chore(asm): more tags for appsec telemetry

[christophe-papazian]

APPSEC-56592

• small type refactor, moving some classes from inside _ddwaf to appsec._utils
• small telemetry refactor with proper definition of a class to accumulate results instead of just using dictionaries.
• add 2 missing telemetry tags waf_error and rate_limited and telemetry config_error metric counter.
• update some tests to handle the new tags and metrics

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

ddtrace/appsec/_asm_request_context.py                                  @DataDog/asm-python
ddtrace/appsec/_ddwaf/__init__.py                                       @DataDog/asm-python
ddtrace/appsec/_ddwaf/waf_stubs.py                                      @DataDog/asm-python
ddtrace/appsec/_metrics.py                                              @DataDog/asm-python
ddtrace/appsec/_processor.py                                            @DataDog/asm-python
ddtrace/appsec/_utils.py                                                @DataDog/asm-python
tests/appsec/appsec/test_telemetry.py                                   @DataDog/asm-python
tests/appsec/contrib_appsec/utils.py                                    @DataDog/asm-python

[github-actions]

Bootstrap import analysis

Comparison of import times between this PR and base.

Summary

The average import time from this PR is: 230 ± 2 ms.

The average import time from base is: 232 ± 2 ms.

The import time difference between this PR and base is: -2.1 ± 0.1 ms.

Import time breakdown

The following import paths have grown:

ddtrace.auto 0.101 ms (0.04%)

ddtrace.bootstrap.sitecustomize 0.101 ms (0.04%)

ddtrace.appsec._common_module_patches 0.101 ms (0.04%)

ddtrace.appsec._asm_request_context 0.101 ms (0.04%)

ddtrace.appsec._utils 0.101 ms (0.04%)

The following import paths have shrunk:

ddtrace.auto 2.022 ms (0.88%)

ddtrace.bootstrap.sitecustomize 1.333 ms (0.58%)

ddtrace.bootstrap.preload 1.284 ms (0.56%)

ddtrace.internal.products 1.284 ms (0.56%)

ddtrace.internal.remoteconfig.client 0.643 ms (0.28%)

ddtrace.appsec._common_module_patches 0.049 ms (0.02%)

ddtrace.appsec._asm_request_context 0.049 ms (0.02%)

ddtrace 0.689 ms (0.30%)

ddtrace.trace 0.017 ms (0.01%)

ddtrace._trace.tracer 0.017 ms (0.01%)

ddtrace.internal.peer_service.processor 0.017 ms (0.01%)

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-04-02 12:20:49

Comparing candidate commit 96bc672 in PR branch christophe-papazian/more_metric_tags_for_waf with baseline commit 5b3a8f2 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 498 metrics, 2 unstable metrics.