Skip to content

Commit

Permalink
[JENKINS-37481] Ignore sign header if sign not defined in Jenkins
Browse files Browse the repository at this point in the history
  • Loading branch information
@lanwen
lanwen committed Aug 18, 2016
1 parent 70117b9 commit 05ad7b4
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/main/java/org/jenkinsci/plugins/github/webhook/RequirePostWithGHHookPayload.java
View file
Expand Up @@ -142,7 +142,7 @@ protected void shouldProvideValidSignature(StaplerRequest req, Object[] args) th
Optional<String> signHeader = Optional.fromNullable(req.getHeader(SIGNATURE_HEADER));
Secret secret = GitHubPlugin.configuration().getHookSecretConfig().getHookSecret();

if (signHeader.isPresent()) {
if (signHeader.isPresent() && Optional.fromNullable(secret).isPresent()) {
String digest = substringAfter(signHeader.get(), SHA1_PREFIX);
LOGGER.trace("Trying to verify sign from header {}", signHeader.get());
isTrue(
Expand Down
14 changes: 14 additions & 0 deletions src/test/java/org/jenkinsci/plugins/github/webhook/RequirePostWithGHHookPayloadTest.java
View file
@@ -1,9 +1,12 @@
package org.jenkinsci.plugins.github.webhook;

import org.jenkinsci.plugins.github.GitHubPlugin;
import org.jenkinsci.plugins.github.config.HookSecretConfig;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.kohsuke.github.GHEvent;
import org.kohsuke.stapler.StaplerRequest;
Expand Down Expand Up @@ -129,6 +132,17 @@ public void shouldPassWithValidSignature() throws Exception {
processor.shouldProvideValidSignature(req, null);
}

@Test
@Issue("JENKINS-37481")
public void shouldIgnoreSignHeaderOnNotDefinedSignInConfig() throws Exception {
GitHubPlugin.configuration().setHookSecretConfig(new HookSecretConfig(null));
final String signature = "sha1=49d5f5cf800a81f257324912969a2d325d13d3fc";

when(req.getHeader(RequirePostWithGHHookPayload.Processor.SIGNATURE_HEADER)).thenReturn(signature);

processor.shouldProvideValidSignature(req, null);
}

@Test
public void shouldReturnValidPayloadOnApplicationJson() {
final String payload = "test";
Expand Down

0 comments on commit 05ad7b4

Please sign in to comment.