Add stack id in location as a string (#5250)

* Add stack id in location as a string

* get stackId  from location

* remove stack id from format vuln

Author: IlyasShabi

packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js

@@ -133,9 +133,9 @@ class Analyzer extends SinkIastPlugin {
       return {
         type,
         evidence,
-        stackId,
         location: {
           spanId: _spanId,
+          stackId,
           ...location
         },
         hash: this._createHash(this._createHashSource(type, evidence, location))

packages/dd-trace/src/appsec/iast/iast-context.js

@@ -10,14 +10,14 @@ function getIastContext (store, topContext) {
 }
 
 function getIastStackTraceId (iastContext) {
-  if (!iastContext) return 0
+  if (!iastContext) return '0'
 
   if (!iastContext.stackTraceId) {
     iastContext.stackTraceId = 0
   }
 
   iastContext.stackTraceId += 1
-  return iastContext.stackTraceId
+  return String(iastContext.stackTraceId)
 }
 
 /* TODO Fix storage problem when the close event is called without

packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js

@@ -81,12 +81,11 @@ class VulnerabilityFormatter {
   }
 
   formatVulnerability (vulnerability, sourcesIndexes, sources) {
-    const { type, hash, stackId, evidence, location } = vulnerability
+    const { type, hash, evidence, location } = vulnerability
 
     const formattedVulnerability = {
       type,
       hash,
-      stackId,
       evidence: this.formatEvidence(type, evidence, sourcesIndexes, sources),
       location
     }

packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -59,7 +59,7 @@ function addVulnerability (iastContext, vulnerability, callSiteFrames) {
 
     reportStackTrace(
       span,
-      vulnerability.stackId,
+      vulnerability.location.stackId,
       originalCallSiteList,
       STACK_TRACE_NAMESPACES.IAST
     )

packages/dd-trace/test/appsec/iast/analyzers/vulnerability-analyzer.spec.js

@@ -112,12 +112,12 @@ describe('vulnerability-analyzer', () => {
       context,
       {
         type: 'TEST_ANALYZER',
-        stackId: 1,
         evidence: {
           value: 'VULNERABLE_VALUE'
         },
         location: {
           spanId: '123456',
+          stackId: '1',
           ...VULNERABILITY_LOCATION_FROM_SOURCEMAP
         },
         hash: 5975567724

packages/dd-trace/test/appsec/iast/vulnerability-formatter/index.spec.js

@@ -97,13 +97,13 @@ describe('Vulnerability formatter', () => {
       const vulnerabilities = [{
         type: 'test-vulnerability',
         hash: 123456,
-        stackId: 1,
         evidence: {
           value: 'payload'
         },
         location: {
           path: 'path',
-          line: 42
+          line: 42,
+          stackId: '1'
         }
       }]
 
@@ -114,13 +114,13 @@ describe('Vulnerability formatter', () => {
         vulnerabilities: [{
           type: 'test-vulnerability',
           hash: 123456,
-          stackId: 1,
           evidence: {
             value: 'payload'
           },
           location: {
             path: 'path',
-            line: 42
+            line: 42,
+            stackId: '1'
           }
         }]
       })

packages/dd-trace/test/appsec/iast/vulnerability-reporter.spec.js

@@ -129,15 +129,15 @@ describe('vulnerability-reporter', () => {
       it('should create span on the fly', () => {
         const vulnerability =
           vulnerabilityAnalyzer._createVulnerability('INSECURE_HASHING', { value: 'sha1' }, undefined,
-            { path: 'filename.js', line: 73 }, 1)
+            { path: 'filename.js', line: 73 }, '1')
         addVulnerability(undefined, vulnerability, [])
         expect(fakeTracer.startSpan).to.have.been.calledOnceWithExactly('vulnerability', { type: 'vulnerability' })
         expect(onTheFlySpan.addTags.firstCall).to.have.been.calledWithExactly({
           '_dd.iast.enabled': 1
         })
         expect(onTheFlySpan.addTags.secondCall).to.have.been.calledWithExactly({
           '_dd.iast.json': '{"sources":[],"vulnerabilities":[{"type":"INSECURE_HASHING","hash":3410512655,' +
-            '"stackId":1,"evidence":{"value":"sha1"},"location":{"spanId":42,"path":"filename.js","line":73}}]}'
+          '"evidence":{"value":"sha1"},"location":{"spanId":42,"stackId":"1","path":"filename.js","line":73}}]}'
         })
         expect(prioritySampler.setPriority)
           .to.have.been.calledOnceWithExactly(onTheFlySpan, USER_KEEP, SAMPLING_MECHANISM_APPSEC)