From d4f34b655418cbb422ffc32e00a26698c70a2c5a Mon Sep 17 00:00:00 2001
From: Alejandro Alonso <alejandroalonsofernandez@gmail.com>
Date: Mon, 1 Feb 2016 09:12:13 +0100
Subject: [PATCH] Issue 3842: Catch properly invalid IP's errors for
 integrations

---
 taiga/hooks/bitbucket/api.py              | 12 +++++++++++-
 taiga/hooks/gitlab/api.py                 | 11 ++++++++++-
 tests/integration/test_hooks_bitbucket.py | 20 ++++++++++++++++++++
 tests/integration/test_hooks_gitlab.py    | 20 ++++++++++++++++++++
 4 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/taiga/hooks/bitbucket/api.py b/taiga/hooks/bitbucket/api.py
index afd3c47b..6fcfcab5 100644
--- a/taiga/hooks/bitbucket/api.py
+++ b/taiga/hooks/bitbucket/api.py
@@ -25,6 +25,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
 from . import event_hooks
 
 from netaddr import all_matching_cidrs
+from netaddr.core import AddrFormatError
 from urllib.parse import parse_qs
 from ipware.ip import get_ip
 
@@ -56,7 +57,16 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
         valid_origin_ips = bitbucket_config.get("valid_origin_ips",
                                                 settings.BITBUCKET_VALID_ORIGIN_IPS)
         origin_ip = get_ip(request)
-        if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
+        mathching_origin_ip = True
+
+        if valid_origin_ips:
+            try:
+                mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0
+
+            except AddrFormatError:
+                mathching_origin_ip = False
+
+        if not mathching_origin_ip:
             return False
 
         return project_secret == secret_key
diff --git a/taiga/hooks/gitlab/api.py b/taiga/hooks/gitlab/api.py
index 89f6a5c8..6dd2368d 100644
--- a/taiga/hooks/gitlab/api.py
+++ b/taiga/hooks/gitlab/api.py
@@ -27,6 +27,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
 from . import event_hooks
 
 from netaddr import all_matching_cidrs
+from netaddr.core import AddrFormatError
 
 class GitLabViewSet(BaseWebhookApiViewSet):
     event_hook_classes = {
@@ -54,8 +55,16 @@ class GitLabViewSet(BaseWebhookApiViewSet):
         gitlab_config = project.modules_config.config.get("gitlab", {})
         valid_origin_ips = gitlab_config.get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
         origin_ip = get_ip(request)
+        mathching_origin_ip = True
 
-        if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
+        if valid_origin_ips:
+            try:
+                mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0
+
+            except AddrFormatError:
+                mathching_origin_ip = False
+
+        if not mathching_origin_ip:
             return False
 
         return project_secret == secret_key
diff --git a/tests/integration/test_hooks_bitbucket.py b/tests/integration/test_hooks_bitbucket.py
index c21ca332..1dbf8ea2 100644
--- a/tests/integration/test_hooks_bitbucket.py
+++ b/tests/integration/test_hooks_bitbucket.py
@@ -99,6 +99,26 @@ def test_invalid_ip(client):
     assert response.status_code == 400
 
 
+def test_invalid_origin_ip_settings(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "bitbucket": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["testing"]
+        }
+    })
+
+    url = reverse("bitbucket-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR="111.111.111.112")
+    assert response.status_code == 400
+
+
 def test_valid_local_network_ip(client):
     project = f.ProjectFactory()
     f.ProjectModulesConfigFactory(project=project, config={
diff --git a/tests/integration/test_hooks_gitlab.py b/tests/integration/test_hooks_gitlab.py
index cd0c2b8b..cc2f8e66 100644
--- a/tests/integration/test_hooks_gitlab.py
+++ b/tests/integration/test_hooks_gitlab.py
@@ -99,6 +99,26 @@ def test_invalid_ip(client):
     assert response.status_code == 400
 
 
+def test_invalid_origin_ip_settings(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "gitlab": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["testing"]
+        }
+    })
+
+    url = reverse("gitlab-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = {"test:": "data"}
+    response = client.post(url,
+                           json.dumps(data),
+                           content_type="application/json",
+                           REMOTE_ADDR="111.111.111.112")
+
+    assert response.status_code == 400
+
+
 def test_valid_local_network_ip(client):
     project = f.ProjectFactory()
     f.ProjectModulesConfigFactory(project=project, config={