No SameSite cookie vulnerability detection

[uurien]

What does this PR do?

It detects a vulnerability when SameSite=Strict flag is not set in a set-cookie header. It is done in the same way as HttpOnly or Insecure cookie detections. It means that in this PR are more code in test that in source.

Additional notes

The res.cookie method from express didn't support sameSite parameter at the beginning of 4.x version. That is the reason why I am not testing in versions < 4.15.0.

Checklist

• Unit tests.

[github-actions]

Overall package size

Self size: 4.34 MB
Deduped: 60.7 MB
No deduping: 60.75 MB

Dependency sizes

name	version	self size	total size
@datadog/pprof	2.2.1	14.24 MB	15.12 MB
@datadog/native-iast-taint-tracking	1.5.0	14.86 MB	14.86 MB
@datadog/native-appsec	3.2.0	13.38 MB	13.39 MB
protobufjs	7.1.2	2.76 MB	6.55 MB
@datadog/native-iast-rewriter	2.0.1	2.09 MB	2.1 MB
@opentelemetry/core	1.3.1	784.66 kB	1.37 MB
@datadog/native-metrics	2.0.0	898.77 kB	1.3 MB
@opentelemetry/api	1.4.1	780.32 kB	780.32 kB
opentracing	0.14.7	194.81 kB	194.81 kB
semver	7.3.8	88.2 kB	118.6 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
ipaddr.js	2.0.1	59.52 kB	59.52 kB
ignore	5.2.0	48.87 kB	48.87 kB
import-in-the-middle	1.3.5	34.34 kB	38.81 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
retry	0.10.1	27.44 kB	27.44 kB
lodash.uniq	4.5.0	25.01 kB	25.01 kB
limiter	1.1.5	23.17 kB	23.17 kB
lodash.kebabcase	4.1.1	17.75 kB	17.75 kB
lodash.pick	4.4.0	16.33 kB	16.33 kB
node-abort-controller	3.0.1	14.33 kB	14.33 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
diagnostics_channel	1.1.0	7.07 kB	7.07 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

Merging #3246 (0cb75ee) into master (2f14ee8) will decrease coverage by 7.75%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #3246      +/-   ##
==========================================
- Coverage   93.75%   86.01%   -7.75%     
==========================================
  Files          63      194     +131     
  Lines        1923     7510    +5587     
  Branches       33       33              
==========================================
+ Hits         1803     6460    +4657     
- Misses        120     1050     +930     

Impacted Files	Coverage Δ
...es/dd-trace/src/appsec/iast/analyzers/analyzers.js	100.00% <ø> (ø)
...ckages/dd-trace/src/appsec/iast/vulnerabilities.js	100.00% <ø> (ø)
...psec/iast/analyzers/no-samesite-cookie-analyzer.js	100.00% <100.00%> (ø)

... and 130 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[pr-commenter]

Benchmarks

Comparing candidate commit 0cb75ee in PR branch ugaitz/no-samesite-cookie with baseline commit 2f14ee8 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 442 metrics, 30 unstable metrics.