Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove headers from signature verification if gitlab invocation method #29

Merged
merged 9 commits into from
Aug 8, 2024
Merged

Remove headers from signature verification if gitlab invocation method #29

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
fafd27c
Remove headers from signature verification if gitlab invocation method
omby8888 Aug 5, 2024
e7f7696
lint fixes
omby8888 Aug 5, 2024
2955feb
fixed comment
omby8888 Aug 7, 2024
06ece05
fixed lint
omby8888 Aug 7, 2024
6faf9b5
added runtime setting for not fetching kafka creds while running locally
omby8888 Aug 7, 2024
00b63bb
added contribution guide
omby8888 Aug 7, 2024
a1fbba8
add defensive get
omby8888 Aug 7, 2024
cfabdc4
fix lint
omby8888 Aug 7, 2024
530097d
fix lint
omby8888 Aug 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions app/core/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from pathlib import Path
from typing import Any, Optional

from dotenv import load_dotenv
from pydantic import (
AnyHttpUrl,
BaseModel,
Expand All @@ -11,6 +12,8 @@
validator,
)

load_dotenv()

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would do it if specific env variable is specified . e.g. if ENV_RUNTIME='DEBUG'


class ActionReport(BaseModel):
status: str | None = None
Expand Down
17 changes: 12 additions & 5 deletions app/invokers/webhook_invoker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,9 @@ def _invoke_run(
res.raise_for_status()
run_logger("Port agent finished processing the action run")

def validate_incoming_signature(self, msg: dict) -> bool:
def validate_incoming_signature(self,
msg: dict,
invocation_method_name: str) -> bool:
if "changelogDestination" in msg:
return True

Expand All @@ -294,9 +296,14 @@ def validate_incoming_signature(self, msg: dict) -> bool:
)
return False

# Remove the headers to avoid them being used in the signature verification
del msg["headers"]["X-Port-Signature"]
del msg["headers"]["X-Port-Timestamp"]
# Remove Port's generated headers to avoid them being
# used in the signature verification
if invocation_method_name == 'GITLAB':
del msg["headers"]
else:
del msg["headers"]["X-Port-Signature"]
del msg["headers"]["X-Port-Timestamp"]

expected_sig = sign_sha_256(
json.dumps(msg, separators=(",", ":"), ensure_ascii=False),
settings.PORT_CLIENT_SECRET,
Expand All @@ -313,7 +320,7 @@ def invoke(self, msg: dict, invocation_method: dict) -> None:
logger.info("WebhookInvoker - start - destination: %s", invocation_method)
run_id = msg["context"].get("runId")

if not self.validate_incoming_signature(msg):
if not self.validate_incoming_signature(msg, invocation_method['type']):
matan84 marked this conversation as resolved.
Show resolved Hide resolved
return

logger.info("WebhookInvoker - validating signature")
Expand Down
1 change: 1 addition & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ pydantic==1.10.2
requests==2.28.1
pyjq==2.6.0
flatten-dict==0.4.2
python-dotenv==1.0.1
Loading