taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #587 from taigaio/Issue-3842-Catch-properly-invalid-IPs-errors-for-integrations 

Issue 3842: Catch properly invalid IP's errors for integrations
remotes/origin/logger
David Barragán Merino 2016-02-01 11:34:15 +01:00
parent 4ce824223f d4f34b6554
commit 835865fc83
4 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
taiga/hooks/bitbucket/api.py
View File

@ -25,6 +25,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
from . import event_hooks
from netaddr import all_matching_cidrs
from netaddr.core import AddrFormatError
from urllib.parse import parse_qs
from ipware.ip import get_ip
@ -56,7 +57,16 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
valid_origin_ips = bitbucket_config.get("valid_origin_ips",
settings.BITBUCKET_VALID_ORIGIN_IPS)
origin_ip = get_ip(request)
if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
mathching_origin_ip = True
if valid_origin_ips:
try:
mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0
except AddrFormatError:
mathching_origin_ip = False
if not mathching_origin_ip:
return False
return project_secret == secret_key

11
taiga/hooks/gitlab/api.py
View File

@ -27,6 +27,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
from . import event_hooks
from netaddr import all_matching_cidrs
from netaddr.core import AddrFormatError
class GitLabViewSet(BaseWebhookApiViewSet):
event_hook_classes = {
@ -54,8 +55,16 @@ class GitLabViewSet(BaseWebhookApiViewSet):
gitlab_config = project.modules_config.config.get("gitlab", {})
valid_origin_ips = gitlab_config.get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
origin_ip = get_ip(request)
mathching_origin_ip = True
if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
if valid_origin_ips:
try:
mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0
except AddrFormatError:
mathching_origin_ip = False
if not mathching_origin_ip:
return False
return project_secret == secret_key

20
tests/integration/test_hooks_bitbucket.py
View File

@ -99,6 +99,26 @@ def test_invalid_ip(client):
assert response.status_code == 400
def test_invalid_origin_ip_settings(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={
"bitbucket": {
"secret": "tpnIwJDz4e",
"valid_origin_ips": ["testing"]
}
})
url = reverse("bitbucket-hook-list")
url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
response = client.post(url,
data,
content_type="application/json",
HTTP_X_EVENT_KEY="repo:push",
REMOTE_ADDR="111.111.111.112")
assert response.status_code == 400
def test_valid_local_network_ip(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={

20
tests/integration/test_hooks_gitlab.py
View File

@ -99,6 +99,26 @@ def test_invalid_ip(client):
assert response.status_code == 400
def test_invalid_origin_ip_settings(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={
"gitlab": {
"secret": "tpnIwJDz4e",
"valid_origin_ips": ["testing"]
}
})
url = reverse("gitlab-hook-list")
url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
data = {"test:": "data"}
response = client.post(url,
json.dumps(data),
content_type="application/json",
REMOTE_ADDR="111.111.111.112")
assert response.status_code == 400
def test_valid_local_network_ip(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={