Check store has value before use it (#3257)

Author: uurien

packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js

@@ -28,7 +28,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
 
     this.addSub('datadog:sequelize:query:finish', () => {
       const store = storage.getStore()
-      if (store.sequelizeParentStore) {
+      if (store && store.sequelizeParentStore) {
         storage.enterWith(store.sequelizeParentStore)
       }
     })

packages/dd-trace/test/appsec/iast/analyzers/sql-injection-analyzer.spec.js

@@ -2,6 +2,9 @@
 
 const proxyquire = require('proxyquire')
 
+const iastLog = require('../../../../src/appsec/iast/iast-log')
+const dc = require('../../../../../diagnostics_channel')
+
 describe('sql-injection-analyzer', () => {
   const NOT_TAINTED_QUERY = 'no vulnerable query'
   const TAINTED_QUERY = 'vulnerable query'
@@ -19,6 +22,10 @@ describe('sql-injection-analyzer', () => {
     './injection-analyzer': InjectionAnalyzer
   })
 
+  afterEach(() => {
+    sinon.restore()
+  })
+
   it('should subscribe to mysql, mysql2 and pg start query channel', () => {
     expect(sqlInjectionAnalyzer._subscriptions).to.have.lengthOf(5)
     expect(sqlInjectionAnalyzer._subscriptions[0]._channel.name).to.equals('apm:mysql:query:start')
@@ -83,4 +90,12 @@ describe('sql-injection-analyzer', () => {
       evidence: { dialect: dialect }
     })
   })
+
+  it('should not report an error when context is not initialized', () => {
+    sinon.stub(iastLog, 'errorAndPublish')
+    sqlInjectionAnalyzer.configure(true)
+    dc.channel('datadog:sequelize:query:finish').publish()
+    sqlInjectionAnalyzer.configure(false)
+    expect(iastLog.errorAndPublish).not.to.be.called
+  })
 })