diff options
author | Stevan Radaković <stevan.radakovic@linaro.org> | 2016-09-20 14:48:49 +0200 |
---|---|---|
committer | Neil Williams <neil.williams@linaro.org> | 2016-09-21 10:13:18 +0000 |
commit | 38e1092070000ca1e4d509a96139b88edc94db94 (patch) | |
tree | 8f65738a2f3a7532a7c854124e704982cb37224f /lava_tool | |
parent | bf397052ce1a8dbbd8a843a22e9c05b73763e0ca (diff) |
Secure protocol check.
If https is provided server-side, display warning every time non-
secure protocol is used for every communication with the server.
Change-Id: I61c4d341810c872001a934589c4f3149cd7c8ee7
Reviewed-on: https://review.linaro.org/14421
Reviewed-by: lava-bot <lava-bot@linaro.org>
Reviewed-by: Neil Williams <neil.williams@linaro.org>
Diffstat (limited to 'lava_tool')
-rw-r--r-- | lava_tool/__init__.py | 2 | ||||
-rw-r--r-- | lava_tool/authtoken.py | 23 | ||||
-rw-r--r-- | lava_tool/tests/test_authtoken.py | 3 |
3 files changed, 25 insertions, 3 deletions
diff --git a/lava_tool/__init__.py b/lava_tool/__init__.py index d2df836..cf32039 100644 --- a/lava_tool/__init__.py +++ b/lava_tool/__init__.py @@ -19,4 +19,4 @@ def version(): - return "0.16" + return "0.17" diff --git a/lava_tool/authtoken.py b/lava_tool/authtoken.py index 245b263..aa85b7c 100644 --- a/lava_tool/authtoken.py +++ b/lava_tool/authtoken.py @@ -19,9 +19,11 @@ import base64 import errno import ConfigParser as configparser +import requests import urllib import urllib2 import os +import sys import xmlrpclib from lava_tool.interface import LavaCommandError @@ -45,6 +47,20 @@ def normalize_xmlrpc_url(uri): return uri +def check_uri_for_https(non_secure_uri): + secure_uri = "%ss:%s" % ( + urllib.splittype(non_secure_uri)[0], + urllib.splittype(non_secure_uri)[1]) + try: + res = requests.head(secure_uri, allow_redirects=True, timeout=15) + if res.status_code != requests.codes.OK: + return False + except: + return False + + return True + + class AuthBackend(object): def add_token(self, username, endpoint_url, token): @@ -137,7 +153,7 @@ class XMLRPCTransport(xmlrpclib.Transport): def __init__(self, scheme, auth_backend): xmlrpclib.Transport.__init__(self) - self._scheme = scheme + self.scheme = scheme self.auth_backend = auth_backend self._opener = urllib2.build_opener() self.verbose = 0 @@ -158,7 +174,7 @@ class XMLRPCTransport(xmlrpclib.Transport): auth, host = urllib.splituser(host) if auth: user, token = urllib.splitpasswd(auth) - url = self._scheme + "://" + host + handler + url = self.scheme + "://" + host + handler if user is not None and token is None: token = self.auth_backend.get_token_for_endpoint(user, url) if token is None: @@ -181,5 +197,8 @@ class AuthenticatingServerProxy(xmlrpclib.ServerProxy): if transport is None: scheme = urllib.splittype(uri)[0] transport = XMLRPCTransport(scheme, auth_backend=auth_backend) + if transport.scheme == "http": + if check_uri_for_https(uri): + print >> sys.stderr, "Warning: Provided endpoint url supports communication over secure protocol (HTTPS)." xmlrpclib.ServerProxy.__init__( self, uri, transport, encoding, verbose, allow_none, use_datetime) diff --git a/lava_tool/tests/test_authtoken.py b/lava_tool/tests/test_authtoken.py index da24c8c..91cc4a6 100644 --- a/lava_tool/tests/test_authtoken.py +++ b/lava_tool/tests/test_authtoken.py @@ -62,6 +62,9 @@ class TestAuthenticatingServerProxy(TestCase): mocker.call(intercept_request) mocker.result(response) + # Init scheme attribute. + transport.scheme + with mocker: server_proxy = AuthenticatingServerProxy( url, auth_backend=auth_backend, transport=transport) |