Notification webhook sends blank header key/value with a colon #4344
Description
Current Behavior
Notifications webhook sends invalid HTTP header when fields are empty.
Here is the raw HTTP payload being received by netcat:
nc -l -p 9090
POST / HTTP/1.1
content-type: application/json
accept: application/json
:
Content-Length: 51558
Host: myhost:9090
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.14 (Java/21.0.5)
Accept-Encoding: gzip,deflate
{
"notification": {
"level": "INFORMATIONAL",
"scope": "PORTFOLIO",
"group": "BOM_CONSUMED",
"timestamp": "2024-10-31T11:14:17.975933948",
"title": "Bill of Materials Consumed",
"content": "A CycloneDX BOM was consumed and will be processed",
"subject":
We can see above that below the accept: application/json header a blank header key and value are being sent which is invalid.
Steps to Reproduce
- Create a notification to to host
myhost:9090 - Listen on the given host:
nc -l -p 9090 - Observe the following header value being sent:
:which is the blank fields for API token header and API token in the UI:
Expected Behavior
If the API key/secret fields are empty, no blank header key/value with a colon should be sent.
Dependency-Track Version
4.13.0-SNAPSHOT
Dependency-Track Distribution
Container Image
Database Server
H2
Database Server Version
No response
Browser
Google Chrome
Checklist
- I have read and understand the contributing guidelines
- I have checked the existing issues for whether this defect was already reported