Merge pull request #246 from moebrowne

Webhook URI Validation

Author: sebastianfeldmann

src/Log/Webhook.php

@@ -128,6 +128,18 @@ public function setup(array $options)
         if (empty($options['uri'])) {
             throw new Exception('no uri given');
         }
+
+        // PHP >7.2 deprecated the filter options and enabled them by default
+        if (version_compare(PHP_VERSION, '7.2.0', '<')) {
+            $filterOptions = FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED;
+        } else {
+            $filterOptions = null;
+        }
+
+        if (!filter_var($options['uri'], FILTER_VALIDATE_URL, $filterOptions)) {
+            throw new Exception('webhook URI is invalid');
+        }
+
         $this->uri             = $options['uri'];
         $this->method          = Arr::getValue($options, 'method', 'GET');
         $this->username        = Arr::getValue($options, 'username', '');

tests/phpbu/Log/WebhookTest.php

@@ -33,6 +33,16 @@ public function testSetupNoTarget()
         $json->setup([]);
     }
 
+    /**
+     * Tests Webhook::setup
+     */
+    public function testUriMustBeValid()
+    {
+        $this->expectException('phpbu\App\Exception');
+        $json = new Webhook();
+        $json->setup(['uri' => 'not a URI']);
+    }
+
     /**
      * Tests Webhook::onPhpbuEnd
      */
@@ -46,7 +56,7 @@ public function testGet()
         $phpbuEndEvent = $this->createMock(\phpbu\App\Event\App\End::class);
         $phpbuEndEvent->method('getResult')->willReturn($result);
 
-        $uri  = PHPBU_TEST_FILES . '/misc/webhook.fail.uri';
+        $uri  = 'https://webhook.fail.uri/hook';
         $json = new Webhook();
         $json->setup(['uri' => $uri]);
 
@@ -66,7 +76,7 @@ public function testBasicAuth()
         $phpbuEndEvent = $this->createMock(\phpbu\App\Event\App\End::class);
         $phpbuEndEvent->method('getResult')->willReturn($result);
 
-        $uri  = PHPBU_TEST_FILES . '/misc/webhook.fail.uri';
+        $uri  = 'https://webhook.fail.uri/hook';
         $json = new Webhook();
         $json->setup(['uri' => $uri, 'username' => 'foo', 'password' => 'bar']);
 
@@ -85,7 +95,7 @@ public function testPostDefaultJsonSuccess()
         $phpbuEndEvent = $this->createMock(\phpbu\App\Event\App\End::class);
         $phpbuEndEvent->method('getResult')->willReturn($result);
 
-        $uri  = PHPBU_TEST_FILES . '/misc/webhook.fake.uri';
+        $uri  = 'file://' . PHPBU_TEST_FILES . '/misc/webhook.fake.uri';
         $json = new Webhook();
         $json->setup(['uri' => $uri, 'contentType' => 'application/json', 'method' => 'post']);
 
@@ -106,7 +116,7 @@ public function testPostDefaultJson()
         $phpbuEndEvent = $this->createMock(\phpbu\App\Event\App\End::class);
         $phpbuEndEvent->method('getResult')->willReturn($result);
 
-        $uri  = PHPBU_TEST_FILES . '/misc/webhook.fail.uri';
+        $uri  = 'https://webhook.fail.uri/hook';
         $json = new Webhook();
         $json->setup(['uri' => $uri, 'contentType' => 'application/json', 'method' => 'post']);
 
@@ -127,7 +137,7 @@ public function testPostXmlTemplate()
         $phpbuEndEvent = $this->createMock(\phpbu\App\Event\App\End::class);
         $phpbuEndEvent->method('getResult')->willReturn($result);
 
-        $uri  = PHPBU_TEST_FILES . '/misc/webhook.fail.uri';
+        $uri  = 'https://webhook.fail.uri/hook';
         $path = PHPBU_TEST_FILES . '/misc/webhook.tpl';
         $json = new Webhook();
         $json->setup(['uri' => $uri, 'contentType' => 'application/xml', 'method' => 'post', 'template' => $path]);
@@ -151,7 +161,7 @@ public function testPostNoFormatter()
         $phpbuEndEvent = $this->createMock(\phpbu\App\Event\App\End::class);
         $phpbuEndEvent->method('getResult')->willReturn($result);
 
-        $uri  = PHPBU_TEST_FILES . '/misc/webhook.fail.uri';
+        $uri  = 'https://webhook.fail.uri/hook';
         $json = new Webhook();
         $json->setup(['uri' => $uri, 'contentType' => 'application/html', 'method' => 'post']);