npm - dd-trace - Versions diffs - 5.35.0 → 5.37.0 - Mend

dd-trace 5.35.0 → 5.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (125) hide show

package/packages/datadog-plugin-playwright/src/index.js CHANGED Viewed

@@ -11,12 +11,15 @@ const {
   TEST_SOURCE_START,
   TEST_CODE_OWNERS,
   TEST_SOURCE_FILE,
-  TEST_CONFIGURATION_BROWSER_NAME,
+  TEST_PARAMETERS,
   TEST_IS_NEW,
   TEST_IS_RETRY,
   TEST_EARLY_FLAKE_ENABLED,
   TELEMETRY_TEST_SESSION,
-  TEST_RETRY_REASON
+  TEST_RETRY_REASON,
+  TEST_MANAGEMENT_IS_QUARANTINED,
+  TEST_MANAGEMENT_ENABLED,
+  TEST_BROWSER_NAME
 } = require('../../dd-trace/src/plugins/util/test')
 const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT } = require('../../dd-trace/src/constants')
@@ -38,7 +41,12 @@ class PlaywrightPlugin extends CiPlugin {
     this.numFailedTests = 0
     this.numFailedSuites = 0
-    this.addSub('ci:playwright:session:finish', ({ status, isEarlyFlakeDetectionEnabled, onDone }) => {
+    this.addSub('ci:playwright:session:finish', ({
+      status,
+      isEarlyFlakeDetectionEnabled,
+      isQuarantinedTestsEnabled,
+      onDone
+    }) => {
       this.testModuleSpan.setTag(TEST_STATUS, status)
       this.testSessionSpan.setTag(TEST_STATUS, status)
@@ -56,6 +64,10 @@ class PlaywrightPlugin extends CiPlugin {
         this.testSessionSpan.setTag('error', error)
       }
+      if (isQuarantinedTestsEnabled) {
+        this.testSessionSpan.setTag(TEST_MANAGEMENT_ENABLED, 'true')
+      }
       this.testModuleSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'module')
       this.testSessionSpan.finish()
@@ -68,7 +80,7 @@ class PlaywrightPlugin extends CiPlugin {
     })
     this.addSub('ci:playwright:test-suite:start', (testSuiteAbsolutePath) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.rootDir)
       const testSourceFile = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
@@ -102,7 +114,7 @@ class PlaywrightPlugin extends CiPlugin {
     })
     this.addSub('ci:playwright:test-suite:finish', ({ status, error }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store && store.span
       if (!span) return
       if (error) {
@@ -121,15 +133,24 @@ class PlaywrightPlugin extends CiPlugin {
     })
     this.addSub('ci:playwright:test:start', ({ testName, testSuiteAbsolutePath, testSourceLine, browserName }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.rootDir)
       const testSourceFile = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
       const span = this.startTestSpan(testName, testSuite, testSourceFile, testSourceLine, browserName)
       this.enter(span, store)
     })
-    this.addSub('ci:playwright:test:finish', ({ testStatus, steps, error, extraTags, isNew, isEfdRetry, isRetry }) => {
-      const store = storage.getStore()
+    this.addSub('ci:playwright:test:finish', ({
+      testStatus,
+      steps,
+      error,
+      extraTags,
+      isNew,
+      isEfdRetry,
+      isRetry,
+      isQuarantined
+    }) => {
+      const store = storage('legacy').getStore()
       const span = store && store.span
       if (!span) return
@@ -151,6 +172,9 @@ class PlaywrightPlugin extends CiPlugin {
       if (isRetry) {
         span.setTag(TEST_IS_RETRY, 'true')
       }
+      if (isQuarantined) {
+        span.setTag(TEST_MANAGEMENT_IS_QUARANTINED, 'true')
+      }
       steps.forEach(step => {
         const stepStartTime = step.startTime.getTime()
@@ -202,7 +226,9 @@ class PlaywrightPlugin extends CiPlugin {
       extraTags[TEST_SOURCE_FILE] = testSourceFile || testSuite
     }
     if (browserName) {
-      extraTags[TEST_CONFIGURATION_BROWSER_NAME] = browserName
+      // Added as parameter too because it should affect the test fingerprint
+      extraTags[TEST_PARAMETERS] = JSON.stringify({ arguments: { browser: browserName }, metadata: {} })
+      extraTags[TEST_BROWSER_NAME] = browserName
     }
     return super.startTestSpan(testName, testSuite, testSuiteSpan, extraTags)

