From 1e4b598bd3020e69ebabea030f5b2f22135a56ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?=
 <alejandro.gonzalez@datadoghq.com>
Date: Tue, 12 Aug 2025 15:53:54 +0200
Subject: [PATCH] Fix NullPointerException log in AppSec (#9355)

What Does This Do
Modifies WafModule#buildEvents to safely handle actionWithData.data being null.

Motivation
Fix #9346

Additional Notes
The current version of libddwaf may return null in the data field of actionWithData. This was previously not handled and could cause unexpected logged exceptions. The method now explicitly checks for null to prevent this.

(cherry picked from commit ef2e9f03e6c48113accae79b8a4102ab4d53c767)
---
 .../java/com/datadog/appsec/ddwaf/WAFModule.java    |  5 +++++
 .../appsec/ddwaf/WAFModuleSpecification.groovy      | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java
index 325c1313263..1aef1c5f964 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java
@@ -1,5 +1,6 @@
 package com.datadog.appsec.ddwaf;
 
+import static datadog.trace.api.telemetry.LogCollector.SEND_TELEMETRY;
 import static datadog.trace.util.stacktrace.StackTraceEvent.DEFAULT_LANGUAGE;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
@@ -557,6 +558,10 @@ private Waf.ResultWithData runWafTransient(
   }
 
   private Collection<AppSecEvent> buildEvents(Waf.ResultWithData actionWithData) {
+    if (actionWithData.data == null) {
+      log.debug(SEND_TELEMETRY, "WAF result data is null");
+      return Collections.emptyList();
+    }
     Collection<WAFResultData> listResults;
     try {
       listResults = RES_JSON_ADAPTER.fromJson(actionWithData.data);
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/ddwaf/WAFModuleSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/ddwaf/WAFModuleSpecification.groovy
index aeed7c23d56..be191e9a749 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/ddwaf/WAFModuleSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/ddwaf/WAFModuleSpecification.groovy
@@ -1682,6 +1682,19 @@ class WAFModuleSpecification extends DDSpecification {
     internal == libddwaf
   }
 
+  void 'ResultWithData - null data'() {
+    def waf = new WAFModule()
+    Waf.ResultWithData rwd = new Waf.ResultWithData(null, null, null, null)
+    Collection ret
+
+    when:
+    ret = waf.buildEvents(rwd)
+
+    then:
+    noExceptionThrown()
+    ret.isEmpty()
+  }
+
   /**
    * Helper to return a concrete Waf exception for each WafErrorCode
    */