fix: asm None env [backport 2.7] (#8654)

Backport 7c0f0dc from #8646 to 2.7.

This fix addresses the crash described in
#8644 and
#6659 and by defensively
handling None values for the asm_env object during _DataHandler
shutdown. The root cause of this issue is unknown.

There are no tests added here because we don't have a replication case.

## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.
- [x] If change touches code that signs or publishes builds or packages,
or handles credentials of any kind, I've requested a review from
`@DataDog/security-design-and-guidance`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: Stefano Polloni <[email protected]>

Author: github-actions[bot]

ddtrace/appsec/_asm_request_context.py

@@ -150,17 +150,17 @@ def __init__(self):
 
     def finalise(self):
         if self.active:
+            self.active = False
             env = self.execution_context.get_item("asm_env")
-            callbacks = GLOBAL_CALLBACKS.get(_CONTEXT_CALL, []) if env.must_call_globals else []
-            env.must_call_globals = False
-            if env is not None and env.callbacks is not None and env.callbacks.get(_CONTEXT_CALL):
-                callbacks = callbacks + env.callbacks.get(_CONTEXT_CALL)
-            if callbacks:
-                if env is not None:
+            if env is not None:
+                callbacks = GLOBAL_CALLBACKS.get(_CONTEXT_CALL, []) if env.must_call_globals else []
+                env.must_call_globals = False
+                if env.callbacks is not None and env.callbacks.get(_CONTEXT_CALL):
+                    callbacks = callbacks + env.callbacks.get(_CONTEXT_CALL)
+                if callbacks:
                     for function in callbacks:
                         function(env)
                 self.execution_context.end()
-            self.active = False
 
 
 def set_value(category: str, address: str, value: Any) -> None:

releasenotes/notes/missing-asm-env-again-bab2f6a06c6f366d.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    appsec: This fix resolves an issue in which the library attempted to finalize twice a context object used
+    by the Application Security Management product.