perf: improve algorithm for getting callsites in AppSec (#6044)

Use the `Error.captureStackTrace` API when triggering
`Error.prepareStackTrace` in order to be able to provide a constructor
function. This is used to reduce the number of unnecessary frames being
generated.

Author: watson

packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -114,7 +114,7 @@ function isDuplicatedVulnerability (vulnerability) {
 }
 
 function getVulnerabilityCallSiteFrames () {
-  return getCallsiteFrames(stackTraceMaxDepth)
+  return getCallsiteFrames(stackTraceMaxDepth, getVulnerabilityCallSiteFrames)
 }
 
 function replaceCallSiteFromSourceMap (callsite) {

packages/dd-trace/src/appsec/rasp/utils.js

@@ -41,7 +41,7 @@ function handleResult (result, req, res, abortController, config, raspRule) {
   const ruleTriggered = !!result?.events?.length
 
   if (generateStackTraceAction && enabled && canReportStackTrace(rootSpan, maxStackTraces)) {
-    const frames = getCallsiteFrames(maxDepth)
+    const frames = getCallsiteFrames(maxDepth, handleResult)
 
     reportStackTrace(
       rootSpan,

packages/dd-trace/src/appsec/stack_trace.js

@@ -9,36 +9,36 @@ const STACK_TRACE_NAMESPACES = {
   IAST: 'vulnerability'
 }
 
-function getCallSiteList (maxDepth = 100) {
+function prepareStackTrace (_, callsites) {
+  return callsites
+}
+
+function getCallSiteList (maxDepth = 100, constructorOpt) {
   const previousPrepareStackTrace = Error.prepareStackTrace
   const previousStackTraceLimit = Error.stackTraceLimit
-  let callsiteList
   // Since some frames will be discarded because they come from tracer codebase, a buffer is added
   // to the limit in order to get as close as `maxDepth` number of frames.
   Error.stackTraceLimit = maxDepth + LIBRARY_FRAMES_BUFFER
 
   try {
-    Error.prepareStackTrace = function (_, callsites) {
-      callsiteList = callsites
-    }
-    const e = new Error('message')
-    e.stack
+    Error.prepareStackTrace = prepareStackTrace
+    const obj = {}
+    Error.captureStackTrace(obj, constructorOpt)
+    return obj.stack
   } finally {
     Error.prepareStackTrace = previousPrepareStackTrace
     Error.stackTraceLimit = previousStackTraceLimit
   }
-
-  return callsiteList
 }
 
 function filterOutFramesFromLibrary (callSiteList) {
   return callSiteList.filter(callSite => !callSite.getFileName()?.startsWith(ddBasePath))
 }
 
-function getCallsiteFrames (maxDepth = 32, callSiteListGetter = getCallSiteList) {
+function getCallsiteFrames (maxDepth = 32, constructorOpt = getCallsiteFrames, callSiteListGetter = getCallSiteList) {
   if (maxDepth < 1) maxDepth = Infinity
 
-  const callSiteList = callSiteListGetter(maxDepth)
+  const callSiteList = callSiteListGetter(maxDepth, constructorOpt)
   const filteredFrames = filterOutFramesFromLibrary(callSiteList)
 
   const half = filteredFrames.length > maxDepth ? Math.round(maxDepth / 2) : Infinity

packages/dd-trace/test/appsec/iast/path-line.spec.js

@@ -199,7 +199,7 @@ describe('path-line', function () {
       const basePath = pathLine.ddBasePath
       pathLine.ddBasePath = path.join('test', 'base', 'path')
 
-      const list = getCallsiteFrames(32, getCallSiteInfo)
+      const list = getCallsiteFrames(32, getCallSiteInfo, getCallSiteInfo)
       const firstNonDDPath = pathLine.getNonDDCallSiteFrames(list)[0]
 
       const expectedPath = path.join('node_modules', firstNonDDPath.path)

packages/dd-trace/test/appsec/stack_trace.spec.js

@@ -66,7 +66,7 @@ describe('Stack trace reporter', () => {
       const rootSpan = {}
       const stackId = 'test_stack_id'
       const maxDepth = 32
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -112,7 +112,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -141,7 +141,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -174,7 +174,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -216,7 +216,7 @@ describe('Stack trace reporter', () => {
       const stackId = 'test_stack_id'
       const maxDepth = 32
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -265,7 +265,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -316,7 +316,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteListWithLibraryFrames)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteListWithLibraryFrames)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -339,7 +339,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)
 
@@ -362,7 +362,7 @@ describe('Stack trace reporter', () => {
         }
       ))
 
-      const frames = getCallsiteFrames(maxDepth, () => callSiteList)
+      const frames = getCallsiteFrames(maxDepth, getCallsiteFrames, () => callSiteList)
 
       reportStackTrace(rootSpan, stackId, frames)