Fix header injection vulnerability detection for access-control-allow…

…-origin (#4844)
DataDog · Oct 31, 2024 · 86d7c3a · 86d7c3a
1 parent 2ae6f73
commit 86d7c3a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/dd-trace/test/appsec/iast/analyzers/header-injection.express.plugin.spec.js b/packages/dd-trace/test/appsec/iast/analyzers/header-injection.express.plugin.spec.js
@@ -226,7 +226,7 @@ describe('Header injection vulnerability', () => {
           testDescription: 'should have HEADER_INJECTION vulnerability when ' +
             'the header is "access-control-allow-origin" and the origin is not a header',
           fn: (req, res) => {
-            setHeaderFunction('set-cookie', req.body.test, res)
+            setHeaderFunction('access-control-allow-origin', req.body.test, res)
           },
           vulnerability: 'HEADER_INJECTION',
           makeRequest: (done, config) => {