fix(asm): switch back to default if remote config stop sending the security rule file

[christophe-papazian]

Security rule file is provided by ASM_DD through remote config.
This PR fix an issue where the WAF could be disabled if remote config was deleting or deprecating the ASM_DD rule file.

After that PR, the WAF will stay enabled with the default recommended rule file.

Also

• rename rules attribute to the more precise rule_filename in AppSecSpanProcessor
• add a unit test to ensure that we never send an empty rule list to the waf
• this will also be tested with the new system tests : add rc test for ASM_DD rules system-tests#2839

APPSEC-54105

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

releasenotes/notes/fix_rc_asm_dd_no_file-37e6f733583e334c.yaml          @DataDog/apm-python
ddtrace/appsec/_processor.py                                            @DataDog/asm-python
ddtrace/appsec/_remoteconfiguration.py                                  @DataDog/asm-python
tests/appsec/appsec/test_processor.py                                   @DataDog/asm-python
tests/appsec/appsec/test_remoteconfiguration.py                         @DataDog/asm-python

[datadog-dd-trace-py-rkomorn]

Datadog Report

Branch report: christophe-papazian/fix_rc_asm_dd_delete_rule_file
Commit report: 11285ea
Test service: dd-trace-py

✅ 0 Failed, 109870 Passed, 3967 Skipped, 5m 50.98s Total duration (39m 47.43s time saved)

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 20.83333% with 19 lines in your changes missing coverage. Please review.

Project coverage is 10.54%. Comparing base (eb99173) to head (11285ea).
Report is 34 commits behind head on main.

Files	Patch %	Lines
tests/appsec/appsec/test_remoteconfiguration.py	0.00%	10 Missing ⚠️
ddtrace/appsec/_processor.py	55.55%	4 Missing ⚠️
ddtrace/appsec/_remoteconfiguration.py	0.00%	4 Missing ⚠️
tests/appsec/appsec/test_processor.py	0.00%	1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (eb99173) and HEAD (11285ea). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (eb99173)	HEAD (11285ea)
	2	1

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #10030       +/-   ##
===========================================
- Coverage   73.94%   10.54%   -63.40%     
===========================================
  Files        1402     1378       -24     
  Lines      130639   128969     -1670     
===========================================
- Hits        96598    13599    -82999     
- Misses      34041   115370    +81329     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-08-01 16:59:00

Comparing candidate commit 54301db in PR branch christophe-papazian/fix_rc_asm_dd_delete_rule_file with baseline commit 919bd7b in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 214 metrics, 2 unstable metrics.

[github-actions]

The backport to 2.9 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.9 2.9
# Navigate to the new working tree
cd .worktrees/backport-2.9
# Create a new branch
git switch --create backport-10030-to-2.9
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bc50e9cd69c4a21a101e11bf250a7904dc6b6937
# Push it to GitHub
git push --set-upstream origin backport-10030-to-2.9
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.9

Then, create a pull request where the base branch is 2.9 and the compare/head branch is backport-10030-to-2.9.

[github-actions]

The backport to 2.10 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.10 2.10
# Navigate to the new working tree
cd .worktrees/backport-2.10
# Create a new branch
git switch --create backport-10030-to-2.10
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bc50e9cd69c4a21a101e11bf250a7904dc6b6937
# Push it to GitHub
git push --set-upstream origin backport-10030-to-2.10
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.10

Then, create a pull request where the base branch is 2.10 and the compare/head branch is backport-10030-to-2.10.