fix hardcoded-analyzers tests

Author: IlyasShabi

packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js

@@ -54,15 +54,15 @@ class CookieAnalyzer extends Analyzer {
     return super._checkOCE(context, value)
   }
 
-  _getLocation (value, callSiteList) {
+  _getLocation (value, callSiteFrames) {
     if (!value) {
-      return super._getLocation(value, callSiteList)
+      return super._getLocation(value, callSiteFrames)
     }
 
     if (value.location) {
       return value.location
     }
-    const location = super._getLocation(value, callSiteList)
+    const location = super._getLocation(value, callSiteFrames)
     value.location = location
     return location
   }

packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js

@@ -58,7 +58,7 @@ class HardcodedBaseAnalyzer extends Analyzer {
     return { value: `${value.data}` }
   }
 
-  _getLocation (value) {
+  _getLocation (value, callSiteFrames) {
     return {
       path: value.file,
       line: value.line,

packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js

@@ -1,7 +1,7 @@
 'use strict'
 
 const { storage } = require('../../../../../datadog-core')
-const { getNonDDFrames } = require('../path-line')
+const { getNonDDCallSiteFrames } = require('../path-line')
 const { addVulnerability, getVulnerabilityCallSiteFrames } = require('../vulnerability-reporter')
 const { getIastContext, getIastStackTraceId } = require('../iast-context')
 const overheadController = require('../overhead-controller')
@@ -29,17 +29,23 @@ class Analyzer extends SinkIastPlugin {
 
   _reportEvidence (value, context, evidence) {
     const callSiteFrames = getVulnerabilityCallSiteFrames()
-    const nonDDCallSiteFrames = getNonDDFrames(callSiteFrames, this._getExcludedPaths())
+    const nonDDCallSiteFrames = getNonDDCallSiteFrames(callSiteFrames, this._getExcludedPaths())
 
     const location = this._getLocation(value, nonDDCallSiteFrames)
 
     if (!this._isExcluded(location)) {
-      const originalCallSiteList = nonDDCallSiteFrames.map(callSite => this._replaceCallsiteFromSourceMap(callSite))
+      const originalCallSiteList = nonDDCallSiteFrames.map(callsite => this._replaceCallsiteFromSourceMap(callsite))
 
-      const originalLocation = this._getOriginalLocation(originalCallSiteList)
+      const originalLocation = this._getOriginalLocation(location)
       const spanId = context && context.rootSpan && context.rootSpan.context().toSpanId()
       const stackId = getIastStackTraceId(context)
-      const vulnerability = this._createVulnerability(this._type, evidence, spanId, originalLocation, stackId)
+      const vulnerability = this._createVulnerability(
+        this._type,
+        evidence,
+        spanId,
+        originalLocation,
+        stackId
+      )
 
       addVulnerability(context, vulnerability, originalCallSiteList, stackId)
     }
@@ -57,22 +63,22 @@ class Analyzer extends SinkIastPlugin {
     return { value }
   }
 
-  _getLocation (value, callSiteList) {
-    return callSiteList[0]
+  _getLocation (value, callSiteFrames) {
+    return callSiteFrames[0]
   }
 
-  _getOriginalLocation (originalCallSiteList) {
-    const [location] = originalCallSiteList
+  _getOriginalLocation (location) {
+    const locationFromSourceMap = this._replaceCallsiteFromSourceMap(location)
     const originalLocation = {}
 
-    if (location?.path) {
-      originalLocation.path = location.path
+    if (locationFromSourceMap?.path) {
+      originalLocation.path = locationFromSourceMap.path
     }
-    if (location?.line) {
-      originalLocation.line = location.line
+    if (locationFromSourceMap?.line) {
+      originalLocation.line = locationFromSourceMap.line
     }
-    if (location?.column) {
-      originalLocation.column = location.column
+    if (locationFromSourceMap?.column) {
+      originalLocation.column = locationFromSourceMap.column
     }
 
     return originalLocation

packages/dd-trace/src/appsec/iast/path-line.js

@@ -6,7 +6,7 @@ const { calculateDDBasePath } = require('../../util')
 const pathLine = {
   getNodeModulesPaths,
   getRelativePath,
-  getNonDDFrames,
+  getNonDDCallSiteFrames,
   calculateDDBasePath, // Exported only for test purposes
   ddBasePath: calculateDDBasePath(__dirname) // Only for test purposes
 }
@@ -23,7 +23,7 @@ const EXCLUDED_PATH_PREFIXES = [
   'async_hooks'
 ]
 
