Merge pull request #25 from lukepatrick/v3

Update bitbucket uuid check to allow a non-specified uuid, similar to…
Update bitbucket uuid check to allow a non-specified uuid, similar to gitlab empty secret.
2018-02-23 05:10:58 -08:00 · 2018-02-22 15:27:54 -07:00
1 changed files with 8 additions and 4 deletions
@@ -80,10 +80,14 @@ func (hook Webhook) ParsePayload(w http.ResponseWriter, r *http.Request) {
 	}
 	webhooks.DefaultLog.Debug(fmt.Sprintf("X-Hook-UUID:%s", uuid))

-	if uuid != hook.uuid {
-		webhooks.DefaultLog.Error(fmt.Sprintf("X-Hook-UUID does not match configured uuid of %s", hook.uuid))
-		http.Error(w, "403 Forbidden - X-Hook-UUID does not match", http.StatusForbidden)
-		return
+	if len(hook.uuid) > 0 {
+		if uuid != hook.uuid {
+			webhooks.DefaultLog.Error(fmt.Sprintf("X-Hook-UUID %s does not match configured uuid of %s", uuid, hook.uuid))
+			http.Error(w, "403 Forbidden - X-Hook-UUID does not match", http.StatusForbidden)
+			return
+		}
+	} else {
+		webhooks.DefaultLog.Debug("hook uuid not defined - recommend setting for improved security")
 	}

 	event := r.Header.Get("X-Event-Key")
Author	SHA1	Message	Date
Dean Karn	c271ec3e32	Merge pull request #25 from lukepatrick/v3 Update bitbucket uuid check to allow a non-specified uuid, similar to…	2018-02-23 05:10:58 -08:00
lukepatrick	0c4911f7f5	Update bitbucket uuid check to allow a non-specified uuid, similar to gitlab empty secret.	2018-02-22 15:27:54 -07:00