Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Process for Validating a Webhook #14

Closed
3 tasks
kristinapathak opened this issue Apr 28, 2020 · 2 comments
Closed
3 tasks

Process for Validating a Webhook #14

kristinapathak opened this issue Apr 28, 2020 · 2 comments

Comments

@kristinapathak
Copy link
Contributor

kristinapathak commented Apr 28, 2020
edited
Loading

https://github.com/xmidt-org/webpa-common/blob/a81c75dd06641b1a9928dcb93f60faeba4eebc3d/webhook/webhook.go#L65

Add a way to validate a webhook, with configurable rules to apply against it. This would allow us to:

  • only allow https endpoints
  • have an endpoint url denylist (so no one can register for localhost)
  • not allow https endpoints with ip addresses

There is currently a sanitize() function and it may be that parts of that can be incorporated into this.
https://github.com/xmidt-org/webpa-common/blob/a81c75dd06641b1a9928dcb93f60faeba4eebc3d/webhook/webhook.go#L86

Then when someone tries to register for a new webhook that's invalid, we can return a 400.
@kristinapathak
Copy link
Contributor Author

Validation could also be configured to ensure the url is a valid URI, removing the need to do it later:
https://github.com/xmidt-org/caduceus/blob/master/outboundSender.go#L163

@gargidb gargidb self-assigned this May 11, 2020
@joe94 joe94 transferred this issue from xmidt-org/webpa-common Feb 18, 2021
@joe94 joe94 modified the milestone: v0.1.2 Feb 22, 2021
@kristinapathak
Copy link
Contributor Author

This would also allow us to check the Until time:
#12

@kristinapathak kristinapathak mentioned this issue Aug 16, 2021
Closed
@joe94 joe94 assigned joe94 and unassigned joe94 Aug 18, 2021
@mtrinh11 mtrinh11 mentioned this issue Aug 24, 2021
Merged
This was referenced Sep 2, 2021
Merged
Merged
This was referenced Sep 10, 2021
Merged
Merged
@kristinapathak kristinapathak mentioned this issue Sep 22, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joe94 @kristinapathak @mtrinh11 @gargidb