From 73fefdbe5c752175be5bcdb0fcfa6d1445275e75 Mon Sep 17 00:00:00 2001 From: William Bergamin Date: Tue, 2 Jun 2026 14:41:45 -0400 Subject: [PATCH] fix(signature): validate signing_secret is a non-empty string --- slack_sdk/signature/__init__.py | 12 +++++++++++ tests/signature/test_signature_verifier.py | 20 +++++++++++++++++++ .../signature/test_signature_verifier.py | 20 +++++++++++++++++++ 3 files changed, 52 insertions(+) diff --git a/slack_sdk/signature/__init__.py b/slack_sdk/signature/__init__.py index ecdc67539..0faba9c33 100644 --- a/slack_sdk/signature/__init__.py +++ b/slack_sdk/signature/__init__.py @@ -29,6 +29,18 @@ def __init__(self, signing_secret: str, clock: Clock = Clock()): self.signing_secret = signing_secret self.clock = clock + @property + def signing_secret(self) -> str: + return self._signing_secret + + @signing_secret.setter + def signing_secret(self, value: str) -> None: + if not isinstance(value, str): + raise ValueError("signing_secret must be a string") + if not value.strip(): + raise ValueError("signing_secret must not be empty.") + self._signing_secret = value + def is_valid_request( self, body: Union[str, bytes], diff --git a/tests/signature/test_signature_verifier.py b/tests/signature/test_signature_verifier.py index ef7ac0512..5a8ac17c7 100644 --- a/tests/signature/test_signature_verifier.py +++ b/tests/signature/test_signature_verifier.py @@ -97,3 +97,23 @@ def test_is_valid_none(self): self.assertFalse(verifier.is_valid(None, self.timestamp, None)) self.assertFalse(verifier.is_valid(self.body, None, None)) self.assertFalse(verifier.is_valid(None, None, None)) + + def test_invalid_signing_secret(self): + with self.assertRaises(ValueError): + SignatureVerifier("") + with self.assertRaises(ValueError): + SignatureVerifier(" ") + with self.assertRaises(ValueError): + SignatureVerifier(None) + with self.assertRaises(ValueError): + SignatureVerifier(123) + with self.assertRaises(ValueError): + SignatureVerifier(b"secret") + + def test_invalid_signing_secret_reassignment(self): + verifier = SignatureVerifier(self.signing_secret) + with self.assertRaises(ValueError): + verifier.signing_secret = "" + with self.assertRaises(ValueError): + verifier.signing_secret = None + self.assertEqual(verifier.signing_secret, self.signing_secret) diff --git a/tests/slack_sdk/signature/test_signature_verifier.py b/tests/slack_sdk/signature/test_signature_verifier.py index 1635c1f62..05a4de420 100644 --- a/tests/slack_sdk/signature/test_signature_verifier.py +++ b/tests/slack_sdk/signature/test_signature_verifier.py @@ -97,3 +97,23 @@ def test_is_valid_none(self): self.assertFalse(verifier.is_valid(None, self.timestamp, None)) self.assertFalse(verifier.is_valid(self.body, None, None)) self.assertFalse(verifier.is_valid(None, None, None)) + + def test_invalid_signing_secret(self): + with self.assertRaises(ValueError): + SignatureVerifier("") + with self.assertRaises(ValueError): + SignatureVerifier(" ") + with self.assertRaises(ValueError): + SignatureVerifier(None) + with self.assertRaises(ValueError): + SignatureVerifier(123) + with self.assertRaises(ValueError): + SignatureVerifier(b"secret") + + def test_invalid_signing_secret_reassignment(self): + verifier = SignatureVerifier(self.signing_secret) + with self.assertRaises(ValueError): + verifier.signing_secret = "" + with self.assertRaises(ValueError): + verifier.signing_secret = None + self.assertEqual(verifier.signing_secret, self.signing_secret)