fix: template webhooks fire (B1) + reject path traversal in import (B7)#63
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the flagship template-webhooks bug (internal ref J3 / B1) plus a path-traversal hardening (B7) found alongside it. Verified against the smoke harness added in #62.
B1 — template webhooks never fired
Enabled/imported template webhooks were registered without auth fields, so the receiver's
validate_webhookcompared missing keys against the"null"no-auth sentinel and always returned 401 — every template webhook silently never triggered. Root cause:template_viewbypassedbin/data_storewith private JSON helpers that omitted the auth-field shape.template_viewnow persists webhooks throughbin/data_store.add_webhookwith the canonicalwebhook_username/webhook_password/api_keyshape (defaulting to the"null"no-auth sentinel, matching the automation handlers). The private_load_webhooks/_register_webhookhelpers are removed.validate_webhooknow defaults missing auth keys to"null", so an entry lacking them degrades to the documented open-webhook behavior instead of a silent 401. Previously-broken template webhooks self-heal on upgrade.B7 — path traversal in template import
.jawa.jsonpackage import wrote the uploaded script to an unsanitized path. Import now rejects filenames containing path traversal (viasecure_filename) before any file is written.Tests
New
tests/test_templates.py(enable→fire, import→triggerable, canonical shape, no-direct-IO guard, traversal rejection) and an added receiver test for the missing-key self-heal. Full suite green (65 passed, 2 xfailed), ruff clean.Notes
developfor the batched v3.2 release.