Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

white list non sensitive attributes in services

  • Loading branch information...
commit 99f3e617d25218dc8ebc1e07e6702f41c3f42af9 1 parent 6530cb4
@technoweenie technoweenie authored
Showing with 97 additions and 41 deletions.
  1. +1 −0  services/active_collab.rb
  2. +1 −0  services/agile_bench.rb
  3. +2 −1  services/agilezen.rb
  4. +1 −0  services/amqp.rb
  5. +2 −1  services/appharbor.rb
  6. +3 −2 services/bamboo.rb
  7. +2 −0  services/basecamp.rb
  8. +1 −0  services/boxcar.rb
  9. +1 −0  services/bugherd.rb
  10. +1 −0  services/bugly.rb
  11. +1 −0  services/bugzilla.rb
  12. +1 −0  services/campfire.rb
  13. +1 −0  services/cia.rb
  14. +1 −0  services/co_op.rb
  15. +1 −0  services/cube.rb
  16. +1 −0  services/email.rb
  17. +1 −0  services/fog_bugz.rb
  18. +1 −0  services/freckle.rb
  19. +1 −0  services/friend_feed.rb
  20. +1 −0  services/gemnasium.rb
  21. +1 −0  services/get_localization.rb
  22. +1 −0  services/grmble.rb
  23. +2 −3 services/grove.rb
  24. +1 −0  services/harvest.rb
  25. +1 −0  services/hipchat.rb
  26. +1 −0  services/irc.rb
  27. +1 −0  services/jabber.rb
  28. +1 −0  services/jaconda.rb
  29. +2 −1  services/jenkins.rb
  30. +1 −0  services/jira.rb
  31. +1 −1  services/kanbanery.rb
  32. +4 −3 services/kickoff.rb
  33. +2 −1  services/lighthouse.rb
  34. +1 −0  services/mantis_bt.rb
  35. +3 −2 services/nodejitsu.rb
  36. +1 −0  services/notifo.rb
  37. +2 −2 services/notifymyandroid.rb
  38. +1 −0  services/ontime.rb
  39. +2 −3 services/pachube.rb
  40. +1 −0  services/packagist.rb
  41. +1 −0  services/pivotal_tracker.rb
  42. +1 −0  services/presently.rb
  43. +1 −1  services/prowl.rb
  44. +2 −2 services/pushover.rb
  45. +1 −0  services/railsbp.rb
  46. +4 −3 services/rally.rb
  47. +1 −0  services/redmine.rb
  48. +2 −0  services/rubyforge.rb
  49. +2 −4 services/scrumdo.rb
  50. +2 −1  services/shiningpanda.rb
  51. +2 −0  services/socialcast.rb
  52. +1 −0  services/splendid_bacon.rb
  53. +2 −2 services/sqs_queue.rb
  54. +2 −5 services/stackmob.rb
  55. +1 −0  services/statusnet.rb
  56. +1 −0  services/talker.rb
  57. +2 −1  services/target_process.rb
  58. +1 −0  services/teamcity.rb
  59. +1 −0  services/toggl.rb
  60. +1 −0  services/trac.rb
  61. +1 −1  services/trajectory.rb
  62. +1 −0  services/travis.rb
  63. +1 −0  services/twilio.rb
  64. +1 −1  services/twitter.rb
  65. +1 −0  services/unfuddle.rb
  66. +2 −0  services/web.rb
  67. +1 −0  services/yammer.rb
  68. +1 −0  services/you_track.rb
  69. +1 −0  services/zendesk.rb
  70. +1 −0  services/zohoprojects.rb
View
1  services/active_collab.rb
@@ -9,6 +9,7 @@
class Service::ActiveCollab < Service
string :url, :token, :project_id, :milestone_id, :category_id
+ white_list :url, :project_id, :milestone_id, :category_id
def receive_push
if data['url'].to_s.empty?
