Handle request options

DataDog · Oct 16, 2024 · df27cfe · df27cfe
1 parent f8515ec
commit df27cfe
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/packages/dd-trace/src/appsec/rasp/ssrf.js b/packages/dd-trace/src/appsec/rasp/ssrf.js
@@ -1,5 +1,6 @@
 'use strict'
 
+const url = require('url')
 const { httpClientRequestStart } = require('../channels')
 const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
@@ -20,12 +21,12 @@ function disable () {
 function analyzeSsrf (ctx) {
   const store = storage.getStore()
   const req = store?.req
-  const url = ctx.args.uri
+  const uri = (ctx.args.options?.uri && url.format(ctx.args.options?.uri)) ?? ctx.args.uri
 
-  if (!req || !url) return
+  if (!req || !uri) return
 
   const persistent = {
-    [addresses.HTTP_OUTGOING_URL]: url
+    [addresses.HTTP_OUTGOING_URL]: uri
   }
 
   const result = waf.run({ persistent }, req, RULE_TYPES.SSRF)