ben/webhook-matrix-notifier
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Sanitize room input

Browse source
This commit is contained in:
Ben 2019-07-19 16:45:58 +02:00
parent 7b6d99a281
commit c731dce53c
Signed by: ben
GPG key ID: 0F54A7ED232D3319
1 changed files with 28 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
wmn.py
View file

@ -1,3 +1,5 @@
import re
import yaml import yaml
from flask import Flask, request, abort from flask import Flask, request, abort
from matrix_client.client import MatrixClient from matrix_client.client import MatrixClient
@ -5,6 +7,10 @@ from matrix_client.errors import MatrixRequestError
application = Flask(__name__) application = Flask(__name__)
# Not going to care for specifics like the underscore.
# Generally match !anything:example.com with unicode support.
room_pattern = re.compile(r'^!\w+:[\w\-.]+$')
""" """
config.yml Example: config.yml Example:
@ -18,13 +24,25 @@ with open("config.yml", 'r') as ymlfile:
cfg = yaml.safe_load(ymlfile) cfg = yaml.safe_load(ymlfile)
def process_gitlab_request(): def check_token(header_field: str):
gitlab_token = request.headers.get('X-Gitlab-Token') token = request.headers.get(header_field)
if gitlab_token != cfg['secret']: if token != cfg['secret']:
abort(403) abort(401)
channel = request.args.get('channel')
if channel is None or len(channel) == 0:
def get_a_room():
if 'channel' not in request.args:
abort(400) abort(400)
room = request.args.get('channel')
# sanitize input
if room_pattern.fullmatch(room) is None:
abort(400)
return room
def process_gitlab_request():
check_token('X-Gitlab-Token')
room = get_a_room()
gitlab_event = request.headers.get("X-Gitlab-Event") gitlab_event = request.headers.get("X-Gitlab-Event")
if gitlab_event == "Push Hook": if gitlab_event == "Push Hook":
@ -32,8 +50,9 @@ def process_gitlab_request():
client = MatrixClient(cfg["matrix"]["server"]) client = MatrixClient(cfg["matrix"]["server"])
client.login(username=cfg["matrix"]["username"], password=cfg["matrix"]["password"]) client.login(username=cfg["matrix"]["username"], password=cfg["matrix"]["password"])
room = client.join_room(room_id_or_alias=channel) room = client.join_room(room_id_or_alias=room)
except MatrixRequestError as e: except MatrixRequestError as e:
# see Flask.make_response, this is interpreted as (body, status)
return f"Error from Matrix: {e.content}", e.code return f"Error from Matrix: {e.content}", e.code
def sort_commits_by_time(commits): def sort_commits_by_time(commits):
@ -58,12 +77,8 @@ def process_gitlab_request():
def process_jenkins_request(): def process_jenkins_request():
jenkins_token = request.headers.get('X-Jenkins-Token') check_token('X-Jenkins-Token')
if jenkins_token != cfg['secret']: # room = get_a_room()
abort(403)
channel = request.args.get('channel')
if channel is None or len(channel) == 0:
abort(400)
from pprint import pprint from pprint import pprint
pprint(request.json) pprint(request.json)