fix eddafea as some bad reqs have non-empty params

Denver Gingerich created 5 years ago

This fix is ported in from sgx-catapult, where we made the fix in
https://gitlab.com/ossguy/sgx-catapult/commit/c8fd695 - it is fairly
simple, but also fairly important.  Here is the description (with
edits made to show the corresponding commit IDs in this repo):

Sometimes HTTP requests to the port that sgx-bwmsgsv2 is running on
are slightly less naive - for example, with a path of:

  /web-meetme/conf_cdr.php?bookId=1

In this case params is indeed non-empty so we need to also catch this
case.  To be extra safe, we do so by rejecting both non-POST and
non-"root" requests.  Hopefully this will suffice for the situations
we care about, though of course the better solution would be to do
actual request validation.  We'll save that for later.

As with eddafea we have the same error/crash without this fix (if we
got an HTTP request of the above form):

  Shutting down gateway due to exception 013: no implicit conversion of nil into String

Change summary

sgx-bwmsgsv2.rb | 14 ++++++++++++++
1 file changed, 14 insertions(+)

Detailed changes

sgx-bwmsgsv2.rb 🔗

@@ -826,6 +826,20 @@ class WebhookHandler < Goliath::API
 			return [200, {}, "OK"]
 		end
 
+		if env['REQUEST_URI'] != '/'
+			puts 'BADREQUEST1: non-/ request "' +
+				env['REQUEST_URI'] + '", method "' +
+				env['REQUEST_METHOD'] + '"'
+			return [200, {}, "OK"]
+		end
+
+		if env['REQUEST_METHOD'] != 'POST'
+			puts 'BADREQUEST2: non-POST request; URI: "' +
+				env['REQUEST_URI'] + '", method "' +
+				env['REQUEST_METHOD'] + '"'
+			return [200, {}, "OK"]
+		end
+
 		# TODO: process each message in list, not just first one
 		jparams = params['_json'][0]['message']