chore(test): Fix cmd injection telemetry flaky tests

[uurien]

What does this PR do?

Instead of checking only the first 2 messages coming in the telemetry, this will wait until the first telemetry message that asserts everithing.
And also, the check will fail if the telemetry is not in appsec namespace.

Motivation

Additional Notes

APPSEC-60075

[github-actions]

Overall package size

Self size: 4.78 MB
Deduped: 5.62 MB
No deduping: 5.62 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.6 | 81.92 kB | 816.75 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.31%. Comparing base (7ce7944) to head (4b48679).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7599      +/-   ##
==========================================
- Coverage   80.31%   80.31%   -0.01%     
==========================================
  Files         733      733              
  Lines       31546    31546              
==========================================
- Hits        25337    25336       -1     
- Misses       6209     6210       +1     

Flag	Coverage Δ
aiguard-macos	38.93% <ø> (-0.11%)	⬇️
aiguard-ubuntu	39.05% <ø> (-0.11%)	⬇️
aiguard-windows	38.79% <ø> (-0.11%)	⬇️
apm-capabilities-tracing-macos	48.63% <ø> (+<0.01%)	⬆️
apm-capabilities-tracing-ubuntu	48.66% <ø> (ø)
apm-capabilities-tracing-windows	48.35% <ø> (-0.01%)	⬇️
apm-integrations-child-process	38.50% <ø> (-0.10%)	⬇️
apm-integrations-couchbase-18	37.42% <ø> (+0.04%)	⬆️
apm-integrations-couchbase-eol	37.90% <ø> (-0.10%)	⬇️
apm-integrations-oracledb	37.73% <ø> (-0.10%)	⬇️
appsec-express	55.52% <ø> (-0.08%)	⬇️
appsec-fastify	51.84% <ø> (-0.07%)	⬇️
appsec-graphql	52.03% <ø> (-0.07%)	⬇️
appsec-kafka	44.48% <ø> (-0.09%)	⬇️
appsec-ldapjs	44.09% <ø> (-0.09%)	⬇️
appsec-lodash	43.77% <ø> (-0.08%)	⬇️
appsec-macos	58.61% <ø> (-0.07%)	⬇️
appsec-mongodb-core	48.95% <ø> (-0.09%)	⬇️
appsec-mongoose	49.64% <ø> (-0.08%)	⬇️
appsec-mysql	51.01% <ø> (-0.07%)	⬇️
appsec-node-serialize	43.29% <ø> (-0.09%)	⬇️
appsec-passport	47.78% <ø> (-0.09%)	⬇️
appsec-postgres	50.75% <ø> (-0.10%)	⬇️
appsec-sourcing	42.64% <ø> (-0.09%)	⬇️
appsec-template	43.46% <ø> (-0.09%)	⬇️
appsec-ubuntu	58.68% <ø> (-0.07%)	⬇️
appsec-windows	58.47% <ø> (-0.07%)	⬇️
instrumentations-instrumentation-bluebird	32.20% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-body-parser	40.51% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-child_process	37.82% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-cookie-parser	34.24% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-express	34.58% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-express-mongo-sanitize	34.37% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-express-session	40.13% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-fs	31.80% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-generic-pool	29.76% <ø> (ø)
instrumentations-instrumentation-http	39.85% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-knex	32.20% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-mongoose	33.37% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-multer	40.25% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-mysql2	38.29% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-passport	44.09% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-passport-http	43.76% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-passport-local	44.30% <ø> (-0.09%)	⬇️
instrumentations-instrumentation-pg	37.71% <ø> (-0.10%)	⬇️
instrumentations-instrumentation-promise	32.13% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-promise-js	32.13% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-q	32.18% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-url	32.10% <ø> (-0.11%)	⬇️
instrumentations-instrumentation-when	32.15% <ø> (-0.11%)	⬇️