package/packages/datadog-plugin-rhea/src/consumer.js CHANGED Viewed

@@ -11,7 +11,7 @@ class RheaConsumerPlugin extends ConsumerPlugin {
     super(...args)
     this.addTraceSub('dispatch', ({ state }) => {
-      const span = storage.getStore().span
+      const span = storage('legacy').getStore().span
       span.setTag('amqp.delivery.state', state)
     })
   }

package/packages/datadog-plugin-router/src/index.js CHANGED Viewed

@@ -29,7 +29,7 @@ class RouterPlugin extends WebPlugin {
         context.middleware.push(span)
       }
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       this._storeStack.push(store)
       this.enter(span, store)
@@ -94,7 +94,7 @@ class RouterPlugin extends WebPlugin {
   }
   _getStoreSpan () {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     return store && store.span
   }

package/packages/datadog-plugin-selenium/src/index.js CHANGED Viewed

@@ -39,7 +39,7 @@ class SeleniumPlugin extends CiPlugin {
       browserVersion,
       isRumActive
     }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store?.span
       if (!span) {
         return

package/packages/datadog-plugin-vitest/src/index.js CHANGED Viewed

@@ -18,7 +18,9 @@ const {
   TEST_IS_NEW,
   TEST_EARLY_FLAKE_ENABLED,
   TEST_EARLY_FLAKE_ABORT_REASON,
-  TEST_RETRY_REASON
+  TEST_RETRY_REASON,
+  TEST_MANAGEMENT_ENABLED,
+  TEST_MANAGEMENT_IS_QUARANTINED
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -48,6 +50,20 @@ class VitestPlugin extends CiPlugin {
       onDone(!testsForThisTestSuite.includes(testName))
     })
+    this.addSub('ci:vitest:test:is-quarantined', ({ quarantinedTests, testSuiteAbsolutePath, testName, onDone }) => {
+      const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
+      const isQuarantined = quarantinedTests
+        ?.vitest
+        ?.suites
+        ?.[testSuite]
+        ?.tests
+        ?.[testName]
+        ?.properties
+        ?.quarantined
+      onDone(isQuarantined ?? false)
+    })
     this.addSub('ci:vitest:is-early-flake-detection-faulty', ({
       knownTests,
       testFilepaths,
@@ -66,11 +82,12 @@ class VitestPlugin extends CiPlugin {
       testSuiteAbsolutePath,
       isRetry,
       isNew,
+      isQuarantined,
       mightHitProbe,
       isRetryReasonEfd
     }) => {
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const extraTags = {
         [TEST_SOURCE_FILE]: testSuite
@@ -84,6 +101,9 @@ class VitestPlugin extends CiPlugin {
       if (isRetryReasonEfd) {
         extraTags[TEST_RETRY_REASON] = 'efd'
       }
+      if (isQuarantined) {
+        extraTags[TEST_MANAGEMENT_IS_QUARANTINED] = 'true'
+      }
       const span = this.startTestSpan(
         testName,
@@ -102,7 +122,7 @@ class VitestPlugin extends CiPlugin {
     })
     this.addSub('ci:vitest:test:finish-time', ({ status, task }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store?.span
       // we store the finish time to finish at a later hook
@@ -114,7 +134,7 @@ class VitestPlugin extends CiPlugin {
     })
     this.addSub('ci:vitest:test:pass', ({ task }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store?.span
       if (span) {
@@ -128,15 +148,15 @@ class VitestPlugin extends CiPlugin {
     })
     this.addSub('ci:vitest:test:error', ({ duration, error, shouldSetProbe, promises }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store?.span
       if (span) {
         if (shouldSetProbe && this.di) {
           const probeInformation = this.addDiProbe(error)
           if (probeInformation) {
-            const { probeId, stackIndex, setProbePromise } = probeInformation
-            this.runningTestProbeId = probeId
+            const { file, line, stackIndex, setProbePromise } = probeInformation
