Summary

• The request URL captured for attack events was missing the query string, so query-driven attacks (path traversal, suspicious ?path=... payloads, etc.) lost the malicious payload from their reported URL.
• Fixes both ASGI (build_url_from_asgi) and WSGI (build_url_from_wsgi) URL builders to append ?<query_string> when present.

Re-enables test_path_traversal in the QA suite. Also lays the groundwork for #fix-wave-attack — wave-attack samples are keyed on context.url, so without the query string 16 distinct ?path=q1..q16 requests collapsed into a single sample.

Test plan

• aikido_zen/context/asgi/build_url_from_asgi_test.py — added query-string test cases (including the path-traversal scenario).
• aikido_zen/context/wsgi/build_url_from_wsgi_test.py — added query-string test cases.
• Updated existing context tests whose URL assertions now include the query string.
• Full unit suite passes locally (make test minus network-dependent tests).
• QA suite: verify test_path_traversal passes once merged.

🤖 Generated with Claude Code

Summary by Aikido

⚡ Enhancements

• Updated QA workflow to re-enable path traversal test execution.

🐛 Bugfixes

• Included query string in ASGI and WSGI URL builders.

^{More info}