View
1  services/agile_bench.rb
@@ -1,5 +1,6 @@
class Service::AgileBench < Service
string :token, :project_id
+ white_list :project_id
def receive_push
ensure_required_data
View
3  services/agilezen.rb
@@ -1,5 +1,6 @@
class Service::AgileZen < Service
string :api_key, :project_id, :branches
+ white_list :project_id, :branches
def receive_push
raise_config_error "Missing 'api_key'" if data['api_key'].to_s == ''
@@ -14,7 +15,7 @@ def receive_push
res = http_post "https://agilezen.com/api/v1/projects/#{data['project_id']}/changesets/github",
JSON.generate(payload)
-
+
if res.status < 200 || res.status > 299
raise_config_error
end
View
1  services/amqp.rb
@@ -1,6 +1,7 @@
class Service::AMQP < Service
string :server, :port, :vhost, :exchange, :username
password :password
+ white_list :server, :port, :vhost, :exchange, :username
def receive_push
# Support for specifying as host or server
View
3  services/appharbor.rb
@@ -1,6 +1,7 @@
class Service::AppHarbor < Service
string :application_slug, :token
-
+ white_list :application_slug
+
def receive_push
slugs = data['application_slug']
token = data['token']
View
5 services/bamboo.rb
@@ -1,6 +1,7 @@
class Service::Bamboo < Service
string :base_url, :build_key, :username
password :password
+ white_list :base_url, :build_key, :username
def receive_push
verify_config
@@ -24,11 +25,11 @@ def trigger_build(token, ref)
if parts.length == 2
branch = parts[0]
key = parts[1]
-
+
#Has a branch, verify it matches the branch for the commit
next unless branch == commit_branch
end
-
+
res = http_post "api/rest/executeBuild.action",
:auth => token, :buildKey => key
msg = XmlSimple.xml_in(res.body)
View
2  services/basecamp.rb
@@ -3,6 +3,8 @@ class Service::Basecamp < Service
password :password
boolean :ssl
+ white_list :url, :project, :category, :username
+
def receive_push
raise_config_error "Invalid basecamp domain" if basecamp_domain.nil?
View
1  services/boxcar.rb
@@ -1,5 +1,6 @@
class Service::Boxcar < Service
string :subscribers
+ white_list :subscribers
def receive_push
http_post \
View
1  services/bugherd.rb
@@ -1,5 +1,6 @@
class Service::Bugherd < Service
string :project_key
+ white_list :project_key
def receive_push
if data['url'].present?
View
1  services/bugly.rb
@@ -1,5 +1,6 @@
class Service::Bugly < Service
string :project_id, :account_name, :token
+ white_list :project_id, :account_name
def receive_push
http.ssl[:verify] = false # :(
View
1  services/bugzilla.rb
@@ -2,6 +2,7 @@ class Service::Bugzilla < Service
string :server_url, :username, :integration_branch
password :password
boolean :central_repository
+ white_list :server_url, :username, :integration_branch
def receive_push
# Check for settings
View
1  services/campfire.rb
@@ -7,6 +7,7 @@ class << self
string :subdomain, :room, :token, :sound
boolean :master_only, :play_sound, :long_url
+ white_list :subdomain, :room
default_events :push, :pull_request, :issues
View
1  services/cia.rb
@@ -1,6 +1,7 @@
class Service::CIA < Service
string :address, :project, :branch
boolean :long_url
+ white_list :address, :project, :branch
def receive_push
repository =
View
1  services/co_op.rb
@@ -1,5 +1,6 @@
class Service::CoOp < Service
string :group_id, :token
+ white_list :group_id
self.title = 'Co-Op'
View
1  services/cube.rb
@@ -1,5 +1,6 @@
class Service::Cube < Service
string :domain, :project, :token
+ white_list :domain, :project
def receive_push
http_post "http://cube.bitrzr.com/integration/events/github/create",
View
1  services/email.rb
@@ -12,6 +12,7 @@ def mailfrom(from_addr)
class Service::Email < Service
string :address, :secret
boolean :send_from_author, :show_diff
+ white_list :address
def receive_push
extend PushEmail
View
1  services/fog_bugz.rb
@@ -1,5 +1,6 @@
class Service::FogBugz < Service
string :cvssubmit_url, :fb_repoid, :fb_version
+ white_list :cvssubmit_url, :fb_repoid, :fb_version
def receive_push
if (fb_url = data['cvssubmit_url']).blank?
