set custom User-Agent header for BlackDuck API requests#5782
Conversation
|
/it-go |
| httpClient piperhttp.Sender | ||
| serverURL string | ||
| projectVersion *ProjectVersion | ||
| UserAgent string |
There was a problem hiding this comment.
Bug: UserAgent can be silently cleared by authenticate() JSON unmarshalling
The authenticate() method does json.Unmarshal(respBody, b), where b is a pointer to the Client struct. Because UserAgent has no json:"-" tag, if the BlackDuck authentication endpoint ever returns a JSON key that case-insensitively matches "useragent" (e.g. "UserAgent": ""), the field will be zeroed out, silently removing the custom User-Agent from all subsequent requests.
Even without that scenario today, the field should be marked json:"-" to make the intent explicit — this field is not part of the API contract with BlackDuck and must never be overwritten by deserializing a server response.
Consider adding the json:"-" tag to protect it
piotrskindel-sap
force-pushed
the
feature/blackduck-custom-useragent
branch
from
625eb2c to
4e7975a
Compare
3 participants
Description
This chang sets a custom User-Agent header to BlackDuck API requests so the server can identify that piper is calling it and which step. The User-Agent follows the format piper--, for example piper-detectExecuteScan-6bda91c.