Fix NullPointerException log in AppSec (#9355)

What Does This Do
Modifies WafModule#buildEvents to safely handle actionWithData.data being null.

Motivation
Fix #9346

Additional Notes
The current version of libddwaf may return null in the data field of actionWithData. This was previously not handled and could cause unexpected logged exceptions. The method now explicitly checks for null to prevent this.

Author: jandro996

dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java

@@ -1,5 +1,6 @@
 package com.datadog.appsec.ddwaf;
 
+import static datadog.trace.api.telemetry.LogCollector.SEND_TELEMETRY;
 import static datadog.trace.util.stacktrace.StackTraceEvent.DEFAULT_LANGUAGE;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
@@ -557,6 +558,10 @@ private Waf.ResultWithData runWafTransient(
   }
 
   private Collection<AppSecEvent> buildEvents(Waf.ResultWithData actionWithData) {
+    if (actionWithData.data == null) {
+      log.debug(SEND_TELEMETRY, "WAF result data is null");
+      return Collections.emptyList();
+    }
     Collection<WAFResultData> listResults;
     try {
       listResults = RES_JSON_ADAPTER.fromJson(actionWithData.data);

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/ddwaf/WAFModuleSpecification.groovy

@@ -1682,6 +1682,19 @@ class WAFModuleSpecification extends DDSpecification {
     internal == libddwaf
   }
 
+  void 'ResultWithData - null data'() {
+    def waf = new WAFModule()
+    Waf.ResultWithData rwd = new Waf.ResultWithData(null, null, null, null)
+    Collection ret
+
+    when:
+    ret = waf.buildEvents(rwd)
+
+    then:
+    noExceptionThrown()
+    ret.isEmpty()
+  }
+
   /**
    * Helper to return a concrete Waf exception for each WafErrorCode
    */