-function getNonDDFrames (callSiteFrames, externallyExcludedPaths) {
+function getNonDDCallSiteFrames (callSiteFrames, externallyExcludedPaths) {
   if (!callSiteFrames) {
     return []
   }

packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -6,7 +6,7 @@ const { IAST_ENABLED_TAG_KEY, IAST_JSON_TAG_KEY } = require('./tags')
 const standalone = require('../standalone')
 const { SAMPLING_MECHANISM_APPSEC } = require('../../constants')
 const { keepTrace } = require('../../priority_sampler')
-const { reportStackTrace, getFramesForMetaStruct, STACK_TRACE_NAMESPACES } = require('../stack_trace')
+const { reportStackTrace, getCallsiteFrames, STACK_TRACE_NAMESPACES } = require('../stack_trace')
 
 const VULNERABILITIES_KEY = 'vulnerabilities'
 const VULNERABILITY_HASHES_MAX_SIZE = 1000
@@ -106,7 +106,7 @@ function isDuplicatedVulnerability (vulnerability) {
 }
 
 function getVulnerabilityCallSiteFrames () {
-  return getFramesForMetaStruct(stackTraceMaxDepth)
+  return getCallsiteFrames(stackTraceMaxDepth)
 }
 
 function start (config, _tracer) {

packages/dd-trace/src/appsec/rasp/utils.js

@@ -1,7 +1,7 @@
 'use strict'
 
 const web = require('../../plugins/util/web')
-const { getFramesForMetaStruct, reportStackTrace } = require('../stack_trace')
+const { getCallsiteFrames, reportStackTrace } = require('../stack_trace')
 const { getBlockingAction } = require('../blocking')
 const log = require('../../log')
 
@@ -34,7 +34,7 @@ function handleResult (actions, req, res, abortController, config) {
   const { enabled, maxDepth, maxStackTraces } = config.appsec.stackTrace
 
   if (generateStackTraceAction && enabled) {
-    const frames = getFramesForMetaStruct(maxDepth)
+    const frames = getCallsiteFrames(maxDepth)
 
     const rootSpan = web.root(req)
     reportStackTrace(

packages/dd-trace/src/appsec/stack_trace.js

@@ -37,7 +37,7 @@ function filterOutFramesFromLibrary (callSiteList) {
   return callSiteList.filter(callSite => !callSite.getFileName()?.startsWith(ddBasePath))
 }
 
-function getFramesForMetaStruct (maxDepth = 32, callSiteListGetter = getCallSiteList) {
+function getCallsiteFrames (maxDepth = 32, callSiteListGetter = getCallSiteList) {
   if (maxDepth < 1) maxDepth = Infinity
 
   const callSiteList = callSiteListGetter(maxDepth)
@@ -91,7 +91,7 @@ function reportStackTrace (
 }
 
 module.exports = {
-  getFramesForMetaStruct,
+  getCallsiteFrames,
   reportStackTrace,
   STACK_TRACE_NAMESPACES
 }

packages/dd-trace/test/appsec/iast/analyzers/hardcoded-password-analyzer.spec.js

@@ -10,6 +10,7 @@ const Config = require('../../../../src/config')
 
 const hardcodedPasswordAnalyzer = require('../../../../src/appsec/iast/analyzers/hardcoded-password-analyzer')
 const iast = require('../../../../src/appsec/iast')
+const vulnerabilityReporter = require('../../../../src/appsec/iast/vulnerability-reporter')
 
 const ruleId = 'hardcoded-password'
 const samples = [
@@ -131,6 +132,7 @@ describe('Hardcoded Password Analyzer', () => {
 
       afterEach(() => {
         iast.disable()
+        vulnerabilityReporter.clearCache()
       })
 
       afterEach(() => {

packages/dd-trace/test/appsec/iast/analyzers/hardcoded-secret-analyzer.spec.js

@@ -11,6 +11,7 @@ const { NameAndValue, ValueOnly } = require('../../../../src/appsec/iast/analyze
 const hardcodedSecretAnalyzer = require('../../../../src/appsec/iast/analyzers/hardcoded-secret-analyzer')
 const { suite } = require('./resources/hardcoded-secrets-suite.json')
 const iast = require('../../../../src/appsec/iast')
+const vulnerabilityReporter = require('../../../../src/appsec/iast/vulnerability-reporter')
 
 describe('Hardcoded Secret Analyzer', () => {
   describe('unit test', () => {
@@ -101,6 +102,7 @@ describe('Hardcoded Secret Analyzer', () => {
 
       afterEach(() => {
         iast.disable()
+        vulnerabilityReporter.clearCache()
       })
 
       afterEach(() => {

packages/dd-trace/test/appsec/iast/path-line.spec.js

@@ -59,20 +59,20 @@ describe('path-line', function () {
     })
   })
 
-  describe('getNonDDFrames', () => {
+  describe('getNonDDCallSiteFrames', () => {
     describe('does not fail', () => {
       it('with null parameter', () => {
-        const result = pathLine.getNonDDFrames(null)
+        const result = pathLine.getNonDDCallSiteFrames(null)
         expect(result).to.be.an('array').that.is.empty
       })
 
       it('with empty list parameter', () => {
-        const result = pathLine.getNonDDFrames([])
+        const result = pathLine.getNonDDCallSiteFrames([])
         expect(result).to.be.an('array').that.is.empty
       })
 
       it('without parameter', () => {
-        const result = pathLine.getNonDDFrames()
+        const result = pathLine.getNonDDCallSiteFrames()
         expect(result).to.be.an('array').that.is.empty
       })
     })
@@ -108,7 +108,7 @@ describe('path-line', function () {
         callsites.push(new CallSiteMock(firstFileOutOfDD, 13, 42))
         callsites.push(new CallSiteMock(secondFileOutOfDD, 20, 15))
 
