fix(iast): stacktrace leak in flask

[avara1986]

• werkzeug.DebugTraceback.render_debugger_html runs outside of iast_request_context. Because of this, when this function is called, we store the result to report it in the next request when there's context and the span hasn't been sent yet.
• Support for Werkzeug <= 2.0.3

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

tests/appsec/integrations/flask_tests/test_iast_flask_testagent.py      @DataDog/asm-python
ddtrace/appsec/_iast/_handlers.py                                       @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/_errors.py                         @DataDog/asm-python
ddtrace/appsec/_iast/processor.py                                       @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/stacktrace_leak.py                     @DataDog/asm-python
ddtrace/contrib/internal/flask/patch.py                                 @DataDog/apm-core-python @DataDog/apm-idm-python
tests/appsec/app.py                                                     @DataDog/asm-python
tests/appsec/appsec_utils.py                                            @DataDog/asm-python
tests/appsec/iast/taint_sinks/test_stacktrace_leak.py                   @DataDog/asm-python
tests/appsec/integrations/flask_tests/test_iast_flask_telemetry.py      @DataDog/asm-python

[datadog-dd-trace-py-rkomorn]

Datadog Report

Branch report: avara1986/APPSEC-56862-stacktrace_leak_flask
Commit report: bed4e79
Test service: dd-trace-py

✅ 0 Failed, 43 Passed, 460 Skipped, 57.9s Total duration (10m 5.83s time saved)

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-02-27 08:24:13

Comparing candidate commit bfc7c38 in PR branch avara1986/APPSEC-56862-stacktrace_leak_flask with baseline commit 7c26395 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 418 metrics, 2 unstable metrics.