fix: Add more null checks to Asp.NET Core 6+ browser instrumentation logic (#3070)

tippmar-nr · web-flow · commit 5f5cf1270326 · 2025-03-31T14:18:28.000-05:00
diff --git a/src/Agent/NewRelic/Agent/Extensions/Providers/Wrapper/AspNetCore6Plus/AddNewRelicStartupFilter.cs b/src/Agent/NewRelic/Agent/Extensions/Providers/Wrapper/AspNetCore6Plus/AddNewRelicStartupFilter.cs
@@ -32,7 +32,7 @@ public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)
 
                 // only inject the middleware if browser injection is enabled and the request is not a gRPC request.
                 builder.UseWhen(
-                    context => _agent.Configuration.BrowserMonitoringAutoInstrument && _agent.Configuration.EnableAspNetCore6PlusBrowserInjection && context.Request.ContentType?.ToLower() != "application/grpc",
+                    context => _agent.Configuration.BrowserMonitoringAutoInstrument && _agent.Configuration.EnableAspNetCore6PlusBrowserInjection && context.Request?.ContentType?.ToLower() != "application/grpc",
                     b => b.UseMiddleware<BrowserInjectionMiddleware>(_agent));
 
                 next(builder);
diff --git a/src/Agent/NewRelic/Agent/Extensions/Providers/Wrapper/AspNetCore6Plus/BrowserInjectingStreamWrapper.cs b/src/Agent/NewRelic/Agent/Extensions/Providers/Wrapper/AspNetCore6Plus/BrowserInjectingStreamWrapper.cs
@@ -37,46 +37,45 @@ public BrowserInjectingStreamWrapper(IAgent agent, Stream baseStream, HttpContex
 
         public override Task FlushAsync(CancellationToken cancellationToken)
         {
-            if (!Disabled && !_isContentLengthSet && IsHtmlResponse())
+            if (_context is { Response: not null } && !Disabled && !_isContentLengthSet && IsHtmlResponse())
             {
                 if (!_context.Response.HasStarted)  // can't set headers if response has already started
                     _context.Response.ContentLength = null;
                 _isContentLengthSet = true;
             }
 
-            return _baseStream.FlushAsync(cancellationToken);
+            return _baseStream?.FlushAsync(cancellationToken) ?? Task.CompletedTask;
         }
 
-        public override void Flush() => _baseStream.Flush();
+        public override void Flush() => _baseStream?.Flush();
 
-        public override int Read(byte[] buffer, int offset, int count) => _baseStream.Read(buffer, offset, count);
+        public override int Read(byte[] buffer, int offset, int count) => _baseStream?.Read(buffer, offset, count) ?? 0;
 
-        public override long Seek(long offset, SeekOrigin origin) => _baseStream.Seek(offset, origin);
+        public override long Seek(long offset, SeekOrigin origin) => _baseStream?.Seek(offset, origin) ?? 0;
 
         public override void SetLength(long value)
         {
-            _baseStream.SetLength(value);
+            _baseStream?.SetLength(value);
 
             if (!Disabled)
                 IsHtmlResponse(forceReCheck: true);
         }
 
-        public override void Write(ReadOnlySpan<byte> buffer) => _baseStream.Write(buffer);
-
-        public override void WriteByte(byte value) => _baseStream.WriteByte(value);
+        public override void Write(ReadOnlySpan<byte> buffer) => _baseStream?.Write(buffer);
 
+        public override void WriteByte(byte value) => _baseStream?.WriteByte(value);
 
         public override void Write(byte[] buffer, int offset, int count)
         {
             // pass through without modification if we're already in the middle of injecting
             // don't inject if the response isn't an HTML response
-            if (!Disabled && !CurrentlyInjecting() && IsHtmlResponse())
+            if (_context != null && !Disabled && !CurrentlyInjecting() && IsHtmlResponse())
             {
                 try
                 {
                     // Set a flag on the context to indicate we're in the middle of injecting - prevents multiple recursions when response compression is in use
                     StartInjecting();
-                    _agent.TryInjectBrowserScriptAsync(_context.Response.ContentType, _context.Request.Path.Value, buffer, _baseStream)
+                    _agent.TryInjectBrowserScriptAsync(_context.Response?.ContentType, _context.Request?.Path, buffer, _baseStream)
                         .GetAwaiter().GetResult();
                 }
                 finally
@@ -96,13 +95,13 @@ public override async ValueTask WriteAsync(ReadOnlyMemory<byte> buffer, Cancella
         {
             // pass through without modification if we're already in the middle of injecting
             // don't inject if the response isn't an HTML response
-            if (!Disabled && !CurrentlyInjecting() && IsHtmlResponse())
+            if (_context != null & !Disabled && !CurrentlyInjecting() && IsHtmlResponse())
             {
                 try
                 {
                     // Set a flag on the context to indicate we're in the middle of injecting - prevents multiple recursions when response compression is in use
                     StartInjecting();
-                    await _agent.TryInjectBrowserScriptAsync(_context.Response.ContentType, _context.Request.Path.Value, buffer.ToArray(), _baseStream);
+                    await _agent.TryInjectBrowserScriptAsync(_context.Response?.ContentType, _context.Request?.Path, buffer.ToArray(), _baseStream);
                 }
                 finally
                 {
@@ -126,8 +125,11 @@ public override async ValueTask DisposeAsync()
         {
             _context = null;
 
