[ASM] Fix access violation exception when reading WAF addresses (#6510)

## Summary of changes

There are some errors detected in real customers that seem to be related
to the method Waf.GetKnownAddresses() All the following errors seem to
be caused by the same issue: memory corruption.

The errors detected include:

```
exception:Type: System.AccessViolationException
Message: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

Unhandled Exception: System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'UnmanagedMemoryPool'.

System.NullReferenceException
   at System.SpanHelpers.IndexOfNullByte(Byte* searchSpace)
   at System.String.Ctor(SByte* value)
   at System.Runtime.InteropServices.Marshal.PtrToStringAnsi(IntPtr ptr)
   at Datadog.Trace.AppSec.Waf.NativeBindings.WafLibraryInvoker.GetKnownAddresses(IntPtr wafHandle)
```
   
The stack traces suggest that the problem would be originated in the WAF
dll:

```
System.AccessViolationException
        C:\\Windows\\SYSTEM32\\ntdll.dll!<unknown>+a38ee
        C:\\Program Files\\Datadog\\.NET Tracer\\win-x64\\ddwaf.dll!<unknown>+4f34e
        Datadog.Trace.dll!.IL_STUB_PInvoke
        Datadog.Trace.dll!Datadog.Trace.AppSec.Waf.NativeBindings.WafLibraryInvoker.GetKnownAddresses
        Datadog.Trace.dll!Datadog.Trace.AppSec.Security.UpdateActiveAddresses

```

A new unit test was created. This unit test launches 100 parallel calls
to the WAF GetKnownAddresses method. The test was able to reproduce the
error, crashing sometimes the testhost.exe process.

It seems that the WAF builds a cache when receiving the first
GetKnownAddresses request. Parallel requests seem to be causing a
concurrency issue. A lock would prevent this issue. It would seem that
we would only need to protect the GetKnownAddresses calls during the
first call, but, when doing that, the unit test still failed. When
locking all the calls to the GetKnownAddresses method, tests passed
consistently. That's why a WriteLock has been used.

Anyway, this method is only called when there are RC changes, so the
performance impact of the lock should be minimal.

## Reason for change

We were getting some of these exceptions logs from real customers.

## Implementation details

## Test coverage

## Other details
<!-- Fixes #{issue} -->

<!-- ⚠️ Note: where possible, please obtain 2 approvals prior to
merging. Unless CODEOWNERS specifies otherwise, for external teams it is
typically best to have one review from a team member, and one review
from apm-dotnet. Trivial changes do not require 2 reviews. -->

Author: NachoEchevarria

tracer/src/Datadog.Trace/AppSec/Waf/NativeBindings/WafLibraryInvoker.cs

@@ -243,37 +243,24 @@ internal void SetupLogging(bool wafDebugEnabled)
 
         internal string[] GetKnownAddresses(IntPtr wafHandle)
         {
-            try
-            {
-                if (!IsKnowAddressesSuported())
-                {
-                    return Array.Empty<string>();
-                }
-
-                uint size = 0;
-                var result = _getKnownAddresses(wafHandle, ref size);
+            uint size = 0;
+            var result = _getKnownAddresses(wafHandle, ref size);
 
-                if (size == 0)
-                {
-                    return Array.Empty<string>();
-                }
-
-                string[] knownAddresses = new string[size];
+            if (size == 0)
+            {
+                return Array.Empty<string>();
+            }
 
-                for (uint i = 0; i < size; i++)
-                {
-                    // Calculate the pointer to each string
-                    var stringPtr = Marshal.ReadIntPtr(result, (int)i * IntPtr.Size);
-                    knownAddresses[i] = Marshal.PtrToStringAnsi(stringPtr);
-                }
+            string[] knownAddresses = new string[size];
 
-                return knownAddresses;
-            }
-            catch (Exception ex)
+            for (uint i = 0; i < size; i++)
             {
-                Log.Error(ex, "Error while getting known addresses");
-                return Array.Empty<string>();
+                // Calculate the pointer to each string
+                var stringPtr = Marshal.ReadIntPtr(result, (int)i * IntPtr.Size);
+                knownAddresses[i] = Marshal.PtrToStringAnsi(stringPtr);
             }
+
+            return knownAddresses;
         }
 
         internal bool IsKnowAddressesSuported(string libVersion = null)

tracer/src/Datadog.Trace/AppSec/Waf/Waf.cs

@@ -113,7 +113,33 @@ public bool IsKnowAddressesSuported()
 
         public string[] GetKnownAddresses()
         {
-            return _wafLibraryInvoker.GetKnownAddresses(_wafHandle);
+            bool lockAcquired = false;
+            try
+            {
+                if (_wafLocker.EnterWriteLock())
+                {
+                    lockAcquired = true;
+
+                    var result = _wafLibraryInvoker.GetKnownAddresses(_wafHandle);
+                    return result;
+                }
+                else
+                {
+                    return Array.Empty<string>();
+                }
+            }
+            catch (Exception ex)
+            {
+                Log.Error(ex, "Error while getting known addresses");
+                return Array.Empty<string>();
+            }
+            finally
+            {
+                if (lockAcquired)
+                {
+                    _wafLocker.ExitWriteLock();
+                }
+            }
         }
 
         private unsafe UpdateResult UpdateWafAndDispose(IEncodeResult updateData)

tracer/test/Datadog.Trace.Security.Unit.Tests/RASP/RaspWafTests.cs

@@ -6,6 +6,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 using Datadog.Trace.AppSec;
 using Datadog.Trace.AppSec.Rcm;
 using Datadog.Trace.AppSec.Waf;
@@ -103,6 +104,20 @@ public void GivenARaspRule_WhenInsecureAccess_ThenBlock(object value, string par
             actionType);
     }
 
+    [Fact]
+    public void GivenWafInstance_WhenGetKnownAddressesInParallel_ThenResultIsOk()
+    {
+        var args = CreateArgs("paramValue");
+        var context = InitWaf(true, "rasp-rule-set.json", args, out var waf);
+
+        Parallel.For(0, 100, i =>
+        {
+            var addresses = waf.GetKnownAddresses();
+            addresses.Should().NotBeNull();
+            addresses.Count().Should().BeGreaterThan(0);
+        });
+    }
+
     private void EnableDebugInfo(bool enable)
     {
         if (enable)