View
1  services/freckle.rb
@@ -1,5 +1,6 @@
class Service::Freckle < Service
string :subdomain, :project, :token
+ white_list :subdomain, :project
def receive_push
entries, subdomain, token, project =
View
1  services/friend_feed.rb
@@ -1,5 +1,6 @@
class Service::FriendFeed < Service
string :nickname, :remotekey
+ white_list :nickname
def receive_push
repository = payload['repository']['name']
View
1  services/gemnasium.rb
@@ -1,5 +1,6 @@
class Service::Gemnasium < Service
string :user, :token
+ white_list :user
def receive_push
http.basic_auth(user, signature)
View
1  services/get_localization.rb
@@ -1,5 +1,6 @@
class Service::GetLocalization < Service
string :project_name, :project_token
+ white_list :project_name
def receive_push
project_name = data['project_name']
View
1  services/grmble.rb
@@ -1,5 +1,6 @@
class Service::Grmble < Service
string :room_api_url, :token
+ white_list :room_api_url
def receive_push
http.url_prefix = data['room_api_url'].to_s
View
5 services/grove.rb
@@ -2,10 +2,9 @@ class Service::Grove < Service
string :channel_token
def receive_push
- raise_config_error "Missing channel token" if data['channel_token'].to_s.empty?
-
token = data['channel_token'].to_s
-
+ raise_config_error "Missing channel token" if token.empty?
+
res = http_post "https://grove.io/api/services/github/#{token}",
:payload => JSON.generate(payload)
end
View
1  services/harvest.rb
@@ -9,6 +9,7 @@ class Service::Harvest < Service
string :subdomain, :username
password :password
boolean :ssl
+ white_list :subdomain, :username
def receive_push
if data['username'].to_s.empty?
View
1  services/hipchat.rb
@@ -1,6 +1,7 @@
class Service::HipChat < Service
string :auth_token, :room
boolean :notify
+ white_list :room
default_events :commit_comment, :download, :fork, :fork_apply, :gollum,
:issues, :issue_comment, :member, :public, :pull_request, :push, :watch
View
1  services/irc.rb
@@ -2,6 +2,7 @@ class Service::IRC < Service
string :server, :port, :room, :nick, :branch_regexes
password :password
boolean :ssl, :message_without_join, :no_colors, :long_url, :notice
+ white_list :server, :port, :room, :nick
def receive_push
return if distinct_commits.empty?
View
1  services/jabber.rb
@@ -29,6 +29,7 @@ def join(jid, password=nil)
class Service::Jabber < Service
string :user
+ white_list :user
def receive_push
# Accept any friend request
View
1  services/jaconda.rb
@@ -1,6 +1,7 @@
class Service::Jaconda < Service
string :subdomain, :room_id, :room_token
boolean :digest
+ white_list :subdomain, :room_id
default_events :commit_comment, :download, :fork, :fork_apply, :gollum,
:issues, :issue_comment, :member, :public, :pull_request, :push, :watch
View
3  services/jenkins.rb
@@ -1,5 +1,6 @@
class Service::Jenkins < Service
string :jenkins_hook_url
+ white_list :jenkins_hook_url
def receive_push
if data['jenkins_hook_url'].present?
@@ -10,4 +11,4 @@ def receive_push
http_post url,
:payload => JSON.generate(payload)
end
-end
+end
View
1  services/jira.rb
@@ -1,6 +1,7 @@
class Service::Jira < Service
string :server_url, :api_version, :username
password :password
+ white_list :api_version, :server_url, :username
def receive_push
payload['commits'].each do |commit|
View
2  services/kanbanery.rb
@@ -1,5 +1,6 @@
class Service::Kanbanery < Service
string :project_id, :project_token
+ white_list :project_id
def receive_push
project_id = data['project_id']
@@ -9,7 +10,6 @@ def receive_push
payload.to_json,
'X-Kanbanery-ProjectGitHubToken' => token,
'Content-Type' => 'application/json'
-
end
end
View
7 services/kickoff.rb
@@ -1,10 +1,11 @@
class Service::Kickoff < Service
string :project_id, :project_token
-
+ white_list :project_id
+
def receive_push
raise_config_error 'Missing project id' if data['project_id'].to_s.empty?
raise_config_error 'Missing project token' if data['project_token'].to_s.empty?
