Merge pull request #141 from sartography/fix/git-service-webhook

backend/git_service: check repo URLs from webhook
2023-02-20 08:02:53 -08:00 · 2023-02-20 08:02:53 -08:00 · 6d6491d659
parent 4c46104202 a600736e67
commit 6d6491d659
1 changed files with 12 additions and 7 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py
@ -197,16 +197,21 @@ class GitService:
                f" body: {webhook}"
            )

-        clone_url = webhook["repository"]["clone_url"]
-        if (
-            clone_url
-            != current_app.config["SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"]
-        ):
+        config_clone_url = current_app.config[
+            "SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"
+        ]
+        repo = webhook["repository"]
+        valid_clone_urls = [repo["clone_url"], repo["git_url"], repo["ssh_url"]]
+        if config_clone_url not in valid_clone_urls:
            raise GitCloneUrlMismatchError(
-                "Configured clone url does not match clone url from webhook:"
-                f" {clone_url}"
+                "Configured clone url does not match the repo URLs from webhook: %s"
+                " =/= %s" % (config_clone_url, valid_clone_urls)
            )

+        # Test webhook requests have a zen koan and hook info.
+        if "zen" in webhook or "hook_id" in webhook:
+            return False
+
        if "ref" not in webhook:
            raise InvalidGitWebhookBodyError(
                f"Could not find the 'ref' arg in the webhook boy: {webhook}"