addition for standalone mode

Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>

Author: sezen-datadog

dd-smoke-tests/apm-tracing-disabled/src/test/groovy/datadog/smoketest/apmtracingdisabled/ApmTracingDisabledSamplingSmokeTest.groovy

@@ -134,4 +134,33 @@ class ApmTracingDisabledSamplingSmokeTest extends AbstractApmTracingDisabledSmok
     def downstreamHeaders = jsonSlurper.parseText(response.body().string())
     downstreamHeaders["x-datadog-sampling-priority"] == "2"
   }
+
+  void 'test WAF attack preserves USER_KEEP priority in standalone mode'() {
+    setup:
+    // Use Arachni User-Agent to trigger WAF attack (same as system test)
+    final wafAttackUrl = "http://localhost:${httpPorts[0]}/rest-api/greetings"
+    final wafAttackRequest = new Request.Builder()
+      .url(wafAttackUrl)
+      .header("User-Agent", "Arachni/v1")
+      .get()
+      .build()
+
+    when: "WAF attack is detected"
+    final wafResponse = client.newCall(wafAttackRequest).execute()
+
+    then: "WAF attack should result in USER_KEEP priority (not overridden by AsmStandaloneSampler)"
+    // Response might be blocked (403) or allowed depending on WAF mode, but span should still be generated
+    wafResponse.code() in [200, 403]
+    waitForTraceCount(1)
+    assert traces.size() == 1
+
+    and: "Root span should have USER_KEEP priority and appsec.event=true"
+    checkRootSpanPrioritySampling(traces[0], PrioritySampling.USER_KEEP)
+    hasAppsecPropagationTag(traces[0])
+
+    // Verify appsec.event tag is set to "true"
+    def rootSpan = traces[0].spans.find { it.parentId == 0 }
+    assert rootSpan != null
+    assert rootSpan.meta["appsec.event"] == "true"
+  }
 }

dd-trace-core/src/main/java/datadog/trace/common/sampling/AsmStandaloneSampler.java

@@ -3,6 +3,7 @@
 import static datadog.trace.api.sampling.PrioritySampling.SAMPLER_DROP;
 import static datadog.trace.api.sampling.PrioritySampling.SAMPLER_KEEP;
 
+import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.api.sampling.SamplingMechanism;
 import datadog.trace.core.CoreSpan;
 import java.time.Clock;
@@ -39,6 +40,13 @@ public <T extends CoreSpan<T>> boolean sample(final T span) {
 
   @Override
   public <T extends CoreSpan<T>> void setSamplingPriority(final T span) {
+    // Check if the span already has USER_KEEP priority (e.g., from asm.keep tag)
+    // If so, preserve it instead of overriding with SAMPLER_KEEP/SAMPLER_DROP
+    int currentPriority = span.samplingPriority();
+    if (currentPriority == PrioritySampling.USER_KEEP) {
+      log.debug("Preserving existing USER_KEEP priority for span {}", span.getSpanId());
+      return;
+    }
 
     if (shouldSample()) {
       log.debug("Set SAMPLER_KEEP for span {}", span.getSpanId());

dd-trace-core/src/test/groovy/datadog/trace/common/sampling/AsmStandaloneSamplerTest.groovy

@@ -52,4 +52,32 @@ class AsmStandaloneSamplerTest extends DDCoreSpecification{
     tracer.close()
   }
 
+  void "test setSamplingPriority preserves existing USER_KEEP priority"(){
+    setup:
+    def current = new AtomicLong(System.currentTimeMillis())
+    final Clock clock = Mock(Clock) {
+      millis() >> {
+        current.get()
+      }
+    }
+    def sampler = new AsmStandaloneSampler(clock)
+    def tracer = tracerBuilder().writer(writer).sampler(sampler).build()
+
+    when: "span already has USER_KEEP priority (e.g., from asm.keep tag)"
+    def span = tracer.buildSpan("test").start()
+    span.setSamplingPriority(PrioritySampling.USER_KEEP, datadog.trace.api.sampling.SamplingMechanism.APPSEC)
+
+    and: "AsmStandaloneSampler tries to set its own priority"
+    sampler.setSamplingPriority(span)
+
+    then: "USER_KEEP priority should be preserved, not overridden"
+    span.getSamplingPriority() == PrioritySampling.USER_KEEP
+
+    and: "clock should not be called since we return early"
+    0 * clock.millis()
+
+    cleanup:
+    tracer.close()
+  }
+
 }