From 25d72a7e31a0d077546639f3de25d75ebb4efa14 Mon Sep 17 00:00:00 2001 From: Wim Date: Sat, 24 Oct 2015 17:44:14 +0200 Subject: Add some validation for incoming connections --- matterhook/matterhook.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/matterhook/matterhook.go b/matterhook/matterhook.go index efc77cc0..8e87cc7b 100644 --- a/matterhook/matterhook.go +++ b/matterhook/matterhook.go @@ -71,6 +71,11 @@ func (c *Client) StartServer() { // ServeHTTP implementation. func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + log.Println("invalid " + r.Method + " connection from " + r.RemoteAddr) + http.NotFound(w, r) + return + } msg := IMessage{} err := r.ParseForm() if err != nil { @@ -86,6 +91,11 @@ func (c *Client) ServeHTTP(w http.ResponseWriter, r *http.Request) { http.NotFound(w, r) return } + if msg.Token == "" { + log.Println("no token from " + r.RemoteAddr) + http.NotFound(w, r) + return + } c.In <- msg } -- cgit v1.2.3