Prevent NPE when there is no subscriber for user events (#8260)

manuel-alvarez-alvarez · web-flow · commit 400277e123c0 · 2025-01-21T13:09:24.000+01:00
(cherry picked from commit 4f83a4c)
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy
@@ -268,6 +268,15 @@ class AppSecEventTrackerSpecification extends DDSpecification {
     thrown(BlockingException)
   }
 
+  void 'should not fail on null callback'() {
+    when:
+    tracker.onUserEvent(UserIdCollectionMode.IDENTIFICATION, 'test-user')
+
+    then:
+    noExceptionThrown()
+    provider.getCallback(EVENTS.user()) >> null
+  }
+
   private static class ActionFlow<T> implements Flow<T> {
 
     private Action action
diff --git a/dd-java-agent/instrumentation/spring-security-5/src/main/java/datadog/trace/instrumentation/springsecurity5/AppSecDeferredContext.java b/dd-java-agent/instrumentation/spring-security-5/src/main/java/datadog/trace/instrumentation/springsecurity5/AppSecDeferredContext.java
@@ -1,10 +1,14 @@
 package datadog.trace.instrumentation.springsecurity5;
 
 import java.util.function.Supplier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.core.context.SecurityContext;
 
 public class AppSecDeferredContext implements Supplier<SecurityContext> {
 
+  private static final Logger LOGGER = LoggerFactory.getLogger(AppSecDeferredContext.class);
+
   private final Supplier<SecurityContext> delegate;
 
   public AppSecDeferredContext(final Supplier<SecurityContext> delegate) {
@@ -15,7 +19,11 @@ public AppSecDeferredContext(final Supplier<SecurityContext> delegate) {
   public SecurityContext get() {
     SecurityContext context = delegate.get();
     if (context != null) {
-      SpringSecurityUserEventDecorator.DECORATE.onUser(context.getAuthentication());
+      try {
+        SpringSecurityUserEventDecorator.DECORATE.onUser(context.getAuthentication());
+      } catch (Throwable e) {
+        LOGGER.debug("Error handling user event", e);
+      }
     }
     return context;
   }
diff --git a/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java b/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java
@@ -142,6 +142,9 @@ private <T> void dispatch(
       return;
     }
     final T callback = cbp.getCallback(event);
+    if (callback == null) {
+      return;
+    }
     final Flow<Void> flow = consumer.apply(ctx, callback);
     if (flow == null) {
       return;
