fix panic in github interceptor

pkg/interceptors/cel/cel.go

@@ -17,6 +17,7 @@ limitations under the License.
 package cel
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -58,15 +59,15 @@ func (w *Interceptor) ExecuteTrigger(request *http.Request) (*http.Response, err
 		return nil, fmt.Errorf("error creating cel environment: %w", err)
 	}
 
-	body, err := request.GetBody()
-	if err != nil {
-		return nil, fmt.Errorf("error getting request body: %w", err)
-	}
-	defer body.Close()
-	payload, err := ioutil.ReadAll(body)
-	if err != nil {
-		return nil, fmt.Errorf("error reading request body: %w", err)
+	var payload = []byte(`{}`)
+	if request.Body != nil {
+		defer request.Body.Close()
+		payload, err = ioutil.ReadAll(request.Body)
+		if err != nil {
+			return nil, fmt.Errorf("error reading request body: %w", err)
+		}
 	}
+
 	evalContext, err := makeEvalContext(payload, request)
 	if err != nil {
 		return nil, fmt.Errorf("error making the evaluation context: %w", err)
@@ -84,7 +85,7 @@ func (w *Interceptor) ExecuteTrigger(request *http.Request) (*http.Response, err
 
 	return &http.Response{
 		Header: request.Header,
-		Body:   request.Body,
+		Body:   ioutil.NopCloser(bytes.NewBuffer(payload)),
 	}, nil
 }
 

pkg/interceptors/cel/cel_test.go

@@ -15,13 +15,10 @@ import (
 )
 
 func TestInterceptor_ExecuteTrigger(t *testing.T) {
-	type args struct {
-		payload []byte
-	}
 	tests := []struct {
 		name    string
 		CEL     *triggersv1.CELInterceptor
-		args    args
+		payload io.ReadCloser
 		want    []byte
 		wantErr bool
 	}{
@@ -30,9 +27,7 @@ func TestInterceptor_ExecuteTrigger(t *testing.T) {
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "body.value == 'testing'",
 			},
-			args: args{
-				payload: []byte(`{"value":"testing"}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{"value":"testing"}`)),
 			want:    []byte(`{"value":"testing"}`),
 			wantErr: false,
 		},
@@ -41,19 +36,15 @@ func TestInterceptor_ExecuteTrigger(t *testing.T) {
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "body.value == 'test'",
 			},
-			args: args{
-				payload: []byte(`{"value":"testing"}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{"value":"testing"}`)),
 			wantErr: true,
 		},
 		{
 			name: "simple header check with matching header",
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "header['X-Test'][0] == 'test-value'",
 			},
-			args: args{
-				payload: []byte(`{}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{}`)),
 			want:    []byte(`{}`),
 			wantErr: false,
 		},
@@ -62,29 +53,23 @@ func TestInterceptor_ExecuteTrigger(t *testing.T) {
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "header['X-Test'][0] == 'unknown'",
 			},
-			args: args{
-				payload: []byte(`{}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{}`)),
 			wantErr: true,
 		},
 		{
 			name: "overloaded header check with case insensitive failed match",
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "header.match('x-test', 'no-match')",
 			},
-			args: args{
-				payload: []byte(`{}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{}`)),
 			wantErr: true,
 		},
 		{
 			name: "overloaded header check with case insensitive matching",
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "header.match('x-test', 'test-value')",
 			},
-			args: args{
-				payload: []byte(`{}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{}`)),
 			want:    []byte(`{}`),
 			wantErr: false,
 		},
@@ -93,9 +78,7 @@ func TestInterceptor_ExecuteTrigger(t *testing.T) {
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "header.match('x-test', 'test-value') && body.value == 'test'",
 			},
-			args: args{
-				payload: []byte(`{"value":"test"}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{"value":"test"}`)),
 			want:    []byte(`{"value":"test"}`),
 			wantErr: false,
 		},
@@ -104,20 +87,22 @@ func TestInterceptor_ExecuteTrigger(t *testing.T) {
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "header['X-Test",
 			},
-			args: args{
-				payload: []byte(`{"value":"test"}`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{"value":"test"}`)),
 			wantErr: true,
 		},
 		{
 			name: "unable to parse the JSON body",
 			CEL: &triggersv1.CELInterceptor{
 				Filter: "body.value == 'test'",
 			},
-			args: args{
-				payload: []byte(`{]`),
-			},
+			payload: ioutil.NopCloser(bytes.NewBufferString(`{}`)),
 			wantErr: true,
+		}, {
+			name:    "nil body does not panic",
+			CEL:     &triggersv1.CELInterceptor{Filter: "header.match('x-test', 'test-value')"},
+			payload: nil,
+			want:    []byte(`{}`),
+			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
@@ -128,10 +113,7 @@ func TestInterceptor_ExecuteTrigger(t *testing.T) {
 				Logger: logger,
 			}
 			request := &http.Request{
-				Body: ioutil.NopCloser(bytes.NewReader(tt.args.payload)),
-				GetBody: func() (io.ReadCloser, error) {
-					return ioutil.NopCloser(bytes.NewReader(tt.args.payload)), nil
-				},
+				Body: tt.payload,
 				Header: http.Header{
 					"Content-Type": []string{"application/json"},
 					"X-Test":       []string{"test-value"},

pkg/interceptors/github/github.go

@@ -17,6 +17,7 @@ limitations under the License.
 package github
 
 import (
+	"bytes"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -46,22 +47,23 @@ func NewInterceptor(gh *triggersv1.GitHubInterceptor, k kubernetes.Interface, ns
 }
 
 func (w *Interceptor) ExecuteTrigger(request *http.Request) (*http.Response, error) {
+	payload := []byte{}
+	var err error
+
+	if request.Body != nil {
+		defer request.Body.Close()
+		payload, err = ioutil.ReadAll(request.Body)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read request body: %w", err)
+		}
+	}
+
 	// Validate secrets first before anything else, if set
 	if w.GitHub.SecretRef != nil {
 		header := request.Header.Get("X-Hub-Signature")
 		if header == "" {
 			return nil, errors.New("no X-Hub-Signature header set")
 		}
-
-		body, err := request.GetBody()
-		if err != nil {
-			return nil, err
-		}
-		defer body.Close()
-		payload, err := ioutil.ReadAll(body)
-		if err != nil {
-			return nil, err
-		}
 		secretToken, err := interceptors.GetSecretToken(w.KubeClientSet, w.GitHub.SecretRef, w.EventListenerNamespace)
 		if err != nil {
 			return nil, err
@@ -88,6 +90,6 @@ func (w *Interceptor) ExecuteTrigger(request *http.Request) (*http.Response, err
 
 	return &http.Response{
 		Header: request.Header,
-		Body:   request.Body,
+		Body:   ioutil.NopCloser(bytes.NewBuffer(payload)),
 	}, nil
 }

