Fix location in mysql vulnerability

[uurien]

What does this PR do?

Fix SQL injection vulnerability location when it needs to read the sourcemaps of the file

Motivation

We are not reporting the original source code file and line reporting SQLi vulnerabilities.

Plugin Checklist

• Unit tests.

Additional Notes

system-tests PR: DataDog/system-tests#2062

Security

Datadog employees:

• If this PR touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
• This PR doesn't touch any of that.

Unsure? Have a question? Request a review!

[github-actions]

Overall package size

Self size: 5.9 MB
Deduped: 61.55 MB
No deduping: 62.31 MB

Dependency sizes

name	version	self size	total size
@datadog/native-iast-taint-tracking	1.6.4	16.43 MB	16.44 MB
@datadog/native-appsec	7.0.0	14.51 MB	14.52 MB
@datadog/pprof	5.0.0	9.59 MB	10.44 MB
protobufjs	7.2.5	2.77 MB	6.56 MB
@datadog/native-iast-rewriter	2.2.2	2.29 MB	2.37 MB
@opentelemetry/core	1.14.0	872.87 kB	1.47 MB
@datadog/native-metrics	2.0.0	898.77 kB	1.3 MB
@opentelemetry/api	1.4.1	780.32 kB	780.32 kB
import-in-the-middle	1.7.3	67.62 kB	731.01 kB
pprof-format	2.0.7	588.12 kB	588.12 kB
msgpack-lite	0.1.26	201.16 kB	281.59 kB
opentracing	0.14.7	194.81 kB	194.81 kB
semver	7.5.4	93.4 kB	123.8 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
ipaddr.js	2.1.0	60.23 kB	60.23 kB
ignore	5.2.4	51.22 kB	51.22 kB
int64-buffer	0.1.10	49.18 kB	49.18 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
tlhunter-sorted-set	0.1.0	24.94 kB	24.94 kB
limiter	1.1.5	23.17 kB	23.17 kB
dc-polyfill	0.1.2	22.77 kB	22.77 kB
retry	0.13.1	18.85 kB	18.85 kB
node-abort-controller	3.1.1	16.89 kB	16.89 kB
jest-docblock	29.7.0	8.99 kB	12.76 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5836be7) 84.92% compared to head (5c849d1) 84.91%.
Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4006      +/-   ##
==========================================
- Coverage   84.92%   84.91%   -0.02%     
==========================================
  Files         239      239              
  Lines       10257    10260       +3     
  Branches       33       33              
==========================================
+ Hits         8711     8712       +1     
- Misses       1546     1548       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-01-29 11:25:25

Comparing candidate commit 5c849d1 in PR branch ugaitz/fix-mysql-vulnerability-location-ts with baseline commit 5836be7 in branch master.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 262 metrics, 3 unstable metrics.

scenario:plugin-graphql-with-depth-off-18

• 🟩 max_rss_usage [-126.457MB; -122.395MB] or [-13.139%; -12.717%]

[iunanua]

sql-injection-analyzer is overriding analyze, _reportIfVulnerable, _report, etc methods in order to pass the dialect.
I've checked that no other analyzer overrides them but could we add pass a metadata o extra argument to these methods in vulnerability-analyzer to share the 'extra' info to avoid overriding?

[uurien]

I made more changes to overwrite less methods as you suggested