From 178373293da0ff3eabdae1ddee31b78973c2cebe Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Wed, 22 Mar 2017 15:29:44 -0400
Subject: [PATCH] Disable web endpoints for app repos

---
 endpoints/githubtrigger.py | 2 ++
 endpoints/gitlabtrigger.py | 2 ++
 endpoints/web.py           | 9 ++++++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/endpoints/githubtrigger.py b/endpoints/githubtrigger.py
index 43b11e14d..7b4b12bb0 100644
--- a/endpoints/githubtrigger.py
+++ b/endpoints/githubtrigger.py
@@ -31,6 +31,8 @@ def attach_github_build_trigger(namespace_name, repo_name):
     if not repo:
       msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name)
       abort(404, message=msg)
+    elif repo.kind.name != 'image':
+      abort(501)
 
     trigger = model.build.create_build_trigger(repo, 'github', token, current_user.db_user())
     repo_path = '%s/%s' % (namespace_name, repo_name)
diff --git a/endpoints/gitlabtrigger.py b/endpoints/gitlabtrigger.py
index 2626a068d..9f0f395c1 100644
--- a/endpoints/gitlabtrigger.py
+++ b/endpoints/gitlabtrigger.py
@@ -44,6 +44,8 @@ def attach_gitlab_build_trigger():
     if not repo:
       msg = 'Invalid repository: %s/%s' % (namespace, repository)
       abort(404, message=msg)
+    elif repo.kind.name != 'image':
+      abort(501)
 
     trigger = model.build.create_build_trigger(repo, 'gitlab', token, current_user.db_user())
     repo_path = '%s/%s' % (namespace, repository)
diff --git a/endpoints/web.py b/endpoints/web.py
index a0ad23755..ccae5e9dd 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -426,9 +426,12 @@ def confirm_recovery():
 @anon_protect
 def build_status_badge(namespace_name, repo_name):
   token = request.args.get('token', None)
+  repo = model.repository.get_repository(namespace_name, repo_name)
+  if repo and repo.kind.name != 'image':
+    abort(404)
+
   is_public = model.repository.repository_is_public(namespace_name, repo_name)
   if not is_public:
-    repo = model.repository.get_repository(namespace_name, repo_name)
     if not repo or token != repo.badge_token:
       abort(404)
 
@@ -628,6 +631,8 @@ def attach_bitbucket_trigger(namespace_name, repo_name):
     if not repo:
       msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name)
       abort(404, message=msg)
+    elif repo.kind.name != 'image':
+      abort(501)
 
     trigger = model.build.create_build_trigger(repo, BitbucketBuildTrigger.service_name(), None,
                                                current_user.db_user())
@@ -661,6 +666,8 @@ def attach_custom_build_trigger(namespace_name, repo_name):
     if not repo:
       msg = 'Invalid repository: %s/%s' % (namespace_name, repo_name)
       abort(404, message=msg)
+    elif repo.kind.name != 'image':
+      abort(501)
 
     trigger = model.build.create_build_trigger(repo, CustomBuildTrigger.service_name(),
                                                None, current_user.db_user())