-            await _baseStream.DisposeAsync();
-            _baseStream = null;
+            if (_baseStream != null)
+            {
+                await _baseStream.DisposeAsync();
+                _baseStream = null;
+            }
         }
 
         public override bool CanRead { get; }
@@ -154,15 +156,16 @@ private bool IsHtmlResponse(bool forceReCheck = false)
                 // Requirements for script injection:
                 // * text/html response
                 // * UTF-8 formatted (either explicitly or no charset defined)
+                var responseContentType = _context.Response.ContentType;
                 _isHtmlResponse =
-                    _context.Response.ContentType != null &&
-                    _context.Response.ContentType.Contains("text/html", StringComparison.OrdinalIgnoreCase) &&
-                    (_context.Response.ContentType.Contains("utf-8", StringComparison.OrdinalIgnoreCase) ||
-                     !_context.Response.ContentType.Contains("charset=", StringComparison.OrdinalIgnoreCase));
+                    !string.IsNullOrEmpty(responseContentType) && 
+                    responseContentType.Contains("text/html", StringComparison.OrdinalIgnoreCase) &&
+                    (responseContentType.Contains("utf-8", StringComparison.OrdinalIgnoreCase) ||
+                     !responseContentType.Contains("charset=", StringComparison.OrdinalIgnoreCase));
 
                 if (!_isHtmlResponse.Value)
                 {
-                    _agent.CurrentTransaction?.LogFinest($"Skipping RUM injection: Not an HTML response. ContentType is {_context.Response.ContentType}");
+                    _agent.CurrentTransaction?.LogFinest($"Skipping RUM injection: Not an HTML response. ContentType is {responseContentType}");
                     return false;
                 }
 
@@ -186,8 +189,7 @@ private bool IsHtmlResponse(bool forceReCheck = false)
 
         private void LogExceptionAndDisable(Exception e)
         {
-            _agent.Logger.Log(Level.Error,
-                $"Unexpected exception. Browser injection will be disabled. Exception: {e.Message}: {e.StackTrace}");
+            _agent.Logger.Log(Level.Error, e, "Unexpected exception. Browser injection will be disabled.");
 
             Disabled = true;
         }
diff --git a/src/Agent/NewRelic/Agent/Extensions/Providers/Wrapper/AspNetCore6Plus/ResponseCompressionBodyOnWriteWrapper.cs b/src/Agent/NewRelic/Agent/Extensions/Providers/Wrapper/AspNetCore6Plus/ResponseCompressionBodyOnWriteWrapper.cs
@@ -45,7 +45,7 @@ public AfterWrappedMethodDelegate BeforeWrappedMethod(InstrumentedMethodCall ins
                 var context = _contextFieldGetter.Invoke(instrumentedMethodCall.MethodCall.InvocationTarget);
 
                 // only wrap the compression stream if browser injection is enabled and the request is not a gRPC request.
-                if (agent.Configuration.BrowserMonitoringAutoInstrument && agent.Configuration.EnableAspNetCore6PlusBrowserInjection && context.Request.ContentType?.ToLower() != "application/grpc")
+                if (context != null && agent.Configuration.BrowserMonitoringAutoInstrument && agent.Configuration.EnableAspNetCore6PlusBrowserInjection && context.Request?.ContentType?.ToLower() != "application/grpc")
                 {
                     // Wrap _compressionStream and replace the current value with our wrapped version
                     // check whether we've already wrapped the stream so we don't do it twice
@@ -56,8 +56,7 @@ public AfterWrappedMethodDelegate BeforeWrappedMethod(InstrumentedMethodCall ins
 
                         var responseWrapper = new BrowserInjectingStreamWrapper(agent, currentCompressionStream, context);
 
-                        _compressionStreamFieldSetter.Invoke(instrumentedMethodCall.MethodCall.InvocationTarget,
-                            responseWrapper);
+                        _compressionStreamFieldSetter.Invoke(instrumentedMethodCall.MethodCall.InvocationTarget, responseWrapper);
                     }
                 }
             });

