DataDog
diff --git a/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java
+2-2 b/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java
+2-2
diff --git a/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java
+80-66 b/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java
+80-66
diff --git a/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecDataDeserializer.java
+14-17 b/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecDataDeserializer.java
+14-17
diff --git a/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CollectedUserConfigs.java
+1-1 b/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CollectedUserConfigs.java
+1-1
diff --git a/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CurrentAppSecConfig.java
+20-16 b/‎dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CurrentAppSecConfig.java
+20-16
@@ -163,8 +163,8 @@ private static void loadModules(EventDispatcher eventDispatcher, Monitoring moni
     for (AppSecModule module : modules) {
       log.debug("Starting appsec module {}", module.getName());
       try {
-        AppSecConfigService.TransactionalAppSecModuleConfigurer cfgObject;
-        cfgObject = APP_SEC_CONFIG_SERVICE.createAppSecModuleConfigurer();
+        AppSecConfigService.TransactionalAppSecModuleConfigurer cfgObject =
+            APP_SEC_CONFIG_SERVICE.createAppSecModuleConfigurer();
         module.config(cfgObject, wafBuilder);
         cfgObject.commit();
       } catch (RuntimeException | AppSecModule.AppSecModuleActivationException t) {
 
@@ -29,6 +29,7 @@
 import com.datadog.appsec.util.StandardizedLogging;
 import com.datadog.ddwaf.WafBuilder;
 import com.datadog.ddwaf.exception.InvalidRuleSetException;
+import datadog.remoteconfig.ConfigurationChangesTypedListener;
 import datadog.remoteconfig.ConfigurationEndListener;
 import datadog.remoteconfig.ConfigurationPoller;
 import datadog.remoteconfig.Product;
@@ -131,75 +132,85 @@ private void subscribeConfigurationPoller(WafBuilder wafBuilder) {
 
   private void subscribeRulesAndData(WafBuilder wafBuilder) {
     this.configurationPoller.addListener(
-        Product.ASM_DD,
-        AppSecConfigDeserializer.INSTANCE,
-        (configKey, newConfig, hinter) -> {
-          // read initialized so that the state is currentAppSecConfig is visible
-          if (!initialized) {
-            throw new IllegalStateException();
-          }
-          if (newConfig == null || newConfig.getRawConfig() == null) {
-            log.debug("AppSec config given by remote config was pulled. Removing WAF config");
-            wafBuilder.removeConfig(configKey);
-          } else {
-            if (defaultConfigActivated) {
-              log.debug("Removing default config");
-              wafBuilder.removeConfig(DEFAULT_WAF_CONFIG_RULE);
-              defaultConfigActivated = false;
-            }
-            try {
-              wafBuilder.addOrUpdateConfig(configKey, newConfig.getRawConfig());
-            } catch (InvalidRuleSetException e) {
-              throw new RuntimeException(e);
-            }
-          }
-          this.currentAppSecConfig.setDdConfig(newConfig);
-          // base rules can contain all rules/data/exclusions/etc
-          this.currentAppSecConfig.dirtyStatus.markAllDirty();
-        });
+        Product.ASM_DD, AppSecConfigDeserializer.INSTANCE, asmDDTypedListener(wafBuilder));
     this.configurationPoller.addListener(
-        Product.ASM_DATA,
-        AppSecDataDeserializer.INSTANCE,
-        (configKey, newConfig, hinter) -> {
-          if (!initialized) {
-            throw new IllegalStateException();
-          }
-          if (newConfig == null) {
-            currentAppSecConfig.mergedAsmData.removeConfig(configKey);
-            wafBuilder.removeConfig(configKey);
-          } else {
-            currentAppSecConfig.mergedAsmData.addConfig(configKey, newConfig);
-            try {
-              wafBuilder.addOrUpdateConfig(configKey, newConfig.getRawConfig());
-            } catch (InvalidRuleSetException e) {
-              throw new RuntimeException(e);
-            }
-          }
-          this.currentAppSecConfig.dirtyStatus.data = true;
-        });
+        Product.ASM_DATA, AppSecDataDeserializer.INSTANCE, asmDataTypedListener(wafBuilder));
     this.configurationPoller.addListener(
-        Product.ASM,
-        AppSecUserConfigDeserializer.INSTANCE,
-        (configKey, newConfig, hinter) -> {
-          if (!initialized) {
-            throw new IllegalStateException();
-          }
-          DirtyStatus dirtyStatus;
-          if (newConfig == null) {
-            dirtyStatus = currentAppSecConfig.userConfigs.removeConfig(configKey);
-            wafBuilder.removeConfig(configKey);
-          } else {
-            AppSecUserConfig userCfg = newConfig.build(configKey);
-            dirtyStatus = currentAppSecConfig.userConfigs.addConfig(userCfg);
-            try {
-              wafBuilder.addOrUpdateConfig(configKey, newConfig.getRawConfig());
-            } catch (InvalidRuleSetException e) {
-              throw new RuntimeException(e);
-            }
-          }
+        Product.ASM, AppSecUserConfigDeserializer.INSTANCE, asmTypedListener(wafBuilder));
+  }
 
