From 8cf292fd77d925c7a081d07f2bfc5f71283db261 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Mon, 30 Sep 2024 16:09:07 +0200 Subject: [PATCH] webhooks: was not checking signatures... --- webhooks/webhook.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/webhooks/webhook.py b/webhooks/webhook.py index f8a11eb..8cc8178 100755 --- a/webhooks/webhook.py +++ b/webhooks/webhook.py @@ -61,7 +61,9 @@ async def github_get(request: Request) -> HTTPResponse: @APP.route("/github", methods=["POST"]) async def github_post(request: Request) -> HTTPResponse: - if UNSAFE and (signatures_reply := check_webhook_signatures(request)): + if UNSAFE: + logging.warning("Unsafe webhook!") + elif signatures_reply := check_webhook_signatures(request): return signatures_reply event = request.headers.get("X-Github-Event") @@ -94,7 +96,6 @@ async def get_pr_infos(request: Request) -> dict: def check_webhook_signatures(request: Request) -> Optional[HTTPResponse]: - logging.warning("Unsafe webhook!") header_signature = request.headers.get("X-Hub-Signature") if header_signature is None: logging.error("no header X-Hub-Signature")