OpenSource/python-telegram-bot
OpenSource/python-telegram-bot
1
0
Fork 0
mirror of https://github.com/python-telegram-bot/python-telegram-bot.git synced 2025-01-11 04:21:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

webhookhandler: better handling of invalid POST data

Browse source
This commit is contained in:
Noam Meltzer 2016-02-09 22:14:48 +02:00
parent c103c05679
commit 4945d99de6
1 changed files with 34 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
telegram/utils/webhookhandler.py
View file

@ -1,7 +1,7 @@
import logging import logging
from telegram import Update, NullHandler from telegram import Update, NullHandler
from future.utils import bytes_to_native_str as n from future.utils import bytes_to_native_str
from threading import Lock from threading import Lock
import json import json
try: try:
@ -14,6 +14,13 @@ H = NullHandler()
logging.getLogger(__name__).addHandler(H) logging.getLogger(__name__).addHandler(H)
class _InvalidPost(Exception):
def __init__(self, http_code):
self.http_code = http_code
super(_InvalidPost, self).__init__()
class WebhookServer(BaseHTTPServer.HTTPServer, object): class WebhookServer(BaseHTTPServer.HTTPServer, object):
def __init__(self, server_address, RequestHandlerClass, update_queue, def __init__(self, server_address, RequestHandlerClass, update_queue,
webhook_path): webhook_path):
@ -63,12 +70,15 @@ class WebhookHandler(BaseHTTPServer.BaseHTTPRequestHandler, object):
def do_POST(self): def do_POST(self):
self.logger.debug("Webhook triggered") self.logger.debug("Webhook triggered")
if self.path == self.server.webhook_path and \ try:
'content-type' in self.headers and \ self._validate_post()
'content-length' in self.headers and \ clen = self._get_content_len()
self.headers['content-type'] == 'application/json': except _InvalidPost as e:
json_string = \ self.send_error(e.http_code)
n(self.rfile.read(int(self.headers['content-length']))) self.end_headers()
else:
buf = self.rfile.read(clen)
json_string = bytes_to_native_str(buf)
self.send_response(200) self.send_response(200)
self.end_headers() self.end_headers()
@ -80,6 +90,20 @@ class WebhookHandler(BaseHTTPServer.BaseHTTPRequestHandler, object):
update.update_id) update.update_id)
self.server.update_queue.put(update) self.server.update_queue.put(update)
else: def _validate_post(self):
self.send_error(403) if not (self.path == self.server.webhook_path and
self.end_headers() 'content-type' in self.headers and
self.headers['content-type'] == 'application/json'):
raise _InvalidPost(403)
def _get_content_len(self):
clen = self.headers.get('content-length')
if clen is None:
raise _InvalidPost(411)
try:
clen = int(clen)
except ValueError:
raise _InvalidPost(403)
if clen < 0:
raise _InvalidPost(403)
return clen