Session property can throw on netcore app 3.1 and lower

anna-git · anna-git · commit a5b6a371cbca · 2025-02-13T14:54:35.000+01:00
diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinatorHelpers.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinatorHelpers.Core.cs
@@ -7,8 +7,10 @@
 #if !NETFRAMEWORK
 using System;
 using System.Collections.Generic;
+using Datadog.Trace.AppSec.Waf;
 using Datadog.Trace.Logging;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Mvc.Abstractions;
 using Microsoft.AspNetCore.Routing;
 
@@ -78,7 +80,17 @@ internal static void CheckPathParamsAndSessionId(this Security security, HttpCon
             {
                 var securityCoordinator = SecurityCoordinator.Get(security, span, transport);
                 var args = new Dictionary<string, object> { { AddressesConstants.RequestPathParams, pathParams } };
-                var result = securityCoordinator.RunWaf(args, sessionId: context.Session.Id);
+                IResult? result;
+                // we need these tests for netcoreapp3.1 and lower, as otherwise it throws
+                if (context.Features.Get<ISessionFeature>() is not null && (context.Session?.IsAvailable ?? false))
+                {
+                    result = securityCoordinator.RunWaf(args, sessionId: context.Session.Id);
+                }
+                else
+                {
+                    result = securityCoordinator.RunWaf(args);
+                }
+
                 securityCoordinator.BlockAndReport(result);
             }
         }
