fix: handle invalid URL (#611)

joao-paulo-parity · wolfy1339 · web-flow · commit 7843cb255913 · 2021-09-05T10:37:27.000-07:00
Co-authored-by: wolfy1339 &lt;4595477+wolfy1339@users.noreply.github.com&gt;
diff --git a/src/middleware/node/middleware.ts b/src/middleware/node/middleware.ts
@@ -19,7 +19,20 @@ export async function middleware(
   response: ServerResponse,
   next?: Function
 ) {
-  const { pathname } = new URL(request.url as string, "http://localhost");
+  let pathname: string;
+  try {
+    pathname = new URL(request.url as string, "http://localhost").pathname;
+  } catch (error) {
+    response.writeHead(422, {
+      "content-type": "application/json",
+    });
+    response.end(
+      JSON.stringify({
+        error: `Request URL could not be parsed: ${request.url}`,
+      })
+    );
+    return;
+  }
 
   const isUnknownRoute = request.method !== "POST" || pathname !== options.path;
   const isExpressMiddleware = typeof next === "function";
diff --git a/test/integration/node-middleware.test.ts b/test/integration/node-middleware.test.ts
@@ -458,4 +458,46 @@ describe("createNodeMiddleware(webhooks)", () => {
 
     server.close();
   });
+
+  test("Handles invalid URL", async () => {
+    const webhooks = new Webhooks({
+      secret: "mySecret",
+    });
+
+    let middlewareWasRan: () => void;
+    const untilMiddlewareIsRan = new Promise<void>(function (resolve) {
+      middlewareWasRan = resolve;
+    });
+    const actualMiddleware = createNodeMiddleware(webhooks);
+    const mockedMiddleware = async function (
+      ...[req, ...rest]: Parameters<typeof actualMiddleware>
+    ) {
+      req.url = "//";
+      await actualMiddleware(req, ...rest);
+      middlewareWasRan();
+    };
+    const server = createServer(mockedMiddleware).listen();
+
+    // @ts-expect-error complains about { port } although it's included in returned AddressInfo interface
+    const { port } = server.address();
+
+    const response = await fetch(
+      `http://localhost:${port}/api/github/webhooks`,
+      {
+        method: "POST",
+        headers: {
+          "X-GitHub-Delivery": "123e4567-e89b-12d3-a456-426655440000",
+          "X-GitHub-Event": "push",
+          "X-Hub-Signature-256": signatureSha256,
+        },
+        body: pushEventPayload,
+      }
+    );
+
+    await untilMiddlewareIsRan;
+    expect(response.status).toEqual(422);
+    expect(await response.text()).toMatch(/Request URL could not be parsed/);
+
+    server.close();
+  });
 });
