From af1a36fe0062cdaafee768a847d61e2b3024f773 Mon Sep 17 00:00:00 2001
From: Alejandro Estringana Ruiz <alejandro.estringanaruiz@datadoghq.com>
Date: Mon, 29 Jul 2024 17:47:48 +0200
Subject: [PATCH] Misc changes coming from PR

---
 appsec/src/extension/backtrace.c              |  71 ++-
 appsec/src/extension/backtrace.h              |   8 +-
 appsec/src/extension/commands_helpers.c       |   4 +-
 appsec/src/extension/ddappsec.c               |   1 -
 appsec/src/extension/ddtrace.c                |  23 +-
 appsec/src/extension/ddtrace.h                |   2 -
 appsec/src/extension/php_helpers.c            |  12 +
 appsec/src/extension/php_helpers.h            |   1 +
 .../extension/generate_backtrace_02.phpt      |  24 +-
 .../extension/generate_backtrace_03.phpt      |  39 +-
 .../extension/generate_backtrace_04.phpt      | 458 +++++++++++++++++-
 .../extension/generate_backtrace_05.phpt      | 456 +----------------
 .../tests/extension/report_backtrace_01.phpt  |   4 +-
 .../tests/extension/report_backtrace_02.phpt  |   4 +-
 .../tests/extension/report_backtrace_03.phpt  |   4 +-
 .../tests/extension/report_backtrace_04.phpt  | 134 ++++-
 .../tests/extension/report_backtrace_05.phpt  |  53 ++
 .../tests/extension/report_backtrace_06.phpt  |  36 ++
 18 files changed, 749 insertions(+), 585 deletions(-)
 create mode 100644 appsec/tests/extension/report_backtrace_05.phpt
 create mode 100644 appsec/tests/extension/report_backtrace_06.phpt

diff --git a/appsec/src/extension/backtrace.c b/appsec/src/extension/backtrace.c
index fb9e46d2941..2e1bca32c02 100644
--- a/appsec/src/extension/backtrace.c
+++ b/appsec/src/extension/backtrace.c
@@ -25,7 +25,8 @@ static zend_string *_frame_file;
 static zend_string *_id_key;
 
 bool php_backtrace_frame_to_datadog_backtrace_frame( // NOLINTNEXTLINE(bugprone-easily-swappable-parameters)
-    zval *php_backtrace_frame, zval *datadog_backtrace_frame, zend_ulong index)
+    zval *nonnull php_backtrace_frame, zval *nonnull datadog_backtrace_frame,
+    zend_ulong index)
 {
     if (Z_TYPE_P(php_backtrace_frame) != IS_ARRAY) {
         return false;
@@ -61,7 +62,7 @@ bool php_backtrace_frame_to_datadog_backtrace_frame( // NOLINTNEXTLINE(bugprone-
 
 void php_backtrace_to_datadog_backtrace(
     // NOLINTNEXTLINE(bugprone-easily-swappable-parameters)
-    zval *php_backtrace, zval *datadog_backtrace)
+    zval *nonnull php_backtrace, zval *nonnull datadog_backtrace)
 {
     if (Z_TYPE_P(php_backtrace) != IS_ARRAY) {
         return;
@@ -72,7 +73,8 @@ void php_backtrace_to_datadog_backtrace(
 
     unsigned int top = frames_on_stack;
     unsigned int bottom = 0;
-    if (get_global_DD_APPSEC_MAX_STACK_TRACE_DEPTH() < frames_on_stack) {
+    if (get_global_DD_APPSEC_MAX_STACK_TRACE_DEPTH() != 0 &&
+        get_global_DD_APPSEC_MAX_STACK_TRACE_DEPTH() < frames_on_stack) {
         top = (unsigned int)round(
             (double)get_global_DD_APPSEC_MAX_STACK_TRACE_DEPTH() *
             STACK_DEFAULT_TOP_PERCENTAGE);
@@ -121,11 +123,11 @@ void php_backtrace_to_datadog_backtrace(
     }
 }
 
-void generate_backtrace(zend_string *id, zval *dd_backtrace)
+void dd_generate_backtrace(zend_string *nullable id, zval *nonnull dd_backtrace)
 {
     array_init(dd_backtrace);
 
-    if (!get_global_DD_APPSEC_STACK_TRACE_ENABLED() || !id) {
+    if (!id) {
         return;
     }
 
@@ -153,23 +155,20 @@ static PHP_FUNCTION(datadog_appsec_testing_generate_backtrace)
         RETURN_FALSE;
     }
 
