Add schema validation to all external trigger types

2015-09-21 17:46:50 -04:00 · 2015-09-21 17:46:50 -04:00 · 272326ae18
commit 272326ae18
parent bf578420f0
3 changed files with 297 additions and 6 deletions
--- a/buildtrigger/gitlabhandler.py
+++ b/buildtrigger/gitlabhandler.py
@ -2,10 +2,11 @@ import logging

 from app import app

+from jsonschema import validate
 from buildtrigger.triggerutil import (RepositoryReadException, TriggerActivationException,
                                      TriggerDeactivationException, TriggerStartException,
                                      EmptyRepositoryException, ValidationRequestException,
-                                      SkipRequestException,
+                                      SkipRequestException, InvalidPayloadException,
                                      determine_build_ref, raise_if_skipped_build,
                                      find_matching_branches)

@ -18,12 +19,65 @@ import gitlab

 logger = logging.getLogger(__name__)

+GITLAB_WEBHOOK_PAYLOAD_SCHEMA = {
+  'type': 'object',
+  'properties': {
+    'ref': {
+      'type': 'string',
+    },
+    'checkout_sha': {
+      'type': 'string',
+    },
+    'repository': {
+      'type': 'object',
+      'properties': {
+        'git_ssh_url': {
+          'type': 'string',
+        },
+      },
+      'required': ['git_ssh_url'],
+    },
+    'commits': {
+      'type': 'array',
+      'items': {
+        'type': 'object',
+        'properties': {
+          'url': {
+            'type': 'string',
+          },
+          'message': {
+            'type': 'string',
+          },
+          'timestamp': {
+            'type': 'string',
+          },
+          'author': {
+            'type': 'object',
+            'properties': {
+              'email': {
+                'type': 'string',
+              },
+            },
+            'required': ['email'],
+          },
+        },
+        'required': ['url', 'message', 'timestamp'],
+      },
+      'minItems': 1,
+    }
+  },
+  'required': ['ref', 'checkout_sha', 'repository'],
+}

 def get_transformed_webhook_payload(gl_payload, default_branch=None, lookup_user=None):
  """ Returns the Gitlab webhook JSON payload transformed into our own payload
      format. If the gl_payload is not valid, returns None.
  """
-  # TODO(jschorr): Validate payload JSON
+  try:
+    validate(gl_payload, GITLAB_WEBHOOK_PAYLOAD_SCHEMA)
+  except Exception as exc:
+    raise InvalidPayloadException(exc.message)
+
  payload = JSONPathDict(gl_payload)

  config = SafeDictSetter()