Fixing bad origin configuration for gitlab and bitbucket

2016-02-10 14:20:30 +01:00 · 2016-02-10 14:20:30 +01:00 · f183640e33
parent fd0d30dfc9
commit f183640e33
4 changed files with 47 additions and 2 deletions
--- a/taiga/hooks/bitbucket/api.py
+++ b/taiga/hooks/bitbucket/api.py
@ -63,7 +63,7 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
            try:
                mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0

-            except AddrFormatError:
+            except(AddrFormatError, ValueError):
                mathching_origin_ip = False

        if not mathching_origin_ip:
--- a/taiga/hooks/gitlab/api.py
+++ b/taiga/hooks/gitlab/api.py
@ -61,7 +61,7 @@ class GitLabViewSet(BaseWebhookApiViewSet):
            try:
                mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0

-            except AddrFormatError:
+            except (AddrFormatError, ValueError):
                mathching_origin_ip = False

        if not mathching_origin_ip:
--- a/tests/integration/test_hooks_bitbucket.py
+++ b/tests/integration/test_hooks_bitbucket.py
@ -81,6 +81,28 @@ def test_ok_signature_ip_in_network(client):
    assert response.status_code == 204


+def test_ok_signature_invalid_network(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "bitbucket": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["131.103.20.160/27;165.254.145.0/26;104.192.143.0/24"],
+        }
+    })
+
+    url = reverse("bitbucket-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR="104.192.143.193")
+
+    assert response.status_code == 400
+    assert "Bad signature" in response.data["_error_message"]
+
+
 def test_blocked_project(client):
    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
    f.ProjectModulesConfigFactory(project=project, config={
--- a/tests/integration/test_hooks_gitlab.py
+++ b/tests/integration/test_hooks_gitlab.py
@ -97,6 +97,29 @@ def test_ok_signature_ip_in_network(client):
    assert response.status_code == 204


+def test_ok_signature_invalid_network(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "gitlab": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["131.103.20.160/27;165.254.145.0/26;104.192.143.0/24"],
+        }
+    })
+
+    url = reverse("gitlab-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR="104.192.143.193")
+
+    assert response.status_code == 400
+    assert "Bad signature" in response.data["_error_message"]
+
+
+
 def test_blocked_project(client):
    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
    f.ProjectModulesConfigFactory(project=project, config={