chore(asm): remove static cycles (#13154)

remove cycles with
- _utils and _asm_request_context
- _ddwaf and _metrics

APPSEC-57233

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Author: christophe-papazian

ddtrace/appsec/_asm_request_context.py

@@ -284,7 +284,13 @@ def set_body_response(body_response):
     # local import to avoid circular import
     from ddtrace.appsec._utils import parse_response_body
 
-    set_waf_address(SPAN_DATA_NAMES.RESPONSE_BODY, lambda: parse_response_body(body_response))
+    set_waf_address(
+        SPAN_DATA_NAMES.RESPONSE_BODY,
+        lambda: parse_response_body(
+            body_response,
+            get_waf_address(SPAN_DATA_NAMES.RESPONSE_HEADERS_NO_COOKIES),
+        ),
+    )
 
 
 def set_waf_address(address: str, value: Any) -> None:

ddtrace/appsec/_ddwaf/waf.py

@@ -51,11 +51,11 @@ def __init__(
         ruleset_map: Dict[str, Any],
         obfuscation_parameter_key_regexp: bytes,
         obfuscation_parameter_value_regexp: bytes,
+        metrics,
     ):
         # avoid circular import
-        from ddtrace.appsec import _metrics
 
-        self.report_error = _metrics._set_waf_error_log
+        self.report_error = metrics._set_waf_error_log
         config = ddwaf_config(
             key_regex=obfuscation_parameter_key_regexp, value_regex=obfuscation_parameter_value_regexp
         )
@@ -78,7 +78,7 @@ def __init__(
                 info.errors,
             )
         self._default_ruleset = ruleset_map_object
-        _metrics.ddwaf_version = version()
+        metrics.ddwaf_version = version()
 
     @property
     def required_data(self) -> List[str]:

ddtrace/appsec/_ddwaf/waf_mock.py

@@ -33,6 +33,7 @@ def __init__(
         rules: Dict[str, Any],
         obfuscation_parameter_key_regexp: bytes,
         obfuscation_parameter_value_regexp: bytes,
+        metrics,
     ):
         self._handle = None
 

ddtrace/appsec/_ddwaf/waf_stubs.py

@@ -120,6 +120,7 @@ def __init__(
         rules: Dict[str, Any],
         obfuscation_parameter_key_regexp: bytes,
         obfuscation_parameter_value_regexp: bytes,
+        metrics,
     ):
         pass
 

ddtrace/appsec/_processor.py

@@ -123,7 +123,7 @@ def delayed_init(self) -> None:
 
                 self.metrics = metrics
                 self._ddwaf = DDWaf(
-                    self._rules, self.obfuscation_parameter_key_regexp, self.obfuscation_parameter_value_regexp
+                    self._rules, self.obfuscation_parameter_key_regexp, self.obfuscation_parameter_value_regexp, metrics
                 )
                 self.metrics._set_waf_init_metric(self._ddwaf.info, self._ddwaf.initialized)
         except Exception:

ddtrace/appsec/_utils.py

@@ -1,6 +1,7 @@
 # this module must not load any other unsafe appsec module directly
 
 import collections
+import json
 import logging
 import typing
 from typing import Any
@@ -11,7 +12,6 @@
 
 from ddtrace.appsec._constants import API_SECURITY
 from ddtrace.appsec._constants import APPSEC
-from ddtrace.appsec._constants import SPAN_DATA_NAMES
 from ddtrace.internal._unpatched import unpatched_json_loads
 from ddtrace.internal.compat import to_unicode
 from ddtrace.internal.logger import get_logger
@@ -156,10 +156,9 @@ def __init__(self):
         self.error = 0
 
 
-def parse_response_body(raw_body):
+def parse_response_body(raw_body, headers):
     import xmltodict
 
-    from ddtrace.appsec import _asm_request_context
     from ddtrace.contrib.internal.trace_utils import _get_header_value_case_insensitive
 
     if not raw_body:
@@ -168,7 +167,6 @@ def parse_response_body(raw_body):
     if isinstance(raw_body, dict):
         return raw_body
 
