chore(asm): remove circular dependencies (#13191)

PR to remove all static circular import from appsec
- split iast_request_context module into 2 to avoid circular references
with several other iast modules
- change several import statement to avoid cycles
- small test updates for import
- move several functions from ddtrace.contrib.internal.trace_utils to
ddtrace.contrib.internal.trace_utils_base to avoid further circular
dependencies

most remaining static circular imports are related to
`ddtrace.contrib.internal.trace_utils`

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Author: christophe-papazian

benchmarks/appsec_iast_aspects/scenario.py

@@ -5,16 +5,22 @@
 with override_env({"DD_IAST_ENABLED": "True"}):
     # from ddtrace.appsec._iast import oce
     try:
-        # 2.15+
-        from ddtrace.appsec._iast._iast_request_context import end_iast_context
-        from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
-        from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        # 3.6+
+        from ddtrace.appsec._iast._iast_request_context_base import end_iast_context
+        from ddtrace.appsec._iast._iast_request_context_base import set_iast_request_enabled
+        from ddtrace.appsec._iast._iast_request_context_base import start_iast_context
     except ImportError:
-        # Pre 2.15
-        from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
-        from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
-
-        set_iast_request_enabled = lambda x: None  # noqa: E731
+        # Pre 3.6
+        try:
+            from ddtrace.appsec._iast._iast_request_context import end_iast_context
+            from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
+            from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        except ImportError:
+            # Pre 2.15
+            from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
+            from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
+
+            set_iast_request_enabled = lambda x: None  # noqa: E731
 
 
 def _start_iast_context_and_oce():

benchmarks/appsec_iast_aspects_ospath/scenario.py

@@ -5,16 +5,22 @@
 with override_env({"DD_IAST_ENABLED": "True"}):
     # from ddtrace.appsec._iast import oce
     try:
-        # 2.15+
-        from ddtrace.appsec._iast._iast_request_context import end_iast_context
-        from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
-        from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        # 3.6+
+        from ddtrace.appsec._iast._iast_request_context_base import end_iast_context
+        from ddtrace.appsec._iast._iast_request_context_base import set_iast_request_enabled
+        from ddtrace.appsec._iast._iast_request_context_base import start_iast_context
     except ImportError:
-        # Pre 2.15
-        from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
-        from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
-
-        set_iast_request_enabled = lambda x: None  # noqa: E731
+        # Pre 3.6
+        try:
+            from ddtrace.appsec._iast._iast_request_context import end_iast_context
+            from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
+            from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        except ImportError:
+            # Pre 2.15
+            from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
+            from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
+
+            set_iast_request_enabled = lambda x: None  # noqa: E731
 
 
 def _start_iast_context_and_oce():

benchmarks/appsec_iast_aspects_re_module/scenario.py

@@ -5,16 +5,22 @@
 with override_env({"DD_IAST_ENABLED": "True"}):
     # from ddtrace.appsec._iast import oce
     try:
-        # 2.15+
-        from ddtrace.appsec._iast._iast_request_context import end_iast_context
-        from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
-        from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        # 3.6+
+        from ddtrace.appsec._iast._iast_request_context_base import end_iast_context
+        from ddtrace.appsec._iast._iast_request_context_base import set_iast_request_enabled
+        from ddtrace.appsec._iast._iast_request_context_base import start_iast_context
     except ImportError:
-        # Pre 2.15
-        from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
-        from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
-
-        set_iast_request_enabled = lambda x: None  # noqa: E731
+        # Pre 3.6
+        try:
+            from ddtrace.appsec._iast._iast_request_context import end_iast_context
+            from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
+            from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        except ImportError:
+            # Pre 2.15
+            from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
+            from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
+
+            set_iast_request_enabled = lambda x: None  # noqa: E731
 
 
 def _start_iast_context_and_oce():

benchmarks/appsec_iast_aspects_split/scenario.py

@@ -5,16 +5,22 @@
 with override_env({"DD_IAST_ENABLED": "True"}):
     # from ddtrace.appsec._iast import oce
     try:
-        # 2.15+
-        from ddtrace.appsec._iast._iast_request_context import end_iast_context
-        from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
-        from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        # 3.6+
+        from ddtrace.appsec._iast._iast_request_context_base import end_iast_context
+        from ddtrace.appsec._iast._iast_request_context_base import set_iast_request_enabled
+        from ddtrace.appsec._iast._iast_request_context_base import start_iast_context
     except ImportError:
-        # Pre 2.15
-        from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
-        from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
-
-        set_iast_request_enabled = lambda x: None  # noqa: E731
+        # Pre 3.6
+        try:
+            from ddtrace.appsec._iast._iast_request_context import end_iast_context
+            from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
+            from ddtrace.appsec._iast._iast_request_context import start_iast_context
+        except ImportError:
+            # Pre 2.15
+            from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
+            from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
+
+            set_iast_request_enabled = lambda x: None  # noqa: E731
 
 
 def _start_iast_context_and_oce():