+            this.runningTestProbe = { file, line }
             this.testErrorStackIndex = stackIndex
             promises.setProbePromise = setProbePromise
           }
@@ -221,13 +241,13 @@ class VitestPlugin extends CiPlugin {
         }
       })
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_CREATED, 'suite')
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       this.enter(testSuiteSpan, store)
       this.testSuiteSpan = testSuiteSpan
     })
     this.addSub('ci:vitest:test-suite:finish', ({ status, onFinish }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store?.span
       if (span) {
         span.setTag(TEST_STATUS, status)
@@ -237,13 +257,13 @@ class VitestPlugin extends CiPlugin {
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'suite')
       // TODO: too frequent flush - find for method in worker to decrease frequency
       this.tracer._exporter.flush(onFinish)
-      if (this.runningTestProbeId) {
-        this.removeDiProbe(this.runningTestProbeId)
+      if (this.runningTestProbe) {
+        this.removeDiProbe(this.runningTestProbe)
       }
     })
     this.addSub('ci:vitest:test-suite:error', ({ error }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const span = store?.span
       if (span && error) {
         span.setTag('error', error)
@@ -257,6 +277,7 @@ class VitestPlugin extends CiPlugin {
       testCodeCoverageLinesTotal,
       isEarlyFlakeDetectionEnabled,
       isEarlyFlakeDetectionFaulty,
+      isQuarantinedTestsEnabled,
       onFinish
     }) => {
       this.testSessionSpan.setTag(TEST_STATUS, status)
@@ -275,6 +296,9 @@ class VitestPlugin extends CiPlugin {
       if (isEarlyFlakeDetectionFaulty) {
         this.testSessionSpan.setTag(TEST_EARLY_FLAKE_ABORT_REASON, 'faulty')
       }
+      if (isQuarantinedTestsEnabled) {
+        this.testSessionSpan.setTag(TEST_MANAGEMENT_ENABLED, 'true')
+      }
       this.testModuleSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'module')
       this.testSessionSpan.finish()

package/packages/dd-trace/src/appsec/graphql.js CHANGED Viewed

@@ -30,7 +30,7 @@ function disable () {
 }
 function onGraphqlStartResolve ({ context, resolverInfo }) {
-  const req = storage.getStore()?.req
+  const req = storage('legacy').getStore()?.req
   if (!req) return
@@ -49,7 +49,7 @@ function onGraphqlStartResolve ({ context, resolverInfo }) {
 }
 function enterInApolloMiddleware (data) {
-  const req = data?.req || storage.getStore()?.req
+  const req = data?.req || storage('legacy').getStore()?.req
   if (!req) return
   graphqlRequestData.set(req, {
@@ -59,7 +59,7 @@ function enterInApolloMiddleware (data) {
 }
 function enterInApolloServerCoreRequest () {
-  const req = storage.getStore()?.req
+  const req = storage('legacy').getStore()?.req
   if (!req) return
   graphqlRequestData.set(req, {
@@ -69,13 +69,13 @@ function enterInApolloServerCoreRequest () {
 }
 function exitFromApolloMiddleware (data) {
-  const req = data?.req || storage.getStore()?.req
+  const req = data?.req || storage('legacy').getStore()?.req
   const requestData = graphqlRequestData.get(req)
   if (requestData) requestData.inApolloMiddleware = false
 }
 function enterInApolloRequest () {
-  const req = storage.getStore()?.req
+  const req = storage('legacy').getStore()?.req
   const requestData = graphqlRequestData.get(req)
   if (requestData?.inApolloMiddleware) {
@@ -85,7 +85,7 @@ function enterInApolloRequest () {
 }
 function beforeWriteApolloGraphqlResponse ({ abortController, abortData }) {
-  const req = storage.getStore()?.req
+  const req = storage('legacy').getStore()?.req
   if (!req) return
   const requestData = graphqlRequestData.get(req)

package/packages/dd-trace/src/appsec/iast/analyzers/code-injection-analyzer.js CHANGED Viewed