-    headers = _asm_request_context.get_waf_address(SPAN_DATA_NAMES.RESPONSE_HEADERS_NO_COOKIES)
     if not headers:
         return
     content_type = _get_header_value_case_insensitive(
@@ -310,8 +308,6 @@ def has_triggers(span) -> bool:
 
 
 def get_triggers(span) -> Any:
-    import json
-
     if asm_config._use_metastruct_for_triggers:
         return (span.get_struct_tag(APPSEC.STRUCT) or {}).get("triggers", None)
     json_payload = span.get_tag(APPSEC.JSON)

tests/appsec/appsec/api_security/test_schema_fuzz.py

@@ -4,6 +4,7 @@
 from hypothesis import strategies as st
 import pytest
 
+from ddtrace.appsec import _metrics
 import ddtrace.appsec._constants as constants
 import ddtrace.appsec._ddwaf as ddwaf
 
@@ -12,7 +13,7 @@ def build_schema(obj):
     rules = {}
     with open(constants.DEFAULT.RULES, "r") as f_apisec:
         rules.update(json.load(f_apisec))
-    waf = ddwaf.DDWaf(rules, b"", b"")
+    waf = ddwaf.DDWaf(rules, b"", b"", _metrics)
     ctx = waf._at_request_start()
     res = waf.run(
         ctx,

tests/appsec/appsec/test_processor.py

@@ -6,6 +6,7 @@
 import pytest
 
 from ddtrace.appsec import _asm_request_context
+from ddtrace.appsec import _metrics
 from ddtrace.appsec._constants import APPSEC
 from ddtrace.appsec._constants import DEFAULT
 from ddtrace.appsec._constants import FINGERPRINTING
@@ -366,6 +367,7 @@ def test_ddwaf_not_raises_exception():
             rules_json,
             DEFAULT.APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP.encode("utf-8"),
             DEFAULT.APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP.encode("utf-8"),
+            _metrics,
         )
 
 
@@ -495,7 +497,7 @@ def test_obfuscation_parameter_value_configured_matching(tracer):
 def test_ddwaf_run():
     with open(rules.RULES_GOOD_PATH) as rule_set:
         rules_json = json.loads(rule_set.read())
-        _ddwaf = DDWaf(rules_json, b"", b"")
+        _ddwaf = DDWaf(rules_json, b"", b"", _metrics)
         data = {
             "server.request.query": {},
             "server.request.headers.no_cookies": {"user-agent": "werkzeug/2.1.2", "host": "localhost"},
@@ -515,7 +517,7 @@ def test_ddwaf_run():
 def test_ddwaf_run_timeout():
     with open(rules.RULES_GOOD_PATH) as rule_set:
         rules_json = json.loads(rule_set.read())
-        _ddwaf = DDWaf(rules_json, b"", b"")
+        _ddwaf = DDWaf(rules_json, b"", b"", _metrics)
         data = {
             "server.request.path_params": {"param_{}".format(i): "value_{}".format(i) for i in range(100)},
             "server.request.cookies": {"attack{}".format(i): "1' or '1' = '{}'".format(i) for i in range(100)},
@@ -531,7 +533,7 @@ def test_ddwaf_run_timeout():
 def test_ddwaf_info():
     with open(rules.RULES_GOOD_PATH) as rule_set:
         rules_json = json.loads(rule_set.read())
-        _ddwaf = DDWaf(rules_json, b"", b"")
+        _ddwaf = DDWaf(rules_json, b"", b"", _metrics)
 
         info = _ddwaf.info
         assert info.loaded == len(rules_json["rules"])
@@ -543,7 +545,7 @@ def test_ddwaf_info():
 def test_ddwaf_info_with_2_errors():
     with open(os.path.join(rules.ROOT_DIR, "rules-with-2-errors.json")) as rule_set:
         rules_json = json.loads(rule_set.read())
-        _ddwaf = DDWaf(rules_json, b"", b"")
+        _ddwaf = DDWaf(rules_json, b"", b"", _metrics)
 
         info = _ddwaf.info
         assert info.loaded == 1
@@ -559,7 +561,7 @@ def test_ddwaf_info_with_2_errors():
 def test_ddwaf_info_with_3_errors():
     with open(os.path.join(rules.ROOT_DIR, "rules-with-3-errors.json")) as rule_set:
         rules_json = json.loads(rule_set.read())
-        _ddwaf = DDWaf(rules_json, b"", b"")
+        _ddwaf = DDWaf(rules_json, b"", b"", _metrics)
 
         info = _ddwaf.info
         assert info.loaded == 1