benchmarks/appsec_iast_propagation/scenario.py

@@ -1,8 +1,23 @@
 import bm
 
-from ddtrace.appsec._iast._iast_request_context import end_iast_context
-from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
-from ddtrace.appsec._iast._iast_request_context import start_iast_context
+
+try:
+    # 3.6+
+    from ddtrace.appsec._iast._iast_request_context_base import end_iast_context
+    from ddtrace.appsec._iast._iast_request_context_base import set_iast_request_enabled
+    from ddtrace.appsec._iast._iast_request_context_base import start_iast_context
+except ImportError:
+    # Pre 3.6
+    try:
+        from ddtrace.appsec._iast._iast_request_context import end_iast_context
+        from ddtrace.appsec._iast._iast_request_context import set_iast_request_enabled
+        from ddtrace.appsec._iast._iast_request_context import start_iast_context
+    except ImportError:
+        # Pre 2.15
+        from ddtrace.appsec._iast._taint_tracking._context import create_context as start_iast_context
+        from ddtrace.appsec._iast._taint_tracking._context import reset_context as end_iast_context
+
+        set_iast_request_enabled = lambda x: None  # noqa: E731
 from ddtrace.appsec._iast._taint_tracking import OriginType
 from ddtrace.appsec._iast._taint_tracking._taint_objects import taint_pyobject
 from ddtrace.appsec._iast._taint_tracking.aspects import add_aspect

ddtrace/appsec/_handlers.py

@@ -6,8 +6,8 @@
 from ddtrace.appsec._asm_request_context import get_blocked
 from ddtrace.appsec._constants import SPAN_DATA_NAMES
 from ddtrace.contrib import trace_utils
-from ddtrace.contrib.internal.trace_utils import _get_request_header_user_agent
-from ddtrace.contrib.internal.trace_utils import _set_url_tag
+from ddtrace.contrib.internal.trace_utils_base import _get_request_header_user_agent
+from ddtrace.contrib.internal.trace_utils_base import _set_url_tag
 from ddtrace.ext import SpanTypes
 from ddtrace.ext import http
 from ddtrace.internal import core

ddtrace/appsec/_iast/_evidence_redaction/__init__.py

@@ -1,4 +0,0 @@
-from ddtrace.appsec._iast._evidence_redaction._sensitive_handler import sensitive_handler
-
-
-sensitive_handler

ddtrace/appsec/_iast/_handlers.py

@@ -5,8 +5,8 @@
 from wrapt import wrap_function_wrapper as _w
 
 from ddtrace.appsec._constants import IAST
-from ddtrace.appsec._iast._iast_request_context import get_iast_stacktrace_reported
-from ddtrace.appsec._iast._iast_request_context import set_iast_stacktrace_reported
+from ddtrace.appsec._iast._iast_request_context_base import get_iast_stacktrace_reported
+from ddtrace.appsec._iast._iast_request_context_base import set_iast_stacktrace_reported
 from ddtrace.appsec._iast._logs import iast_instrumentation_wrapt_debug_log
 from ddtrace.appsec._iast._logs import iast_propagation_listener_log_log
 from ddtrace.appsec._iast._metrics import _set_metric_iast_instrumented_source

ddtrace/appsec/_iast/_iast_env.py

@@ -1,4 +1,4 @@
-from typing import TYPE_CHECKING
+from typing import Any
 from typing import Dict
 from typing import Optional
 
@@ -7,10 +7,6 @@
 from ddtrace.internal import core
 
 
-if TYPE_CHECKING:
-    from ddtrace.appsec._iast.reporter import IastSpanReporter
-
-
 class IASTEnvironment:
     """
     an object of this class contains all asm data (waf and telemetry)
@@ -22,7 +18,7 @@ def __init__(self, span: Optional[Span] = None):
         self.span = span or core.get_span()
 
         self.request_enabled: bool = False
-        self.iast_reporter: Optional["IastSpanReporter"] = None
+        self.iast_reporter: Optional[Any] = None
         self.iast_span_metrics: Dict[str, int] = {}
         self.iast_stack_trace_id: int = 0
         self.iast_stack_trace_reported: bool = False

ddtrace/appsec/_iast/_iast_request_context.py

@@ -1,25 +1,19 @@
-import os
 from typing import TYPE_CHECKING  # noqa:F401
 from typing import Literal  # noqa:F401
 from typing import Optional
 
 from ddtrace._trace.span import Span
 from ddtrace.appsec._constants import APPSEC
 from ddtrace.appsec._constants import IAST
-from ddtrace.appsec._constants import IAST_SPAN_TAGS
-from ddtrace.appsec._iast._iast_env import IASTEnvironment
 from ddtrace.appsec._iast._iast_env import _get_iast_env
+import ddtrace.appsec._iast._iast_request_context_base as base
 from ddtrace.appsec._iast._metrics import _set_metric_iast_request_tainted
 from ddtrace.appsec._iast._overhead_control_engine import oce
 from ddtrace.appsec._iast._span_metrics import _set_span_tag_iast_executed_sink
-from ddtrace.appsec._iast._taint_tracking._context import create_context as create_propagation_context
-from ddtrace.appsec._iast._taint_tracking._context import reset_context as reset_propagation_context
-from ddtrace.appsec._iast._utils import _request_tainted
 from ddtrace.appsec._iast.reporter import IastSpanReporter
 from ddtrace.constants import _ORIGIN_KEY
 from ddtrace.internal import core
 from ddtrace.internal.logger import get_logger
-from ddtrace.internal.utils.formats import asbool
 from ddtrace.settings.asm import config as asm_config
 
 
@@ -28,30 +22,6 @@
 # Stopgap module for providing ASM context for the blocking features wrapping some contextvars.
 