-          this.currentAppSecConfig.dirtyStatus.mergeFrom(dirtyStatus);
-        });
+  private ConfigurationChangesTypedListener<AppSecUserConfig.Builder> asmTypedListener(
+      WafBuilder wafBuilder) {
+    return (configKey, newConfig, hinter) -> {
+      if (!initialized) {
+        throw new IllegalStateException();
+      }
+      DirtyStatus dirtyStatus;
+      if (newConfig == null) {
+        dirtyStatus = currentAppSecConfig.getUserConfigs().removeConfig(configKey);
+        wafBuilder.removeConfig(configKey);
+      } else {
+        AppSecUserConfig userCfg = newConfig.build(configKey);
+        dirtyStatus = currentAppSecConfig.getUserConfigs().addConfig(userCfg);
+        try {
+          wafBuilder.addOrUpdateConfig(configKey, newConfig.getRawConfig());
+        } catch (InvalidRuleSetException e) {
+          throw new RuntimeException(e);
+        }
+      }
+
+      this.currentAppSecConfig.dirtyStatus.mergeFrom(dirtyStatus);
+    };
+  }
+
+  private ConfigurationChangesTypedListener<AppSecData> asmDataTypedListener(
+      WafBuilder wafBuilder) {
+    return (configKey, newConfig, hinter) -> {
+      if (!initialized) {
+        throw new IllegalStateException();
+      }
+      if (newConfig == null) {
+        currentAppSecConfig.mergedAsmData.removeConfig(configKey);
+        wafBuilder.removeConfig(configKey);
+      } else {
+        currentAppSecConfig.mergedAsmData.addConfig(configKey, newConfig);
+        try {
+          wafBuilder.addOrUpdateConfig(configKey, newConfig.getRawConfig());
+        } catch (InvalidRuleSetException e) {
+          log.debug("Could not add or update config {}, {}", configKey, e.ruleSetInfo);
+          throw new RuntimeException(e);
+        }
+      }
+      this.currentAppSecConfig.dirtyStatus.data = true;
+    };
+  }
+
+  private ConfigurationChangesTypedListener<AppSecConfig> asmDDTypedListener(
+      WafBuilder wafBuilder) {
+    return (configKey, newConfig, hinter) -> {
+      // read initialized so that the state is currentAppSecConfig is visible
+      if (!initialized) {
+        throw new IllegalStateException();
+      }
+      if (newConfig == null || newConfig.getRawConfig() == null) {
+        log.debug("AppSec config given by remote config was pulled. Removing WAF config");
+        wafBuilder.removeConfig(configKey);
+      } else {
+        if (defaultConfigActivated) {
+          log.debug("Removing default config");
+          wafBuilder.removeConfig(DEFAULT_WAF_CONFIG_RULE);
+          defaultConfigActivated = false;
+        }
+        try {
+          wafBuilder.addOrUpdateConfig(configKey, newConfig.getRawConfig());
+        } catch (InvalidRuleSetException e) {
+          throw new RuntimeException(e);
+        }
+      }
+      this.currentAppSecConfig.setDdConfig(newConfig);
+      // base rules can contain all rules/data/exclusions/etc
+      this.currentAppSecConfig.dirtyStatus.markAllDirty();
+    };
   }
 
   private void subscribeAsmFeatures() {
@@ -213,6 +224,9 @@ private void subscribeAsmFeatures() {
           if (newConfig == null) {
             mergedAsmFeatures.removeConfig(configKey);
           } else {
+            if (!configKey.equals(CurrentAppSecConfig.DEFAULT_KEY)) {
+              mergedAsmFeatures.removeConfig(CurrentAppSecConfig.DEFAULT_KEY);
+            }
             mergedAsmFeatures.addConfig(configKey, newConfig);
           }
         });
 
@@ -18,30 +18,27 @@ public class AppSecDataDeserializer implements ConfigurationDeserializer<AppSecD
   private AppSecDataDeserializer() {}
 
