From 5608d61b3a8af7af688fded5745c4c46bc2ff578 Mon Sep 17 00:00:00 2001
From: Felix Auringer <48409110+felixauringer@users.noreply.github.com>
Date: Fri, 25 Jun 2021 09:24:13 +0200
Subject: [PATCH] Replace metaprogramming in Runner::Connection

This prevents someone who is controlling the websocket connection
to send messages starting with 'handle_' to the connection object.
---
 lib/runner/connection.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/runner/connection.rb b/lib/runner/connection.rb
index 05f1242f..614efdd0 100644
--- a/lib/runner/connection.rb
+++ b/lib/runner/connection.rb
@@ -6,6 +6,7 @@ require 'json_schemer'
 class Runner::Connection
   # These are events for which callbacks can be registered.
   EVENTS = %i[start output exit stdout stderr].freeze
+  WEBSOCKET_MESSAGE_TYPES = %i[start stdout stderr error timeout exit].freeze
   BACKEND_OUTPUT_SCHEMA = JSONSchemer.schema(JSON.parse(File.read('lib/runner/backend-output.schema.json')))
 
   attr_writer :status
@@ -56,8 +57,12 @@ class Runner::Connection
     return unless BACKEND_OUTPUT_SCHEMA.valid?(event)
 
     event = event.deep_symbolize_keys
-    # There is one `handle_` method for every message type defined in the WebSocket schema.
-    __send__("handle_#{event[:type]}", event)
+    message_type = event[:type]
+    if WEBSOCKET_MESSAGE_TYPES.include?(message_type)
+      __send__("handle_#{message_type}", event)
+    else
+      raise Runner::Error::UnexpectedResponse.new("Unknown websocket message type: #{message_type}")
+    end
   end
 
   def on_open(_event)