ci(appsec): fix ddwaf circular import [backport 2.20] (#12103)

github-actions[bot] · mabdinur · web-flow · commit 3ff00cc02f50 · 2025-01-27T19:21:31.000Z
Backport 67e1c46 from #12013 to 2.20. Fix the following CI failures: https://gitlab.ddbuild.io/DataDog/apm-reliability/dd-trace-py/-/jobs/774636553 Reproduction: ``` from ddtrace.appsec._metrics import _set_waf_init_metric ``` - `ddtrace/appsec/_metrics` defines [_set_waf_init_metric](https://github.com/DataDog/dd-trace-py/blob/130b69b367e22311fa5fea7e3cc0910396e968c4/ddtrace/appsec/_metrics.py#L48-L49) - `ddtrace/appsec/_metrics` imports [ddtrace.appsec._proccessors](https://github.com/DataDog/dd-trace-py/blob/130b69b367e22311fa5fea7e3cc0910396e968c4/ddtrace/appsec/_metrics.py#L4-L5) - `ddtrace.appsec._proccessors` imports [_set_waf_init_metric](https://github.com/DataDog/dd-trace-py/blob/130b69b367e22311fa5fea7e3cc0910396e968c4/ddtrace/appsec/_processor.py#L443-L444) - Boom: Circular import The fix here is to avoid importing `ddwaf` from `ddtrace.appsec._processor` in `ddtrace.appsec._metrics`. Instead we can import ddwaf directly from `ddtrace.appsec._ddwaf`. This issue does not occur if the `ddtrace.appsec._processor` module is imported before `ddtrace.appsec._metrics`. This is why we do not see this error in most of our appsec tests. However the order of imports is not guaranteed by the slots check. This explains the flakiness in this job. ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) Co-authored-by: Munir Abdinur <munir.abdinur@datadoghq.com>
diff --git a/ddtrace/appsec/_metrics.py b/ddtrace/appsec/_metrics.py
@@ -1,7 +1,7 @@
 from ddtrace.appsec import _asm_request_context
 from ddtrace.appsec import _constants
+import ddtrace.appsec._ddwaf as ddwaf
 from ddtrace.appsec._deduplications import deduplication
-from ddtrace.appsec._processor import ddwaf
 from ddtrace.internal import telemetry
 from ddtrace.internal.logger import get_logger
 from ddtrace.internal.telemetry.constants import TELEMETRY_LOG_LEVEL