-    generate_backtrace(id, return_value);
+    dd_generate_backtrace(id, return_value);
 }
 
-zval *dd_hash_find_or_new(HashTable *ht, zend_string *key)
+bool dd_report_exploit_backtrace(zend_string *nullable id)
 {
-    zval *result = zend_hash_find(ht, key);
-
-    if (!result) {
-        zval new_zv;
-        result = zend_hash_add(ht, key, &new_zv);
+    if (!get_global_DD_APPSEC_STACK_TRACE_ENABLED()) {
+        return false;
     }
 
-    return result;
-}
+    if (!id) {
+        mlog(dd_log_warning,
+            "Backtrace can not be generated because id is missing");
+    }
 
-bool report_backtrace(zend_string *id)
-{
     zend_object *span = dd_trace_get_active_root_span();
     if (!span) {
         if (!get_global_DD_APPSEC_TESTING()) {
@@ -200,32 +199,34 @@ bool report_backtrace(zend_string *id)
         array_init(exploit);
     }
 
-    if (zend_array_count(Z_ARR_P(exploit)) ==
-        get_global_DD_APPSEC_MAX_STACK_TRACES()) {
+    unsigned int limit = get_global_DD_APPSEC_MAX_STACK_TRACES();
+    if (limit != 0 && zend_array_count(Z_ARR_P(exploit)) == limit) {
+        mlog(dd_log_debug,
+            "Stacktrace not generated due to limit "
+            "D_APPSEC_MAX_STACK_TRACES(%d) has been reached",
+            limit);
         return false;
     }
 
     zval backtrace;
-    generate_backtrace(id, &backtrace);
+    dd_generate_backtrace(id, &backtrace);
 
     if (zend_hash_next_index_insert_new(Z_ARRVAL_P(exploit), &backtrace) ==
         NULL) {
         return false;
     }
 
-    zend_hash_add(Z_ARRVAL_P(meta_struct), _dd_stack_key, dd_stack);
-
     return true;
 }
 
-static PHP_FUNCTION(datadog_appsec_testing_report_backtrace)
+static PHP_FUNCTION(datadog_appsec_testing_report_exploit_backtrace)
 {
     zend_string *id = NULL;
     if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &id) != SUCCESS) {
         RETURN_FALSE;
     }
 
-    if (report_backtrace(id)) {
+    if (dd_report_exploit_backtrace(id)) {
         RETURN_TRUE;
     }
 
@@ -245,7 +246,7 @@ ZEND_END_ARG_INFO()
 // clang-format off
 static const zend_function_entry testing_functions[] = {
     ZEND_RAW_FENTRY(DD_TESTING_NS "generate_backtrace", PHP_FN(datadog_appsec_testing_generate_backtrace), void_ret_array_arginfo,0)
-    ZEND_RAW_FENTRY(DD_TESTING_NS "report_backtrace", PHP_FN(datadog_appsec_testing_report_backtrace), void_ret_bool_arginfo, 0)
+    ZEND_RAW_FENTRY(DD_TESTING_NS "report_exploit_backtrace", PHP_FN(datadog_appsec_testing_report_exploit_backtrace), void_ret_bool_arginfo, 0)
     PHP_FE_END
 };
 // clang-format on
@@ -261,19 +262,15 @@ static void _register_testing_objects()
 
 void dd_backtrace_startup()
 {
-    _frames_key = zend_string_init_interned("frames", sizeof("frames") - 1, 1);
-    _language_key =
-        zend_string_init_interned("language", sizeof("language") - 1, 1);
-    _php_value = zend_string_init_interned("php", sizeof("php") - 1, 1);
-    _exploit_key =
-        zend_string_init_interned("exploit", sizeof("exploit") - 1, 1);
-    _dd_stack_key =
-        zend_string_init_interned("_dd.stack", sizeof("_dd.stack") - 1, 1);
-    _frame_line = zend_string_init_interned("line", sizeof("line") - 1, 1);
-    _frame_function =
-        zend_string_init_interned("function", sizeof("function") - 1, 1);
-    _frame_file = zend_string_init_interned("file", sizeof("file") - 1, 1);
-    _id_key = zend_string_init_interned("id", sizeof("id") - 1, 1);
+    _frames_key = zend_string_init_interned(LSTRARG("frames"), 1);
+    _language_key = zend_string_init_interned(LSTRARG("language"), 1);
+    _php_value = zend_string_init_interned(LSTRARG("php"), 1);
+    _exploit_key = zend_string_init_interned(LSTRARG("exploit"), 1);
+    _dd_stack_key = zend_string_init_interned(LSTRARG("_dd.stack"), 1);
+    _frame_line = zend_string_init_interned(LSTRARG("line"), 1);
+    _frame_function = zend_string_init_interned(LSTRARG("function"), 1);
+    _frame_file = zend_string_init_interned(LSTRARG("file"), 1);
+    _id_key = zend_string_init_interned(LSTRARG("id"), 1);
 #ifdef TESTING
     _register_testing_objects();
 #endif
diff --git a/appsec/src/extension/backtrace.h b/appsec/src/extension/backtrace.h
index 6094113420c..c16ab1eef5b 100644
--- a/appsec/src/extension/backtrace.h
+++ b/appsec/src/extension/backtrace.h
@@ -9,11 +9,13 @@
 #include <SAPI.h>
 #include <Zend/zend_builtin_functions.h>
 #include <php.h>
-
 #include <stdbool.h>
 
