Bug in Python webhook event verification example

harzo · October 29, 2024, 12:14pm

I tried to verify the signature sent with Defender Webhooks events but was struggling until I found a bug.

Environment
Defender 2.0 Webhooks
Python 3.12, fastapi

Details
Python dumps JSON differently than Javascript (which I assumed is used on your side).
This is why the example shown in Defender documentation does not work:

Bug is located in line

payload_to_verify_str = json.dumps(payload_to_verify)

it should include separators argument to match javascript .stringify()

payload_to_verify_str = json.dumps(payload_to_verify, separators=(',', ':'))

Thats it. Please update the docs once you confirm that the fix ^^ works.

marcos.carlomagno · October 29, 2024, 2:49pm

Hi @harzo, thanks a lot for the fix! We will update our docs ASAP

Topic		Replies	Views
Defender webhook payload Defender	1	26	November 20, 2024
Monitor of Defender 2.0 is not working Defender etherscan-verify	6	441	January 17, 2024
WebHook Trigger on sentinal Defender	1	672	July 26, 2023
Monitor webhook notification not working Defender	4	199	April 9, 2024
Openzeppelien defender script for smart contract function Defender erc20 , erc721 , etherscan-verify	2	379	July 8, 2022

Bug in Python webhook event verification example

Related topics