pkg/interceptors/github/github_test.go

@@ -18,7 +18,7 @@ import (
 
 func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 	type args struct {
-		payload   []byte
+		payload   io.ReadCloser
 		secret    *corev1.Secret
 		signature string
 		eventType string
@@ -34,7 +34,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 			name:   "no secret",
 			GitHub: &triggersv1.GitHubInterceptor{},
 			args: args{
-				payload:   []byte("somepayload"),
+				payload:   ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 				signature: "foo",
 			},
 			want:    []byte("somepayload"),
@@ -58,7 +58,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 						"token": []byte("secrettoken"),
 					},
 				},
-				payload: []byte("somepayload"),
+				payload: ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 			},
 			wantErr: true,
 		},
@@ -82,7 +82,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 						"token": []byte("secret"),
 					},
 				},
-				payload: []byte("somepayload"),
+				payload: ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 			},
 			wantErr: false,
 			want:    []byte("somepayload"),
@@ -93,7 +93,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 				EventTypes: []string{"MY_EVENT", "YOUR_EVENT"},
 			},
 			args: args{
-				payload:   []byte("somepayload"),
+				payload:   ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 				eventType: "YOUR_EVENT",
 			},
 			wantErr: false,
@@ -105,7 +105,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 				EventTypes: []string{"MY_EVENT", "YOUR_EVENT"},
 			},
 			args: args{
-				payload:   []byte("somepayload"),
+				payload:   ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 				eventType: "OTHER_EVENT",
 			},
 			wantErr: true,
@@ -132,7 +132,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 					},
 				},
 				eventType: "MY_EVENT",
-				payload:   []byte("somepayload"),
+				payload:   ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 			},
 			wantErr: false,
 			want:    []byte("somepayload"),
@@ -159,7 +159,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 					},
 				},
 				eventType: "OTHER_EVENT",
-				payload:   []byte("somepayload"),
+				payload:   ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 			},
 			wantErr: true,
 		},
@@ -183,9 +183,18 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 					},
 				},
 				eventType: "MY_EVENT",
-				payload:   []byte("somepayload"),
+				payload:   ioutil.NopCloser(bytes.NewBufferString("somepayload")),
 			},
 			wantErr: true,
+		}, {
+			name:   "nil body does not panic",
+			GitHub: &triggersv1.GitHubInterceptor{},
+			args: args{
+				payload:   nil,
+				signature: "foo",
+			},
+			want:    []byte{},
+			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
@@ -194,10 +203,7 @@ func TestInterceptor_ExecuteTrigger_Signature(t *testing.T) {
 			logger, _ := logging.NewLogger("", "")
 			kubeClient := fakekubeclient.Get(ctx)
 			request := &http.Request{
-				Body: ioutil.NopCloser(bytes.NewReader(tt.args.payload)),
-				GetBody: func() (io.ReadCloser, error) {
-					return ioutil.NopCloser(bytes.NewReader(tt.args.payload)), nil
-				},
+				Body: tt.args.payload,
 				Header: http.Header{
 					"Content-Type": []string{"application/json"},
 				},

pkg/resources/create.go

@@ -88,7 +88,7 @@ func Create(logger *zap.SugaredLogger, rt json.RawMessage, triggerName, eventID,
 	if name == "" {
 		name = data.GetGenerateName()
 	}
-	logger.Infof("Generating resource: kind: %+v, name: %s", apiResource, name)
+	logger.Infof("Generating resource: kind: %s, name: %s", apiResource, name)
 
 	gvr := schema.GroupVersionResource{
 		Group:    apiResource.Group,

pkg/sink/sink.go

@@ -17,6 +17,7 @@ limitations under the License.
 package sink
 
 import (
+	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -72,7 +73,6 @@ func (r Sink) HandleEvent(response http.ResponseWriter, request *http.Request) {
 		response.WriteHeader(http.StatusInternalServerError)
 		return
 	}
-
 	event, err := ioutil.ReadAll(request.Body)
 	if err != nil {
 		r.Logger.Errorf("Error reading event body: %s", err)
@@ -158,7 +158,11 @@ func (r Sink) executeInterceptors(t *triggersv1.EventListenerTrigger, in *http.R
 		return event, in.Header, nil
 	}
 
-	request := in
+	// The request body to the first interceptor in the chain should be the received event body.
+	request := &http.Request{
+		Header: in.Header,
+		Body:   ioutil.NopCloser(bytes.NewBuffer(event)),
+	}
 	var resp *http.Response
 	for _, i := range t.Interceptors {
 		var interceptor interceptors.Interceptor
@@ -174,7 +178,6 @@ func (r Sink) executeInterceptors(t *triggersv1.EventListenerTrigger, in *http.R
 		default:
 			return nil, nil, fmt.Errorf("unknown interceptor type: %v", i)
 		}
-
 		var err error
 		resp, err = interceptor.ExecuteTrigger(request)
 		if err != nil {
@@ -185,7 +188,7 @@ func (r Sink) executeInterceptors(t *triggersv1.EventListenerTrigger, in *http.R
 		// request chaining.
 		request = &http.Request{
 			Header: resp.Header,
-			Body:   resp.Body,
+			Body:   ioutil.NopCloser(resp.Body),
 		}
 	}
 	payload, err := ioutil.ReadAll(resp.Body)