From 29f58cbdbf916ebd56f075dfa455429cd710ee80 Mon Sep 17 00:00:00 2001
From: Ugaitz Urien <ugaitz.urien@datadoghq.com>
Date: Thu, 28 Nov 2024 09:25:40 +0100
Subject: [PATCH 1/3] Protect req.socket.remoteAddress

---
 packages/dd-trace/src/appsec/reporter.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/dd-trace/src/appsec/reporter.js b/packages/dd-trace/src/appsec/reporter.js
index be038279dc8..57519e5bc79 100644
--- a/packages/dd-trace/src/appsec/reporter.js
+++ b/packages/dd-trace/src/appsec/reporter.js
@@ -148,7 +148,9 @@ function reportAttack (attackData) {
     newTags['_dd.appsec.json'] = '{"triggers":' + attackData + '}'
   }
 
-  newTags['network.client.ip'] = req.socket.remoteAddress
+  if (req.socket) {
+    newTags['network.client.ip'] = req.socket.remoteAddress
+  }
 
   rootSpan.addTags(newTags)
 }

From 5ac6c0326840e6bf815e3180c951ec1777e21741 Mon Sep 17 00:00:00 2001
From: Ugaitz Urien <ugaitz.urien@datadoghq.com>
Date: Thu, 28 Nov 2024 11:00:22 +0100
Subject: [PATCH 2/3] Add test

---
 packages/dd-trace/test/appsec/reporter.spec.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/packages/dd-trace/test/appsec/reporter.spec.js b/packages/dd-trace/test/appsec/reporter.spec.js
index 757884c3566..2765bfd4df8 100644
--- a/packages/dd-trace/test/appsec/reporter.spec.js
+++ b/packages/dd-trace/test/appsec/reporter.spec.js
@@ -223,6 +223,20 @@ describe('reporter', () => {
       storage.disable()
     })
 
+    it('should add tags to request span when socket is not there', () => {
+      delete req.socket
+      const result = Reporter.reportAttack('[{"rule":{},"rule_matches":[{}]}]')
+      expect(result).to.not.be.false
+      expect(web.root).to.have.been.calledOnceWith(req)
+
+      expect(span.addTags).to.have.been.calledOnceWithExactly({
+        'appsec.event': 'true',
+        '_dd.origin': 'appsec',
+        '_dd.appsec.json': '{"triggers":[{"rule":{},"rule_matches":[{}]}]}'
+      })
+      expect(prioritySampler.setPriority).to.have.been.calledOnceWithExactly(span, USER_KEEP, SAMPLING_MECHANISM_APPSEC)
+    })
+
     it('should add tags to request span', () => {
       const result = Reporter.reportAttack('[{"rule":{},"rule_matches":[{}]}]')
       expect(result).to.not.be.false

From b274c00bab34300f5e887c603c392133b10fc267 Mon Sep 17 00:00:00 2001
From: Ugaitz Urien <ugaitz.urien@datadoghq.com>
Date: Thu, 28 Nov 2024 11:48:04 +0100
Subject: [PATCH 3/3] add few spaces and rename the test

---
 packages/dd-trace/test/appsec/reporter.spec.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/dd-trace/test/appsec/reporter.spec.js b/packages/dd-trace/test/appsec/reporter.spec.js
index 2765bfd4df8..cd7cc9a1581 100644
--- a/packages/dd-trace/test/appsec/reporter.spec.js
+++ b/packages/dd-trace/test/appsec/reporter.spec.js
@@ -225,7 +225,9 @@ describe('reporter', () => {
 
     it('should add tags to request span when socket is not there', () => {
       delete req.socket
+
       const result = Reporter.reportAttack('[{"rule":{},"rule_matches":[{}]}]')
+
       expect(result).to.not.be.false
       expect(web.root).to.have.been.calledOnceWith(req)