Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
responses.add("POST", "http://example.com/slack")
self.plugin.set_option("webhook", "http://example.com/slack", self.project)
self.plugin.set_option("exclude_project", True, self.project)
group = self.create_group(message="Hello world", culprit="foo.bar")
event = self.create_event(group=group, message="Hello world", tags={"level": "warning"})
rule = Rule.objects.create(project=self.project, label="my rule")
notification = Notification(event=event, rule=rule)
with self.options({"system.url-prefix": "http://example.com"}):
self.plugin.notify(notification)
request = responses.calls[0].request
payload = json.loads(parse_qs(request.body)["payload"][0])
assert payload == {
"username": "Sentry",
"attachments": [
{
"color": "#f18500",
"fields": [{"short": False, "value": "foo.bar", "title": "Culprit"}],
"fallback": "[bar] Hello world",
"title": "Hello world",
"title_link": "http://example.com/organizations/baz/issues/%s/?referrer=slack"
% group.id,
}
"slug": self.internal_app.slug,
"scopes": [],
"events": [],
"status": self.internal_app.get_status_display(),
"uuid": self.internal_app.uuid,
"webhookUrl": self.internal_app.webhook_url,
"redirectUrl": self.internal_app.redirect_url,
"isAlertable": self.internal_app.is_alertable,
"verifyInstall": self.internal_app.verify_install,
"overview": self.internal_app.overview,
"allowedOrigins": [],
"schema": {},
"clientId": self.internal_app.application.client_id,
"clientSecret": self.internal_app.application.client_secret,
"owner": {"id": self.internal_org.id, "slug": self.internal_org.slug},
} in json.loads(response.content)
response_uuids = set(o["uuid"] for o in response.data)
assert internal_app.uuid in response_uuids
assert self.published_app.uuid not in response_uuids
assert self.unpublished_app.uuid not in response_uuids
assert self.unowned_unpublished_app.uuid not in response_uuids
def test_simple_notification(self):
responses.add("POST", "http://example.com/slack")
self.plugin.set_option("webhook", "http://example.com/slack", self.project)
group = self.create_group(message="Hello world", culprit="foo.bar")
event = self.create_event(group=group, message="Hello world", tags={"level": "warning"})
rule = Rule.objects.create(project=self.project, label="my rule")
notification = Notification(event=event, rule=rule)
with self.options({"system.url-prefix": "http://example.com"}):
self.plugin.notify(notification)
request = responses.calls[0].request
payload = json.loads(parse_qs(request.body)["payload"][0])
assert payload == {
"username": "Sentry",
"attachments": [
{
"color": "#f18500",
"fields": [
{"short": False, "value": "foo.bar", "title": "Culprit"},
{"short": True, "value": "bar", "title": "Project"},
],
"fallback": "[bar] Hello world",
"title": "Hello world",
"title_link": "http://example.com/organizations/baz/issues/%s/?referrer=slack"
% group.id,
}
def handle_sudo(self, request, redirect_to, context):
if BaseSudoView.handle_sudo(self, request, redirect_to, context):
return True
try:
interface = Authenticator.objects.get_interface(request.user, "u2f")
if not interface.is_enrolled:
raise LookupError()
except LookupError:
return False
challenge = interface.activate(request).challenge
if request.method == "POST":
if "challenge" in request.POST and "response" in request.POST:
try:
challenge = json.loads(request.POST["challenge"])
response = json.loads(request.POST["response"])
except ValueError:
pass
else:
if interface.validate_response(request, challenge, response):
return True
context["u2f_challenge"] = challenge
return False
scratchpad = tempfile.mkdtemp()
# Initially, always delete the bundle file. Later on, we can start to store
# the artifact bundle as a release file.
delete_bundle = True
try:
try:
safe_extract_zip(temp_file, scratchpad, strip_toplevel=False)
except BaseException:
raise AssembleArtifactsError("failed to extract bundle")
try:
manifest_path = path.join(scratchpad, "manifest.json")
with open(manifest_path, "rb") as manifest:
manifest = json.loads(manifest.read())
except BaseException:
raise AssembleArtifactsError("failed to open release manifest")
org_slug = manifest.get("org")
if organization.slug != org_slug:
raise AssembleArtifactsError("organization does not match uploaded bundle")
release_name = manifest.get("release")
if release_name != version:
raise AssembleArtifactsError("release does not match uploaded bundle")
try:
release = Release.objects.get(organization_id=organization.id, version=release_name)
except Release.DoesNotExist:
raise AssembleArtifactsError("release does not exist")
def callback_data(self):
"""
We store certain data in ``callback_id`` as JSON. It's a bit hacky, but
it's the simplest way to store state without saving it on the Sentry
side.
Data included in this field:
- issue: the ID of the corresponding Issue
- orig_response_url: URL from the original message we received
- is_message: did the original message have a 'message' type
"""
return json.loads(self.data.get("callback_id"))
):
if self.prefix not in path:
full_path = self.prefix + path
else:
full_path = path
# we explicitly do not allow you to override the request *and* the user
# as then other checks like is_superuser would need overwritten
assert not (request and (user or auth)), "use either request or auth"
resolver_match = resolve(full_path)
callback, callback_args, callback_kwargs = resolver_match
if data:
# we encode to ensure compatibility
data = json.loads(json.dumps(data))
rf = APIRequestFactory()
mock_request = getattr(rf, method.lower())(full_path, data or {})
# Flag to our API class that we should trust this auth passed through
mock_request.__from_api_client__ = True
if request:
mock_request.auth = getattr(request, "auth", None)
mock_request.user = request.user
if is_sudo is None:
mock_request.is_sudo = lambda: request.is_sudo()
else:
mock_request.is_sudo = lambda: is_sudo
mock_request.session = request.session
def _validate_data(self):
"""
Action requests provide the body of the request differently than Event
requests (nested in a ``payload`` attribute), so there's extra
validation needed.
"""
super(SlackActionRequest, self)._validate_data()
if "payload" not in self.request.data:
raise SlackRequestError(status=400)
try:
self._data = json.loads(self.data["payload"])
except (KeyError, IndexError, TypeError, ValueError):
raise SlackRequestError(status=400)