From f7d62732c97271066f1402f1b60f752b3ad4c150 Mon Sep 17 00:00:00 2001 From: Denver Gingerich Date: Tue, 24 Nov 2020 21:31:00 +0000 Subject: [PATCH] fix eddafea as some bad reqs have non-empty params This fix is ported in from sgx-catapult, where we made the fix in https://gitlab.com/ossguy/sgx-catapult/commit/c8fd695 - it is fairly simple, but also fairly important. Here is the description (with edits made to show the corresponding commit IDs in this repo): Sometimes HTTP requests to the port that sgx-bwmsgsv2 is running on are slightly less naive - for example, with a path of: /web-meetme/conf_cdr.php?bookId=1 In this case params is indeed non-empty so we need to also catch this case. To be extra safe, we do so by rejecting both non-POST and non-"root" requests. Hopefully this will suffice for the situations we care about, though of course the better solution would be to do actual request validation. We'll save that for later. As with eddafea we have the same error/crash without this fix (if we got an HTTP request of the above form): Shutting down gateway due to exception 013: no implicit conversion of nil into String --- sgx-bwmsgsv2.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/sgx-bwmsgsv2.rb b/sgx-bwmsgsv2.rb index b010bf5d8a591b6e3ca3e5a8fc6f2ca9741f80ae..51990ede96dfe7c34d90004a57aac2f0c9d99a49 100755 --- a/sgx-bwmsgsv2.rb +++ b/sgx-bwmsgsv2.rb @@ -826,6 +826,20 @@ class WebhookHandler < Goliath::API return [200, {}, "OK"] end + if env['REQUEST_URI'] != '/' + puts 'BADREQUEST1: non-/ request "' + + env['REQUEST_URI'] + '", method "' + + env['REQUEST_METHOD'] + '"' + return [200, {}, "OK"] + end + + if env['REQUEST_METHOD'] != 'POST' + puts 'BADREQUEST2: non-POST request; URI: "' + + env['REQUEST_URI'] + '", method "' + + env['REQUEST_METHOD'] + '"' + return [200, {}, "OK"] + end + # TODO: process each message in list, not just first one jparams = params['_json'][0]['message']