feat(appsec): enable api security for lambda (#14118)

## Description

Add a handler for lambda to send a response body to parse.

Additionally fix one typo

## Additional Notes

This is enabled in datadog_lambda by this PR:
DataDog/datadog-lambda-python#636

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Author: florentinl

ddtrace/appsec/_handlers.py

@@ -4,13 +4,15 @@
 from typing import Any
 from typing import Dict
 from typing import Optional
+from typing import Union
 
 import xmltodict
 
 from ddtrace._trace.span import Span
 from ddtrace.appsec._asm_request_context import _call_waf
 from ddtrace.appsec._asm_request_context import _call_waf_first
 from ddtrace.appsec._asm_request_context import get_blocked
+from ddtrace.appsec._asm_request_context import set_body_response
 from ddtrace.appsec._constants import SPAN_DATA_NAMES
 from ddtrace.appsec._http_utils import extract_cookies_from_headers
 from ddtrace.appsec._http_utils import normalize_headers
@@ -157,6 +159,14 @@ def _on_lambda_start_response(
     _call_waf(("aws_lambda",))
 
 
+def _on_lambda_parse_body(
+    response_body: Optional[Union[str, Dict[str, Any]]],
+):
+    if asm_config._api_security_feature_active:
+        if response_body:
+            set_body_response(response_body)
+
+
 # ASGI
 
 
@@ -408,6 +418,7 @@ def listen():
 
     core.on("aws_lambda.start_request", _on_lambda_start_request)
     core.on("aws_lambda.start_response", _on_lambda_start_response)
+    core.on("aws_lambda.parse_body", _on_lambda_parse_body)
 
     core.on("grpc.server.response.message", _on_grpc_server_response)
     core.on("grpc.server.data", _on_grpc_server_data)

ddtrace/appsec/_processor.py

@@ -189,7 +189,7 @@ def on_span_start(self, span: Span) -> None:
             if skip_event:
                 core.discard_item("appsec_skip_next_lambda_event")
                 log.debug(
-                    "appsec: ignoring unsupported lamdba event",
+                    "appsec: ignoring unsupported lambda event",
                 )
                 span.set_metric(APPSEC.UNSUPPORTED_EVENT_TYPE, 1.0)
                 return

ddtrace/settings/asm.py

@@ -246,9 +246,8 @@ def __init__(self):
             self._asm_processed_span_types.add(SpanTypes.SERVERLESS)
             self._asm_http_span_types.add(SpanTypes.SERVERLESS)
 
-            # As a first step, only Threat Management in monitoring mode should be enabled in AWS Lambda
+            # Disable all features that are not supported in Lambda
             tracer_config._remote_config_enabled = False
-            self._api_security_enabled = False
             self._ep_enabled = False
             self._iast_supported = False