+#include "attributes.h"
+
 void dd_backtrace_startup();
-void generate_backtrace(zend_string *id, zval *dd_backtrace);
-bool report_backtrace(zend_string *id);
+void dd_generate_backtrace(
+    zend_string *nullable id, zval *nonnull dd_backtrace);
+bool dd_report_exploit_backtrace(zend_string *nullable id);
 
 #endif // BACKTRACE_H
diff --git a/appsec/src/extension/commands_helpers.c b/appsec/src/extension/commands_helpers.c
index 35a940367e4..e3895b3f915 100644
--- a/appsec/src/extension/commands_helpers.c
+++ b/appsec/src/extension/commands_helpers.c
@@ -431,9 +431,9 @@ static void _command_process_stack_trace_parameters(mpack_node_t root)
             zend_string *id = NULL;
             size_t id_len = mpack_node_strlen(value);
             id = zend_string_init(mpack_node_str(value), id_len, 0);
-            report_backtrace(id);
+            dd_report_exploit_backtrace(id);
             zend_string_release(id);
-            --expected_nodes;
+            break;
         }
     }
 }
diff --git a/appsec/src/extension/ddappsec.c b/appsec/src/extension/ddappsec.c
index 126352bd572..767b7afa119 100644
--- a/appsec/src/extension/ddappsec.c
+++ b/appsec/src/extension/ddappsec.c
@@ -6,7 +6,6 @@
 #include <SAPI.h>
 #include <Zend/zend_extensions.h>
 #include <ext/standard/info.h>
-#include <ext/standard/php_var.h>
 #include <php.h>
 
 // for open(2)
diff --git a/appsec/src/extension/ddtrace.c b/appsec/src/extension/ddtrace.c
index 50a57ef1a01..59539beba45 100644
--- a/appsec/src/extension/ddtrace.c
+++ b/appsec/src/extension/ddtrace.c
@@ -62,7 +62,7 @@ static void dd_trace_load_symbols(void)
     if (_ddtrace_close_all_spans_and_flush == NULL && !testing) {
         mlog(dd_log_error,
             // NOLINTNEXTLINE(concurrency-mt-unsafe)
-            "Failed to load ddtrace _close_all_spans_and_flush: %s", dlerror());
+            "Failed to load ddtrace_close_all_spans_and_flush: %s", dlerror());
     }
 
     _ddtrace_get_root_span = dlsym(handle, "ddtrace_get_root_span");
@@ -293,27 +293,6 @@ zval *nullable dd_trace_span_get_meta_struct(zend_object *nonnull zobj)
     return _get_span_modifiable_array_property(zobj, _meta_struct_propname);
 }
 
-void add_entry_to_meta_struct(zend_string *nonnull key, zval *nonnull value)
-{
-    zend_object *span = dd_trace_get_active_root_span();
-    if (!span) {
-        return;
-    }
-    zval *meta_struct = dd_trace_span_get_meta_struct(span);
-    if (!meta_struct) {
-        if (!get_global_DD_APPSEC_TESTING()) {
-            mlog(dd_log_warning, "Failed to retrieve root span meta_struct");
-        }
-        zval_ptr_dtor(value);
-        return;
-    }
-
-    if (zend_hash_add(Z_ARRVAL_P(meta_struct), key, value) == NULL) {
-        zval_ptr_dtor(value);
-        return;
-    }
-}
-
 // NOLINTBEGIN(cppcoreguidelines-avoid-magic-numbers,readability-magic-numbers)
 zend_string *nullable dd_trace_get_formatted_runtime_id(bool persistent)
 {
diff --git a/appsec/src/extension/ddtrace.h b/appsec/src/extension/ddtrace.h
index e46115bdb9b..9e634b6fec2 100644
--- a/appsec/src/extension/ddtrace.h
+++ b/appsec/src/extension/ddtrace.h
@@ -45,8 +45,6 @@ bool dd_trace_span_add_tag_str(zend_object *nonnull zobj,
     const char *nonnull tag, size_t tag_len, const char *nonnull value,
     size_t value_len);
 
