From a3d1b0d1320554e2f39ae01a807e0a7e3b26fb6d Mon Sep 17 00:00:00 2001 From: usmannasir Date: Thu, 3 Jul 2025 17:35:26 +0500 Subject: [PATCH] bug fix: https://community.cyberpanel.net/t/bug-report-github-webhook-not-working-after-cyberpanel-upgrade/58865 --- CyberCP/secMiddleware.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py index 038d6c4e3..c79eeb779 100644 --- a/CyberCP/secMiddleware.py +++ b/CyberCP/secMiddleware.py @@ -35,8 +35,12 @@ class secMiddleware: logging.writeToFile(f'Path vs the final url : {pathActual}') logging.writeToFile(FinalURL) + # Define webhook pattern for secure matching + import re + webhook_pattern = re.compile(r'^/websites/[^/]+/(webhook|gitNotify)/?$') + if pathActual == "/backup/localInitiate" or pathActual == '/' or pathActual == '/verifyLogin' or pathActual == '/logout' or pathActual.startswith('/api')\ - or pathActual.endswith('/webhook') or pathActual.startswith('/cloudAPI') or pathActual.endswith('/gitNotify'): + or webhook_pattern.match(pathActual) or pathActual.startswith('/cloudAPI'): pass else: if os.path.exists(ProcessUtilities.debugPath): @@ -102,6 +106,13 @@ class secMiddleware: logging.writeToFile('Request body detected.. scanning') logging.writeToFile(str(request.body)) + # Skip validation entirely for webhook endpoints + # Webhook URLs are: /websites//webhook or /websites//gitNotify + # Use the same webhook pattern defined above + if webhook_pattern.match(pathActual): + response = self.get_response(request) + return response + # logging.writeToFile(request.body) try: data = json.loads(request.body) @@ -115,9 +126,6 @@ class secMiddleware: logging.writeToFile(f'Key being scanned {str(key)}') logging.writeToFile(f'Value being scanned {str(value)}') - if pathActual.find('gitNotify') > -1 or pathActual.endswith('/webhook') or pathActual.endswith('/gitNotify'): - break - # Skip validation for ports key to allow port ranges with colons if key == 'ports': continue