Original file line number	Diff line number	Diff line change
`@@ -37,46 +37,45 @@ public BrowserInjectingStreamWrapper(IAgent agent, Stream baseStream, HttpContex`
`37`	`37`
`38`	`38`	`public override Task FlushAsync(CancellationToken cancellationToken)`
`39`	`39`	`{`
`40`		`- if (!Disabled && !_isContentLengthSet && IsHtmlResponse())`
	`40`	`+ if (_context is { Response: not null } && !Disabled && !_isContentLengthSet && IsHtmlResponse())`
`41`	`41`	`{`
`42`	`42`	`if (!_context.Response.HasStarted) // can't set headers if response has already started`
`43`	`43`	`_context.Response.ContentLength = null;`
`44`	`44`	`_isContentLengthSet = true;`
`45`	`45`	`}`
`46`	`46`
`47`		`- return _baseStream.FlushAsync(cancellationToken);`
	`47`	`+ return _baseStream?.FlushAsync(cancellationToken) ?? Task.CompletedTask;`
`48`	`48`	`}`
`49`	`49`
`50`		`- public override void Flush() => _baseStream.Flush();`
	`50`	`+ public override void Flush() => _baseStream?.Flush();`
`51`	`51`
`52`		`- public override int Read(byte[] buffer, int offset, int count) => _baseStream.Read(buffer, offset, count);`
	`52`	`+ public override int Read(byte[] buffer, int offset, int count) => _baseStream?.Read(buffer, offset, count) ?? 0;`
`53`	`53`
`54`		`- public override long Seek(long offset, SeekOrigin origin) => _baseStream.Seek(offset, origin);`
	`54`	`+ public override long Seek(long offset, SeekOrigin origin) => _baseStream?.Seek(offset, origin) ?? 0;`
`55`	`55`
`56`	`56`	`public override void SetLength(long value)`
`57`	`57`	`{`
`58`		`- _baseStream.SetLength(value);`
	`58`	`+ _baseStream?.SetLength(value);`
`59`	`59`
`60`	`60`	`if (!Disabled)`
`61`	`61`	`IsHtmlResponse(forceReCheck: true);`
`62`	`62`	`}`
`63`	`63`
`64`		`- public override void Write(ReadOnlySpan<byte> buffer) => _baseStream.Write(buffer);`
`65`		`-`
`66`		`- public override void WriteByte(byte value) => _baseStream.WriteByte(value);`
	`64`	`+ public override void Write(ReadOnlySpan<byte> buffer) => _baseStream?.Write(buffer);`
`67`	`65`
	`66`	`+ public override void WriteByte(byte value) => _baseStream?.WriteByte(value);`
`68`	`67`
`69`	`68`	`public override void Write(byte[] buffer, int offset, int count)`
`70`	`69`	`{`
`71`	`70`	`// pass through without modification if we're already in the middle of injecting`
`72`	`71`	`// don't inject if the response isn't an HTML response`
`73`		`- if (!Disabled && !CurrentlyInjecting() && IsHtmlResponse())`
	`72`	`+ if (_context != null && !Disabled && !CurrentlyInjecting() && IsHtmlResponse())`
`74`	`73`	`{`
`75`	`74`	`try`
`76`	`75`	`{`
`77`	`76`	`// Set a flag on the context to indicate we're in the middle of injecting - prevents multiple recursions when response compression is in use`
`78`	`77`	`StartInjecting();`
`79`		`- _agent.TryInjectBrowserScriptAsync(_context.Response.ContentType, _context.Request.Path.Value, buffer, _baseStream)`
	`78`	`+ _agent.TryInjectBrowserScriptAsync(_context.Response?.ContentType, _context.Request?.Path, buffer, _baseStream)`
`80`	`79`	`.GetAwaiter().GetResult();`
`81`	`80`	`}`
`82`	`81`	`finally`
`@@ -96,13 +95,13 @@ public override async ValueTask WriteAsync(ReadOnlyMemory<byte> buffer, Cancella`
`96`	`95`	`{`
`97`	`96`	`// pass through without modification if we're already in the middle of injecting`
`98`	`97`	`// don't inject if the response isn't an HTML response`
`99`		`- if (!Disabled && !CurrentlyInjecting() && IsHtmlResponse())`
	`98`	`+ if (_context != null & !Disabled && !CurrentlyInjecting() && IsHtmlResponse())`
`100`	`99`	`{`
`101`	`100`	`try`
`102`	`101`	`{`
`103`	`102`	`// Set a flag on the context to indicate we're in the middle of injecting - prevents multiple recursions when response compression is in use`
`104`	`103`	`StartInjecting();`
`105`		`- await _agent.TryInjectBrowserScriptAsync(_context.Response.ContentType, _context.Request.Path.Value, buffer.ToArray(), _baseStream);`
	`104`	`+ await _agent.TryInjectBrowserScriptAsync(_context.Response?.ContentType, _context.Request?.Path, buffer.ToArray(), _baseStream);`
