Webhooks silently fail on proxy setup with null password, and whole url is matched for no proxy decision #407
Description
Jenkins and plugins versions report
Jenkins 2.516.2
Office-365-Connector Plugin 5.2.0
Apache HttpComponents Client 5.x API Plugin 5.5-166.v870a_96374f91
What Operating System are you using (both controller, and any agents involved in the problem)?
RHEL 9
Reproduction steps
- Configure Jenkins proxies with CasC yaml having only host, port and no proxy hosts defined
- proxy.xml gets created with no username or password, resulting in null values in
ProxyConfiguration - Use
office365ConnectorSendin a job, this will silently fail due to a null password
Adding some debug try-catch reveals this issue:
Also sort of related or at least visible with the same bug, the no proxy host matching is done against whole webhook URL, which will result in invalid proxy usage.
- Configure no proxy hosts with
localhost - Use
office365ConnectorSendtohttp://localhost, this will either (with null password hitting the above issue) silently fail or (with null username and any password to workaround the above issue) use proxies anyway. - Use
office365ConnectorSendto `localhost", this will not hit the above issue since the no proxy host is matched correctly, it will instead fail on the request since the scheme is missing.
Expected Results
Null password is allowed.
Proxy usage is done matching against the URL host only.
Actual Results
Null password results in webhooks silently failing.
Proxy is used for hosts for which is should not be.
Anything else?
This http client / password handling was changed in 5.2.0 when http client v5 was introduced.
Are you interested in contributing a fix?
No response