-
+
messages = []
messages << "#{summary_message}: #{summary_url}"
messages += commit_messages.first(8)
@@ -13,7 +14,7 @@ def receive_push
messages.shift # drop summary message
messages.first << " (#{distinct_commits.first['url']})"
end
-
+
doc = REXML::Document.new("<request></request>")
e = REXML::Element.new("message")
e.text = messages.join("\n")
View
3  services/lighthouse.rb
@@ -1,11 +1,12 @@
class Service::Lighthouse < Service
string :subdomain, :project_id, :token
boolean :private, :send_only_ticket_commits
+ white_list :subdomain, :project_id
def receive_push
# matches string with square braces with content starting with # and a digit.
check_for_lighthouse_flags = /\[#\d.+?\]/
-
+
payload['commits'].each do |commit|
next if commit['message'] =~ /^x /
next if data['send_only_ticket_commits'] == false && (commit['message'] =~ check_for_lighthouse_flags).nil?
View
1  services/mantis_bt.rb
@@ -1,5 +1,6 @@
class Service::MantisBT < Service
string :url, :api_key
+ white_list :url
def receive_push
http.ssl[:verify] = false
View
5 services/nodejitsu.rb
@@ -1,7 +1,8 @@
# based on the travis.rb service
class Service::Nodejitsu < Service
- string :subdomain, :username, :branch
+ string :subdomain, :username, :branch
password :password
+ white_list :subdomain, :username, :branch
def receive_push
return if branch.to_s != '' && branch != branch_name
@@ -59,4 +60,4 @@ def full_domain
def domain_parts
@domain_parts ||= full_domain.split('://')
end
-end
+end
View
1  services/notifo.rb
@@ -1,5 +1,6 @@
class Service::Notifo < Service
string :subscribers
+ white_list :subscribers
def receive_push
return if Array(payload['commits']).size == 0
View
4 services/notifymyandroid.rb
@@ -4,13 +4,13 @@ class Service::NMA < Service
def receive_push
return unless payload['commits']
-
+
url = URI.parse('https://www.notifymyandroid.com/publicapi/notify')
repository = payload['repository']['url'].split("/")
event = [repository[-2], repository[-1]].join('/')
application = "GitHub"
description = "#{payload['commits'].length} commits pushed to #{application} (#{payload['commits'][-1]['id'][0..7]}..#{payload['commits'][0]['id'][0..7]})
-
+
Latest Commit by #{payload['commits'][-1]['author']['name']}
#{payload['commits'][-1]['id'][0..7]} #{payload['commits'][-1]['message']}"
View
1  services/ontime.rb
@@ -1,5 +1,6 @@
class Service::OnTime < Service
string :ontime_url, :api_key
+ white_list :ontime_url
self.title = 'OnTime'
View
5 services/pachube.rb
@@ -1,7 +1,6 @@
class Service::Pachube < Service
- string :api_key
- string :feed_id
- string :track_branch
+ string :api_key, :feed_id, :track_branch
+ white_list :feed_id, :track_branch
def receive_push
raise_config_error "Missing api_key" if data['api_key'].to_s.empty?
View
1  services/packagist.rb
@@ -1,5 +1,6 @@
class Service::Packagist < Service
string :domain, :user, :token
+ white_list :domain, :user
def receive_push
http.ssl[:verify] = false
View
1  services/pivotal_tracker.rb
@@ -1,5 +1,6 @@
class Service::PivotalTracker < Service
string :token, :branch, :endpoint
+ white_list :endpoint, :branch
def receive_push
token = data['token']
View
1  services/presently.rb
@@ -1,6 +1,7 @@
class Service::Presently < Service
string :subdomain, :group_name, :username
password :password
+ white_list :subdomain, :group_name, :username
def receive_push
repository = payload['repository']['name']
View
2  services/prowl.rb
@@ -8,7 +8,7 @@ def receive_push
event = [repository[-2], repository[-1]].join('/')
application = "GitHub"
description = "#{payload['commits'].length} commits pushed to #{application} (#{payload['commits'][-1]['id'][0..7]}..#{payload['commits'][0]['id'][0..7]})
-
+
Latest Commit by #{payload['commits'][-1]['author']['name']}
#{payload['commits'][-1]['id'][0..7]} #{payload['commits'][-1]['message']}"
View
4 services/pushover.rb
@@ -1,6 +1,6 @@
class Service::Pushover < Service
- string :user_key
- string :device_name
+ string :user_key, :device_name
+ white_list :device_name
def receive_push
if !payload["commits"].any?
