Fix appsec.waf.requests

Author: jandro996

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java

@@ -120,6 +120,7 @@ public class AppSecRequestContext implements DataBundle, Closeable {
   private volatile PowerwafMetrics raspMetrics;
   private final AtomicInteger raspMetricsCounter = new AtomicInteger(0);
   private volatile boolean blocked;
+  private volatile boolean errors;
   private volatile int wafTimeouts;
   private volatile int raspTimeouts;
 
@@ -182,6 +183,14 @@ public boolean isBlocked() {
     return blocked;
   }
 
+  public void setErrors() {
+    this.errors = true;
+  }
+
+  public boolean hasErrors() {
+    return errors;
+  }
+
   public void increaseWafTimeouts() {
     WAF_TIMEOUTS_UPDATER.incrementAndGet(this);
   }

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java

@@ -724,7 +724,9 @@ private NoopFlow onRequestEnded(RequestContext ctx_, IGSpanInfo spanInfo) {
         log.debug("Unable to commit, derivatives will be skipped {}", ctx.getDerivativeKeys());
       }
 
-      if (ctx.isBlocked()) {
+      if (ctx.hasErrors()) {
+        WafMetricCollector.get().wafRequestError();
+      } else if (ctx.isBlocked()) {
         WafMetricCollector.get().wafRequestBlocked();
       } else if (!collectedEvents.isEmpty()) {
         WafMetricCollector.get().wafRequestTriggered();

dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java

@@ -449,12 +449,11 @@ public void onDataAvailable(
         if (!reqCtx.isAdditiveClosed()) {
           log.error("Error calling WAF", e);
         }
-        WafMetricCollector.get().wafRequestError();
         // TODO: replace -127 for e.code when UnclassifiedPowerwafException code is fixed
-        incrementErrorCodeMetric(gwCtx, -127);
+        incrementErrorCodeMetric(reqCtx, gwCtx, -127);
         return;
       } catch (AbstractPowerwafException e) {
-        incrementErrorCodeMetric(gwCtx, e.code);
+        incrementErrorCodeMetric(reqCtx, gwCtx, e.code);
         return;
       } finally {
         if (log.isDebugEnabled()) {
@@ -549,7 +548,9 @@ public void onDataAvailable(
         }
 
         if (flow.isBlocking()) {
-          reqCtx.setBlocked();
+          if (!gwCtx.isRasp) {
+            reqCtx.setBlocked();
+          }
         }
       }
 
@@ -650,11 +651,13 @@ private Powerwaf.ResultWithData runPowerwafAdditive(
     }
   }
 
-  private static void incrementErrorCodeMetric(GatewayContext gwCtx, int code) {
+  private static void incrementErrorCodeMetric(
+      AppSecRequestContext reqCtx, GatewayContext gwCtx, int code) {
     if (gwCtx.isRasp) {
       WafMetricCollector.get().raspErrorCode(gwCtx.raspRuleType, code);
     } else {
       WafMetricCollector.get().wafErrorCode(code);
+      reqCtx.setErrors();
     }
   }