feat(asm): add handlers to support the AWS Lambda framework

[florentinl]

Jira Ticket: APPSEC-57889

Description

In AWS Lambda, the AppsecSpanProcessor need to be able to process SERVERLESS spans. It also adds appsec listeners to enable the aws_lambda instrumentation to call the waf in the context of Threat Detection.

This is a follow up on #13602 and likewise it should have no impact in production as long as the libddwaf binary is being stripped from the datadog_lambda layer.

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

ddtrace/appsec/_http_utils.py                                           @DataDog/asm-python
tests/appsec/appsec/test_appsec_http_utils.py                           @DataDog/asm-python
ddtrace/appsec/_handlers.py                                             @DataDog/asm-python
ddtrace/appsec/_processor.py                                            @DataDog/asm-python
ddtrace/settings/asm.py                                                 @DataDog/asm-python

[github-actions]

Bootstrap import analysis

Comparison of import times between this PR and base.

Summary

The average import time from this PR is: 274 ± 2 ms.

The average import time from base is: 276 ± 4 ms.

The import time difference between this PR and base is: -2.4 ± 0.1 ms.

Import time breakdown

The following import paths have shrunk:

ddtrace.auto 2.004 ms (0.73%)

ddtrace.bootstrap.sitecustomize 1.330 ms (0.49%)

ddtrace.bootstrap.preload 1.330 ms (0.49%)

ddtrace.internal.remoteconfig.client 0.638 ms (0.23%)

ddtrace 0.674 ms (0.25%)

ddtrace.internal._unpatched 0.031 ms (0.01%)

json 0.031 ms (0.01%)

json.decoder 0.031 ms (0.01%)

re 0.031 ms (0.01%)

enum 0.031 ms (0.01%)

types 0.031 ms (0.01%)

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-06-17 10:19:11

Comparing candidate commit 25b01e6 in PR branch florentin.labelle/APPSEC-57889/waf-for-aws-lambda with baseline commit 5692392 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 561 metrics, 3 unstable metrics.