View
1  services/railsbp.rb
@@ -1,5 +1,6 @@
class Service::Railsbp < Service
string :railsbp_url, :token
+ white_list :railsbp_url
def receive_push
http_post railsbp_url, :token => token, :payload => payload.to_json
View
7 services/rally.rb
@@ -3,6 +3,7 @@
class Service::Rally < Service
string :server, :username, :workspace, :repository
password :password
+ white_list :server, :workspace, :repository
attr_accessor :wksp_ref, :user_cache
@@ -19,8 +20,8 @@ def receive_push
branch = payload['ref'].split('/')[-1] # most of the time it'll be refs/heads/master ==> master
repo = payload['repository']['name']
repo_owner = payload['repository']['owner']['name']
- chgset_uri = 'https://github.com/%s/%s' % [repo_owner, repo]
-
+ chgset_uri = 'https://github.com/%s/%s' % [repo_owner, repo]
+
http.ssl[:verify] = false
if server =~ /^https?:\/\// # if they have http:// or https://, leave server value unchanged
http.url_prefix = "#{server}/slm/webservice/1.30"
@@ -58,7 +59,7 @@ def addChangeset(commit, repo_ref, artifact_refs, chgset_uri, branch)
'Revision' => commit['id'],
'CommitTimestamp' => Time.iso8601(commit['timestamp']).strftime("%FT%H:%M:%S.00Z"),
'Author' => user_ref,
- 'Message' => message,
+ 'Message' => message,
'Uri' => chgset_uri,
'Artifacts' => artifact_refs # [{'_ref' => 'defect/1324.js'}, {}...]
}
View
1  services/redmine.rb
@@ -1,5 +1,6 @@
class Service::Redmine < Service
string :address, :project, :api_key
+ white_list :address, :project
def receive_push
http.ssl[:verify] = false
View
2  services/rubyforge.rb
@@ -1,6 +1,8 @@
class Service::Rubyforge < Service
string :groupid, :username
password :password
+ white_list :groupid, :username
+
def receive_push
repository = payload['repository']['name']
branch = ref_name
View
6 services/scrumdo.rb
@@ -1,7 +1,6 @@
class Service::ScrumDo < Service
- string :username
- string :password
- string :project_slug
+ string :username, :password, :project_slug
+ white_list :project_slug, :username
def receive_push
username = data["username"]
@@ -15,7 +14,6 @@ def receive_push
if res.status < 200 || res.status > 299
raise_config_error
end
-
end
end
View
3  services/shiningpanda.rb
@@ -1,5 +1,6 @@
class Service::ShiningPanda < Service
string :workspace, :job, :token, :parameters
+ white_list :workspace, :job, :parameters
def receive_push
if workspace.empty?
@@ -55,4 +56,4 @@ def url
@url ||= "https://jenkins.shiningpanda.com/#{workspace}/job/#{job}/#{parameters.empty? ? 'build' : 'buildWithParameters'}"
end
-end
+end
View
2  services/socialcast.rb
@@ -2,6 +2,8 @@
class Service::Socialcast < Service
string :api_domain, :group_id, :username
password :password
+ white_list :api_domain, :group_id, :username
+
def receive_push
repository = payload['repository']['name']
group_id = (data['group_id'].nil? || data['group_id'] == '') ? '' : data['group_id']
View
1  services/splendid_bacon.rb
@@ -1,5 +1,6 @@
class Service::SplendidBacon < Service
string :project_id, :token
+ white_list :project_id
def receive_push
token = data['token']
View
4 services/sqs_queue.rb
@@ -1,7 +1,7 @@
class Service::SqsQueue < Service
-
- string :aws_access_key, :sqs_queue_name
+ string :aws_access_key, :sqs_queue_name
password :aws_secret_key
+ white_list :aws_access_key, :sqs_queue_name
# receive_push()
def receive_push
View
7 services/stackmob.rb
@@ -1,5 +1,5 @@
class Service::Stackmob < Service
- string :token
+ string :token
TOKEN_KEY = 'token'
BASE_URL = "https://deploy.stackmob.com/callback"
@@ -10,11 +10,8 @@ def receive_push
http.url_prefix = BASE_URL
http.headers['Content-Type'] = 'application/json'
-
+
http_post token, payload.to_json
end
-
end
-
-
View
1  services/statusnet.rb
@@ -2,6 +2,7 @@ class Service::StatusNet < Service