-void add_entry_to_meta_struct(zend_string *nonnull key, zval *nonnull value);
-
 // Flush the tracer spans, can be used on RINIT
 void dd_trace_close_all_spans_and_flush(void);
 
diff --git a/appsec/src/extension/php_helpers.c b/appsec/src/extension/php_helpers.c
index 18a62a91d2c..5bc63d12425 100644
--- a/appsec/src/extension/php_helpers.c
+++ b/appsec/src/extension/php_helpers.c
@@ -115,3 +115,15 @@ zend_string *nullable dd_php_get_string_elem(
 
     return Z_STR_P(zresult);
 }
+
+zval *dd_hash_find_or_new(HashTable *ht, zend_string *key)
+{
+    zval *result = zend_hash_find(ht, key);
+
+    if (!result) {
+        zval new_zv;
+        result = zend_hash_add(ht, key, &new_zv);
+    }
+
+    return result;
+}
diff --git a/appsec/src/extension/php_helpers.h b/appsec/src/extension/php_helpers.h
index 552b1e4688b..5013d9e5ca2 100644
--- a/appsec/src/extension/php_helpers.h
+++ b/appsec/src/extension/php_helpers.h
@@ -48,3 +48,4 @@ zend_string *nullable dd_php_get_string_elem(
     const zend_array *nullable arr, zend_string *nonnull zstr);
 zend_string *nullable dd_php_get_string_elem_cstr(
     const zend_array *nullable arr, const char *nonnull name, size_t len);
+zval *dd_hash_find_or_new(HashTable *ht, zend_string *key);
diff --git a/appsec/tests/extension/generate_backtrace_02.phpt b/appsec/tests/extension/generate_backtrace_02.phpt
index ddabc00618d..4ef30633f8b 100644
--- a/appsec/tests/extension/generate_backtrace_02.phpt
+++ b/appsec/tests/extension/generate_backtrace_02.phpt
@@ -1,9 +1,9 @@
 --TEST--
-Generate backtrace is not generated when disabled
+Number of frames can be configured with DD_APPSEC_MAX_STACK_TRACE_DEPTH
 --INI--
 extension=ddtrace.so
 --ENV--
-DD_APPSEC_STACK_TRACE_ENABLED=false
+DD_APPSEC_MAX_STACK_TRACE_DEPTH=1
 --FILE--
 <?php
 
@@ -23,5 +23,23 @@ one("foo");
 
 ?>
 --EXPECTF--
-array(0) {
+array(3) {
+  ["language"]=>
+  string(3) "php"
+  ["id"]=>
+  string(7) "some id"
+  ["frames"]=>
+  array(1) {
+    [0]=>
+    array(4) {
+      ["line"]=>
+      int(15)
+      ["function"]=>
+      string(3) "one"
+      ["file"]=>
+      string(25) "generate_backtrace_02.php"
+      ["id"]=>
+      int(1)
+    }
+  }
 }
diff --git a/appsec/tests/extension/generate_backtrace_03.phpt b/appsec/tests/extension/generate_backtrace_03.phpt
index e8b6d514197..bff22448611 100644
--- a/appsec/tests/extension/generate_backtrace_03.phpt
+++ b/appsec/tests/extension/generate_backtrace_03.phpt
@@ -1,45 +1,24 @@
 --TEST--
-Number of frames can be configured with DD_APPSEC_MAX_STACK_TRACE_DEPTH
+By default DD_APPSEC_MAX_STACK_TRACE_DEPTH is 32
 --INI--
 extension=ddtrace.so
---ENV--
-DD_APPSEC_MAX_STACK_TRACE_DEPTH=1
 --FILE--
 <?php
 
 use function datadog\appsec\testing\generate_backtrace;
 
-function two($param01, $param02)
+function recursive_function($limit)
 {
-    var_dump(generate_backtrace("some id"));
-}
+    if (--$limit == 0) {
+        var_dump(count(generate_backtrace("some id")["frames"]));
+        return;
+    }
 
-function one($param01)
-{
-    two($param01, "other");
+    recursive_function($limit);
 }
 
-one("foo");
+recursive_function(40);
 
 ?>
 --EXPECTF--
-array(3) {
-  ["language"]=>
-  string(3) "php"
-  ["id"]=>
-  string(7) "some id"
-  ["frames"]=>
-  array(1) {
-    [0]=>
-    array(4) {
-      ["line"]=>
-      int(15)
-      ["function"]=>
-      string(3) "one"
-      ["file"]=>
-      string(25) "generate_backtrace_03.php"
-      ["id"]=>
-      int(1)
-    }
-  }
-}
+int(32)
diff --git a/appsec/tests/extension/generate_backtrace_04.phpt b/appsec/tests/extension/generate_backtrace_04.phpt
index bff22448611..fbecbc7f766 100644
--- a/appsec/tests/extension/generate_backtrace_04.phpt
+++ b/appsec/tests/extension/generate_backtrace_04.phpt
@@ -1,7 +1,9 @@
 --TEST--
-By default DD_APPSEC_MAX_STACK_TRACE_DEPTH is 32
+When DD_APPSEC_MAX_STACK_TRACE_DEPTH is lower than the number of frames. 0.25% are picked from top and 75% from  bottom
 --INI--
 extension=ddtrace.so
+--ENV--
+DD_APPSEC_MAX_STACK_TRACE_DEPTH=40
 --FILE--
 <?php
 
@@ -10,15 +12,463 @@ use function datadog\appsec\testing\generate_backtrace;
 function recursive_function($limit)
 {
     if (--$limit == 0) {
-        var_dump(count(generate_backtrace("some id")["frames"]));
+        var_dump(generate_backtrace("some id"));
         return;
     }
 
     recursive_function($limit);
 }
 
-recursive_function(40);
+recursive_function(50);
 
 ?>
 --EXPECTF--
-int(32)
+array(3) {
+  ["language"]=>
+  string(3) "php"
+  ["id"]=>
+  string(7) "some id"
+  ["frames"]=>
+  array(40) {
+    [0]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(0)
+    }
+    [1]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(1)
+    }
+    [2]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(2)
+    }
+    [3]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(3)
+    }
+    [4]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(4)
+    }
+    [5]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(5)
+    }
+    [6]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(6)
+    }
+    [7]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(7)
+    }
+    [8]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(8)
+    }
+    [9]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(9)
+    }
+    [10]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(20)
+    }
+    [11]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(21)
+    }
+    [12]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(22)
+    }
+    [13]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(23)
+    }
+    [14]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(24)
+    }
+    [15]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(25)
+    }
+    [16]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(26)
+    }
+    [17]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(27)
+    }
+    [18]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(28)
+    }
+    [19]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(29)
+    }
+    [20]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(30)
+    }
+    [21]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(31)
+    }
+    [22]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(32)
+    }
+    [23]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(33)
+    }
+    [24]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(34)
+    }
+    [25]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(35)
+    }
+    [26]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(36)
+    }
+    [27]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(37)
+    }
+    [28]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(38)
+    }
+    [29]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(39)
+    }
+    [30]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(40)
+    }
+    [31]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(41)
+    }
+    [32]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(42)
+    }
+    [33]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(43)
+    }
+    [34]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(44)
+    }
+    [35]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(45)
+    }
+    [36]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(46)
+    }
+    [37]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(47)
+    }
+    [38]=>
+    array(4) {
+      ["line"]=>
+      int(12)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(48)
+    }
+    [39]=>
+    array(4) {
+      ["line"]=>
+      int(15)
+      ["function"]=>
+      string(18) "recursive_function"
+      ["file"]=>
+      string(25) "generate_backtrace_04.php"
+      ["id"]=>
+      int(49)
+    }
+  }
+}
diff --git a/appsec/tests/extension/generate_backtrace_05.phpt b/appsec/tests/extension/generate_backtrace_05.phpt
index 399482cfa8e..2067bf5f971 100644
--- a/appsec/tests/extension/generate_backtrace_05.phpt
+++ b/appsec/tests/extension/generate_backtrace_05.phpt
@@ -1,9 +1,9 @@
 --TEST--
-When DD_APPSEC_MAX_STACK_TRACE_DEPTH is lower than the number of frames. 0.25% are picked from top and 75% from  bottom
+DD_APPSEC_MAX_STACK_TRACE_DEPTH can be set to unlimited with 0
 --INI--
 extension=ddtrace.so
 --ENV--
-DD_APPSEC_MAX_STACK_TRACE_DEPTH=40
+DD_APPSEC_MAX_STACK_TRACE_DEPTH=0
 --FILE--
 <?php
 
