rack-github_webhooks 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: a873ebafec269872d3abb639f944a479adf2546f
4
- data.tar.gz: 717c16e2efcc488894a7bdb40aea1166d52d1851
2
+ SHA256:
3
+ metadata.gz: 4e9bc4dec047a6c37f877852a93a65b18c9aadb80be3b2814ae1a5c938ccc5b0
4
+ data.tar.gz: 0ae119a01cf1ac2afbe6582645d2de9f6452b6231c8ce5b8ce27139b1223d565
5
5
  SHA512:
6
- metadata.gz: 9dc3c67e962e3866178dee129c2d2fe33bb0cf3ade812a4b615c8d25cd99fc129c553cfdd5dffa07d722962589908ee05a39b0d1dd538fe3036d4bc7c01d2b51
7
- data.tar.gz: f4649ebce4d107ce3baa0d057aa97df7341b73d393c2f06da1a7c05e904654e5d78ea8d15c1a94718d28c0074e5dbc694c1f2b813886e9664bc9e73e1f991b7d
6
+ metadata.gz: 1405789690a5345c9676e29e229bf4d1b4e1541b72506c7571ead31281f2ca14c79cd366fa08ed2d3c9d972061a97d102d313e76c40dd663a76c013854c23e4f
7
+ data.tar.gz: ff191f5ec6ad9c86a978f9a8d9f03792dcc929e9f1b39e600aa157da2971df2d13025d61b4ce17675a8bdcf148b41af3c6ea748bf118805c97bbaf6fdc4be634
data/CHANGELOG.md CHANGED
@@ -3,6 +3,12 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project adheres to [Semantic Versioning](http://semver.org/).
5
5
 
6
+ ## [0.5.0] - 2022-03-09
7
+
8
+ ### Changed
9
+
10
+ - Validate using SHA256 instead of SHA1 #3
11
+
6
12
  ## [0.4.0] - 2016-03-25
7
13
 
8
14
  ### Fixed
@@ -29,3 +35,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
29
35
  [0.2.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.1.0...v0.2.0
30
36
  [0.3.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.2.0...v0.3.0
31
37
  [0.4.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.3.0...v0.4.0
38
+ [0.5.0]: https://github.com/chrismytton/rack-github_webhooks/compare/v0.4.0...v0.5.0
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class GithubWebhooks
3
- VERSION = '0.4.0'
3
+ VERSION = '0.5.0'
4
4
  end
5
5
  end
@@ -5,13 +5,12 @@ require 'json'
5
5
  module Rack
6
6
  class GithubWebhooks
7
7
  class Signature
8
- HMAC_DIGEST = OpenSSL::Digest.new('sha1')
8
+ HMAC_DIGEST = OpenSSL::Digest.new('sha256')
9
9
 
10
10
  def initialize(secret, hub_signature, payload_body)
11
11
  @secret = secret
12
12
  @hub_signature = hub_signature
13
- @signature = 'sha1=' +
14
- OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, payload_body)
13
+ @signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, payload_body)}"
15
14
  end
16
15
 
17
16
  def valid?
@@ -27,20 +26,23 @@ module Rack
27
26
  end
28
27
 
29
28
  def call(env)
30
- env['rack.input'].rewind
29
+ rewind_body(env)
31
30
  signature = Signature.new(
32
31
  @secret,
33
- env['HTTP_X_HUB_SIGNATURE'],
32
+ env['HTTP_X_HUB_SIGNATURE_256'],
34
33
  env['rack.input'].read
35
34
  )
36
35
  return [400, {}, ["Signatures didn't match!"]] unless signature.valid?
37
36
 
38
- begin
39
- env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
40
- rescue Errno::ESPIPE
41
- end
42
-
37
+ rewind_body(env)
43
38
  @app.call(env)
44
39
  end
40
+
41
+ private
42
+
43
+ def rewind_body(env)
44
+ env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
45
+ rescue Errno::ESPIPE
46
+ end
45
47
  end
46
48
  end
@@ -18,8 +18,8 @@ Gem::Specification.new do |spec|
18
18
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
19
19
  spec.require_paths = ['lib']
20
20
 
21
- spec.add_development_dependency 'bundler', '~> 1.10'
22
- spec.add_development_dependency 'rake', '~> 10.0'
21
+ spec.add_development_dependency 'bundler', '>= 1.10'
22
+ spec.add_development_dependency 'rake'
23
23
  spec.add_development_dependency 'minitest'
24
24
  spec.add_development_dependency 'pry'
25
25
  spec.add_development_dependency 'rack-test'
metadata CHANGED
@@ -1,43 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-github_webhooks
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Mytton
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-03-25 00:00:00.000000000 Z
11
+ date: 2022-03-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.10'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.10'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '10.0'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '10.0'
40
+ version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: minitest
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -94,7 +94,7 @@ dependencies:
94
94
  - - ">="
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
- description:
97
+ description:
98
98
  email:
99
99
  - chrismytton@gmail.com
100
100
  executables: []
@@ -117,7 +117,7 @@ homepage: https://github.com/chrismytton/rack-github_webhook
117
117
  licenses:
118
118
  - MIT
119
119
  metadata: {}
120
- post_install_message:
120
+ post_install_message:
121
121
  rdoc_options: []
122
122
  require_paths:
123
123
  - lib
@@ -132,9 +132,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
132
132
  - !ruby/object:Gem::Version
133
133
  version: '0'
134
134
  requirements: []
135
- rubyforge_project:
136
- rubygems_version: 2.5.1
137
- signing_key:
135
+ rubygems_version: 3.2.22
136
+ signing_key:
138
137
  specification_version: 4
139
138
  summary: Rack middleware to check GitHub webhooks are authentic
140
139
  test_files: []