From 2729de430041ba21e3aa07f06ed837902098c312 Mon Sep 17 00:00:00 2001
From: Alberto Vara <alberto.vara@datadoghq.com>
Date: Thu, 23 Jan 2025 14:48:20 +0100
Subject: [PATCH] chore(iast): taint parameter name and header name in fastapi

---
 ddtrace/appsec/_iast/_handlers.py                 |  2 +-
 tests/contrib/fastapi/test_fastapi_appsec_iast.py | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/ddtrace/appsec/_iast/_handlers.py b/ddtrace/appsec/_iast/_handlers.py
index 466a4a9c44..46f89738b5 100644
--- a/ddtrace/appsec/_iast/_handlers.py
+++ b/ddtrace/appsec/_iast/_handlers.py
@@ -319,7 +319,7 @@ def if_iast_taint_starlette_datastructures(origin, wrapped, instance, args, kwar
                     res.append(
                         taint_pyobject(
                             pyobject=element,
-                            source_name=origin_to_str(origin),
+                            source_name=element,
                             source_value=element,
                             source_origin=origin,
                         )
diff --git a/tests/contrib/fastapi/test_fastapi_appsec_iast.py b/tests/contrib/fastapi/test_fastapi_appsec_iast.py
index 37afc3e52e..86732bbac6 100644
--- a/tests/contrib/fastapi/test_fastapi_appsec_iast.py
+++ b/tests/contrib/fastapi/test_fastapi_appsec_iast.py
@@ -120,6 +120,8 @@ async def test_route(request: Request):
                 "ranges_start": ranges_result[0].start,
                 "ranges_length": ranges_result[0].length,
                 "ranges_origin": origin_to_str(ranges_result[0].source.origin),
+                "ranges_origin_name": ranges_result[0].source.name,
+                "ranges_origin_value": ranges_result[0].source.value,
             }
         )
 
@@ -137,6 +139,8 @@ async def test_route(request: Request):
         assert result["ranges_start"] == 0
         assert result["ranges_length"] == 15
         assert result["ranges_origin"] == "http.request.parameter.name"
+        assert result["ranges_origin_name"] == "iast_queryparam"
+        assert result["ranges_origin_value"] == "iast_queryparam"
 
 
 def test_query_param_name_source_post(fastapi_application, client, tracer, test_spans):
@@ -153,6 +157,8 @@ async def test_route(request: Request):
                 "ranges_start": ranges_result[0].start,
                 "ranges_length": ranges_result[0].length,
                 "ranges_origin": origin_to_str(ranges_result[0].source.origin),
+                "ranges_origin_name": ranges_result[0].source.name,
+                "ranges_origin_value": ranges_result[0].source.value,
             }
         )
 
@@ -170,6 +176,8 @@ async def test_route(request: Request):
         assert result["ranges_start"] == 0
         assert result["ranges_length"] == 15
         assert result["ranges_origin"] == "http.request.parameter.name"
+        assert result["ranges_origin_name"] == "iast_queryparam"
+        assert result["ranges_origin_value"] == "iast_queryparam"
 
 
 def test_header_value_source(fastapi_application, client, tracer, test_spans):
@@ -217,6 +225,8 @@ async def test_route(request: Request):
                 "ranges_start": ranges_result[0].start,
                 "ranges_length": ranges_result[0].length,
                 "ranges_origin": origin_to_str(ranges_result[0].source.origin),
+                "ranges_origin_name": ranges_result[0].source.name,
+                "ranges_origin_value": ranges_result[0].source.value,
             }
         )
 
@@ -234,6 +244,8 @@ async def test_route(request: Request):
         assert result["ranges_start"] == 0
         assert result["ranges_length"] == 11
         assert result["ranges_origin"] == "http.request.header.name"
+        assert result["ranges_origin_name"] == "iast_header"
+        assert result["ranges_origin_value"] == "iast_header"
 
 
 @pytest.mark.skipif(sys.version_info < (3, 9), reason="typing.Annotated was introduced on 3.9")