@@ -1,12 +1,12 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { CODE_INJECTION } = require('../vulnerabilities')
+const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
 const { INSTRUMENTED_SINK } = require('../telemetry/iast-metric')
 const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
-class CodeInjectionAnalyzer extends InjectionAnalyzer {
+class CodeInjectionAnalyzer extends StoredInjectionAnalyzer {
   constructor () {
     super(CODE_INJECTION)
     this.evalInstrumentedInc = false
@@ -15,7 +15,7 @@ class CodeInjectionAnalyzer extends InjectionAnalyzer {
   onConfigure () {
     this.addSub('datadog:eval:call', ({ script }) => {
       if (!this.evalInstrumentedInc) {
-        const store = storage.getStore()
+        const store = storage('legacy').getStore()
         const iastContext = getIastContext(store)
         const tags = INSTRUMENTED_SINK.formatTags(CODE_INJECTION)
@@ -31,10 +31,6 @@ class CodeInjectionAnalyzer extends InjectionAnalyzer {
     this.addSub('datadog:vm:run-script:start', ({ code }) => this.analyze(code))
     this.addSub('datadog:vm:source-text-module:start', ({ code }) => this.analyze(code))
   }
-  _areRangesVulnerable () {
-    return true
-  }
 }
 module.exports = new CodeInjectionAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/injection-analyzer.js CHANGED Viewed

@@ -5,8 +5,13 @@ const { SQL_ROW_VALUE } = require('../taint-tracking/source-types')
 class InjectionAnalyzer extends Analyzer {
   _isVulnerable (value, iastContext) {
-    const ranges = value && getRanges(iastContext, value)
+    let ranges = value && getRanges(iastContext, value)
     if (ranges?.length > 0) {
+      ranges = this._filterSecureRanges(ranges)
+      if (!ranges?.length) {
+        this._incrementSuppressedMetric(iastContext)
+      }
       return this._areRangesVulnerable(ranges)
     }
@@ -21,6 +26,15 @@ class InjectionAnalyzer extends Analyzer {
   _areRangesVulnerable (ranges) {
     return ranges?.some(range => range.iinfo.type !== SQL_ROW_VALUE)
   }
+  _filterSecureRanges (ranges) {
+    return ranges?.filter(range => !this._isRangeSecure(range))
+  }
+  _isRangeSecure (range) {
+    const { secureMarks } = range
+    return (secureMarks & this._secureMark) === this._secureMark
+  }
 }
 module.exports = InjectionAnalyzer

