Skip to content

Commit 1a023f1

Browse files
crenshaw-devcrenshaw-dev
authored
Merge commit from fork
Signed-off-by: Michael Crenshaw <[email protected]>
1 parent 5c466a4 commit 1a023f1

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

util/webhook/webhook.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -154,10 +154,12 @@ func (a *ArgoCDWebhookHandler) affectedRevisionInfo(payloadIf any) (webURLs []st
154154
case azuredevops.GitPushEvent:
155155
// See: https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#git.push
156156
webURLs = append(webURLs, payload.Resource.Repository.RemoteURL)
157-
revision = ParseRevision(payload.Resource.RefUpdates[0].Name)
158-
change.shaAfter = ParseRevision(payload.Resource.RefUpdates[0].NewObjectID)
159-
change.shaBefore = ParseRevision(payload.Resource.RefUpdates[0].OldObjectID)
160-
touchedHead = payload.Resource.RefUpdates[0].Name == payload.Resource.Repository.DefaultBranch
157+
if len(payload.Resource.RefUpdates) > 0 {
158+
revision = ParseRevision(payload.Resource.RefUpdates[0].Name)
159+
change.shaAfter = ParseRevision(payload.Resource.RefUpdates[0].NewObjectID)
160+
change.shaBefore = ParseRevision(payload.Resource.RefUpdates[0].OldObjectID)
161+
touchedHead = payload.Resource.RefUpdates[0].Name == payload.Resource.Repository.DefaultBranch
162+
}
161163
// unfortunately, Azure DevOps doesn't provide a list of changed files
162164
case github.PushPayload:
163165
// See: https://developer.github.com/v3/activity/events/types/#pushevent

util/webhook/webhook_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ import (
1515
"text/template"
1616
"time"
1717

18+
"github.com/go-playground/webhooks/v6/azuredevops"
19+
1820
bb "github.com/ktrysmt/go-bitbucket"
1921
"github.com/stretchr/testify/mock"
2022
"k8s.io/apimachinery/pkg/labels"
@@ -729,6 +731,9 @@ func Test_affectedRevisionInfo_appRevisionHasChanged(t *testing.T) {
729731
{true, "refs/tags/no-slashes", bitbucketRefChangedPayload("no-slashes"), "bitbucket ref changed branch or tag name without slashes, targetRevision tag prefixed"},
730732
{true, "refs/tags/no-slashes", gogsPushPayload("no-slashes"), "gogs push branch or tag name without slashes, targetRevision tag prefixed"},
731733

734+
// Testing fix for https://github.com/argoproj/argo-cd/security/advisories/GHSA-gpx4-37g2-c8pv
735+
{false, "test", azuredevops.GitPushEvent{Resource: azuredevops.Resource{RefUpdates: []azuredevops.RefUpdate{}}}, "Azure DevOps malformed push event with no ref updates"},
736+
732737
{true, "some-ref", bitbucketserver.RepositoryReferenceChangedPayload{
733738
Changes: []bitbucketserver.RepositoryChange{
734739
{Reference: bitbucketserver.RepositoryReference{ID: "refs/heads/some-ref"}},

0 commit comments

Comments
 (0)