@@ -12,7 +12,7 @@ use function datadog\appsec\testing\generate_backtrace;
 function recursive_function($limit)
 {
     if (--$limit == 0) {
-        var_dump(generate_backtrace("some id"));
+        var_dump(count(generate_backtrace("some id")["frames"]));
         return;
     }
 
@@ -23,452 +23,4 @@ recursive_function(50);
 
 ?>
 --EXPECTF--
-array(3) {
-  ["language"]=>
-  string(3) "php"
-  ["id"]=>
-  string(7) "some id"
-  ["frames"]=>
-  array(40) {
-    [0]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(0)
-    }
-    [1]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(1)
-    }
-    [2]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(2)
-    }
-    [3]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(3)
-    }
-    [4]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(4)
-    }
-    [5]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(5)
-    }
-    [6]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(6)
-    }
-    [7]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(7)
-    }
-    [8]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(8)
-    }
-    [9]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(9)
-    }
-    [10]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(20)
-    }
-    [11]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(21)
-    }
-    [12]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(22)
-    }
-    [13]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(23)
-    }
-    [14]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(24)
-    }
-    [15]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(25)
-    }
-    [16]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(26)
-    }
-    [17]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(27)
-    }
-    [18]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(28)
-    }
-    [19]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(29)
-    }
-    [20]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(30)
-    }
-    [21]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(31)
-    }
-    [22]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(32)
-    }
-    [23]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(33)
-    }
-    [24]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(34)
-    }
-    [25]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(35)
-    }
-    [26]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(36)
-    }
-    [27]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(37)
-    }
-    [28]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(38)
-    }
-    [29]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(39)
-    }
-    [30]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(40)
-    }
-    [31]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(41)
-    }
-    [32]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(42)
-    }
-    [33]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(43)
-    }
-    [34]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(44)
-    }
-    [35]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(45)
-    }
-    [36]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(46)
-    }
-    [37]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(47)
-    }
-    [38]=>
-    array(4) {
-      ["line"]=>
-      int(12)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(48)
-    }
-    [39]=>
-    array(4) {
-      ["line"]=>
-      int(15)
-      ["function"]=>
-      string(18) "recursive_function"
-      ["file"]=>
-      string(25) "generate_backtrace_05.php"
-      ["id"]=>
-      int(49)
-    }
-  }
-}
+int(50)
\ No newline at end of file
diff --git a/appsec/tests/extension/report_backtrace_01.phpt b/appsec/tests/extension/report_backtrace_01.phpt
index cba531106e7..f280f0dc563 100644
--- a/appsec/tests/extension/report_backtrace_01.phpt
+++ b/appsec/tests/extension/report_backtrace_01.phpt
@@ -11,11 +11,11 @@ include __DIR__ . '/inc/ddtrace_version.php';
 ddtrace_version_at_least('0.79.0');
 
 
-use function datadog\appsec\testing\report_backtrace;
+use function datadog\appsec\testing\report_exploit_backtrace;
 
 function two($param01, $param02)
 {
-    var_dump(report_backtrace("some id"));
+    var_dump(report_exploit_backtrace("some id"));
 }
 
 function one($param01)
diff --git a/appsec/tests/extension/report_backtrace_02.phpt b/appsec/tests/extension/report_backtrace_02.phpt
index 2da470a38fb..f3cd399a240 100644
--- a/appsec/tests/extension/report_backtrace_02.phpt
+++ b/appsec/tests/extension/report_backtrace_02.phpt
@@ -10,11 +10,11 @@ include __DIR__ . '/inc/ddtrace_version.php';
 
 ddtrace_version_at_least('0.79.0');
 
-use function datadog\appsec\testing\{report_backtrace, root_span_get_meta_struct};
+use function datadog\appsec\testing\{report_exploit_backtrace, root_span_get_meta_struct};
 
 function two($param01, $param02)
 {
-    report_backtrace($param01);
+    report_exploit_backtrace($param01);
 }
 
 function one($param01)
diff --git a/appsec/tests/extension/report_backtrace_03.phpt b/appsec/tests/extension/report_backtrace_03.phpt
index b7bc44954ff..82919e7f52c 100644
--- a/appsec/tests/extension/report_backtrace_03.phpt
+++ b/appsec/tests/extension/report_backtrace_03.phpt
@@ -11,11 +11,11 @@ include __DIR__ . '/inc/ddtrace_version.php';
 
 ddtrace_version_at_least('0.79.0');
 
