Skip to content

Commit 526b030

Browse files
hmhealeyhmhealey
committedJan 11, 2019
MM-13606 Clean up integration response handling
1 parent de1a20d commit 526b030

File tree

2 files changed

+9
-4
lines changed

2 files changed

+9
-4
lines changed
 

‎app/command.go

+6-3
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ package app
55

66
import (
77
"fmt"
8+
"io"
89
"io/ioutil"
910
"net/http"
1011
"net/url"
@@ -253,17 +254,19 @@ func (a *App) ExecuteCommand(args *model.CommandArgs) (*model.CommandResponse, *
253254
} else {
254255
defer resp.Body.Close()
255256

257+
body := io.LimitReader(resp.Body, MaxIntegrationResponseSize)
258+
256259
if resp.StatusCode == http.StatusOK {
257-
if response, err := model.CommandResponseFromHTTPBody(resp.Header.Get("Content-Type"), resp.Body); err != nil {
260+
if response, err := model.CommandResponseFromHTTPBody(resp.Header.Get("Content-Type"), body); err != nil {
258261
return nil, model.NewAppError("command", "api.command.execute_command.failed.app_error", map[string]interface{}{"Trigger": trigger}, err.Error(), http.StatusInternalServerError)
259262
} else if response == nil {
260263
return nil, model.NewAppError("command", "api.command.execute_command.failed_empty.app_error", map[string]interface{}{"Trigger": trigger}, "", http.StatusInternalServerError)
261264
} else {
262265
return a.HandleCommandResponse(cmd, args, response, false)
263266
}
264267
} else {
265-
body, _ := ioutil.ReadAll(resp.Body)
266-
return nil, model.NewAppError("command", "api.command.execute_command.failed_resp.app_error", map[string]interface{}{"Trigger": trigger, "Status": resp.Status}, string(body), http.StatusInternalServerError)
268+
bodyBytes, _ := ioutil.ReadAll(body)
269+
return nil, model.NewAppError("command", "api.command.execute_command.failed_resp.app_error", map[string]interface{}{"Trigger": trigger, "Status": resp.Status}, string(bodyBytes), http.StatusInternalServerError)
267270
}
268271
}
269272
}

‎app/webhook.go

+3-1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ import (
2020
const (
2121
TRIGGERWORDS_EXACT_MATCH = 0
2222
TRIGGERWORDS_STARTS_WITH = 1
23+
24+
MaxIntegrationResponseSize = 1024 * 1024 // Posts can be <100KB at most, so this is likely more than enough
2325
)
2426

2527
func (a *App) handleWebhookEvents(post *model.Post, team *model.Team, channel *model.Channel, user *model.User) *model.AppError {
@@ -113,7 +115,7 @@ func (a *App) TriggerWebhook(payload *model.OutgoingWebhookPayload, hook *model.
113115
} else {
114116
defer resp.Body.Close()
115117

116-
webhookResp := model.OutgoingWebhookResponseFromJson(resp.Body)
118+
webhookResp := model.OutgoingWebhookResponseFromJson(io.LimitReader(resp.Body, MaxIntegrationResponseSize))
117119

118120
if webhookResp != nil && (webhookResp.Text != nil || len(webhookResp.Attachments) > 0) {
119121
postRootId := ""

0 commit comments

Comments
 (0)
Failed to load comments.