From 846f9225f195f43c6ff85470eeaa9a329bff78ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Fri, 7 Apr 2023 01:45:53 +0200
Subject: [PATCH] Moved all requests calls through secureRequestsSession call

---
 server/src/uds/core/util/security.py          |  8 +++--
 .../src/uds/services/OpenGnsys/og/__init__.py | 12 +++----
 .../OpenStack/openstack/openstack_client.py   | 34 +++++--------------
 .../services/PhysicalMachines/service_base.py |  5 ++-
 .../uds/services/Proxmox/client/__init__.py   | 20 +++++------
 5 files changed, 32 insertions(+), 47 deletions(-)

diff --git a/server/src/uds/core/util/security.py b/server/src/uds/core/util/security.py
index a2a3ae75a..5418945e3 100644
--- a/server/src/uds/core/util/security.py
+++ b/server/src/uds/core/util/security.py
@@ -19,8 +19,12 @@ import requests.adapters
 KEY_SIZE = 4096
 SECRET_SIZE = 32
 
-# Ensure that we do not get warnings about self signed certificates and so
-requests.packages.urllib3.disable_warnings()  # type: ignore
+try:
+    # Ensure that we do not get warnings about self signed certificates and so
+    import requests.packages.urllib3  # type: ignore
+    requests.packages.urllib3.disable_warnings()  # @UndefinedVariable
+except:
+    pass
 
 
 def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
diff --git a/server/src/uds/services/OpenGnsys/og/__init__.py b/server/src/uds/services/OpenGnsys/og/__init__.py
index 4f291cfa4..b20dcafbb 100644
--- a/server/src/uds/services/OpenGnsys/og/__init__.py
+++ b/server/src/uds/services/OpenGnsys/og/__init__.py
@@ -35,7 +35,7 @@ import json
 import logging
 import typing
 
-import requests
+from uds.core.util import security
 
 from . import urls
 from . import fake
@@ -43,6 +43,7 @@ from . import fake
 logger = logging.getLogger(__name__)
 
 if typing.TYPE_CHECKING:
+    import requests
     from uds.core.util.cache import Cache
 
 # Fake part
@@ -62,7 +63,7 @@ def ensureConnected(fnc: typing.Callable[..., RT]) -> typing.Callable[..., RT]:
 
 # Result checker
 def ensureResponseIsValid(
-    response: requests.Response, errMsg: typing.Optional[str] = None
+    response: 'requests.Response', errMsg: typing.Optional[str] = None
 ) -> typing.Any:
     if not response.ok:
         if not errMsg:
@@ -131,11 +132,10 @@ class OpenGnsysClient:
     ) -> typing.Any:
         if not FAKE:
             return ensureResponseIsValid(
-                requests.post(
+                security.secureRequestsSession(verify=self.verifyCert).post(
                     self._ogUrl(path),
                     data=json.dumps(data),
                     headers=self.headers,
-                    verify=self.verifyCert,
                 ),
                 errMsg=errMsg,
             )
@@ -145,7 +145,7 @@ class OpenGnsysClient:
     def _get(self, path: str, errMsg: typing.Optional[str] = None) -> typing.Any:
         if not FAKE:
             return ensureResponseIsValid(
-                requests.get(
+                security.secureRequestsSession(verify=self.verifyCert).get(
                     self._ogUrl(path), headers=self.headers, verify=self.verifyCert
                 ),
                 errMsg=errMsg,
@@ -156,7 +156,7 @@ class OpenGnsysClient:
     def _delete(self, path: str, errMsg: typing.Optional[str] = None) -> typing.Any:
         if not FAKE:
             return ensureResponseIsValid(
-                requests.delete(
+                security.secureRequestsSession(verify=self.verifyCert).delete(
                     self._ogUrl(path), headers=self.headers, verify=self.verifyCert
                 ),
                 errMsg=errMsg,
diff --git a/server/src/uds/services/OpenStack/openstack/openstack_client.py b/server/src/uds/services/OpenStack/openstack/openstack_client.py
index 809954ba8..c5da4083c 100644
--- a/server/src/uds/services/OpenStack/openstack/openstack_client.py
+++ b/server/src/uds/services/OpenStack/openstack/openstack_client.py
@@ -34,15 +34,15 @@ import logging
 import json
 import typing
 
