Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ArgoCD Server Panics when GitHub webhook payload is missing web url #21545

Open
3 tasks done
komailo opened this issue Jan 17, 2025 · 0 comments
Open
3 tasks done

ArgoCD Server Panics when GitHub webhook payload is missing web url #21545

komailo opened this issue Jan 17, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@komailo
Copy link

komailo commented Jan 17, 2025
edited
Loading

Checklist:

  • I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • I've included steps to reproduce the bug.
  • I've pasted the output of argocd version.

Describe the bug

When certain required payload objects are missing from the GitHub webhook, ArgoCD server panics and crashes.

This will not happen unless the payload is coming from outside of GitHub but its still a bug in the code that is causing a panic vs existing gracefully.

To Reproduce

  1. Create a payload with the web url missing from repository.
{
  "ref": "refs/heads/main",
  "repository": {
    "default_branch": "main",
    "master_branch": "main"
  }
}
  1. Send it to argocd on webhooks/api. If the ArgoCD server does not have the secret configured drop HEADER_NAME and HEADER_NAME2 form the curl command:
#!/bin/bash

SECRET="<the-secret-goes-here>"
PAYLOAD_FILE="sample-payload.json"
WEBHOOK_URL="https:/argocd.internal/api/webhook"
GITHUB_EVENT="push"

SIGNATURE=$(openssl dgst -sha1 -hmac "$SECRET" "$PAYLOAD_FILE" | awk '{print $2}')
HEADER_NAME="X-Hub-Signature"
HEADER_VALUE="sha1=$SIGNATURE"

SIGNATURE2=$(openssl dgst -sha256 -hmac "$SECRET" "$PAYLOAD_FILE" | awk '{print $2}')
HEADER_NAME2="X-Hub-Signature-256"
HEADER_VALUE2="sha256=$SIGNATURE2"

# Send the POST request
curl -k -X POST \
     -H "Content-Type: application/json" \
     -H "X-GitHub-Event: $GITHUB_EVENT" \
     -H "X-GitHub-Hook-ID abcdasfafasf1234" \
     -H "X-GitHub-Delivery: asfasfasfa" \
     -H "$HEADER_NAME: $HEADER_VALUE" \
     -H "$HEADER_NAME2: $HEADER_VALUE2" \
     --data-binary @"$PAYLOAD_FILE" \
     "$WEBHOOK_URL"

Expected behavior

The request should return HTTP/1.1 400 Bad Request

Screenshots

Version

argocd version
argocd: v2.13.3+a25c8a0
  BuildDate: 2025-01-03T19:56:33Z
  GitCommit: a25c8a0eef7830be0c2c9074c92dbea8ff23a962
  GitTreeState: clean
  GoVersion: go1.23.4
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.13.1+af54ef8

Logs

time="2025-01-17T00:45:50Z" level=info msg="Received push event repo: , revision: , touchedHead: true"
panic: runtime error: slice bounds out of range [1:0]

goroutine 217 [running]:
github.com/argoproj/argo-cd/v2/util/webhook.getWebUrlRegex({0x0, 0x0})
        /go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:341 +0x23a
github.com/argoproj/argo-cd/v2/util/webhook.(*ArgoCDWebhookHandler).HandleEvent(0xc001205080, {0x4443cc0?, 0xc001254808?})
        /go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:303 +0x7b5
github.com/argoproj/argo-cd/v2/util/webhook.(*ArgoCDWebhookHandler).startWorkerPool.func1()
        /go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:128 +0x5f
created by github.com/argoproj/argo-cd/v2/util/webhook.(*ArgoCDWebhookHandler).startWorkerPool in goroutine 1
        /go/src/github.com/argoproj/argo-cd/util/webhook/webhook.go:121 +0x1e
@komailo komailo added the bug Something isn't working label Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@komailo