bug: fix NullPointerException if allowedHeaders contains null

review comment - https://github.com/getsentry/sentry-java/pull/4919/files#r2550496731

seems possible, e.g. if a client passes null in the array to SentryReplayOptions#set[Request|Response]Headers

Author: 43jay

sentry/src/main/java/io/sentry/util/network/NetworkDetailCaptureUtils.java

@@ -130,7 +130,9 @@ private static boolean shouldCaptureUrl(
     // Convert to lowercase for case-insensitive matching
     Set<String> normalizedAllowed = new HashSet<>();
     for (String header : allowedHeaders) {
-      normalizedAllowed.add(header.toLowerCase());
+      if (header != null) {
+        normalizedAllowed.add(header.toLowerCase());
+      }
     }
 
     for (Map.Entry<String, String> entry : allHeaders.entrySet()) {

sentry/src/test/java/io/sentry/util/network/NetworkDetailCaptureUtilsTest.kt

@@ -78,4 +78,27 @@ class NetworkDetailCaptureUtilsTest {
     // Unwanted header should not be present
     assertTrue(!result.containsKey("X-Unwanted-Header"))
   }
+
+  @Test
+  fun `getCaptureHeaders should handle null elements in allowedHeaders`() {
+    val allHeaders =
+      mapOf(
+        "Content-Type" to "application/json",
+        "Authorization" to "Bearer token123",
+        "X-Custom-Header" to "custom-value",
+      )
+
+    // allowedHeaders contains null elements which should be ignored
+    val allowedHeaders = arrayOf(null, "content-type", null, "authorization", null)
+
+    val result = NetworkDetailCaptureUtils.getCaptureHeaders(allHeaders, allowedHeaders)
+
+    // Only non-null allowed headers should be matched
+    assertEquals(2, result.size)
+    assertEquals("application/json", result["Content-Type"])
+    assertEquals("Bearer token123", result["Authorization"])
+
+    // X-Custom-Header should not be present as it's not in the allowed list
+    assertTrue(!result.containsKey("X-Custom-Header"))
+  }
 }