Add DANGEROUS_WEBHOOKS_ENABLED live setting (#286)

* Add DANGEROUS_WEBHOOKS_ENABLED live setting * Style fix * Fix DANGEROUS_WEBHOOKS_ENABLED check
2022-08-02 14:20:18 +04:00 · 2022-08-02 14:20:18 +04:00 · 819add5f2e
commit 819add5f2e
parent 8b60fab8f0
3 changed files with 16 additions and 7 deletions
--- a/engine/apps/alerts/utils.py
+++ b/engine/apps/alerts/utils.py
@ -6,6 +6,8 @@ from urllib.parse import urlparse

 import requests

+from apps.base.utils import live_settings
+
 OUTGOING_WEBHOOK_TIMEOUT = 10


@ -52,13 +54,15 @@ def request_outgoing_webhook(webhook_url, http_request_type, post_kwargs={}) ->
        return False, "Malformed url"
    if not parsed_url.netloc:
        return False, "Malformed url"
-    # Get the ip address of the webhook url and check if it belongs to the private network
-    try:
-        webhook_url_ip_address = socket.gethostbyname(parsed_url.netloc)
-    except socket.gaierror:
-        return False, "Cannot resolve name in url"
-    if ipaddress.ip_address(socket.gethostbyname(webhook_url_ip_address)).is_private:
-        return False, "This url is not supported for outgoing webhooks"
+    if not live_settings.DANGEROUS_WEBHOOKS_ENABLED:
+        # Get the ip address of the webhook url and check if it belongs to the private network
+        try:
+            webhook_url_ip_address = socket.gethostbyname(parsed_url.netloc)
+        except socket.gaierror:
+            return False, "Cannot resolve name in url"
+        if not live_settings.DANGEROUS_WEBHOOKS_ENABLED:
+            if ipaddress.ip_address(socket.gethostbyname(webhook_url_ip_address)).is_private:
+                return False, "This url is not supported for outgoing webhooks"

    try:
        if http_request_type == "POST":
--- a/engine/apps/base/models/live_setting.py
+++ b/engine/apps/base/models/live_setting.py
@ -47,6 +47,7 @@ class LiveSetting(models.Model):
        "GRAFANA_CLOUD_ONCALL_TOKEN",
        "GRAFANA_CLOUD_ONCALL_HEARTBEAT_ENABLED",
        "GRAFANA_CLOUD_NOTIFICATIONS_ENABLED",
+        "DANGEROUS_WEBHOOKS_ENABLED",
    )

    DESCRIPTIONS = {
@ -120,6 +121,7 @@ class LiveSetting(models.Model):
        "GRAFANA_CLOUD_ONCALL_TOKEN": "Secret token for Grafana Cloud OnCall instance.",
        "GRAFANA_CLOUD_ONCALL_HEARTBEAT_ENABLED": "Enable heartbeat integration with Grafana Cloud OnCall.",
        "GRAFANA_CLOUD_NOTIFICATIONS_ENABLED": "Enable SMS/call notifications via Grafana Cloud OnCall",
+        "DANGEROUS_WEBHOOKS_ENABLED": "Enable outgoing webhooks to private networks",
    }

    SECRET_SETTING_NAMES = (
--- a/engine/settings/base.py
+++ b/engine/settings/base.py
@ -78,6 +78,9 @@ SENDGRID_INBOUND_EMAIL_DOMAIN = os.environ.get("SENDGRID_INBOUND_EMAIL_DOMAIN")
 GRAFANA_CLOUD_ONCALL_API_URL = os.environ.get("GRAFANA_CLOUD_ONCALL_API_URL", "https://a-prod-us-central-0.grafana.net")
 GRAFANA_CLOUD_ONCALL_TOKEN = os.environ.get("GRAFANA_CLOUD_ONCALL_TOKEN", None)

+# Outgoing webhook settings
+DANGEROUS_WEBHOOKS_ENABLED = getenv_boolean("DANGEROUS_WEBHOOKS_ENABLED", default=False)
+
 # Application definition

 INSTALLED_APPS = [