From c3e3d08956b1c9f0af86375791d2d4581e529959 Mon Sep 17 00:00:00 2001
From: "alejandro.gonzalez" <alejandro.gonzalez@datadoghq.com>
Date: Wed, 15 Jan 2025 15:26:41 +0100
Subject: [PATCH] change cookie vulns hash calculation

---
 .../datadog/iast/model/VulnerabilityType.java  |  6 +++---
 .../iast/model/VulnerabilityTypeTest.groovy    | 18 +++++++++---------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
index cf56165594c..a8e8a9c9c1d 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
@@ -31,12 +31,12 @@ public interface VulnerabilityType {
       type(VulnerabilityTypes.WEAK_HASH).excludedSources(Builder.DB_EXCLUDED).build();
   VulnerabilityType INSECURE_COOKIE =
       type(VulnerabilityTypes.INSECURE_COOKIE)
-          .hash(VulnerabilityType::evidenceHash)
+          .hash(VulnerabilityType::fileAndLineHash)
           .excludedSources(Builder.DB_EXCLUDED)
           .build();
   VulnerabilityType NO_HTTPONLY_COOKIE =
       type(VulnerabilityTypes.NO_HTTPONLY_COOKIE)
-          .hash(VulnerabilityType::evidenceHash)
+          .hash(VulnerabilityType::fileAndLineHash)
           .excludedSources(Builder.DB_EXCLUDED)
           .build();
   VulnerabilityType HSTS_HEADER_MISSING =
@@ -51,7 +51,7 @@ public interface VulnerabilityType {
           .build();
   VulnerabilityType NO_SAMESITE_COOKIE =
       type(VulnerabilityTypes.NO_SAMESITE_COOKIE)
-          .hash(VulnerabilityType::evidenceHash)
+          .hash(VulnerabilityType::fileAndLineHash)
           .excludedSources(Builder.DB_EXCLUDED)
           .build();
 
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy
index d0251b956a6..546ac802542 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy
@@ -30,15 +30,15 @@ class VulnerabilityTypeTest extends DDSpecification {
     WEAK_CIPHER                 | getSpanAndClassAndMethodLocation(123)  | new Evidence("MD5")                    | 3265519776
     WEAK_CIPHER                 | getSpanAndClassAndMethodLocation(456)  | new Evidence("MD4")                    | 3265519776
     WEAK_CIPHER                 | getSpanAndClassAndMethodLocation(789)  | null                                   | 3265519776
-    INSECURE_COOKIE             | getSpanAndStackLocation(123)           | null                                   | 3471934557
-    INSECURE_COOKIE             | getSpanAndStackLocation(123)           | new Evidence("cookieName1")            | 360083726
-    INSECURE_COOKIE             | getSpanAndStackLocation(123)           | new Evidence("cookieName2")            | 2357141684
-    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)           | null                                   | 2115643285
-    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName1")            | 585548920
-    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName2")            | 3153040834
-    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)           | null                                   | 3683185539
-    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName1")            | 881944211
-    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName2")            | 2912433961
+    INSECURE_COOKIE             | getSpanAndStackLocation(123)           | null                                   | 1156210466
+    INSECURE_COOKIE             | getSpanAndStackLocation(123)           | new Evidence("cookieName1")            | 1156210466
+    INSECURE_COOKIE             | getSpanAndStackLocation(123)           | new Evidence("cookieName2")            | 1156210466
+    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)           | null                                   | 1522983769
+    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName1")            | 1522983769
+    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName2")            | 1522983769
+    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)           | null                                   | 1090504969
+    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName1")            | 1090504969
+    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)           | new Evidence("cookieName2")            | 1090504969
     XCONTENTTYPE_HEADER_MISSING | getSpanAndService(123, null)           | null                                   | 3429203725
     XCONTENTTYPE_HEADER_MISSING | getSpanAndService(123, 'serviceName1') | null                                   | 2718833340
     XCONTENTTYPE_HEADER_MISSING | getSpanAndService(123, 'serviceName2') | null                                   | 990333702