diff options
Diffstat (limited to 'gitautodeploy/parsers/github.py')
| -rw-r--r-- | gitautodeploy/parsers/github.py | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/gitautodeploy/parsers/github.py b/gitautodeploy/parsers/github.py index d95a1de..82785c3 100644 --- a/gitautodeploy/parsers/github.py +++ b/gitautodeploy/parsers/github.py @@ -40,6 +40,24 @@ class GitHubRequestParser(WebhookRequestParser): logger.info("Action '%s' was fired" % action) # Get a list of configured repositories that matches the incoming web hook reqeust - repo_configs = self.get_matching_repo_configs(repo_urls) + items = self.get_matching_repo_configs(repo_urls) - return repo_configs, ref or "master", action, repo_urls
\ No newline at end of file + repo_configs = [] + for repo_config in items: + + # Validate secret token if present + if 'secret-token' in repo_config and 'x-hub-signature' in request_headers: + if not self.verify_signature(repo_config['secret-token'], request_body, request_headers['x-hub-signature']): + logger.warning("Request signature does not match the 'secret-token' configured for repository %s." % repo_config['url']) + continue + + repo_configs.append(repo_config) + + return repo_configs, ref or "master", action, repo_urls + + def verify_signature(self, token, body, signature): + import hashlib + import hmac + + result = "sha1=" + hmac.new(str(token), body, hashlib.sha1).hexdigest() + return result == signature |