-use function datadog\appsec\testing\{report_backtrace, root_span_get_meta_struct};
+use function datadog\appsec\testing\{report_exploit_backtrace, root_span_get_meta_struct};
 
 function two($param01, $param02)
 {
-    report_backtrace($param01);
+    report_exploit_backtrace($param01);
 }
 
 function one($param01)
diff --git a/appsec/tests/extension/report_backtrace_04.phpt b/appsec/tests/extension/report_backtrace_04.phpt
index 767d5c6750e..c364068cae7 100644
--- a/appsec/tests/extension/report_backtrace_04.phpt
+++ b/appsec/tests/extension/report_backtrace_04.phpt
@@ -1,27 +1,21 @@
 --TEST--
-Trace are reported when helper indicates so
+DD_APPSEC_MAX_STACK_TRACES can be set to unlimited with 0
 --ENV--
 DD_TRACE_GENERATE_ROOT_SPAN=0
+DD_APPSEC_MAX_STACK_TRACES=0
 --INI--
 extension=ddtrace.so
-datadog.appsec.enabled=1
 --FILE--
 <?php
-use function datadog\appsec\testing\{rinit,rshutdown, report_backtrace};
-use function datadog\appsec\push_address;
 include __DIR__ . '/inc/ddtrace_version.php';
-include __DIR__ . '/inc/mock_helper.php';
 
 ddtrace_version_at_least('0.79.0');
 
-$helper = Helper::createInitedRun([
-    response_list(response_request_init([[['ok', []]]])),
-    response_list(response_request_exec([[['stack_trace', ['stack_id' => '1234']]], []])),
-]);
+use function datadog\appsec\testing\{report_exploit_backtrace, root_span_get_meta_struct};
 
 function two($param01, $param02)
 {
-    push_address("irrelevant", ["some" => "params", "more" => "parameters"]);
+    report_exploit_backtrace($param01);
 }
 
 function one($param01)
@@ -29,25 +23,119 @@ function one($param01)
     two($param01, "other");
 }
 
-rinit();
-
 DDTrace\start_span();
 $root = DDTrace\active_span();
-one("foo");
 
-DDTrace\close_span(0);
-$span = dd_trace_serialize_closed_spans();
-$meta_struct = $span[0]["meta_struct"];
-foreach($meta_struct as &$m)
-{
-    $m = bin2hex($m);
-}
-var_dump($meta_struct);
-DDTrace\flush();
+
+one("foo01"); //Line 22
+one("foo02"); //Line 23
+one("foo03"); //Line 24
+
+var_dump(root_span_get_meta_struct());
 
