fix webhook plugin vulnerabilities (#570)

* fix webhook plugin vulnerabilities

* bump

Author: denis-codefresh

incubating/webhook/.eslintrc.json

@@ -1,3 +1,17 @@
 {
-    "extends": "airbnb-base"
+    "extends": "airbnb-base",
+    "rules": {
+        "indent": [ "error", 4 ],
+        "class-methods-use-this": "off",
+        "max-len": "off",
+        "no-underscore-dangle": "off"
+    },
+    "settings": {
+        "import/resolver": {
+            "node": {
+                "extensions": [".js", ".jsx", ".ts", ".tsx"],
+                "moduleDirectory": ["node_modules", "src/"]
+            }
+        }
+    }
 }

incubating/webhook/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:14.21.1-bullseye-slim
+FROM node:14.21.3-bullseye-slim
 
 #RUN apk add --no-cache bash git openssh-client
 

incubating/webhook/helpers/codefresh.api.js

@@ -1,9 +1,16 @@
-const request = require('request-promise');
+const got = require('got');
 
 class Codefresh {
     /**
      *
-     * @return {{build: {trigger: *, initiator: *, id: *, timestamp: *, url: *}, repo: {owner: *, name: *}, commit: {author: *, url: *, message: *}, revision: *, branch: *, apiKey: *}}
+     * @return {{
+     *  build: {trigger: *, initiator: *, id: *, timestamp: *, url: *},
+     *  repo: {owner: *, name: *},
+     *  commit: {author: *, url: *, message: *},
+     *  revision: *,
+     *  branch: *,
+     *  apiKey: *
+     * }}
      */
     get info() {
         return {
@@ -26,20 +33,22 @@ class Codefresh {
             revision: process.env.CF_REVISION,
             branch: process.env.CF_BRANCH_TAG_NORMALIZED,
             apiKey: process.env.CF_API_KEY,
-            cfUrl: process.env.CF_URL
+            cfUrl: process.env.CF_URL,
         };
     }
 
     async buildFailureCauses(buildId, token, cfUrl) {
         console.log(token, buildId);
-        const data = await request({
-            uri: `${cfUrl}/api/workflow/${buildId}/context-revision`,
-            method: 'GET',
-            headers: {
-                'authorization': token,
+
+        const data = await got(
+            {
+                url: `${cfUrl}/api/workflow/${buildId}/context-revision`,
+                method: 'GET',
+                headers: {
+                    authorization: token,
+                },
             },
-            json: true,
-        });
+        ).json();
 
         return Object.entries(data.pop().context.stepsMetadata)
             .filter(([, stepInfo]) => stepInfo.status === 'failure')

incubating/webhook/index.js

@@ -1,5 +1,4 @@
 const pluginController = require('./plugin/plugin.controller');
 
 pluginController.sendNotify()
-    .then(console.log)
     .catch(console.error);

incubating/webhook/package.json

@@ -10,9 +10,8 @@
     "json-schema": "0.4.0"
   },
   "dependencies": {
-    "handlebars": "^4.7.7",
-    "request": "^2.88.2",
-    "request-promise": "^4.2.6"
+    "got": "^11.8.3",
+    "handlebars": "^4.7.7"
   },
   "devDependencies": {
     "eslint": "^4.18.2",

incubating/webhook/plugin/plugin.controller.js

@@ -3,7 +3,6 @@ const pluginLogic = require('./plugin.logic');
 const Codefresh = require('../helpers/codefresh.api');
 
 class PluginController {
-
     constructor() {
         this.sendNotify = this.sendNotify.bind(this);
     }
@@ -46,7 +45,7 @@ class PluginController {
         this._validate();
         const isCorrectMethod = config.method && this._isAllowedMethod(config.method);
         const method = isCorrectMethod ? config.method : 'POST';
-        const body = config.body;
+        const { body } = config;
         const defaultHeaders = {
             'Content-Type': 'application/json',
         };
@@ -61,7 +60,6 @@ class PluginController {
             tplData,
             defaultHeaders,
         });
-
     }
 }
 

incubating/webhook/plugin/plugin.logic.js

@@ -1,6 +1,6 @@
-const config = require('../config');
-const request = require('request-promise');
+const got = require('got');
 const Handlebars = require('handlebars');
+const config = require('../config');
 
 class PluginLogic {
     constructor() {
@@ -31,26 +31,17 @@ class PluginLogic {
             }, {});
     }
 
-    /**
-     * Resolve options for auth
-     * @return {*}
-     * @private
-     */
-    _resolveAuth() {
+    _resolveAuthHeaders() {
         if (config.token) {
             return {
-                auth: {
-                    bearer: config.token,
-                },
+                Authorization: `Bearer ${config.token}`,
             };
         }
 
         if (config.username && config.password) {
+            const base64Payload = Buffer.from(`${config.username}:${config.password}`).toString('base64');
             return {
-                auth: {
-                    user: config.username,
-                    pass: config.password,
-                },
+                Authorization: `Basic ${base64Payload}`,
             };
         }
 
@@ -77,14 +68,20 @@ class PluginLogic {
      * @param tplData
      * @return {Promise<void>}
      */
-    sendRequest({ uri, method, body, tplData = {}, defaultHeaders = {} }) {
-        return request({
-            uri,
+
+    sendRequest({
+        uri, method, body, tplData = {}, defaultHeaders = {},
+    }) {
+        return got({
+            url: uri,
             method,
             body: this._processTemplate(body, tplData),
-            qs: this._resolveEnvArray('QUERY', tplData),
-            headers: Object.assign(defaultHeaders, this._resolveEnvArray('HEADER', tplData)),
-            ...this._resolveAuth(),
+            searchParams: this._resolveEnvArray('QUERY', tplData),
+            headers: Object.assign(
+                defaultHeaders,
+                this._resolveAuthHeaders(),
+                this._resolveEnvArray('HEADER', tplData),
+            ),
         });
     }
 }

incubating/webhook/step.yaml

@@ -4,7 +4,7 @@ metadata:
   name: webhook
   title: Call a custom webhook
   latest: true
-  version: 0.0.11
+  version: 0.0.12
   isPublic: true
   description: Notify any webook URL with any custom request body.
   sources:
@@ -70,7 +70,7 @@ spec:
   steps:
     main:
       name: webhook
-      image: quay.io/codefreshplugins/webhook-plugin:0.0.11
+      image: quay.io/codefreshplugins/webhook-plugin:0.0.12
       environment:
         - 'WEBHOOK_USERNAME=${{WEBHOOK_USERNAME}}'
         - 'WEBHOOK_PASSWORD=${{WEBHOOK_PASSWORD}}'