sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #141 from sartography/fix/git-service-webhook 

backend/git_service: check repo URLs from webhook
This commit is contained in:
Kevin Burnett 2023-02-20 08:02:53 -08:00 committed by GitHub
parent 4c46104202 a600736e67
commit 6d6491d659
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py
View File

@ -197,16 +197,21 @@ class GitService:
f" body: {webhook}" f" body: {webhook}"
) )
clone_url = webhook["repository"]["clone_url"] config_clone_url = current_app.config[
if ( "SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"
clone_url ]
!= current_app.config["SPIFFWORKFLOW_BACKEND_GIT_PUBLISH_CLONE_URL"] repo = webhook["repository"]
): valid_clone_urls = [repo["clone_url"], repo["git_url"], repo["ssh_url"]]
if config_clone_url not in valid_clone_urls:
raise GitCloneUrlMismatchError( raise GitCloneUrlMismatchError(
"Configured clone url does not match clone url from webhook:" "Configured clone url does not match the repo URLs from webhook: %s"
f" {clone_url}" " =/= %s" % (config_clone_url, valid_clone_urls)
) )
# Test webhook requests have a zen koan and hook info.
if "zen" in webhook or "hook_id" in webhook:
return False
if "ref" not in webhook: if "ref" not in webhook:
raise InvalidGitWebhookBodyError( raise InvalidGitWebhookBodyError(
f"Could not find the 'ref' arg in the webhook boy: {webhook}" f"Could not find the 'ref' arg in the webhook boy: {webhook}"