-        const results = pathLine.getNonDDFrames(callsites)
+        const results = pathLine.getNonDDCallSiteFrames(callsites)
 
         expect(results).to.have.lengthOf(2)
 
@@ -127,7 +127,7 @@ describe('path-line', function () {
         callsites.push(new CallSiteMock(path.join(DD_BASE_PATH, 'other', 'file', 'in', 'dd.js'), 89))
         callsites.push(new CallSiteMock(path.join(DD_BASE_PATH, 'another', 'file', 'in', 'dd.js'), 5))
 
-        const results = pathLine.getNonDDFrames(callsites)
+        const results = pathLine.getNonDDCallSiteFrames(callsites)
         expect(results).to.be.an('array').that.is.empty
       })
 
@@ -142,7 +142,7 @@ describe('path-line', function () {
           callsites.push(new CallSiteMock(dcPath, 25))
           callsites.push(new CallSiteMock(firstFileOutOfDD, 13, 42))
 
-          const results = pathLine.getNonDDFrames(callsites)
+          const results = pathLine.getNonDDCallSiteFrames(callsites)
           expect(results).to.have.lengthOf(1)
 
           expect(results[0].path).to.be.equals(expectedFilePath)
@@ -184,7 +184,7 @@ describe('path-line', function () {
         callsites.push(new CallSiteMock(firstFileOutOfDD, 13, 42))
         callsites.push(new CallSiteMock(secondFileOutOfDD, 20, 15))
 
-        const results = pathLine.getNonDDFrames(callsites)
+        const results = pathLine.getNonDDCallSiteFrames(callsites)
         expect(results).to.have.lengthOf(2)
 
         expect(results[0].path).to.be.equals(expectedFilePaths[0])
@@ -199,36 +199,37 @@ describe('path-line', function () {
   })
 
   describe('getNodeModulesPaths', () => {
-    // function getCallSiteInfo () {
-    //   const previousPrepareStackTrace = Error.prepareStackTrace
-    //   const previousStackTraceLimit = Error.stackTraceLimit
-    //   let callsiteList
-    //   Error.stackTraceLimit = 100
-    //   Error.prepareStackTrace = function (_, callsites) {
-    //     callsiteList = callsites
-    //   }
-    //   const e = new Error()
-    //   e.stack
-    //   Error.prepareStackTrace = previousPrepareStackTrace
-    //   Error.stackTraceLimit = previousStackTraceLimit
-
-    //   return callsiteList
-    // }
-    // TODO: propose another test similar to this
-    // it('should handle windows paths correctly', () => {
-    //   const basePath = pathLine.ddBasePath
-    //   pathLine.ddBasePath = path.join('test', 'base', 'path')
-    //   const { getFramesForMetaStruct } = require('../../../src/appsec/stack_trace')
-
-    //   const list = getFramesForMetaStruct(32, getCallSiteInfo)
-    //   const firstNonDDPath = pathLine.getNonDDFrames(list)[0]
-
-    //   const nodeModulesPaths = pathLine.getNodeModulesPaths(__filename)
-
-    //   expect(nodeModulesPaths[0]).to.eq(path.join('node_modules', process.cwd(), firstNonDDPath.path))
-
-    //   pathLine.ddBasePath = basePath
-    // })
+    function getCallSiteInfo () {
+      const previousPrepareStackTrace = Error.prepareStackTrace
+      const previousStackTraceLimit = Error.stackTraceLimit
+      let callsiteList
+      Error.stackTraceLimit = 100
+      Error.prepareStackTrace = function (_, callsites) {
+        callsiteList = callsites
+      }
+      const e = new Error()
+      e.stack
+      Error.prepareStackTrace = previousPrepareStackTrace
+      Error.stackTraceLimit = previousStackTraceLimit
+
+      return callsiteList
+    }
+
+    it('should handle windows paths correctly', () => {
+      const basePath = pathLine.ddBasePath
+      pathLine.ddBasePath = path.join('test', 'base', 'path')
+      const { getCallsiteFrames } = require('../../../src/appsec/stack_trace')
+
+      const list = getCallsiteFrames(32, getCallSiteInfo)
+      const firstNonDDPath = pathLine.getNonDDCallSiteFrames(list)[0]
+
+      const expectedPath = path.join('node_modules', firstNonDDPath.path)
+      const nodeModulesPaths = pathLine.getNodeModulesPaths(firstNonDDPath.path)
+
+      expect(nodeModulesPaths[0]).to.equal(expectedPath)
+
+      pathLine.ddBasePath = basePath
+    })
 
     it('should convert / to \\ in windows platforms', () => {
       const dirname = __dirname