fix(iast): None as module_path at astpatch_module (#8973)

IAST: Fixes an issue where the AST patching process fails when the
`origin` of a module is reported as None, raising a `FileNotFoundError`
as follows:

```python
Traceback (most recent call last):
  File "/Users/federico.mon/go/src/github.com/DataDog/dd-trace-py/ddtrace/appsec/_iast/_ast/ast_patching.py", line 130, in astpatch_module
    if os.stat(module_path).st_size == 0:
FileNotFoundError: [Errno 2] No such file or directory: 'None'
```

## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Gabriele N. Tornetta <[email protected]>
(cherry picked from commit 0f4f240)

ddtrace/appsec/_iast/_ast/ast_patching.py

@@ -131,9 +131,15 @@ def _remove_flask_run(text):  # type (str) -> str
 
 def astpatch_module(module: ModuleType, remove_flask_run: bool = False) -> Tuple[str, str]:
     module_name = module.__name__
-    module_path = str(origin(module))
+
+    module_origin = origin(module)
+    if module_origin is None:
+        log.debug("astpatch_source couldn't find the module: %s", module_name)
+        return "", ""
+
+    module_path = str(module_origin)
     try:
-        if os.stat(module_path).st_size == 0:
+        if module_origin.stat().st_size == 0:
             # Don't patch empty files like __init__.py
             log.debug("empty file: %s", module_path)
             return "", ""

releasenotes/notes/fix-ast-patching-none-module_path-4f66c1e35169d5e4.yaml

@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Code Security: Fixes an issue where the AST patching process fails when the origin of a module is reported as None, raising a ``FileNotFoundError``.

tests/appsec/iast/_ast/test_ast_patching.py

@@ -1,5 +1,8 @@
 #!/usr/bin/env python3
+import logging
+
 import astunparse
+import mock
 import pytest
 
 from ddtrace.appsec._iast._ast.ast_patching import _in_python_stdlib_or_third_party
@@ -146,3 +149,9 @@ def test_module_should_iast_patch():
 )
 def test_module_in_python_stdlib_or_third_party(module_name, result):
     assert _in_python_stdlib_or_third_party(module_name) == result
+
+
+def test_module_path_none(caplog):
+    with caplog.at_level(logging.DEBUG), mock.patch("ddtrace.internal.module.Path.resolve", side_effect=AttributeError):
+        assert ("", "") == astpatch_module(__import__("tests.appsec.iast.fixtures.ast.str.class_str", fromlist=[None]))
+        assert "astpatch_source couldn't find the module: tests.appsec.iast.fixtures.ast.str.class_str" in caplog.text