diff --git a/packages/dd-trace/src/appsec/iast/iast-context.js b/packages/dd-trace/src/appsec/iast/iast-context.js index eb98d81e17c..77c757fff8a 100644 --- a/packages/dd-trace/src/appsec/iast/iast-context.js +++ b/packages/dd-trace/src/appsec/iast/iast-context.js @@ -12,12 +12,12 @@ function getIastContext (store, topContext) { function getIastStackTraceId (iastContext) { if (!iastContext) return 0 - if (!iastContext.iastStackTraceId) { - iastContext.iastStackTraceId = 0 + if (!iastContext.stackTraceId) { + iastContext.stackTraceId = 0 } - iastContext.iastStackTraceId += 1 - return iastContext.iastStackTraceId + iastContext.stackTraceId += 1 + return iastContext.stackTraceId } /* TODO Fix storage problem when the close event is called without diff --git a/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js b/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js index 711815e2da5..264e7f916e6 100644 --- a/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js +++ b/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js @@ -103,7 +103,7 @@ function stopClearCacheTimer () { } function isDuplicatedVulnerability (vulnerability) { - return VULNERABILITY_HASHES.has(`${vulnerability.type}${vulnerability.hash}`) + return VULNERABILITY_HASHES.get(`${vulnerability.type}${vulnerability.hash}`) } function getVulnerabilityCallSiteList () { diff --git a/packages/dd-trace/src/appsec/rasp/utils.js b/packages/dd-trace/src/appsec/rasp/utils.js index 9edc7c70092..4908d8c8687 100644 --- a/packages/dd-trace/src/appsec/rasp/utils.js +++ b/packages/dd-trace/src/appsec/rasp/utils.js @@ -33,9 +33,9 @@ function handleResult (actions, req, res, abortController, config) { const { enabled, maxDepth, maxStackTraces } = config.appsec.stackTrace - const callSiteList = getCallSiteList(maxDepth) - if (generateStackTraceAction && enabled) { + const callSiteList = getCallSiteList(maxDepth) + const rootSpan = web.root(req) reportStackTrace( rootSpan, diff --git a/packages/dd-trace/test/appsec/iast/analyzers/vulnerability-analyzer.spec.js b/packages/dd-trace/test/appsec/iast/analyzers/vulnerability-analyzer.spec.js index 2d882844c0b..3a4ad3a9af6 100644 --- a/packages/dd-trace/test/appsec/iast/analyzers/vulnerability-analyzer.spec.js +++ b/packages/dd-trace/test/appsec/iast/analyzers/vulnerability-analyzer.spec.js @@ -117,7 +117,7 @@ describe('vulnerability-analyzer', () => { } } vulnerabilityAnalyzer._report(VULNERABLE_VALUE, context) - expect(vulnerabilityReporter.addVulnerability).to.have.been.calledOnceWith( + expect(vulnerabilityReporter.addVulnerability).to.have.been.calledOnceWithExactly( context, { type: 'TEST_ANALYZER', diff --git a/packages/dd-trace/test/appsec/rasp/utils.spec.js b/packages/dd-trace/test/appsec/rasp/utils.spec.js index 061c3e3c573..2f6918dd0ab 100644 --- a/packages/dd-trace/test/appsec/rasp/utils.spec.js +++ b/packages/dd-trace/test/appsec/rasp/utils.spec.js @@ -12,7 +12,7 @@ describe('RASP - utils.js', () => { stackTrace = { reportStackTrace: sinon.stub(), - getCallSiteList: sinon.stub().returns({}) + getCallSiteList: sinon.stub().returns([]) } utils = proxyquire('../../../src/appsec/rasp/utils', { @@ -45,7 +45,7 @@ describe('RASP - utils.js', () => { web.root.returns(rootSpan) utils.handleResult(result, req, undefined, undefined, config) - sinon.assert.calledOnceWithExactly(stackTrace.reportStackTrace, rootSpan, stackId, 42, 2, {}) + sinon.assert.calledOnceWithExactly(stackTrace.reportStackTrace, rootSpan, stackId, 42, 2, []) }) it('should not report stack trace when no action is present in waf result', () => {