Add better validation of incoming webhooks for GitHub.
Review Request #6313 — Created Sept. 11, 2014 and submitted
Incoming GitHub webhook requests for the close-submitted webhooks are
now safe from unintentional requests (for incompatible events) or
malicious payloads (from people guessing the URL and sending payloads to
close various review requests).We now require that the webhook on GitHub be configured with the Secret
field filled out. It must be set to the value of the repository's
hooks_uuid field. The incoming payload will then be validated for a
signature generated with those payload contents and that secret.The handler will also filter out non-push events, in case the webhook
was configured to "send everything."This change (and the upcoming ones for Bitbucket and Google Code) do
break backwards-compatibility for existing hooks, but this is necessary
(and we have labeled this an experimental feature).An upcoming change will assist users in filling out the webhook field
information, along with the value for the Secret field.
Unit tests pass.
We'll need to test this in production once the change goes in.
Change Summary:
- Removed some unused imports (which came along for the ride from another change)
close_all_review_requestsnow takes a repository instead of an ID, which GitHub provides. The usage inside the function still works if an ID is passed, so I haven't updated other call sites yet. They'll be updated in their own changes.
Commit: |
|
||||
|---|---|---|---|---|---|
Diff: |
Revision 2 (+138 -30) |
Tool: Pyflakes Processed Files: reviewboard/hostingsvcs/github.py reviewboard/hostingsvcs/hook_utils.py reviewboard/hostingsvcs/tests.py Tool: PEP8 Style Checker Processed Files: reviewboard/hostingsvcs/github.py reviewboard/hostingsvcs/hook_utils.py reviewboard/hostingsvcs/tests.py