From d60f47aa7ae9991c1d886763389e89808e3a77ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= Date: Wed, 3 Jul 2024 22:19:50 +0200 Subject: [PATCH] Improved InsecureRequestWarning --- server/src/uds/core/util/security.py | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/server/src/uds/core/util/security.py b/server/src/uds/core/util/security.py index f39367a7c..084d3ddfd 100644 --- a/server/src/uds/core/util/security.py +++ b/server/src/uds/core/util/security.py @@ -60,7 +60,6 @@ SECRET_SIZE = 32 # Disable warnings from urllib for urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) - try: # Ensure that we do not get warnings about self signed certificates and so import requests.packages.urllib3 # type: ignore @@ -107,9 +106,7 @@ def create_self_signed_cert(ip: str) -> tuple[str, str, str]: key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, - encryption_algorithm=serialization.BestAvailableEncryption( - password.encode() - ), + encryption_algorithm=serialization.BestAvailableEncryption(password.encode()), ).decode(), cert.public_bytes(encoding=serialization.Encoding.PEM).decode(), password, @@ -126,9 +123,7 @@ def create_client_sslcontext(verify: bool = True) -> ssl.SSLContext: Returns: A SSLContext object. """ - ssl_context = ssl.create_default_context( - purpose=ssl.Purpose.SERVER_AUTH, cafile=certifi.where() - ) + ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=certifi.where()) if not verify: ssl_context.check_hostname = False ssl_context.verify_mode = ssl.VerifyMode.CERT_NONE @@ -167,9 +162,7 @@ def check_certificate_matches_private_key(*, cert: str, key: str) -> bool: ) ) public_key = ( - serialization.load_pem_private_key( - key.encode(), password=None, backend=default_backend() - ) + serialization.load_pem_private_key(key.encode(), password=None, backend=default_backend()) .public_key() .public_bytes( format=serialization.PublicFormat.PKCS1, @@ -183,9 +176,7 @@ def check_certificate_matches_private_key(*, cert: str, key: str) -> bool: return False -def secure_requests_session( - *, verify: typing.Union[str, bool] = True -) -> 'requests.Session': +def secure_requests_session(*, verify: typing.Union[str, bool] = True) -> 'requests.Session': ''' Generates a requests.Session object with a custom adapter that uses a custom SSLContext. This is intended to be used for requests that need to be secure, but not necessarily verified. @@ -200,7 +191,12 @@ def secure_requests_session( # Copy verify value lverify = verify - + + # Disable warnings from urllib for insecure requests + # Note that although this is done globaly, on some circunstances, may be overriden later + # This will ensure that we do not get warnings about self signed certificates + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + class UDSHTTPAdapter(requests.adapters.HTTPAdapter): def init_poolmanager(self, *args: typing.Any, **kwargs: typing.Any) -> None: kwargs["ssl_context"] = create_client_sslcontext(verify=verify is True) @@ -232,6 +228,7 @@ def secure_requests_session( return session + def is_server_certificate_valid(cert: str) -> bool: """ Checks if a certificate is valid. @@ -242,4 +239,4 @@ def is_server_certificate_valid(cert: str) -> bool: x509.load_pem_x509_certificate(cert.encode(), default_backend()) return True except Exception: - return False \ No newline at end of file + return False