Skip to content

Commit 553400b

Browse files
crenshaw-devtodaywasawesome
crenshaw-dev
authored and
todaywasawesome
committed
Merge commit from fork
Signed-off-by: Michael Crenshaw <[email protected]>
1 parent 970a74f commit 553400b

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

util/webhook/webhook.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -150,10 +150,12 @@ func (a *ArgoCDWebhookHandler) affectedRevisionInfo(payloadIf any) (webURLs []st
150150
case azuredevops.GitPushEvent:
151151
// See: https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#git.push
152152
webURLs = append(webURLs, payload.Resource.Repository.RemoteURL)
153-
revision = ParseRevision(payload.Resource.RefUpdates[0].Name)
154-
change.shaAfter = ParseRevision(payload.Resource.RefUpdates[0].NewObjectID)
155-
change.shaBefore = ParseRevision(payload.Resource.RefUpdates[0].OldObjectID)
156-
touchedHead = payload.Resource.RefUpdates[0].Name == payload.Resource.Repository.DefaultBranch
153+
if len(payload.Resource.RefUpdates) > 0 {
154+
revision = ParseRevision(payload.Resource.RefUpdates[0].Name)
155+
change.shaAfter = ParseRevision(payload.Resource.RefUpdates[0].NewObjectID)
156+
change.shaBefore = ParseRevision(payload.Resource.RefUpdates[0].OldObjectID)
157+
touchedHead = payload.Resource.RefUpdates[0].Name == payload.Resource.Repository.DefaultBranch
158+
}
157159
// unfortunately, Azure DevOps doesn't provide a list of changed files
158160
case github.PushPayload:
159161
// See: https://developer.github.com/v3/activity/events/types/#pushevent

util/webhook/webhook_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ import (
1515
"text/template"
1616
"time"
1717

18+
"github.com/go-playground/webhooks/v6/azuredevops"
19+
1820
bb "github.com/ktrysmt/go-bitbucket"
1921
"github.com/stretchr/testify/mock"
2022
"k8s.io/apimachinery/pkg/types"
@@ -703,6 +705,9 @@ func Test_affectedRevisionInfo_appRevisionHasChanged(t *testing.T) {
703705
{true, "refs/tags/no-slashes", bitbucketRefChangedPayload("no-slashes"), "bitbucket ref changed branch or tag name without slashes, targetRevision tag prefixed"},
704706
{true, "refs/tags/no-slashes", gogsPushPayload("no-slashes"), "gogs push branch or tag name without slashes, targetRevision tag prefixed"},
705707

708+
// Testing fix for https://github.com/argoproj/argo-cd/security/advisories/GHSA-gpx4-37g2-c8pv
709+
{false, "test", azuredevops.GitPushEvent{Resource: azuredevops.Resource{RefUpdates: []azuredevops.RefUpdate{}}}, "Azure DevOps malformed push event with no ref updates"},
710+
706711
{true, "some-ref", bitbucketserver.RepositoryReferenceChangedPayload{
707712
Changes: []bitbucketserver.RepositoryChange{
708713
{Reference: bitbucketserver.RepositoryReference{ID: "refs/heads/some-ref"}},

0 commit comments

Comments
 (0)