move stackId from vulnerability to Location (#8384)

What Does This Do
Move stackId from Vulnerability to Location

Motivation
The RFC specifies that

Location
In order to link the stack with the vulnerability, we will add a stack field to the vulnerability’s location, containing the stack id in the vulnerabilities section of stacks of the span.

However, this stackId was incorrectly added to the vulnerability instead of to the Location.

Author: jandro996

dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Reporter.java

@@ -81,7 +81,7 @@ private void reportVulnerability(
         String stackId =
             addVulnerabilityStackTrace(span, String.valueOf(batch.getVulnerabilities().size()));
         if (stackId != null) {
-          vulnerability.setStackId(stackId);
+          vulnerability.getLocation().setStackId(stackId);
         }
       }
     }

dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Location.java

@@ -15,6 +15,8 @@ public final class Location {
 
   @Nullable private transient String serviceName;
 
+  private @Nullable String stackId;
+
   private Location(
       @Nullable final Long spanId,
       @Nullable final String path,
@@ -86,6 +88,15 @@ public void updateSpan(@Nullable final AgentSpan span) {
     }
   }
 
+  @Nullable
+  public String getStackId() {
+    return stackId;
+  }
+
+  public void setStackId(@Nullable String stackId) {
+    this.stackId = stackId;
+  }
+
   @Nullable
   private static Long spanId(@Nullable AgentSpan span) {
     return span != null ? span.getSpanId() : null;

dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Vulnerability.java

@@ -12,8 +12,6 @@ public final class Vulnerability {
 
   private final @Nullable Evidence evidence;
 
-  private @Nullable String stackId;
-
   private long hash;
 
   public Vulnerability(@Nonnull final VulnerabilityType type, @Nonnull final Location location) {
@@ -45,15 +43,6 @@ public Evidence getEvidence() {
     return evidence;
   }
 
-  @Nullable
-  public String getStackId() {
-    return stackId;
-  }
-
-  public void setStackId(@Nullable String stackId) {
-    this.stackId = stackId;
-  }
-
   public long getHash() {
     return hash;
   }

dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy

@@ -78,9 +78,9 @@ class ReporterTest extends DDSpecification {
             "spanId":123456,
             "line":1,
             "path": "foo",
-            "method": "foo"
+            "method": "foo",
+            "stackId":"1"
           },
-          "stackId":"1",
           "type":"WEAK_HASH"
         }
       ]
@@ -187,9 +187,9 @@ class ReporterTest extends DDSpecification {
             "spanId":123456,
             "line":1,
             "path":"foo",
-            "method": "foo"
+            "method": "foo",
+            "stackId":"1"
           },
-          "stackId":"1",
           "type":"WEAK_HASH"
         },
         {
@@ -199,9 +199,9 @@ class ReporterTest extends DDSpecification {
             "spanId":123456,
             "line":2,
             "path":"foo",
-            "method": "foo"
+            "method": "foo",
+            "stackId":"2"
           },
-          "stackId":"2",
           "type":"WEAK_HASH"
         }
       ]
@@ -578,7 +578,7 @@ class ReporterTest extends DDSpecification {
     StackTraceEvent currentStackTrace = null
     for (int i = 0; i < vulnerabilities.size(); i++) {
       for (StackTraceEvent event : batch.get("vulnerability")) {
-        if(event.getId() == vulnerabilities[i].getStackId()) {
+        if(event.getId() == vulnerabilities[i].getLocation().getStackId()) {
           currentStackTrace = event
           break
         }