fix(iast): avoid early and potentially unneeded iast import [backport 1.18] (#6794)

Backport 2cbaf87 from #6791 to 1.18.

## Checklist

- [X] Change(s) are motivated and described in the PR description.
- [X] Testing strategy is described if automated tests are not included
in the PR.
- [X] Risk is outlined (performance impact, potential for breakage,
maintainability, etc).
- [X] Change is maintainable (easy to change, telemetry, documentation).
- [X] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed. If no release note is required, add label
`changelog/no-changelog`.
- [X] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/)).
- [X] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist

- [x] Title is accurate.
- [x] No unnecessary changes are introduced.
- [x] Description motivates each change.
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes unless absolutely necessary.
- [x] Testing strategy adequately addresses listed risk(s).
- [x] Change is maintainable (easy to change, telemetry, documentation).
- [x] Release note makes sense to a user of the library.
- [x] Reviewer has explicitly acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment.
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: Alberto Vara <[email protected]>

Author: github-actions[bot]

ddtrace/appsec/iast/_taint_utils.py

@@ -1,8 +1,6 @@
 #!/usr/bin/env python3
 from collections import abc
 
-from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
-from ddtrace.appsec.iast._taint_tracking import taint_pyobject
 from ddtrace.internal.logger import get_logger
 
 
@@ -32,6 +30,9 @@ def __init__(self, original_list, origins=(0, 0), override_pyobject_tainted=Fals
     def _taint(self, value):
         if value:
             if isinstance(value, (str, bytes, bytearray)):
+                from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
+                from ddtrace.appsec.iast._taint_tracking import taint_pyobject
+
                 if not is_pyobject_tainted(value) or self._override_pyobject_tainted:
                     try:
                         # TODO: migrate this part to shift ranges instead of creating a new one
@@ -200,6 +201,9 @@ def _taint(self, value, key, origin=None):
             origin = self._origin_value
         if value:
             if isinstance(value, (str, bytes, bytearray)):
+                from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
+                from ddtrace.appsec.iast._taint_tracking import taint_pyobject
+
                 if not is_pyobject_tainted(value) or self._override_pyobject_tainted:
                     try:
                         # TODO: migrate this part to shift ranges instead of creating a new one
@@ -375,6 +379,8 @@ def supported_dbapi_integration(integration_name):
 
 def check_tainted_args(args, kwargs, tracer, integration_name, method):
     if supported_dbapi_integration(integration_name) and method.__name__ == "execute":
+        from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
+
         return len(args) and args[0] and is_pyobject_tainted(args[0])
 
     return False

releasenotes/notes/asm-avoid-subprocess-iast-import-d56d9bf2f37bdaa4.yaml

@@ -0,0 +1,3 @@
+fixes:
+  - |
+    ASM: avoid potentially unneeded import of the IAST native module if setup doesn't build extensions correctly.