From 221202bcf48cdc141413d877505d2dbb137c3c77 Mon Sep 17 00:00:00 2001
From: CarlesDD <carles.capell@datadoghq.com>
Date: Mon, 25 Sep 2023 13:01:58 +0200
Subject: [PATCH] Do not propagate empty strings on slice

---
 src/api/slice.cc      |  6 ++++++
 test/js/slice.spec.js | 10 ++++++++++
 2 files changed, 16 insertions(+)

diff --git a/src/api/slice.cc b/src/api/slice.cc
index 7719383..9999af5 100644
--- a/src/api/slice.cc
+++ b/src/api/slice.cc
@@ -40,6 +40,12 @@ void slice(const FunctionCallbackInfo<Value>& args) {
     auto vSubject = args[2];
     int sliceStart = args[3]->IntegerValue(context).FromJust();
 
+    int len =  v8::Local<v8::String>::Cast(vResult)->Length();
+    if (len == 0) {
+        args.GetReturnValue().Set(vResult);
+        return;
+    }
+
     Transaction* transaction = GetTransaction(GetLocalStringPointer(args[0]));
     if (transaction == nullptr) {
         args.GetReturnValue().Set(vResult);
diff --git a/test/js/slice.spec.js b/test/js/slice.spec.js
index 7a29369..b9bca1a 100644
--- a/test/js/slice.spec.js
+++ b/test/js/slice.spec.js
@@ -178,6 +178,16 @@ describe('Slice', function () {
     })
   })
 
+  it('Check slice empty string result', function () {
+    let op1 = 'hello world'
+    op1 = TaintedUtils.newTaintedString(id, op1, 'param1', 'REQUEST')
+
+    let result = op1.slice(6, 6)
+    result = TaintedUtils.slice(id, result, op1, 6)
+
+    assert.equal(TaintedUtils.isTainted(id, result), false, 'Empty string is tainted')
+  })
+
   it('Secure marks are inherited', () => {
     let op1 = 'hello world'
     op1 = TaintedUtils.newTaintedString(id, op1, 'param1', 'REQUEST')