stop_ns - start_ns)
+            return Result::Error.new(duration_ext_ns: stop_ns - start_ns, input_truncated: result.input_truncated?)
           end
 
           klass = (result.status == :match) ? Result::Match : Result::Ok
@@ -52,7 +52,8 @@ def run(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIME
             derivatives: result.derivatives,
             timeout: result.timeout,
             duration_ns: result.total_runtime,
-            duration_ext_ns: (stop_ns - start_ns)
+            duration_ext_ns: (stop_ns - start_ns),
+            input_truncated: result.input_truncated?
           )
         ensure
           @mutex.unlock

@@ -15,7 +15,9 @@ module Datadog
 
           attr_accessor duration_ext_ns: ::Integer
 
-          def self.new: (evals: ::Integer, matches: ::Integer, errors: ::Integer, timeouts: ::Integer, duration_ns: ::Integer, duration_ext_ns: ::Integer) -> void
+          attr_accessor inputs_truncated: ::Integer
+
+          def self.new: (evals: ::Integer, matches: ::Integer, errors: ::Integer, timeouts: ::Integer, duration_ns: ::Integer, duration_ext_ns: ::Integer, inputs_truncated: ::Integer) -> void
         end
 
         @mutex: Mutex

@@ -21,6 +21,8 @@ module Datadog
 
           @duration_ext_ns: ::Integer
 
+          @input_truncated: bool
+
           attr_reader events: events
 
           attr_reader actions: actions
@@ -31,13 +33,15 @@ module Datadog
 
           attr_reader duration_ext_ns: ::Integer
 
-          def initialize: (events: events, actions: actions, derivatives: derivatives, timeout: bool, duration_ns: ::Integer, duration_ext_ns: ::Integer) -> void
+          def initialize: (events: events, actions: actions, derivatives: derivatives, timeout: bool, duration_ns: ::Integer, duration_ext_ns: ::Integer, input_truncated: bool) -> void
 
           def timeout?: () -> bool
 
           def match?: () -> bool
 
           def error?: () -> bool
+
+          def input_truncated?: () -> bool
         end
 
         # A result that indicates a security rule match
@@ -66,6 +70,8 @@ module Datadog
 
           @duration_ext_ns: ::Integer
 
+          @input_truncated: bool
+
           attr_reader events: events
 
           attr_reader actions: actions
@@ -76,13 +82,15 @@ module Datadog
 
           attr_reader duration_ext_ns: ::Integer
 
-          def initialize: (duration_ext_ns: ::Integer) -> void
+          def initialize: (duration_ext_ns: ::Integer, input_truncated: bool) -> void
 
           def timeout?: () -> false
 
           def match?: () -> false
 
           def error?: () -> true
+
+          def input_truncated?: () -> bool
         end
       end
     end

@@ -166,7 +166,7 @@
       end
 
       let(:run_result) do
-        Datadog::AppSec::SecurityEngine::Result::Error.new(duration_ext_ns: 0)
+        Datadog::AppSec::SecurityEngine::Result::Error.new(duration_ext_ns: 0, input_truncated: false)
       end
       let(:persistent_data) do
         {'server.request.query' => {'q' => "1' OR 1=1;"}}

@@ -133,7 +133,8 @@
           derivatives: {},
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end
 

@@ -140,7 +140,8 @@
           derivatives: {},
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end
 

@@ -127,7 +127,8 @@
           derivatives: {},
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end
 

@@ -54,7 +54,8 @@
           },
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end
 
@@ -210,7 +211,8 @@
           derivatives: {},
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end
 
@@ -282,7 +284,8 @@
           derivatives: {'dd.appsec.fp.http.endpoint' => 'http-post-c1525143-2d711642-1234567890'},
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end
 
@@ -364,7 +367,8 @@
           },
           timeout: false,
           duration_ns: 0,
-          duration_ext_ns: 0
+          duration_ext_ns: 0,
+          input_truncated: false
         )
       end