fix(appsec): improve appsec perf on object length (#8859)

IlyasShabi · web-flow · commit ef8745542067 · 2026-06-11T17:50:49.000+02:00
* fix(appsec): improve appsec perf on object length
diff --git a/packages/dd-trace/src/appsec/downstream_requests.js b/packages/dd-trace/src/appsec/downstream_requests.js
@@ -2,6 +2,7 @@
 
 const web = require('../plugins/util/web')
 const log = require('../log')
+const { isEmpty } = require('../util')
 const {
   HTTP_OUTGOING_METHOD,
   HTTP_OUTGOING_HEADERS,
@@ -137,7 +138,7 @@ function extractRequestData (ctx) {
   addresses[HTTP_OUTGOING_METHOD] = getMethod(options.method)
 
   const headers = options?.headers
-  if (headers && Object.keys(headers).length > 0) {
+  if (headers && !isEmpty(headers)) {
     addresses[HTTP_OUTGOING_HEADERS] = lowercaseHeaderKeys(headers)
   }
 
@@ -177,7 +178,7 @@ function extractResponseData (res, responseBody) {
   }
 
   const headers = res.headers
-  if (headers && Object.keys(headers).length > 0) {
+  if (headers && !isEmpty(headers)) {
     addresses[HTTP_OUTGOING_RESPONSE_HEADERS] = headers
   }
 
diff --git a/packages/dd-trace/src/appsec/iast/index.js b/packages/dd-trace/src/appsec/iast/index.js
@@ -3,6 +3,7 @@
 const dc = require('dc-polyfill')
 const web = require('../../plugins/util/web')
 const { storage } = require('../../../../datadog-core')
+const { isEmpty } = require('../../util')
 const { enable: enableFsPlugin, disable: disableFsPlugin, IAST_MODULE } = require('../rasp/fs-plugin')
 const { incomingHttpRequestStart, incomingHttpRequestEnd, responseWriteHead } = require('../channels')
 const vulnerabilityReporter = require('./vulnerability-reporter')
@@ -96,7 +97,7 @@ function onIncomingHttpRequestEnd (data) {
 
       iastResponseEnd.publish({ ...data, storedHeaders })
 
-      if (Object.keys(storedHeaders).length) {
+      if (!isEmpty(storedHeaders)) {
         collectedResponseHeaders.delete(data.res)
       }
 
@@ -118,7 +119,7 @@ function onIncomingHttpRequestEnd (data) {
 function onResponseWriteHeadCollect ({ res, responseHeaders = {} }) {
   if (!res) return
 
-  if (Object.keys(responseHeaders).length) {
+  if (!isEmpty(responseHeaders)) {
     collectedResponseHeaders.set(res, responseHeaders)
   }
 }
diff --git a/packages/dd-trace/src/appsec/rasp/ssrf.js b/packages/dd-trace/src/appsec/rasp/ssrf.js
@@ -9,6 +9,7 @@ const addresses = require('../addresses')
 const web = require('../../plugins/util/web')
 const { getActiveRequest } = require('../store')
 const waf = require('../waf')
+const { isEmpty } = require('../../util')
 const downstream = require('../downstream_requests')
 const { updateRaspRuleMatchMetricTags } = require('../telemetry')
 const { RULE_TYPES, handleResult } = require('./utils')
@@ -85,7 +86,7 @@ function handleResponseFinish ({ ctx, res, body }) {
 function runResponseEvaluation (res, req, responseBody) {
   const responseAddresses = downstream.extractResponseData(res, responseBody)
 
-  if (!Object.keys(responseAddresses).length) return
+  if (isEmpty(responseAddresses)) return
 
   const raspRule = { type: RULE_TYPES.SSRF, variant: 'response' }
   const result = waf.run({ ephemeral: responseAddresses }, req, raspRule)
diff --git a/packages/dd-trace/src/appsec/reporter.js b/packages/dd-trace/src/appsec/reporter.js
@@ -461,7 +461,7 @@ function truncateRequestBody (target, depth = 0) {
 }
 
 function reportRequestBody (rootSpan, requestBody, comesFromRaspAction = false) {
-  if (!requestBody || Object.keys(requestBody).length === 0) return
+  if (!requestBody || isEmpty(requestBody)) return
 
   if (!rootSpan.meta_struct) {
     rootSpan.meta_struct = {}

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`
`3`	`3`	`const web = require('../plugins/util/web')`
`4`	`4`	`const log = require('../log')`
	`5`	`+const { isEmpty } = require('../util')`
`5`	`6`	`const {`
`6`	`7`	`HTTP_OUTGOING_METHOD,`
`7`	`8`	`HTTP_OUTGOING_HEADERS,`
`@@ -137,7 +138,7 @@ function extractRequestData (ctx) {`
`137`	`138`	`addresses[HTTP_OUTGOING_METHOD] = getMethod(options.method)`
`138`	`139`
`139`	`140`	`const headers = options?.headers`
`140`		`- if (headers && Object.keys(headers).length > 0) {`
	`141`	`+ if (headers && !isEmpty(headers)) {`
`141`	`142`	`addresses[HTTP_OUTGOING_HEADERS] = lowercaseHeaderKeys(headers)`
`142`	`143`	`}`
`143`	`144`
`@@ -177,7 +178,7 @@ function extractResponseData (res, responseBody) {`
`177`	`178`	`}`
`178`	`179`
`179`	`180`	`const headers = res.headers`
`180`		`- if (headers && Object.keys(headers).length > 0) {`
	`181`	`+ if (headers && !isEmpty(headers)) {`
`181`	`182`	`addresses[HTTP_OUTGOING_RESPONSE_HEADERS] = headers`
`182`	`183`	`}`
`183`	`184`
Original file line number	Diff line number	Diff line change
`@@ -461,7 +461,7 @@ function truncateRequestBody (target, depth = 0) {`
`461`	`461`	`}`
`462`	`462`
`463`	`463`	`function reportRequestBody (rootSpan, requestBody, comesFromRaspAction = false) {`
`464`		`- if (!requestBody \|\| Object.keys(requestBody).length === 0) return`
	`464`	`+ if (!requestBody \|\| isEmpty(requestBody)) return`
`465`	`465`
`466`	`466`	`if (!rootSpan.meta_struct) {`
`467`	`467`	`rootSpan.meta_struct = {}`