Handle MIME parameters in Content-Type Header (#1922)

sagar23sj · web-flow · commit b60bde193f1f · 2021-07-08T16:28:32.000-04:00
Fixes: #1874.
diff --git a/github/messages.go b/github/messages.go
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"hash"
 	"io/ioutil"
+	"mime"
 	"net/http"
 	"net/url"
 	"strings"
@@ -157,7 +158,14 @@ func messageMAC(signature string) ([]byte, func() hash.Hash, error) {
 func ValidatePayload(r *http.Request, secretToken []byte) (payload []byte, err error) {
 	var body []byte // Raw body that GitHub uses to calculate the signature.
 
-	switch ct := r.Header.Get("Content-Type"); ct {
+	ct := r.Header.Get("Content-Type")
+
+	mediatype, _, err := mime.ParseMediaType(ct)
+	if err != nil {
+		mediatype = ""
+	}
+
+	switch mediatype {
 	case "application/json":
 		var err error
 		if body, err = ioutil.ReadAll(r.Body); err != nil {
diff --git a/github/messages_test.go b/github/messages_test.go
@@ -229,6 +229,33 @@ func TestValidatePayload_BadRequestBody(t *testing.T) {
 	}
 }
 
+func TestValidatePayload_InvalidContentTypeParams(t *testing.T) {
+	req, err := http.NewRequest("POST", "http://localhost/event", nil)
+	if err != nil {
+		t.Fatalf("NewRequest: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json; charset=")
+	if _, err = ValidatePayload(req, nil); err == nil {
+		t.Error("ValidatePayload = nil, want err")
+	}
+}
+
+func TestValidatePayload_ValidContentTypeParams(t *testing.T) {
+	var requestBody = `{"yo":true}`
+	buf := bytes.NewBufferString(requestBody)
+
+	req, err := http.NewRequest("POST", "http://localhost/event", buf)
+	if err != nil {
+		t.Fatalf("NewRequest: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json; charset=UTF-8")
+
+	_, err = ValidatePayload(req, nil)
+	if err != nil {
+		t.Error("ValidatePayload = nil, want err")
+	}
+}
+
 func TestParseWebHook(t *testing.T) {
 	tests := []struct {
 		payload     interface{}
