From 0ebd2c0ccd9e91d70f3d25277c09279086896d8b Mon Sep 17 00:00:00 2001
From: Travis Redfield <travis.redfield@slalom.com>
Date: Mon, 17 Jun 2019 08:09:30 -0700
Subject: [PATCH 1/2] update lambda to handle bitbuckt server

---
 functions/source/GitPullS3/lambda_function.py | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/functions/source/GitPullS3/lambda_function.py b/functions/source/GitPullS3/lambda_function.py
index 03d5659..1292f58 100644
--- a/functions/source/GitPullS3/lambda_function.py
+++ b/functions/source/GitPullS3/lambda_function.py
@@ -143,9 +143,10 @@ def lambda_handler(event, context):
         if event['params']['header']['X-Gitlab-Token'] in apikeys:
             secure = True
     if 'X-Hub-Signature' in event['params']['header'].keys():
+        logger.info('Checking X-Hub-Signature')
         for k in apikeys:
-            k1 = hmac.new(str(k), str(event['context']['raw-body']), hashlib.sha1).hexdigest()
-            k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha1=', ''))
+            k1 = hmac.new(str(k), str(event['context']['raw-body']), hashlib.sha256).hexdigest()
+            k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha256=', ''))
             if k1 == k2:
                 secure = True
     # TODO: Add the ability to clone TFS repo using SSH keys
@@ -156,6 +157,10 @@ def lambda_handler(event, context):
             full_name = event['body-json']['repository']['fullName']
         except KeyError:
             full_name = event['body-json']['repository']['path_with_namespace']
+                try:
+                    full_name = event['body-json']['repository']['name']
+                except KeyError:  # BitBucket pull-request
+                    full_name = event['body-json']['pullRequest']['fromRef']['repository']['name']
     if not secure:
         logger.error('Source IP %s is not allowed' % event['context']['source-ip'])
         raise Exception('Source IP %s is not allowed' % event['context']['source-ip'])
@@ -180,6 +185,17 @@ def lambda_handler(event, context):
             remote_url = 'git@'+event['body-json']['repository']['links']['html']['href'].replace('https://', '').replace('/', ':', 1)+'.git'
         except:
             remote_url = event['body-json']['repository']['ssh_url']
+                try:
+                    for i, url in enumerate(event['body-json']['repository']['links']['clone']):
+                        if url['name'] == 'ssh':
+                            ssh_index = i
+                    remote_url = event['body-json']['repository']['links']['clone'][ssh_index]['href']
+                except: # BitBucket pull-request
+                    for i, url in enumerate(event['body-json']['pullRequest']['fromRef']['repository']['links']['clone']):
+                        if url['name'] == 'ssh':
+                            ssh_index = i
+
+                    remote_url = event['body-json']['pullRequest']['fromRef']['repository']['links']['clone'][ssh_index]['href']
     repo_path = '/tmp/%s' % repo_name
     creds = RemoteCallbacks(credentials=get_keys(keybucket, pubkey), )
     try:

From 23aeb5ffd3a4ae417934a8b86e7c4969683c5044 Mon Sep 17 00:00:00 2001
From: Travis Redfield <travis.redfield@slalom.com>
Date: Mon, 17 Jun 2019 08:41:26 -0700
Subject: [PATCH 2/2] use context parameter for sha256

---
 functions/source/GitPullS3/lambda_function.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/functions/source/GitPullS3/lambda_function.py b/functions/source/GitPullS3/lambda_function.py
index 1292f58..47ac3b6 100644
--- a/functions/source/GitPullS3/lambda_function.py
+++ b/functions/source/GitPullS3/lambda_function.py
@@ -143,10 +143,13 @@ def lambda_handler(event, context):
         if event['params']['header']['X-Gitlab-Token'] in apikeys:
             secure = True
     if 'X-Hub-Signature' in event['params']['header'].keys():
-        logger.info('Checking X-Hub-Signature')
         for k in apikeys:
-            k1 = hmac.new(str(k), str(event['context']['raw-body']), hashlib.sha256).hexdigest()
-            k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha256=', ''))
+            if 'use-sha256' in event['context']:
+                k1 = hmac.new(str(k), str(event['context']['raw-body']), hashlib.sha256).hexdigest()
+                k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha256=', ''))
+            else:
+                k1 = hmac.new(str(k), str(event['context']['raw-body']), hashlib.sha1).hexdigest()
+                k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha1=', ''))
             if k1 == k2:
                 secure = True
     # TODO: Add the ability to clone TFS repo using SSH keys
@@ -156,7 +159,9 @@ def lambda_handler(event, context):
         try:
             full_name = event['body-json']['repository']['fullName']
         except KeyError:
-            full_name = event['body-json']['repository']['path_with_namespace']
+            try:
+                full_name = event['body-json']['repository']['path_with_namespace']
+            except KeyError:
                 try:
                     full_name = event['body-json']['repository']['name']
                 except KeyError:  # BitBucket pull-request
@@ -184,7 +189,9 @@ def lambda_handler(event, context):
         try:
             remote_url = 'git@'+event['body-json']['repository']['links']['html']['href'].replace('https://', '').replace('/', ':', 1)+'.git'
         except:
-            remote_url = event['body-json']['repository']['ssh_url']
+            try:
+                remote_url = event['body-json']['repository']['ssh_url']
+            except: #Bitbucket
                 try:
                     for i, url in enumerate(event['body-json']['repository']['links']['clone']):
                         if url['name'] == 'ssh':