Skip to content

Commit

Permalink
Check store has value before use it (#3257)
Browse files Browse the repository at this point in the history
  • Loading branch information
uurien authored Jun 20, 2023
1 parent bce0ee1 commit 30ca014
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {

this.addSub('datadog:sequelize:query:finish', () => {
const store = storage.getStore()
if (store.sequelizeParentStore) {
if (store && store.sequelizeParentStore) {
storage.enterWith(store.sequelizeParentStore)
}
})
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

const proxyquire = require('proxyquire')

const iastLog = require('../../../../src/appsec/iast/iast-log')
const dc = require('../../../../../diagnostics_channel')

describe('sql-injection-analyzer', () => {
const NOT_TAINTED_QUERY = 'no vulnerable query'
const TAINTED_QUERY = 'vulnerable query'
Expand All @@ -19,6 +22,10 @@ describe('sql-injection-analyzer', () => {
'./injection-analyzer': InjectionAnalyzer
})

afterEach(() => {
sinon.restore()
})

it('should subscribe to mysql, mysql2 and pg start query channel', () => {
expect(sqlInjectionAnalyzer._subscriptions).to.have.lengthOf(5)
expect(sqlInjectionAnalyzer._subscriptions[0]._channel.name).to.equals('apm:mysql:query:start')
Expand Down Expand Up @@ -83,4 +90,12 @@ describe('sql-injection-analyzer', () => {
evidence: { dialect: dialect }
})
})

it('should not report an error when context is not initialized', () => {
sinon.stub(iastLog, 'errorAndPublish')
sqlInjectionAnalyzer.configure(true)
dc.channel('datadog:sequelize:query:finish').publish()
sqlInjectionAnalyzer.configure(false)
expect(iastLog.errorAndPublish).not.to.be.called
})
})

0 comments on commit 30ca014

Please sign in to comment.