package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js CHANGED Viewed

@@ -4,29 +4,13 @@ const InjectionAnalyzer = require('./injection-analyzer')
 const { NOSQL_MONGODB_INJECTION } = require('../vulnerabilities')
 const { getRanges, addSecureMark } = require('../taint-tracking/operations')
 const { getNodeModulesPaths } = require('../path-line')
-const { getNextSecureMark } = require('../taint-tracking/secure-marks-generator')
 const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
 const { HTTP_REQUEST_PARAMETER, HTTP_REQUEST_BODY } = require('../taint-tracking/source-types')
 const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
-const MONGODB_NOSQL_SECURE_MARK = getNextSecureMark()
-function iterateObjectStrings (target, fn, levelKeys = [], depth = 20, visited = new Set()) {
-  if (target !== null && typeof target === 'object') {
-    Object.keys(target).forEach((key) => {
-      const nextLevelKeys = [...levelKeys, key]
-      const val = target[key]
-      if (typeof val === 'string') {
-        fn(val, nextLevelKeys, target, key)
-      } else if (depth > 0 && !visited.has(val)) {
-        iterateObjectStrings(val, fn, nextLevelKeys, depth - 1, visited)
-        visited.add(val)
-      }
-    })
-  }
-}
+const { NOSQL_MONGODB_INJECTION_MARK } = require('../taint-tracking/secure-marks')
+const { iterateObjectStrings } = require('../utils')
 class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
   constructor () {
@@ -38,7 +22,7 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
     this.configureSanitizers()
     const onStart = ({ filters }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       if (store && !store.nosqlAnalyzed && filters?.length) {
         filters.forEach(filter => {
           this.analyze({ filter }, store)
@@ -51,14 +35,14 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
     const onStartAndEnterWithStore = (message) => {
       const store = onStart(message || {})
       if (store) {
-        storage.enterWith({ ...store, nosqlAnalyzed: true, nosqlParentStore: store })
+        storage('legacy').enterWith({ ...store, nosqlAnalyzed: true, nosqlParentStore: store })
       }
     }
     const onFinish = () => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       if (store?.nosqlParentStore) {
-        storage.enterWith(store.nosqlParentStore)
+        storage('legacy').enterWith(store.nosqlParentStore)
       }
     }
@@ -74,7 +58,7 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
   configureSanitizers () {
     this.addNotSinkSub('datadog:express-mongo-sanitize:filter:finish', ({ sanitizedProperties, req }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const iastContext = getIastContext(store)
       if (iastContext) { // do nothing if we are not in an iast request
@@ -88,7 +72,7 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
                 const currentLevelKey = levelKeys[i]
                 if (i === levelsLength - 1) {
-                  parentObj[currentLevelKey] = addSecureMark(iastContext, value, MONGODB_NOSQL_SECURE_MARK)
+                  parentObj[currentLevelKey] = addSecureMark(iastContext, value, NOSQL_MONGODB_INJECTION_MARK)
                 } else {
                   parentObj = parentObj[currentLevelKey]
                 }
@@ -100,13 +84,13 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
     })
     this.addNotSinkSub('datadog:express-mongo-sanitize:sanitize:finish', ({ sanitizedObject }) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const iastContext = getIastContext(store)
       if (iastContext) { // do nothing if we are not in an iast request
         iterateObjectStrings(sanitizedObject, function (value, levelKeys, parent, lastKey) {
           try {
-            parent[lastKey] = addSecureMark(iastContext, value, MONGODB_NOSQL_SECURE_MARK)
+            parent[lastKey] = addSecureMark(iastContext, value, NOSQL_MONGODB_INJECTION_MARK)
           } catch {
             // if it is a readonly property, do nothing
           }
@@ -121,8 +105,7 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
   _isVulnerableRange (range) {
     const rangeType = range?.iinfo?.type
-    const isVulnerableType = rangeType === HTTP_REQUEST_PARAMETER || rangeType === HTTP_REQUEST_BODY
-    return isVulnerableType && (range.secureMarks & MONGODB_NOSQL_SECURE_MARK) !== MONGODB_NOSQL_SECURE_MARK
+    return rangeType === HTTP_REQUEST_PARAMETER || rangeType === HTTP_REQUEST_BODY
   }
   _isVulnerable (value, iastContext) {
@@ -137,10 +120,15 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
       const allRanges = []
       iterateObjectStrings(value.filter, (val, nextLevelKeys) => {
-        const ranges = getRanges(iastContext, val)
+        let ranges = getRanges(iastContext, val)
         if (ranges?.length) {
           const filteredRanges = []
+          ranges = this._filterSecureRanges(ranges)
+          if (!ranges.length) {
+            this._incrementSuppressedMetric(iastContext)
+          }
           for (const range of ranges) {
             if (this._isVulnerableRange(range)) {
               isVulnerable = true
@@ -175,4 +163,3 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
 }
 module.exports = new NosqlInjectionMongodbAnalyzer()
-module.exports.MONGODB_NOSQL_SECURE_MARK = MONGODB_NOSQL_SECURE_MARK