 ?>
 --EXPECTF--
 array(1) {
   ["_dd.stack"]=>
-  &string(292) "81a76578706c6f69749183a86c616e6775616765a3706870a26964a431323334a66672616d65739284a46c696e6515a866756e6374696f6ea374776fa466696c65b77265706f72745f6261636b74726163655f30342e706870a269640084a46c696e651ca866756e6374696f6ea36f6e65a466696c65b77265706f72745f6261636b74726163655f30342e706870a2696401"
+  array(1) {
+    ["exploit"]=>
+    array(3) {
+      [0]=>
+      array(3) {
+        ["language"]=>
+        string(3) "php"
+        ["id"]=>
+        string(5) "foo01"
+        ["frames"]=>
+        array(2) {
+          [0]=>
+          array(4) {
+            ["line"]=>
+            int(15)
+            ["function"]=>
+            string(3) "two"
+            ["file"]=>
+            string(23) "report_backtrace_04.php"
+            ["id"]=>
+            int(0)
+          }
+          [1]=>
+          array(4) {
+            ["line"]=>
+            int(22)
+            ["function"]=>
+            string(3) "one"
+            ["file"]=>
+            string(23) "report_backtrace_04.php"
+            ["id"]=>
+            int(1)
+          }
+        }
+      }
+      [1]=>
+      array(3) {
+        ["language"]=>
+        string(3) "php"
+        ["id"]=>
+        string(5) "foo02"
+        ["frames"]=>
+        array(2) {
+          [0]=>
+          array(4) {
+            ["line"]=>
+            int(15)
+            ["function"]=>
+            string(3) "two"
+            ["file"]=>
+            string(23) "report_backtrace_04.php"
+            ["id"]=>
+            int(0)
+          }
+          [1]=>
+          array(4) {
+            ["line"]=>
+            int(23)
+            ["function"]=>
+            string(3) "one"
+            ["file"]=>
+            string(23) "report_backtrace_04.php"
+            ["id"]=>
+            int(1)
+          }
+        }
+      }
+      [2]=>
+      array(3) {
+        ["language"]=>
+        string(3) "php"
+        ["id"]=>
+        string(5) "foo03"
+        ["frames"]=>
+        array(2) {
+          [0]=>
+          array(4) {
+            ["line"]=>
+            int(15)
+            ["function"]=>
+            string(3) "two"
+            ["file"]=>
+            string(23) "report_backtrace_04.php"
+            ["id"]=>
+            int(0)
+          }
+          [1]=>
+          array(4) {
+            ["line"]=>
+            int(24)
+            ["function"]=>
+            string(3) "one"
+            ["file"]=>
+            string(23) "report_backtrace_04.php"
+            ["id"]=>
+            int(1)
+          }
+        }
+      }
+    }
+  }
 }
diff --git a/appsec/tests/extension/report_backtrace_05.phpt b/appsec/tests/extension/report_backtrace_05.phpt
new file mode 100644
index 00000000000..866cd74d66a
--- /dev/null
+++ b/appsec/tests/extension/report_backtrace_05.phpt
@@ -0,0 +1,53 @@
+--TEST--
+Trace are reported when helper indicates so
+--ENV--
+DD_TRACE_GENERATE_ROOT_SPAN=0
+--INI--
+extension=ddtrace.so
+datadog.appsec.enabled=1
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown};
+use function datadog\appsec\push_address;
+include __DIR__ . '/inc/ddtrace_version.php';
+include __DIR__ . '/inc/mock_helper.php';
+
+ddtrace_version_at_least('0.79.0');
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init([[['ok', []]]])),
+    response_list(response_request_exec([[['stack_trace', ['stack_id' => '1234']]], []])),
+]);
+
+function two($param01, $param02)
+{
+    push_address("irrelevant", ["some" => "params", "more" => "parameters"]);
+}
+
+function one($param01)
+{
+    two($param01, "other");
+}
+
+rinit();
+
+DDTrace\start_span();
+$root = DDTrace\active_span();
+one("foo");
+
+DDTrace\close_span(0);
+$span = dd_trace_serialize_closed_spans();
+$meta_struct = $span[0]["meta_struct"];
+foreach($meta_struct as &$m)
+{
+    $m = bin2hex($m);
+}
+var_dump($meta_struct);
+DDTrace\flush();
+
+?>
+--EXPECTF--
+array(1) {
+  ["_dd.stack"]=>
+  &string(292) "81a76578706c6f69749183a86c616e6775616765a3706870a26964a431323334a66672616d65739284a46c696e6515a866756e6374696f6ea374776fa466696c65b77265706f72745f6261636b74726163655f30352e706870a269640084a46c696e651ca866756e6374696f6ea36f6e65a466696c65b77265706f72745f6261636b74726163655f30352e706870a2696401"
+}
diff --git a/appsec/tests/extension/report_backtrace_06.phpt b/appsec/tests/extension/report_backtrace_06.phpt
new file mode 100644
index 00000000000..7de87ffa8c9
--- /dev/null
+++ b/appsec/tests/extension/report_backtrace_06.phpt
@@ -0,0 +1,36 @@
+--TEST--
+DD_APPSEC_STACK_TRACE_ENABLED can be disabled
+--ENV--
+DD_TRACE_GENERATE_ROOT_SPAN=0
+DD_APPSEC_STACK_TRACE_ENABLED=0
+--INI--
+extension=ddtrace.so
+--FILE--
+<?php
+include __DIR__ . '/inc/ddtrace_version.php';
+
+ddtrace_version_at_least('0.79.0');
+
+
+use function datadog\appsec\testing\report_exploit_backtrace;
+
+function two($param01, $param02)
+{
+    report_exploit_backtrace("some id");
+}
+
+function one($param01)
+{
+    two($param01, "other");
+}
+
+DDTrace\start_span();
+$root = DDTrace\active_span();
+one("foo");
+DDTrace\close_span(0);
+$span = dd_trace_serialize_closed_spans();
+var_dump(isset($span[0]["meta_struct"]));
+DDTrace\flush();
+?>
+--EXPECTF--
+bool(false)