Add schema validation to all external trigger types

2015-09-21 17:46:50 -04:00 · 2015-09-21 17:46:50 -04:00 · 272326ae18
commit 272326ae18
parent bf578420f0
3 changed files with 297 additions and 6 deletions
--- a/buildtrigger/githubhandler.py
+++ b/buildtrigger/githubhandler.py
@ -3,11 +3,12 @@ import os.path
 import base64

 from app import app, github_trigger
+from jsonschema import validate

 from buildtrigger.triggerutil import (RepositoryReadException, TriggerActivationException,
                                      TriggerDeactivationException, TriggerStartException,
                                      EmptyRepositoryException, ValidationRequestException,
-                                      SkipRequestException,
+                                      SkipRequestException, InvalidPayloadException,
                                      determine_build_ref, raise_if_skipped_build,
                                      find_matching_branches)

@ -21,12 +22,82 @@ from github import (Github, UnknownObjectException, GithubException,

 logger = logging.getLogger(__name__)

+GITHUB_WEBHOOK_PAYLOAD_SCHEMA = {
+  'type': 'object',
+  'properties': {
+    'ref': {
+      'type': 'string',
+    },
+    'head_commit': {
+      'type': 'object',
+      'properties': {
+        'id': {
+          'type': 'string',
+        },
+        'url': {
+          'type': 'string',
+        },
+        'message': {
+          'type': 'string',
+        },
+        'timestamp': {
+          'type': 'string',
+        },
+        'author': {
+          'type': 'object',
+          'properties': {
+            'username': {
+              'type': 'string'
+            },
+            'html_url': {
+              'type': 'string'
+            },
+            'avatar_url': {
+              'type': 'string'
+            },
+          },
+          'required': ['username'],
+        },
+        'committer': {
+          'type': 'object',
+          'properties': {
+            'username': {
+              'type': 'string'
+            },
+            'html_url': {
+              'type': 'string'
+            },
+            'avatar_url': {
+              'type': 'string'
+            },
+          },
+          'required': ['username'],
+        },
+      },
+      'required': ['id', 'url', 'message', 'timestamp'],
+    },
+    'repository': {
+      'type': 'object',
+      'properties': {
+        'ssh_url': {
+          'type': 'string',
+        },
+      },
+      'required': ['ssh_url'],
+    },
+  },
+  'required': ['ref', 'head_commit', 'repository'],
+}

 def get_transformed_webhook_payload(gh_payload, default_branch=None, lookup_user=None):
  """ Returns the GitHub webhook JSON payload transformed into our own payload
      format. If the gh_payload is not valid, returns None.
  """
-  # TODO(jschorr): Validate payload JSON
+  try:
+    validate(gh_payload, GITHUB_WEBHOOK_PAYLOAD_SCHEMA)
+  except Exception as exc:
+    raise InvalidPayloadException(exc.message)
+
  payload = JSONPathDict(gh_payload)

  config = SafeDictSetter()