Page MenuHomeDevCentral
Files F3770277

D262.diff
No OneTemporary
Actions

D262.diff
View Options

diff --git a/app/Http/Controllers/Gate/GitHubGateController.php b/app/Http/Controllers/Gate/GitHubGateController.php
--- a/app/Http/Controllers/Gate/GitHubGateController.php
+++ b/app/Http/Controllers/Gate/GitHubGateController.php
@@ -76,6 +76,10 @@
abort(403, 'Unauthorized action.');
}
+ if (!$this->isValidRequest()) {
+ abort(400, 'Bad request.');
+ }
+
// Process the request
$this->logGateRequest();
@@ -115,6 +119,25 @@
}
/**
+ * Determines if the request is valid, ie contains the mandatory headers
+ * and a payload.
+ *
+ * @return bool true if the request looks valid; otherwise, false.
+ */
+ protected function isValidRequest () {
+ if (empty($this->event)) {
+ return false;
+ }
+ if (empty($this->delivery)) {
+ return false;
+ }
+ if (empty($this->payload) || !is_object($this->payload)) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
* Determines if the request is legit.
*
* @return bool true if the request looks legit; otherwise, false.
diff --git a/tests/Http/Controllers/GitHubGateControllerTest.php b/tests/Http/Controllers/GitHubGateControllerTest.php
--- a/tests/Http/Controllers/GitHubGateControllerTest.php
+++ b/tests/Http/Controllers/GitHubGateControllerTest.php
@@ -43,4 +43,17 @@
$this->assertResponseOk();
}
+
+ /**
+ * Tests a malformed GitHub gate payload.
+ */
+ public function testMalformedPost () {
+ $this->sendPayload(
+ '/gate/GitHub/Quux', // A gate not existing in data/credentials.json
+ "",
+ 'POST',
+ []
+ );
+ $this->assertResponseStatus(400);
+ }
}

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 24, 19:39 (21 h, 57 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260871
Default Alt Text
D262.diff (1 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator