[JENKINS-75735] Hook payload is discarded if not recognized and comes from Bitbucket Cloud and DataCenter instances

Change test cases to better reflect the header sent in the request of a webhook

Author: nfalco79

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/server/BitbucketServerWebhookImplementation.java

@@ -28,7 +28,7 @@
 /** The different webhook implementations available for Bitbucket Server. */
 public enum BitbucketServerWebhookImplementation implements ModelObject {
     /** Plugin-based webhooks. */
-    PLUGIN("Plugin"),
+    PLUGIN("Plugin - Deprecated"),
 
     /** Native webhooks, available since Bitbucket Server 5.4. */
     NATIVE("Native");

src/test/java/com/cloudbees/jenkins/plugins/bitbucket/hooks/BitbucketSCMSourcePushHookReceiverTest.java

@@ -66,8 +66,20 @@ static void init(JenkinsRule rule) {
     @BeforeEach
     void setup() throws Exception {
         req = mock(StaplerRequest2.class);
+
+        hookProcessor = mock(HookProcessor.class);
+        sut = new BitbucketSCMSourcePushHookReceiver() {
+            @Override
+            HookProcessor getHookProcessor(HookEventType type) {
+                return hookProcessor;
+            }
+        };
+
+        credentialsId = BitbucketTestUtil.registerHookCredentials("Gkvl$k$wyNpQAF42", j).getId();
+    }
+
+    private void mockCloudRequest() {
         when(req.getRemoteHost()).thenReturn("https://bitbucket.org");
-        when(req.getParameter("server_url")).thenReturn("https://bitbucket.org");
         when(req.getRemoteAddr()).thenReturn("185.166.143.48");
         when(req.getScheme()).thenReturn("https");
         when(req.getServerName()).thenReturn("jenkins.example.com");
@@ -78,16 +90,21 @@ void setup() throws Exception {
         when(req.getHeader("Content-Type")).thenReturn("application/json");
         when(req.getHeader("X-Hook-UUID")).thenReturn(UUID.randomUUID().toString());
         when(req.getHeader("X-Request-UUID")).thenReturn(UUID.randomUUID().toString());
+        when(req.getHeader("traceparent")).thenReturn(UUID.randomUUID().toString());
+        when(req.getHeader("User-Agent")).thenReturn("Bitbucket-Webhooks/2.0");
+    }
 
-        hookProcessor = mock(HookProcessor.class);
-        sut = new BitbucketSCMSourcePushHookReceiver() {
-            @Override
-            HookProcessor getHookProcessor(HookEventType type) {
-                return hookProcessor;
-            }
-        };
-
-        credentialsId = BitbucketTestUtil.registerHookCredentials("Gkvl$k$wyNpQAF42", j).getId();
+    private void mockServerRequest(String serverURL) {
+        when(req.getRemoteHost()).thenReturn("http://localhost:7990");
+        when(req.getParameter("server_url")).thenReturn(serverURL);
+        when(req.getRemoteAddr()).thenReturn("127.0.0.1");
+        when(req.getScheme()).thenReturn("https");
+        when(req.getServerName()).thenReturn("jenkins.example.com");
+        when(req.getLocalPort()).thenReturn(80);
+        when(req.getRequestURI()).thenReturn("/bitbucket-scmsource-hook/notify");
+        when(req.getHeader("Content-Type")).thenReturn("application/json; charset=utf-8");
+        when(req.getHeader("X-Request-Id")).thenReturn(UUID.randomUUID().toString());
+        when(req.getHeader("User-Agent")).thenReturn("Atlassian HttpClient 4.2.0 / Bitbucket-9.5.2 (9005002) / Default");
     }
 
     @Test
@@ -98,7 +115,6 @@ void test_signature_is_missing_from_cloud_payload() throws Exception {
 
         try {
             when(req.getHeader("X-Event-Key")).thenReturn("repo:push");
-            when(req.getHeader("X-Bitbucket-Type")).thenReturn("cloud");
             when(req.getInputStream()).thenReturn(loadResource("cloud/signed_payload.json"));
 
             /*HttpResponse response = */sut.doNotify(req);
@@ -111,13 +127,13 @@ void test_signature_is_missing_from_cloud_payload() throws Exception {
 
     @Test
     void test_signature_from_cloud() throws Exception {
+        mockCloudRequest();
         BitbucketCloudEndpoint endpoint = new BitbucketCloudEndpoint(false, 0, 0, false, null , true, credentialsId);
         endpoint.setBitbucketJenkinsRootUrl("http://jenkins.acme.com:8080/jenkins");
         BitbucketEndpointConfiguration.get().updateEndpoint(endpoint);
 
         try {
             when(req.getHeader("X-Event-Key")).thenReturn("repo:push");
-            when(req.getHeader("X-Bitbucket-Type")).thenReturn("cloud");
             when(req.getHeader("X-Hub-Signature")).thenReturn("sha256=f205c729821c6954aff2afe72b965c34015b4baf96ea8ddc2cc44999c014a035");
             when(req.getInputStream()).thenReturn(loadResource("cloud/signed_payload.json"));
 
@@ -141,7 +157,6 @@ void test_bad_signature_from_cloud() throws Exception {
 
         try {
             when(req.getHeader("X-Event-Key")).thenReturn("repo:push");
-            when(req.getHeader("X-Bitbucket-Type")).thenReturn("cloud");
             when(req.getHeader("X-Hub-Signature")).thenReturn("sha256=f205c729821c6954aff2afe72b965c34015b4baf96ea8ddc2cc44999c014a036");
             when(req.getInputStream()).thenReturn(loadResource("cloud/signed_payload.json"));
 
