Report waf results

[IlyasShabi]

What does this PR do?

Returns all WAF results instead of only actions and removes ruleTriggered from the request store.

Motivation

We may call the WAF multiple times during a single request, when a rule is triggered on the first call, we set: store[DD_TELEMETRY_REQUEST_METRICS].ruleTriggered = true this value is reset to null after calling trackRaspRuleMatch

However, if ruleTriggered = true on the first WAF call, but returns false on a second one, we might execute trackRaspRuleMatch for the second WAF call before the first one. This race condition will incorrectly increment the rasp.rule.match metric.

Plugin Checklist

• Unit tests.
• Integration tests.
• Benchmarks.
• TypeScript definitions.
• TypeScript tests.
• API documentation.
• CI jobs/workflows.

Additional Notes

[github-actions]

Overall package size

Self size: 9.3 MB
Deduped: 102.55 MB
No deduping: 103.07 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.5.1 | 29.73 MB | 29.73 MB | | @datadog/native-appsec | 8.5.2 | 19.33 MB | 19.34 MB | | @datadog/native-iast-taint-tracking | 3.3.1 | 13.99 MB | 13.99 MB | | @datadog/pprof | 5.7.1 | 9.51 MB | 9.88 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.4.0 | 2.77 MB | 5.42 MB | | @datadog/wasm-js-rewriter | 4.0.1 | 2.85 MB | 3.58 MB | | @datadog/native-metrics | 3.1.1 | 1.02 MB | 1.43 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.13.1 | 117.64 kB | 839.26 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.2 | 53.63 kB | 53.63 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | dc-polyfill | 0.1.8 | 25.08 kB | 25.08 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | shell-quote | 1.8.2 | 23.54 kB | 23.54 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | mutexify | 1.4.0 | 5.71 kB | 8.74 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.09%. Comparing base (07824ea) to head (2964d9b).
Report is 46 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5655      +/-   ##
==========================================
- Coverage   79.12%   79.09%   -0.04%     
==========================================
  Files         513      512       -1     
  Lines       23497    23425      -72     
==========================================
- Hits        18593    18528      -65     
+ Misses       4904     4897       -7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[datadog-datadog-prod-us1]

Datadog Report

Branch report: ishabi/report-waf-results
Commit report: 4e5e418
Test service: dd-trace-js-integration-tests

✅ 0 Failed, 928 Passed, 0 Skipped, 12m 30.14s Total Time

[BridgeAR]

Code is LGTM. I guess it would still be good to get a second review though from appsec.

I do wonder if the result is not always truthy or if we could rewrite the code that it is in case it currently is not (I would guess it should not reach those spots in that case).

[CarlesDD]

LGTM but I miss a test to check the case that motivates this PR - incorrect increment the rasp.rule.match metric when multiple WAF calls in the same request.