Validate SonarCloud webhook signature fail was caused by the JsonWriter build request payload #3361
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
as a developer, i validate sonarcloud webhook signature fail was caused by the JsonWriter build request payload.
org.sonar.server.webhook.WebhookPayloadFactoryImpl#create build the WebhookPayload with the JsonWriter which in sonar-plugin-api.jar, JsonWriter based on Gson's JsonWriter and set the htmlSafe is true,
so it's escape some chars if the payload contains the chars which in the array HTML_SAFE_REPLACEMENT_CHARS, and signature the payload with the secret, then post the body by the callback url,
But the payload I received was un-escaped so that i validate SonarCloud webhook signature always fail, (the payload is changed).
for example: payload Object has a key-value is {"key": "key=val"}, by the JsonWriter to json, sonar server sign the payload is {"key": "key\u003dval"}, i received the payload is {"key": "key=val"}.
in the document https://docs.sonarsource.com/sonarcloud/advanced-setup/webhooks/#securing-your-webhooks,
i think at least the JsonWriter conver to json that escape some special chars maybe validate sonarcloud webhook signature fail need to describe clearly .