chore(test): Fixing flaky rasp ssrf express tests (#7617)

uurien · web-flow · commit 05f01a0bc1c2 · 2026-02-27T14:38:57.000+01:00
diff --git a/packages/dd-trace/test/appsec/rasp/ssrf.express.plugin.spec.js b/packages/dd-trace/test/appsec/rasp/ssrf.express.plugin.spec.js
@@ -57,17 +57,19 @@ describe('RASP - ssrf', () => {
 
     describe('ssrf', () => {
       async function testBlockingRequest () {
-        try {
-          await axios.get('/?host=localhost/ifconfig.pro')
-        } catch (e) {
+        const assertPromise = checkRaspExecutedAndHasThreat(agent, 'rasp-ssrf-rule-id-1')
+        const blockingRequestPromise = axios.get('/?host=localhost/ifconfig.pro').then(() => {
+          assert.fail('Request should be blocked')
+        }).catch(e => {
           if (!e.response) {
             throw e
           }
+        })
 
-          return checkRaspExecutedAndHasThreat(agent, 'rasp-ssrf-rule-id-1')
-        }
-
-        assert.fail('Request should be blocked')
+        await Promise.all([
+          blockingRequestPromise,
+          assertPromise,
+        ])
       }
 
       ['http', 'https'].forEach(protocol => {
@@ -77,14 +79,18 @@ describe('RASP - ssrf', () => {
             const module = require(protocol)
 
             app = (req, res) => {
-              const clientRequest = module.get(`${protocol}://${req.query.host}`)
+              const clientRequest = module.get(`${protocol}://${req.query.host}`, function (incomingResponse) {
+                incomingResponse.resume()
+                res.end('end')
+              })
+
               clientRequest.on('error', noop)
-              res.end('end')
             }
 
-            axios.get('/?host=www.datadoghq.com')
-
-            return checkRaspExecutedAndNotThreat(agent)
+            await Promise.all([
+              checkRaspExecutedAndNotThreat(agent),
+              axios.get('/?host=www.datadoghq.com'),
+            ])
           })
 
           it('Should detect threat doing a GET request', async () => {
@@ -140,9 +146,10 @@ describe('RASP - ssrf', () => {
                 .then(() => res.end('end'))
             }
 
-            await axios.get('/?host=www.datadoghq.com')
-
-            return checkRaspExecutedAndNotThreat(agent)
+            await Promise.all([
+              axios.get('/?host=www.datadoghq.com'),
+              checkRaspExecutedAndNotThreat(agent),
+            ])
           })
 
           it('Should detect threat doing a GET request', async () => {
@@ -193,9 +200,10 @@ describe('RASP - ssrf', () => {
               })
             }
 
-            axios.get('/?host=www.datadoghq.com')
-
-            return checkRaspExecutedAndNotThreat(agent)
+            await Promise.all([
+              axios.get('/?host=www.datadoghq.com'),
+              checkRaspExecutedAndNotThreat(agent),
+            ])
           })
 
           it('Should detect threat doing a GET request', async () => {