package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js CHANGED Viewed

@@ -29,7 +29,7 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
   onConfigure () {
     this.addSub('apm:fs:operation:start', (obj) => {
-      const store = storage.getStore()
+      const store = storage('legacy').getStore()
       const outOfReqOrChild = !store?.fs?.root
       // we could filter out all the nested fs.operations based on store.fs.root
@@ -84,7 +84,7 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
   }
   analyze (value) {
-    const iastContext = getIastContext(storage.getStore())
+    const iastContext = getIastContext(storage('legacy').getStore())
     if (!iastContext) {
       return
     }

package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js CHANGED Viewed

@@ -1,14 +1,14 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { SQL_INJECTION } = require('../vulnerabilities')
 const { getRanges } = require('../taint-tracking/operations')
 const { storage } = require('../../../../../datadog-core')
 const { getNodeModulesPaths } = require('../path-line')
+const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
 const EXCLUDED_PATHS = getNodeModulesPaths('mysql', 'mysql2', 'sequelize', 'pg-pool', 'knex')
-class SqlInjectionAnalyzer extends InjectionAnalyzer {
+class SqlInjectionAnalyzer extends StoredInjectionAnalyzer {
   constructor () {
     super(SQL_INJECTION)
   }
@@ -38,18 +38,18 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
   }
   getStoreAndAnalyze (query, dialect) {
-    const parentStore = storage.getStore()
+    const parentStore = storage('legacy').getStore()
     if (parentStore) {
       this.analyze(query, parentStore, dialect)
-      storage.enterWith({ ...parentStore, sqlAnalyzed: true, sqlParentStore: parentStore })
+      storage('legacy').enterWith({ ...parentStore, sqlAnalyzed: true, sqlParentStore: parentStore })
     }
   }
   returnToParentStore () {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     if (store && store.sqlParentStore) {
-      storage.enterWith(store.sqlParentStore)
+      storage('legacy').enterWith(store.sqlParentStore)
     }
   }
@@ -59,7 +59,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
   }
   analyze (value, store, dialect) {
-    store = store || storage.getStore()
+    store = store || storage('legacy').getStore()
     if (!(store && store.sqlAnalyzed)) {
       super.analyze(value, store, dialect)
     }
@@ -82,10 +82,6 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
       return knexDialect.toUpperCase()
     }
   }
-  _areRangesVulnerable () {
-    return true
-  }
 }
 module.exports = new SqlInjectionAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/stored-injection-analyzer.js ADDED Viewed

@@ -0,0 +1,11 @@
+'use strict'
+const InjectionAnalyzer = require('./injection-analyzer')
+class StoredInjectionAnalyzer extends InjectionAnalyzer {
+  _areRangesVulnerable (ranges) {
+    return ranges?.length > 0
+  }
+}
+module.exports = StoredInjectionAnalyzer

package/packages/dd-trace/src/appsec/iast/analyzers/template-injection-analyzer.js CHANGED Viewed

@@ -1,9 +1,9 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { TEMPLATE_INJECTION } = require('../vulnerabilities')
+const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
-class TemplateInjectionAnalyzer extends InjectionAnalyzer {
+class TemplateInjectionAnalyzer extends StoredInjectionAnalyzer {
   constructor () {
     super(TEMPLATE_INJECTION)
   }
@@ -13,10 +13,6 @@ class TemplateInjectionAnalyzer extends InjectionAnalyzer {
     this.addSub('datadog:handlebars:register-partial:start', ({ partial }) => this.analyze(partial))
     this.addSub('datadog:pug:compile:start', ({ source }) => this.analyze(source))
   }
-  _areRangesVulnerable () {
-    return true
-  }
 }
 module.exports = new TemplateInjectionAnalyzer()