 
-def _set_span_tag_iast_request_tainted(span):
-    total_objects_tainted = _request_tainted()
-
-    if total_objects_tainted > 0:
-        span.set_tag(IAST_SPAN_TAGS.TELEMETRY_REQUEST_TAINTED, total_objects_tainted)
-
-
-def start_iast_context():
-    if asm_config._iast_enabled:
-        create_propagation_context()
-        core.set_item(IAST.REQUEST_CONTEXT_KEY, IASTEnvironment())
-
-
-def end_iast_context(span: Optional["Span"] = None):
-    env = _get_iast_env()
-    if env is not None and env.span is span:
-        finalize_iast_env(env)
-    reset_propagation_context()
-
-
-def finalize_iast_env(env: IASTEnvironment) -> None:
-    core.discard_item(IAST.REQUEST_CONTEXT_KEY)
-
-
 def set_iast_reporter(iast_reporter: IastSpanReporter) -> None:
     env = _get_iast_env()
     if env:
@@ -67,39 +37,6 @@ def get_iast_reporter() -> Optional[IastSpanReporter]:
     return None
 
 
-def get_iast_stacktrace_reported() -> bool:
-    env = _get_iast_env()
-    if env:
-        return env.iast_stack_trace_reported
-    return False
-
-
-def set_iast_stacktrace_reported(reported: bool) -> None:
-    env = _get_iast_env()
-    if env:
-        env.iast_stack_trace_reported = reported
-
-
-def get_iast_stacktrace_id() -> int:
-    env = _get_iast_env()
-    if env:
-        env.iast_stack_trace_id += 1
-        return env.iast_stack_trace_id
-    return 0
-
-
-def set_iast_request_enabled(request_enabled) -> None:
-    env = _get_iast_env()
-    if env:
-        env.request_enabled = request_enabled
-    else:
-        log.debug("iast::propagation::context::Trying to set IAST reporter but no context is present")
-
-
-def _move_iast_data_to_root_span():
-    return asbool(os.getenv("_DD_IAST_USE_ROOT_SPAN"))
-
-
 def _create_and_attach_iast_report_to_span(req_span: "Span", existing_data: Optional[str], merge: bool = False):
     report_data: Optional[IastSpanReporter] = get_iast_reporter()
     if merge and existing_data is not None and report_data is not None:
@@ -112,11 +49,11 @@ def _create_and_attach_iast_report_to_span(req_span: "Span", existing_data: Opti
         report_data.build_and_scrub_value_parts()
         req_span.set_tag_str(IAST.JSON, report_data._to_str())
     _set_metric_iast_request_tainted()
-    _set_span_tag_iast_request_tainted(req_span)
+    base._set_span_tag_iast_request_tainted(req_span)
     _set_span_tag_iast_executed_sink(req_span)
 
-    set_iast_request_enabled(False)
-    end_iast_context(req_span)
+    base.set_iast_request_enabled(False)
+    base.end_iast_context(req_span)
 
     if req_span.get_tag(_ORIGIN_KEY) is None:
         req_span.set_tag_str(_ORIGIN_KEY, APPSEC.ORIGIN_VALUE)
@@ -126,7 +63,7 @@ def _create_and_attach_iast_report_to_span(req_span: "Span", existing_data: Opti
 
 def _iast_end_request(ctx=None, span=None, *args, **kwargs):
     try:
-        move_to_root = _move_iast_data_to_root_span()
+        move_to_root = base._move_iast_data_to_root_span()
         if move_to_root:
             req_span = core.get_root_span()
         else:
@@ -143,7 +80,7 @@ def _iast_end_request(ctx=None, span=None, *args, **kwargs):
                 if req_span.get_metric(IAST.ENABLED) is None:
                     if not asm_config.is_iast_request_enabled:
                         req_span.set_metric(IAST.ENABLED, 0.0)
-                        end_iast_context(req_span)
+                        base.end_iast_context(req_span)
                         oce.release_request()
                         return
 
@@ -156,15 +93,3 @@ def _iast_end_request(ctx=None, span=None, *args, **kwargs):
 
     except Exception:
         log.debug("iast::propagation::context::Error finishing IAST context", exc_info=True)
-
-
-def _iast_start_request(span=None, *args, **kwargs):
-    try:
-        if asm_config._iast_enabled:
-            start_iast_context()
-            request_iast_enabled = False
-            if oce.acquire_request(span):
-                request_iast_enabled = True
-            set_iast_request_enabled(request_iast_enabled)
-    except Exception:
-        log.debug("iast::propagation::context::Error starting IAST context", exc_info=True)