Bamboo variables can no longer be used in Webhook notification URL (URL is invalid)

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • 3

      Issue Summary

      Bamboo variables can no longer be used in Webhook notification URL due to a validation failure which errors with URL is invalid.

      Steps to Reproduce

      1. Plan Configuration >> Notifications >> Add >> Webhook
      2. Include a Bamboo variable in the URL e.g. https://api.github.com/repos/<github-username>/<github-reponame>/statuses/${bamboo.planRepository.revision}
      3. Save

      Expected Results

      Webhook notification saves

      Actual Results

      URL is invalid error is displayed

      Workaround

      Workaround 1
      The URL validation can be disabled but it comes with increased security risk as you're also disabling an XSS check.

      Evaluate whether you want to or are able to use the workaround to disable URL validation which would enable a potential XSS in the Webhook notification URL that allows a user with edit plan permission to inject malicious code into that field.

      -Dbamboo.notifications.webhook.url.xss.check=false

      Workaround 2
      Only applicable if the Bamboo variable you're trying to use is for the GitHub build status API. If so, please consider upgrading to Bamboo 10 which has native GitHub build status integration:

            Assignee:
            Yusif Pasha-zada
            Reporter:
            Jeremy Owen
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: