Merge pull request #360 from adnanh/improvement/content-type-based-payload-parsing

Fix invalid assumption that multipart forms can be parsed in te same way as urlencoded forms.
2025-05-13 09:04:44 +00:00 · 2019-12-02 22:33:45 +01:00 · 2019-12-02 22:33:45 +01:00 · 9117f4f6d6
commit 9117f4f6d6
parent 34ae132930 ce186487f4
2 changed files with 9 additions and 5 deletions
--- a/webhook.go
+++ b/webhook.go
@ -240,7 +240,8 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
 			contentType = matchedHook.IncomingPayloadContentType
 		}

-		if strings.Contains(contentType, "json") {
+		switch {
+		case strings.Contains(contentType, "json"):
 			decoder := json.NewDecoder(strings.NewReader(string(body)))
 			decoder.UseNumber()

@ -249,13 +250,15 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
 			if err != nil {
 				log.Printf("[%s] error parsing JSON payload %+v\n", rid, err)
 			}
-		} else if strings.Contains(contentType, "form") {
+		case strings.Contains(contentType, "x-www-form-urlencoded"):
 			fd, err := url.ParseQuery(string(body))
 			if err != nil {
 				log.Printf("[%s] error parsing form payload %+v\n", rid, err)
 			} else {
 				payload = valuesToMap(fd)
 			}
+		default:
+			log.Printf("[%s] error parsing body payload due to unsupported content type header: %s\n", rid, contentType)
 		}

 		// handle hook
@ -272,7 +275,7 @@ func hookHandler(w http.ResponseWriter, r *http.Request) {
 			ok, err = matchedHook.TriggerRule.Evaluate(&headers, &query, &payload, &body, r.RemoteAddr)
 			if err != nil {
 				msg := fmt.Sprintf("[%s] error evaluating hook: %s", rid, err)
-				log.Print(msg)
+				log.Println(msg)
 				w.WriteHeader(http.StatusInternalServerError)
 				fmt.Fprint(w, "Error occurred while evaluating hook rules.")
 				return
@ -338,8 +341,8 @@ func handleHook(h *hook.Hook, rid string, headers, query, payload *map[string]in
 	// check the command exists
 	cmdPath, err := exec.LookPath(h.ExecuteCommand)
 	if err != nil {
-        // give a last chance, maybe is a relative path
-        relativeToCwd := filepath.Join(h.CommandWorkingDirectory, h.ExecuteCommand)
+		// give a last chance, maybe is a relative path
+		relativeToCwd := filepath.Join(h.CommandWorkingDirectory, h.ExecuteCommand)
 		// check the command exists
 		cmdPath, err = exec.LookPath(relativeToCwd)
 	}
--- a/webhook_test.go
+++ b/webhook_test.go
@ -617,6 +617,7 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
 	// Check logs
 	{"static params should pass", "static-params-ok", nil, `{}`, false, http.StatusOK, "arg: passed\n", `(?s)command output: arg: passed`},
 	{"command with space logs warning", "warn-on-space", nil, `{}`, false, http.StatusInternalServerError, "Error occurred while executing the hook's command. Please check your logs for more details.", `(?s)unable to locate command.*use 'pass[-]arguments[-]to[-]command' to specify args`},
+	{"unsupported content type error", "github", map[string]string{"Content-Type": "nonexistent/format"}, `{}`, false, http.StatusBadRequest, `Hook rules were not satisfied.`, `(?s)error parsing body payload due to unsupported content type header:`},
 }

 // buffer provides a concurrency-safe bytes.Buffer to tests above.