`106`	`105`	`}`
`107`	`106`	`finally`
`108`	`107`	`{`
`@@ -126,8 +125,11 @@ public override async ValueTask DisposeAsync()`
`126`	`125`	`{`
`127`	`126`	`_context = null;`
`128`	`127`
`129`		`- await _baseStream.DisposeAsync();`
`130`		`- _baseStream = null;`
	`128`	`+ if (_baseStream != null)`
	`129`	`+ {`
	`130`	`+ await _baseStream.DisposeAsync();`
	`131`	`+ _baseStream = null;`
	`132`	`+ }`
`131`	`133`	`}`
`132`	`134`
`133`	`135`	`public override bool CanRead { get; }`
`@@ -154,15 +156,16 @@ private bool IsHtmlResponse(bool forceReCheck = false)`
`154`	`156`	`// Requirements for script injection:`
`155`	`157`	`// * text/html response`
`156`	`158`	`// * UTF-8 formatted (either explicitly or no charset defined)`
	`159`	`+ var responseContentType = _context.Response.ContentType;`
`157`	`160`	`_isHtmlResponse =`
`158`		`- _context.Response.ContentType != null &&`
`159`		`- _context.Response.ContentType.Contains("text/html", StringComparison.OrdinalIgnoreCase) &&`
`160`		`- (_context.Response.ContentType.Contains("utf-8", StringComparison.OrdinalIgnoreCase) \|\|`
`161`		`- !_context.Response.ContentType.Contains("charset=", StringComparison.OrdinalIgnoreCase));`
	`161`	`+ !string.IsNullOrEmpty(responseContentType) &&`
	`162`	`+ responseContentType.Contains("text/html", StringComparison.OrdinalIgnoreCase) &&`
	`163`	`+ (responseContentType.Contains("utf-8", StringComparison.OrdinalIgnoreCase) \|\|`
	`164`	`+ !responseContentType.Contains("charset=", StringComparison.OrdinalIgnoreCase));`
`162`	`165`
`163`	`166`	`if (!_isHtmlResponse.Value)`
`164`	`167`	`{`
`165`		`- _agent.CurrentTransaction?.LogFinest($"Skipping RUM injection: Not an HTML response. ContentType is {_context.Response.ContentType}");`
	`168`	`+ _agent.CurrentTransaction?.LogFinest($"Skipping RUM injection: Not an HTML response. ContentType is {responseContentType}");`
`166`	`169`	`return false;`
`167`	`170`	`}`
`168`	`171`
`@@ -186,8 +189,7 @@ private bool IsHtmlResponse(bool forceReCheck = false)`
`186`	`189`
`187`	`190`	`private void LogExceptionAndDisable(Exception e)`
`188`	`191`	`{`
`189`		`- _agent.Logger.Log(Level.Error,`
`190`		`- $"Unexpected exception. Browser injection will be disabled. Exception: {e.Message}: {e.StackTrace}");`
	`192`	`+ _agent.Logger.Log(Level.Error, e, "Unexpected exception. Browser injection will be disabled.");`
`191`	`193`
`192`	`194`	`Disabled = true;`
`193`	`195`	`}`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ public AfterWrappedMethodDelegate BeforeWrappedMethod(InstrumentedMethodCall ins`
`45`	`45`	`var context = _contextFieldGetter.Invoke(instrumentedMethodCall.MethodCall.InvocationTarget);`
`46`	`46`
`47`	`47`	`// only wrap the compression stream if browser injection is enabled and the request is not a gRPC request.`
`48`		`- if (agent.Configuration.BrowserMonitoringAutoInstrument && agent.Configuration.EnableAspNetCore6PlusBrowserInjection && context.Request.ContentType?.ToLower() != "application/grpc")`
	`48`	`+ if (context != null && agent.Configuration.BrowserMonitoringAutoInstrument && agent.Configuration.EnableAspNetCore6PlusBrowserInjection && context.Request?.ContentType?.ToLower() != "application/grpc")`
`49`	`49`	`{`
`50`	`50`	`// Wrap _compressionStream and replace the current value with our wrapped version`
`51`	`51`	`// check whether we've already wrapped the stream so we don't do it twice`
`@@ -56,8 +56,7 @@ public AfterWrappedMethodDelegate BeforeWrappedMethod(InstrumentedMethodCall ins`
`56`	`56`
`57`	`57`	`var responseWrapper = new BrowserInjectingStreamWrapper(agent, currentCompressionStream, context);`
`58`	`58`
`59`		`- _compressionStreamFieldSetter.Invoke(instrumentedMethodCall.MethodCall.InvocationTarget,`
`60`		`- responseWrapper);`
	`59`	`+ _compressionStreamFieldSetter.Invoke(instrumentedMethodCall.MethodCall.InvocationTarget, responseWrapper);`
`61`	`60`	`}`
`62`	`61`	`}`
`63`	`62`	`});`