@@ -30,6 +30,52 @@ const (
3030 gitHubOrginization = "test-org"
3131)
3232
33+ func TestHandleWebhookBodySizeLimit (t * testing.T ) {
34+ t .Run ("rejects oversized request body" , func (t * testing.T ) {
35+ _ , mockAPI , _ , _ , _ := GetTestSetup (t )
36+ p := NewPlugin ()
37+ p .initializeAPI ()
38+ p .SetAPI (mockAPI )
39+ p .client = pluginapi .NewClient (mockAPI , p .Driver )
40+ p .setConfiguration (& Configuration {
41+ WebhookSecret : webhookSecret ,
42+ })
43+
44+ mockAPI .On ("LogInfo" , "Webhook event received" )
45+
46+ oversizedBody := strings .NewReader (strings .Repeat ("x" , 26 * 1024 * 1024 ))
47+ req := httptest .NewRequest (http .MethodPost , "/webhook" , oversizedBody )
48+ req .Header .Set ("X-Hub-Signature" , "sha1=invalid" )
49+ w := httptest .NewRecorder ()
50+
51+ p .handleWebhook (w , req )
52+
53+ assert .Equal (t , http .StatusRequestEntityTooLarge , w .Code )
54+ })
55+
56+ t .Run ("accepts normal sized request body" , func (t * testing.T ) {
57+ _ , mockAPI , _ , _ , _ := GetTestSetup (t )
58+ p := NewPlugin ()
59+ p .initializeAPI ()
60+ p .SetAPI (mockAPI )
61+ p .client = pluginapi .NewClient (mockAPI , p .Driver )
62+ p .setConfiguration (& Configuration {
63+ WebhookSecret : webhookSecret ,
64+ })
65+
66+ mockAPI .On ("LogInfo" , "Webhook event received" )
67+
68+ body := `{"zen": "test"}`
69+ req := httptest .NewRequest (http .MethodPost , "/webhook" , strings .NewReader (body ))
70+ req .Header .Set ("X-Hub-Signature" , "sha1=invalid" )
71+ w := httptest .NewRecorder ()
72+
73+ p .handleWebhook (w , req )
74+
75+ assert .Equal (t , http .StatusUnauthorized , w .Code )
76+ })
77+ }
78+
3379func TestPostPushEvent (t * testing.T ) {
3480 tests := []struct {
3581 name string
0 commit comments