From 1911cb69f59931620a5961847805fc713b38a3f6 Mon Sep 17 00:00:00 2001
From: Bob Holt <bob@bocoup.com>
Date: Thu, 4 May 2017 09:32:21 -0400
Subject: [PATCH] fix the case where a fork of web-platform-tests can cause
 comments to appear on w3c/web-platform-tests issues

---
 webhook_handler.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/webhook_handler.py b/webhook_handler.py
index 7a396bf..386853d 100644
--- a/webhook_handler.py
+++ b/webhook_handler.py
@@ -3,6 +3,7 @@
 
 """This module contains the TravisCI webhook handler."""
 
+import ConfigParser
 from github import GitHub
 from travis import Travis
 from log_parser import parse_logs
@@ -12,6 +13,12 @@
 
 logging.basicConfig(filename='prbuildbot.log', level=logging.DEBUG)
 
+CONFIG = ConfigParser.ConfigParser()
+CONFIG.readfp(open(r'config.txt'))
+GH_TOKEN = CONFIG.get('GitHub', 'GH_TOKEN')
+ORG = CONFIG.get('GitHub', 'ORG')
+REPO = CONFIG.get('GitHub', 'REPO')
+
 
 def webhook_handler(payload, signature):
     """Respond to Travis webhook."""
@@ -26,6 +33,13 @@ def webhook_handler(payload, signature):
     if error:
         return error.get('message'), error.get('code')
 
+    # Ensure only builds for this repository can comment here.
+    repository = verified_payload.get("repository")
+    owner_name = repository.get("owner_name")
+    repo_name = repository.get("name")
+    if owner_name != ORG or repo_name != REPO:
+        return "Forbidden: Repository Mismatch. Build for %s/%s attempting to comment on %s/%s" % (owner_name, repo_name, ORG, REPO), 403
+
     issue_number = int(verified_payload.get('pull_request_number'))
     logs = travis.get_logs(verified_payload)