From 349155ff7b12d35283b50cdf2111634837b89a11 Mon Sep 17 00:00:00 2001
From: Igor Unanua <igor.unanua@datadoghq.com>
Date: Thu, 12 Sep 2024 14:32:11 +0200
Subject: [PATCH] cleanup

---
 .../iast/analyzers/path-traversal-analyzer.js       |  1 +
 packages/dd-trace/src/appsec/rasp/lfi.js            | 13 +++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js b/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js
index d5b95a3eae8..625dbde9150 100644
--- a/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js
+++ b/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js
@@ -35,6 +35,7 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
       // we could filter out all the nested fs.operations based on store.fs.root
       // but if we spect a store in the context to be present we are going to exclude
       // all out_of_the_request fs.operations
+      // AppsecFsPlugin must be enabled
       if (ignoredOperations.includes(obj.operation) || outOfReqOrChild) return
 
       const pathArguments = []
diff --git a/packages/dd-trace/src/appsec/rasp/lfi.js b/packages/dd-trace/src/appsec/rasp/lfi.js
index 4ca4963368f..eb000317630 100644
--- a/packages/dd-trace/src/appsec/rasp/lfi.js
+++ b/packages/dd-trace/src/appsec/rasp/lfi.js
@@ -4,7 +4,7 @@ const { fsOperationStart } = require('../channels')
 const { storage } = require('../../../../datadog-core')
 const web = require('../../plugins/util/web')
 const { enable: enableFsPlugin, disable: disableFsPlugin } = require('./fs-plugin')
-const addresses = require('../addresses')
+const { FS_OPERATION_PATH } = require('../addresses')
 const waf = require('../waf')
 const { RULE_TYPES, handleResult } = require('./utils')
 const { block } = require('../blocking')
@@ -36,9 +36,9 @@ function analyzeLfi (ctx) {
   const { req, fs, res } = store
   if (!req || !fs) return
 
-  if (fs.root && !fs.opExcluded && shouldAnalyze(path)) {
+  if (shouldAnalyze(fs, path)) {
     const persistent = {
-      [addresses.FS_OPERATION_PATH]: path
+      [FS_OPERATION_PATH]: path
     }
 
     const result = waf.run({ persistent }, req, RULE_TYPES.LFI)
@@ -49,14 +49,15 @@ function analyzeLfi (ctx) {
 
       const { aborted, reason } = abortController.signal
       if (aborted) {
-        block(req, res, web.root(req), null, reason.blockingAction)
+        block(req, res, web.root(req), null, reason?.blockingAction)
       }
     }
   }
 }
 
-function shouldAnalyze (path) {
-  return isAbsolute(path) || path.includes('../')
+function shouldAnalyze (fs, path) {
+  const notExcludedRootOp = !fs.opExcluded && fs.root
+  return notExcludedRootOp && (isAbsolute(path) || path.includes('../'))
 }
 
 module.exports = {