From 2de938c06b575bb32347f87e8cac807500d74bfa Mon Sep 17 00:00:00 2001
From: Niko Raes <niko.raes@arcadis.com>
Date: Mon, 1 Sep 2025 13:27:34 +0200
Subject: [PATCH] Add header key sanitization to ensure valid HTTP header names

---
 common/component/azure/eventhubs/events.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/common/component/azure/eventhubs/events.go b/common/component/azure/eventhubs/events.go
index 4c6e43f93b..c9743eeb21 100644
--- a/common/component/azure/eventhubs/events.go
+++ b/common/component/azure/eventhubs/events.go
@@ -17,6 +17,7 @@ package eventhubs
 
 import (
 	"context"
+	"regexp"
 	"strconv"
 	"time"
 
@@ -124,19 +125,28 @@ func NewBulkMessageEntryFromEventData(e *azeventhubs.ReceivedEventData, topic st
 	return entry, nil
 }
 
+// Allowed: letters, digits, and hyphens.
+var headerKeySanitizer = regexp.MustCompile(`[^a-zA-Z0-9-]`)
+
+// Replaces any character not allowed in HTTP header names with '-'.
+func sanitizeHeaderKey(key string) string {
+	return headerKeySanitizer.ReplaceAllString(key, "-")
+}
+
 // Adds a property to the response metadata
 func addPropertyToMetadata(key string, value any, md map[string]string) {
+	safeKey := sanitizeHeaderKey(key)
 	switch v := value.(type) {
 	case *time.Time:
 		if v != nil {
-			md[key] = v.Format(time.RFC3339)
+			md[safeKey] = v.Format(time.RFC3339)
 		}
 	case time.Time:
-		md[key] = v.Format(time.RFC3339)
+		md[safeKey] = v.Format(time.RFC3339)
 	default:
 		str, err := cast.ToStringE(value)
 		if err == nil {
-			md[key] = str
+			md[safeKey] = str
 		}
 	}
 }