   @Override
+  @SuppressWarnings("unchecked")
   public AppSecData deserialize(byte[] content) throws IOException {
     if (content == null || content.length == 0) {
       return null;
     }
-    return deserialize(new ByteArrayInputStream(content));
-  }
-
-  @SuppressWarnings("unchecked")
-  private AppSecData deserialize(InputStream is) throws IOException {
+    InputStream is = new ByteArrayInputStream(content);
     AppSecData appSecData = ADAPTER.fromJson(Okio.buffer(Okio.source(is)));
+    if (appSecData == null) {
+      return null;
+    }
     is.reset();
-    if (appSecData != null && is.available() > 0) {
-      appSecData.setRawConfig(MOSHI.adapter(Map.class).fromJson(Okio.buffer(Okio.source(is))));
-      if (appSecData.getRawConfig().containsKey("rules_data")) {
-        appSecData.getRawConfig().put("rules", appSecData.getRawConfig().get("rules_data"));
-        appSecData.getRawConfig().remove("rules_data");
-      }
-      if (appSecData.getRawConfig().containsKey("exclusion_data")) {
-        appSecData
-            .getRawConfig()
-            .put("exclusions", appSecData.getRawConfig().get("exclusion_data"));
-        appSecData.getRawConfig().remove("exclusion_data");
-      }
+    appSecData.setRawConfig(MOSHI.adapter(Map.class).fromJson(Okio.buffer(Okio.source(is))));
+    if (appSecData.getRawConfig().containsKey("rules_data")) {
+      appSecData.getRawConfig().put("rules", appSecData.getRawConfig().get("rules_data"));
+      appSecData.getRawConfig().remove("rules_data");
     }
+    if (appSecData.getRawConfig().containsKey("exclusion_data")) {
+      appSecData.getRawConfig().put("exclusions", appSecData.getRawConfig().get("exclusion_data"));
+      appSecData.getRawConfig().remove("exclusion_data");
+    }
+
     return appSecData;
   }
 }
@@ -8,7 +8,7 @@
 import java.util.List;
 import java.util.Optional;
 
-class CollectedUserConfigs extends AbstractList<AppSecUserConfig> {
+public class CollectedUserConfigs extends AbstractList<AppSecUserConfig> {
   private final List<AppSecUserConfig> userConfigs = new LinkedList<>();
 
   public DirtyStatus addConfig(AppSecUserConfig newUserConfig) {
 
@@ -21,23 +21,22 @@ public class CurrentAppSecConfig {
   public static final String DEFAULT_KEY = "default_java_config";
 
   private AppSecConfig ddConfig; // assume there's only one of these
-  CollectedUserConfigs userConfigs = new CollectedUserConfigs();
-  MergedAsmData mergedAsmData = new MergedAsmData(new HashMap<>());
-  public final DirtyStatus dirtyStatus = new DirtyStatus();
-  private String configKey;
+  private final CollectedUserConfigs userConfigs = new CollectedUserConfigs();
 
-  public CurrentAppSecConfig() {
-    configKey = DEFAULT_KEY;
+  public MergedAsmData getMergedAsmData() {
+    return mergedAsmData;
   }
 
-  public CurrentAppSecConfig(String configKey) {
-    this.configKey = configKey;
-  }
+  MergedAsmData mergedAsmData = new MergedAsmData(new HashMap<>());
+  public final DirtyStatus dirtyStatus = new DirtyStatus();
 
   @SuppressWarnings("unchecked")
   public void setDdConfig(AppSecConfig newConfig) {
     this.ddConfig = newConfig;
-
+    if (newConfig == null) {
+      mergedAsmData.removeConfig(MergedAsmData.KEY_BUNDLED_DATA);
+      return;
+    }
     final Map<String, Object> rawConfig = newConfig.getRawConfig();
     List<Map<String, Object>> rules = (List<Map<String, Object>>) rawConfig.get("rules_data");
     List<Map<String, Object>> exclusions =
@@ -52,16 +51,16 @@ public void setDdConfig(AppSecConfig newConfig) {
     }
   }
 
-  public String getKey() {
-    return configKey;
+  public String getVersion() {
+    return ddConfig.getVersion();
   }
 
-  public void setKey(String key) {
-    this.configKey = key;
+  public AppSecConfig getDdConfig() {
+    return ddConfig;
   }
 
-  public boolean keyIsDefault() {
-    return DEFAULT_KEY.equals(configKey);
+  public CollectedUserConfigs getUserConfigs() {
+    return userConfigs;
   }
 
   public static class DirtyStatus {
@@ -103,6 +102,11 @@ public boolean isDirtyForActions() {
   }
 
   public AppSecConfig getMergedUpdateConfig() throws IOException {
+    if (ddConfig == null) {
+      ddConfig =
+          AppSecConfig.valueOf(
+              Collections.singletonMap("version", "2.0")); // placeholder for empty config
+    }
     if (!dirtyStatus.isAnyDirty()) {
       throw new IllegalStateException(
           "Can't call getMergedUpdateConfig without any dirty property");