def verify_github_signature()

in tekton/webhook/app.py [0:0]

• 11 lines of code
• 3 McCabe index (conditional complexity)

def verify_github_signature(req):
    reqsig = request.headers.get('X-Hub-Signature')
    data = request.get_data()

    secret = os.environ.get('GITHUB_SECRET', '')
    if not reqsig.startswith("sha1=") or len(secret) < 1:
        abort(401, 'Unauthorized')

    reqsig = reqsig[len("sha1="):]
    secret = secret.encode('utf-8')

    digest = hmac.new(secret, data, hashlib.sha1).hexdigest()

    print("Validate Github Sig: digest:", digest, "request:", reqsig)
    return hmac.compare_digest(digest, reqsig)