import json
import os
import uuid
import pytest
from app import (
CONFIG,
DEFAULT_HASHLIB_BLACKLIST,
SNS,
app,
index,
parse_hashlib_blacklist,
)
from botocore.stub import Stubber
from chalice import BadRequestError, UnauthorizedError
TEST_DIR = os.path.dirname(os.path.abspath(__file__))
with open(os.path.join(TEST_DIR, "push.json")) as fp:
push = json.load(fp)
class Request(object):
def __init__(self, json_body, headers=None):
self.headers = headers or {}
self.json_body = json_body
self.raw_body = json.dumps(json_body)
class TestApp(object):
@pytest.fixture(autouse=True)
def _set_up(self, monkeypatch):
CONFIG["SECRET"] = None
def test_blacklist_default(self):
assert parse_hashlib_blacklist(DEFAULT_HASHLIB_BLACKLIST) == set(
["crc32", "crc32c", "md4", "md5", "mdc2"]
)
def test_blacklist_custom(self):
assert parse_hashlib_blacklist("SHA1,POLY1305-HMAC,INVENTED") == set(
["invented", "sha1", "poly1305-hmac"]
)
def test_no_secret(self):
app.current_request = Request(
push,
{
"X-GitHub-Event": "push",
"X-Hub-Signature": "whatever",
"X-GitHub-Delivery": uuid.uuid4().hex,
},
)
stubber = Stubber(SNS)
stubber.add_response(
"list_topics", {"Topics": [{"TopicArn": "arn:foo:bar:123_push"}]}
)
stubber.add_response("publish", {"MessageId": "1234"})
with stubber:
response = index("123")
assert response == {"Code": "Ok", "Message": "Webhook received."}
def test_no_signature(self):
CONFIG["SECRET"] = "very-secret"
app.current_request = Request(
push, {"X-GitHub-Event": "push", "X-GitHub-Delivery": uuid.uuid4().hex}
)
with pytest.raises(BadRequestError):
index("123")
def test_wrong_signature_format(self):
CONFIG["SECRET"] = "very-secret"
app.current_request = Request(
push,
{
"X-GitHub-Event": "push",
"X-Hub-Signature": "whatever",
"X-GitHub-Delivery": uuid.uuid4().hex,
},
)
with pytest.raises(BadRequestError):
index("123")
def test_blacklist_checksum_default(self):
CONFIG["SECRET"] = "very-secret"
app.current_request = Request(
push,
{
"X-GitHub-Event": "push",
"X-Hub-Signature": "crc32=whatever",
"X-GitHub-Delivery": uuid.uuid4().hex,
},
)
with pytest.raises(BadRequestError):
index("123")
def test_blacklist_checksum_custom(self):
CONFIG["SECRET"] = "very-secret"
CONFIG["HASHLIB_BLACKLIST"] = set(["poly1305-hmac"])
app.current_request = Request(
push,
{
"X-GitHub-Event": "push",
"X-Hub-Signature": "poly1305-hmac=whatever",
"X-GitHub-Delivery": uuid.uuid4().hex,
},
)
with pytest.raises(BadRequestError):
index("123")
def test_wrong_signature(self):
CONFIG["SECRET"] = "very-secret"
app.current_request = Request(
push,
{
"X-GitHub-Event": "push",
"X-Hub-Signature": "sha1=whatever",
"X-GitHub-Delivery": uuid.uuid4().hex,
},
)
with pytest.raises(UnauthorizedError):
index("123")
def test_missing_event_type(self):
app.current_request = Request(
push,
{"X-Hub-Signature": "sha=whatever", "X-GitHub-Delivery": uuid.uuid4().hex},
)
with pytest.raises(BadRequestError):
index("123")
def test_create_missing_topic(self):
app.current_request = Request(
push,
{
"X-GitHub-Event": "comment",
"X-Hub-Signature": "sha=whatever",
"X-GitHub-Delivery": uuid.uuid4().hex,
},
)
stubber = Stubber(SNS)
stubber.add_response(
"list_topics", {"Topics": [{"TopicArn": "arn:foo:bar:push"}]}
)
stubber.add_response("create_topic", {"TopicArn": "arn:foo:baz:123_push"})
stubber.add_response("publish", {"MessageId": "1234"})
with stubber:
response = index("123")
assert response == {"Code": "Ok", "Message": "Webhook received."}
