Protect req.socket.remoteAddress in appsec reporter (#4954)

uurien · web-flow · commit 865654c9cd8f · 2024-12-02T10:59:29.000+01:00
diff --git a/packages/dd-trace/src/appsec/reporter.js b/packages/dd-trace/src/appsec/reporter.js
@@ -148,7 +148,9 @@ function reportAttack (attackData) {
     newTags['_dd.appsec.json'] = '{"triggers":' + attackData + '}'
   }
 
-  newTags['network.client.ip'] = req.socket.remoteAddress
+  if (req.socket) {
+    newTags['network.client.ip'] = req.socket.remoteAddress
+  }
 
   rootSpan.addTags(newTags)
 }
diff --git a/packages/dd-trace/test/appsec/reporter.spec.js b/packages/dd-trace/test/appsec/reporter.spec.js
@@ -223,6 +223,22 @@ describe('reporter', () => {
       storage.disable()
     })
 
+    it('should add tags to request span when socket is not there', () => {
+      delete req.socket
+
+      const result = Reporter.reportAttack('[{"rule":{},"rule_matches":[{}]}]')
+
+      expect(result).to.not.be.false
+      expect(web.root).to.have.been.calledOnceWith(req)
+
+      expect(span.addTags).to.have.been.calledOnceWithExactly({
+        'appsec.event': 'true',
+        '_dd.origin': 'appsec',
+        '_dd.appsec.json': '{"triggers":[{"rule":{},"rule_matches":[{}]}]}'
+      })
+      expect(prioritySampler.setPriority).to.have.been.calledOnceWithExactly(span, USER_KEEP, SAMPLING_MECHANISM_APPSEC)
+    })
+
     it('should add tags to request span', () => {
       const result = Reporter.reportAttack('[{"rule":{},"rule_matches":[{}]}]')
       expect(result).to.not.be.false

Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,9 @@ function reportAttack (attackData) {`
`148`	`148`	`newTags['_dd.appsec.json'] = '{"triggers":' + attackData + '}'`
`149`	`149`	`}`
`150`	`150`
`151`		`- newTags['network.client.ip'] = req.socket.remoteAddress`
	`151`	`+ if (req.socket) {`
	`152`	`+ newTags['network.client.ip'] = req.socket.remoteAddress`
	`153`	`+ }`
`152`	`154`
`153`	`155`	`rootSpan.addTags(newTags)`
`154`	`156`	`}`