string :server, :username
password :password
boolean :digest
+ white_list :server, :username
def receive_push
repository = payload['repository']['name']
View
1  services/talker.rb
@@ -1,6 +1,7 @@
class Service::Talker < Service
string :url, :token
boolean :digest
+ white_list :url
def receive_push
repository = payload['repository']['name']
View
3  services/target_process.rb
@@ -1,6 +1,7 @@
class Service::TargetProcess < Service
string :base_url, :username, :project_id
password :password
+ white_list :base_url, :username, :project_id
def receive_push
# setup things for our REST calls
@@ -13,7 +14,7 @@ def receive_push
|commit| process_commit(commit)
}
end
-
+
private
def valid_response?(res)
case res.status
View
1  services/teamcity.rb
@@ -1,6 +1,7 @@
class Service::TeamCity < Service
string :base_url, :build_type_id, :username
password :password
+ white_list :base_url, :build_type_id, :username
def receive_push
# :(
View
1  services/toggl.rb
@@ -1,5 +1,6 @@
class Service::Toggl < Service
string :project, :api_token
+ white_list :project
def receive_push
http.url_prefix = "https://www.toggl.com/api/v5"
View
1  services/trac.rb
@@ -1,5 +1,6 @@
class Service::Trac < Service
string :url, :token
+ white_list :url
def receive_push
http.ssl[:verify] = false
View
2  services/trajectory.rb
@@ -7,7 +7,7 @@ def receive_push
http.headers['content-type'] = 'application/json'
res = http_post "https://www.apptrajectory.com/api/payloads?api_key=#{data['api_key'].to_s}", JSON.generate(payload)
-
+
if res.status < 200 || res.status > 299
raise_config_error
end
View
1  services/travis.rb
@@ -1,5 +1,6 @@
class Service::Travis < Service
string :user, :token, :domain
+ white_list :domain, :user
def receive_push
http.ssl[:verify] = false
View
1  services/twilio.rb
@@ -2,6 +2,7 @@ class Service::Twilio < Service
string :account_sid, :from_phone, :to_phone
boolean :master_only
password :auth_token
+ white_list :account_sid, :from_phone, :to_phone
def receive_push
check_configuration_options(data)
View
2  services/twitter.rb
@@ -4,7 +4,7 @@ class Service::Twitter < Service
def receive_push
return unless payload['commits']
-
+
statuses = []
repository = payload['repository']['name']
View
1  services/unfuddle.rb
@@ -2,6 +2,7 @@ class Service::Unfuddle < Service
string :subdomain, :repo_id, :username
password :password
boolean :httponly
+ white_list :subdomain, :repo_id, :username
def receive_push
u_repoid = data['repo_id'].to_i
View
2  services/web.rb
@@ -10,6 +10,8 @@ class Service::Web < Service
# new hooks should set content_type == 'json'
:content_type
+ white_list :url, :content_type
+
boolean :insecure_ssl # :(
def receive_event
View
1  services/yammer.rb
@@ -2,6 +2,7 @@ class Service::Yammer < Service
string :group_id, :consumer_key, :consumer_secret,
:access_token, :access_secret
boolean :digest
+ white_list :group_id
def receive_push
statuses = [ ]
View
1  services/you_track.rb
@@ -1,6 +1,7 @@
class Service::YouTrack < Service
string :base_url, :committers, :username
password :password
+ white_list :base_url, :username, :committers
def receive_push
http.ssl[:verify] = false
View
1  services/zendesk.rb
@@ -3,6 +3,7 @@ class Service::Zendesk < Service
default_events :commit_comment, :issues, :issue_comment, :pull_request, :push
string :subdomain, :username
password :password
+ white_list :subdomain, :username
def invalid_request?
data['username'].to_s.empty? or
View
1  services/zohoprojects.rb
@@ -1,5 +1,6 @@
class Service::ZohoProjects < Service
string :project_id, :token
+ white_list :project_id
def receive_push
res = http_post "https://projects.zoho.com/serviceHook",
Please sign in to comment.
Something went wrong with that request. Please try again.