fix the case where a fork of web-platform-tests can cause comments to…

… appear on w3c/web-platform-tests issues
w3c · May 4, 2017 · c1c273b · c1c273b
1 parent 0225fd3
commit c1c273b
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/webhook_handler.py b/webhook_handler.py
@@ -3,6 +3,7 @@
 
 """This module contains the TravisCI webhook handler."""
 
+import ConfigParser
 from github import GitHub
 from travis import Travis
 from log_parser import parse_logs
@@ -12,6 +13,12 @@
 
 logging.basicConfig(filename='prbuildbot.log', level=logging.DEBUG)
 
+CONFIG = ConfigParser.ConfigParser()
+CONFIG.readfp(open(r'config.txt'))
+GH_TOKEN = CONFIG.get('GitHub', 'GH_TOKEN')
+ORG = CONFIG.get('GitHub', 'ORG')
+REPO = CONFIG.get('GitHub', 'REPO')
+
 
 def webhook_handler(payload, signature):
     """Respond to Travis webhook."""
@@ -26,6 +33,13 @@ def webhook_handler(payload, signature):
     if error:
         return error.get('message'), error.get('code')
 
+    # Ensure only builds for this repository can comment here.
+    repository = verified_payload.get("repository")
+    owner_name = repository.get("owner_name")
+    repo_name = repository.get("name")
+    if owner_name != ORG or repo_name != REPO:
+        return "Forbidden: Repository Mismatch. Build for %s/%s attempting to comment on %s/%s" % (owner_name, repo_name, ORG, REPO), 403
+
     issue_number = int(verified_payload.get('pull_request_number'))
     logs = travis.get_logs(verified_payload)