@@ -160,10 +175,8 @@ void test_signature_from_native_server() throws Exception {
         BitbucketEndpointConfiguration.get().updateEndpoint(endpoint);
 
         try {
-            when(req.getRemoteHost()).thenReturn("http://localhost:7990");
-            when(req.getParameter("server_url")).thenReturn(endpoint.getServerUrl());
+            mockServerRequest(endpoint.getServerUrl());
             when(req.getHeader("X-Event-Key")).thenReturn("repo:refs_changed");
-            when(req.getHeader("X-Request-Id")).thenReturn("2b15f131-4d3a-436e-bc63-caa9ae92580d");
             when(req.getHeader("X-Hub-Signature")).thenReturn("sha256=4ffba9e7b58ea3d7e1a230446e8c92baea0aeec89b73f598932387254f0de13e");
             when(req.getInputStream()).thenReturn(loadResource("native/signed_payload.json"));
 
@@ -173,7 +186,7 @@ void test_signature_from_native_server() throws Exception {
                     eq(HookEventType.SERVER_REFS_CHANGED),
                     anyString(),
                     eq(BitbucketType.SERVER),
-                    eq("http://localhost:7990/185.166.143.48 ⇒ https://jenkins.example.com:80/bitbucket-scmsource-hook/notify"),
+                    eq("http://localhost:7990/127.0.0.1 ⇒ https://jenkins.example.com:80/bitbucket-scmsource-hook/notify"),
                     eq(endpoint.getServerUrl()));
 
             // verify bad signature
@@ -188,17 +201,38 @@ void test_signature_from_native_server() throws Exception {
         }
     }
 
+    @Test
+    void test_ping_from_native_server() throws Exception {
+        BitbucketServerEndpoint endpoint = new BitbucketServerEndpoint("datacenter", "http://localhost:7990/bitbucket", false, null, false, null);
+        endpoint.setBitbucketJenkinsRootUrl("https://jenkins.example.com");
+        BitbucketEndpointConfiguration.get().updateEndpoint(endpoint);
+
+        try {
+            mockServerRequest(endpoint.getServerUrl());
+            when(req.getHeader("X-Event-Key")).thenReturn("diagnostics:ping");
+            when(req.getInputStream()).thenReturn(loadResource("native/ping_payload.json"));
+
+            sut.doNotify(req);
+            verify(hookProcessor).process(
+                    eq(HookEventType.SERVER_PING),
+                    anyString(),
+                    eq(BitbucketType.SERVER),
+                    eq("http://localhost:7990/127.0.0.1 ⇒ https://jenkins.example.com:80/bitbucket-scmsource-hook/notify"),
+                    eq(endpoint.getServerUrl()));
+        } finally {
+            BitbucketEndpointConfiguration.get().removeEndpoint(endpoint.getServerUrl());
+        }
+    }
+
     @Test
     void test_bad_signature_from_native_server() throws Exception {
         BitbucketServerEndpoint endpoint = new BitbucketServerEndpoint("datacenter", "http://localhost:7990/bitbucket", false, null, true, credentialsId);
         endpoint.setBitbucketJenkinsRootUrl("https://jenkins.example.com");
         BitbucketEndpointConfiguration.get().updateEndpoint(endpoint);
 
         try {
-            when(req.getRemoteHost()).thenReturn("http://localhost:7990");
-            when(req.getParameter("server_url")).thenReturn(endpoint.getServerUrl());
+            mockServerRequest(endpoint.getServerUrl());
             when(req.getHeader("X-Event-Key")).thenReturn("repo:refs_changed");
-            when(req.getHeader("X-Request-Id")).thenReturn("2b15f131-4d3a-436e-bc63-caa9ae92580d");
             when(req.getHeader("X-Hub-Signature")).thenReturn("sha256=4ffba9e7b58ea3d7e1a230446e8c92baea0aeec89b73f598932387254f0de13f");
             when(req.getInputStream()).thenReturn(loadResource("native/signed_payload.json"));
             /*HttpResponse response = */ sut.doNotify(req);
@@ -210,9 +244,9 @@ void test_bad_signature_from_native_server() throws Exception {
     }
 
     @Test
-    void test_pullrequest_created() throws Exception {
+    void test_cloud_pullrequest_created() throws Exception {
+        mockCloudRequest();
         when(req.getHeader("X-Event-Key")).thenReturn("pullrequest:created");
-        when(req.getHeader("X-Bitbucket-Type")).thenReturn("cloud");
         when(req.getInputStream()).thenReturn(loadResource("cloud/pullrequest_created.json"));
 
         sut.doNotify(req);
@@ -226,9 +260,9 @@ void test_pullrequest_created() throws Exception {
     }
 
     @Test
-    void test_pullrequest_declined() throws Exception {
+    void test_cloud_pullrequest_declined() throws Exception {
+        mockCloudRequest();
         when(req.getHeader("X-Event-Key")).thenReturn("pullrequest:rejected");
-        when(req.getHeader("X-Bitbucket-Type")).thenReturn("cloud");
         when(req.getInputStream()).thenReturn(loadResource("cloud/pullrequest_rejected.json"));
 
         sut.doNotify(req);

src/test/resources/com/cloudbees/jenkins/plugins/bitbucket/hooks/native/ping_payload.json

@@ -0,0 +1,3 @@
+{
+    "test": true
+}