llmobs-ai	41.33% <ø> (-0.10%)	⬇️
llmobs-anthropic	40.32% <ø> (-0.10%)	⬇️
llmobs-bedrock	39.25% <ø> (-0.09%)	⬇️
llmobs-google-genai	39.84% <ø> (-0.09%)	⬇️
llmobs-langchain	39.43% <ø> (-0.08%)	⬇️
llmobs-openai	44.14% <ø> (-0.09%)	⬇️
llmobs-vertex-ai	40.11% <ø> (-0.09%)	⬇️
platform-core	29.71% <ø> (ø)
platform-esbuild	32.89% <ø> (ø)
platform-instrumentations-misc	40.53% <ø> (ø)
platform-shimmer	36.14% <ø> (ø)
platform-unit-guardrails	31.27% <ø> (ø)
plugins-azure-event-hubs	24.02% <ø> (ø)
plugins-azure-service-bus	23.42% <ø> (ø)
plugins-bullmq	43.66% <ø> (-0.10%)	⬇️
plugins-cassandra	37.77% <ø> (-0.10%)	⬇️
plugins-cookie	25.08% <ø> (ø)
plugins-cookie-parser	24.87% <ø> (ø)
plugins-crypto	24.72% <ø> (ø)
plugins-dd-trace-api	38.36% <ø> (-0.11%)	⬇️
plugins-express-mongo-sanitize	25.04% <ø> (ø)
plugins-express-session	24.83% <ø> (ø)
plugins-fastify	42.27% <ø> (-0.10%)	⬇️
plugins-fetch	38.32% <ø> (-0.10%)	⬇️
plugins-fs	38.61% <ø> (-0.11%)	⬇️
plugins-generic-pool	24.06% <ø> (ø)
plugins-google-cloud-pubsub	45.46% <ø> (-0.09%)	⬇️
plugins-grpc	40.97% <ø> (-0.10%)	⬇️
plugins-handlebars	25.08% <ø> (ø)
plugins-hapi	40.14% <ø> (-0.10%)	⬇️
plugins-hono	40.41% <ø> (-0.10%)	⬇️
plugins-ioredis	38.41% <ø> (-0.10%)	⬇️
plugins-knex	24.80% <ø> (ø)
plugins-ldapjs	22.61% <ø> (ø)
plugins-light-my-request	24.48% <ø> (ø)
plugins-limitd-client	32.50% <ø> (+0.05%)	⬆️
plugins-lodash	24.13% <ø> (ø)
plugins-mariadb	39.49% <ø> (-0.15%)	⬇️
plugins-memcached	38.15% <ø> (-0.11%)	⬇️
plugins-microgateway-core	39.17% <ø> (-0.10%)	⬇️
plugins-moleculer	40.53% <ø> (-0.10%)	⬇️
plugins-mongodb	39.27% <ø> (-0.02%)	⬇️
plugins-mongodb-core	39.03% <ø> (-0.10%)	⬇️
plugins-mongoose	38.85% <ø> (-0.10%)	⬇️
plugins-multer	24.83% <ø> (ø)
plugins-mysql	39.17% <ø> (-0.10%)	⬇️
plugins-mysql2	39.27% <ø> (-0.10%)	⬇️
plugins-node-serialize	25.12% <ø> (ø)
plugins-opensearch	37.60% <ø> (-0.10%)	⬇️
plugins-passport-http	24.91% <ø> (ø)
plugins-postgres	35.69% <ø> (-0.09%)	⬇️
plugins-process	24.72% <ø> (ø)
plugins-pug	25.08% <ø> (ø)
plugins-redis	38.89% <ø> (-0.10%)	⬇️
plugins-router	43.03% <ø> (-0.10%)	⬇️
plugins-sequelize	23.66% <ø> (ø)
plugins-test-and-upstream-amqp10	38.33% <ø> (-0.25%)	⬇️
plugins-test-and-upstream-amqplib	43.85% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-apollo	39.03% <ø> (-0.09%)	⬇️
plugins-test-and-upstream-avsc	38.70% <ø> (-0.11%)	⬇️
plugins-test-and-upstream-bunyan	33.79% <ø> (-0.11%)	⬇️
plugins-test-and-upstream-connect	40.81% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-graphql	40.15% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-koa	40.39% <ø> (-0.10%)	⬇️
plugins-test-and-upstream-protobufjs	38.93% <ø> (-0.11%)	⬇️
plugins-test-and-upstream-rhea	44.13% <ø> (-0.07%)	⬇️
plugins-undici	39.11% <ø> (-0.09%)	⬇️
plugins-url	24.72% <ø> (ø)
plugins-valkey	38.07% <ø> (-0.10%)	⬇️
plugins-vm	24.72% <ø> (ø)
plugins-winston	33.99% <ø> (-0.10%)	⬇️
plugins-ws	41.91% <ø> (-0.10%)	⬇️
profiling-macos	39.84% <ø> (-0.10%)	⬇️
profiling-ubuntu	39.97% <ø> (-0.10%)	⬇️
profiling-windows	41.20% <ø> (-0.10%)	⬇️
serverless-azure-functions-client	23.75% <ø> (ø)
serverless-azure-functions-eventhubs	23.75% <ø> (ø)
serverless-azure-functions-servicebus	23.75% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-02-23 09:25:16

Comparing candidate commit 4b48679 in PR branch ugaitz/flaky-rasp-cmdi with baseline commit 7ce7944 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 231 metrics, 29 unstable metrics.

[uurien]

Tests have a default timeout of 5000, and this method default timeout of 30_000. I'm changing this to have a readable message if test timeout happens. (same in line 85)

[uurien]

the number 1 doesn't matter, because the true is a flag that ignores the first property. This test is going to success when a telemetry that success the asserts happen.