actions/octokit.py
1
0
Fork 0
mirror of https://github.com/khornberg/octokit.py synced 2026-05-20 20:04:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Enhancement: Check delivery guid

Browse Source
This commit is contained in:
Kyle Hornberg
2018-02-06 14:40:24 -06:00
parent 37d41d1669
commit 3bc3ddca28
2 changed files with 51 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/octokit/webhook/__init__.py
+17 -3
View File
@@ -1,15 +1,15 @@
import hashlib
import hmac
import json
from uuid import UUID
from octokit import utils
def verify(headers, payload, secret, events=[]):
event = headers.get('X-GitHub-Event')
if event not in utils.get_json_data('events.json'):
if invalid_guid(headers.get('X-GitHub-Delivery')):
return False
if event not in events and '*' not in events:
if invalid_event(headers.get('X-GitHub-Event'), events):
return False
return _compare(headers, payload, secret)
@@ -19,3 +19,17 @@ def _compare(headers, payload, secret):
algo, sig = headers.get('X-Hub-Signature').split('=')
digest = hmac.new(secret.encode(encoding), json.dumps(payload).encode(encoding), getattr(hashlib, algo)).hexdigest()
return hmac.compare_digest(sig.encode(encoding), digest.encode(encoding))
def invalid_guid(guid):
try:
return str(UUID(guid)) != guid
except ValueError:
return True
def invalid_event(event, events):
if event not in utils.get_json_data('events.json'):
return True
if event not in events and '*' not in events:
return True
tests/test_webhook.py
+34 -5
View File
@@ -4,35 +4,64 @@ from octokit import webhook
class TestWebhook(object):
def test_can_verify_webhook(self):
headers = {'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f', 'X-GitHub-Event': 'push'}
headers = {
'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f',
'X-GitHub-Event': 'push',
'X-GitHub-Delivery': '72d3162f-cc78-11e3-81ab-4c9367dc0958'
}
payload = {}
secret = 'secret'
events = ['push']
assert webhook.verify(headers, payload, secret, events=events)
def test_can_filter_webhook_events(self):
headers = {'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f'}
headers = {
'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f',
'X-GitHub-Delivery': '72d3162f-cc78-11e3-81ab-4c9367dc0958'
}
payload = {}
secret = 'secret'
events = ['push']
assert webhook.verify(headers, payload, secret, events=events) is False
def test_must_specify_events_to_allow(self):
headers = {'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f'}
headers = {
'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f',
'X-GitHub-Delivery': '72d3162f-cc78-11e3-81ab-4c9367dc0958'
}
payload = {}
secret = 'secret'
assert webhook.verify(headers, payload, secret) is False
def test_can_specify_all_events(self):
headers = {'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f', 'X-GitHub-Event': 'push'}
headers = {
'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f',
'X-GitHub-Event': 'push',
'X-GitHub-Delivery': '72d3162f-cc78-11e3-81ab-4c9367dc0958'
}
payload = {}
secret = 'secret'
events = ['*']
assert webhook.verify(headers, payload, secret, events=events)
def test_only_known_events_are_valid(self):
headers = {'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f', 'X-GitHub-Event': 'pushy'}
headers = {
'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f',
'X-GitHub-Event': 'pushy',
'X-GitHub-Delivery': '72d3162f-cc78-11e3-81ab-4c9367dc0958'
}
payload = {}
secret = 'secret'
events = ['pushy']
assert webhook.verify(headers, payload, secret, events=events) is False
def test_delivery_guids_must_be_valid_guids(self):
headers = {
'X-Hub-Signature': 'sha1=5d61605c3feea9799210ddcb71307d4ba264225f',
'X-GitHub-Event': 'push',
'X-GitHub-Delivery': 'not-a-guid'
}
payload = {}
secret = 'secret'
events = ['push']
assert webhook.verify(headers, payload, secret, events=events) is False