-import requests
-
 # import dateutil.parser
 
 from django.utils.translation import ugettext as _
 
+from uds.core.util import security
+
 # Not imported at runtime, just for type checking
 if typing.TYPE_CHECKING:
-    pass
+    import requests
 
 
 logger = logging.getLogger(__name__)
@@ -59,7 +59,7 @@ VERIFY_SSL = False
 
 # Helpers
 def ensureResponseIsValid(
-    response: requests.Response, errMsg: typing.Optional[str] = None
+    response: 'requests.Response', errMsg: typing.Optional[str] = None
 ) -> None:
     if response.ok is False:
         try:
@@ -81,7 +81,7 @@ def ensureResponseIsValid(
 
 def getRecurringUrlJson(
     url: str,
-    session: requests.Session,
+    session: 'requests.Session',
     headers: typing.Dict[str, str],
     key: str,
     params: typing.Optional[typing.Mapping[str, str]] = None,
@@ -93,7 +93,7 @@ def getRecurringUrlJson(
         counter += 1
         logger.debug('Requesting url #%s: %s / %s', counter, url, params)
         r = session.get(
-            url, params=params, headers=headers, verify=VERIFY_SSL, timeout=timeout
+            url, params=params, headers=headers, timeout=timeout
         )
 
         ensureResponseIsValid(r, errMsg)
@@ -154,7 +154,7 @@ class Client:  # pylint: disable=too-many-public-methods
     _project: typing.Optional[str]
     _region: typing.Optional[str]
     _timeout: int
-    _session: requests.Session
+    _session: 'requests.Session'
 
     # Legacyversion is True for versions <= Ocata
     def __init__(
@@ -171,7 +171,7 @@ class Client:  # pylint: disable=too-many-public-methods
         access: typing.Optional[str] = None,
         proxies: typing.Optional[typing.MutableMapping[str, str]] = None,
     ):
-        self._session = requests.Session()
+        self._session = security.secureRequestsSession(verify=VERIFY_SSL)
         if proxies:
             self._session.proxies = proxies
 
@@ -260,7 +260,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._authUrl + 'v3/auth/tokens',
             data=json.dumps(data),
             headers={'content-type': 'application/json'},
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -481,7 +480,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor('compute', 'compute_legacy')
             + '/servers/{server_id}'.format(server_id=serverId),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
         ensureResponseIsValid(r, 'Get Server information')
@@ -493,7 +491,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor(self._volume)
             + '/volumes/{volume_id}'.format(volume_id=volumeId),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -511,7 +508,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor(self._volume)
             + '/snapshots/{snapshot_id}'.format(snapshot_id=snapshotId),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -538,7 +534,6 @@ class Client:  # pylint: disable=too-many-public-methods
             + '/snapshots/{snapshot_id}'.format(snapshot_id=snapshotId),
             data=json.dumps(data),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -566,7 +561,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor(self._volume) + '/snapshots',
             data=json.dumps(data),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -594,7 +588,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor(self._volume) + '/volumes',
             data=json.dumps(data),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -644,7 +637,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor('compute', 'compute_legacy') + '/servers',
             data=json.dumps(data),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -658,14 +650,12 @@ class Client:  # pylint: disable=too-many-public-methods
         #     self._getEndpointFor('compute', , 'compute_legacy') + '/servers/{server_id}/action'.format(server_id=serverId),
         #     data='{"forceDelete": null}',
         #     headers=self._requestHeaders(),
-        #     verify=VERIFY_SSL,
         #     timeout=self._timeout
         # )
         r = self._session.delete(
             self._getEndpointFor('compute', 'compute_legacy')
             + '/servers/{server_id}'.format(server_id=serverId),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -681,7 +671,6 @@ class Client:  # pylint: disable=too-many-public-methods
             self._getEndpointFor(self._volume)
             + '/snapshots/{snapshot_id}'.format(snapshot_id=snapshotId),
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -696,7 +685,6 @@ class Client:  # pylint: disable=too-many-public-methods
             + '/servers/{server_id}/action'.format(server_id=serverId),
             data='{"os-start": null}',
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -711,7 +699,6 @@ class Client:  # pylint: disable=too-many-public-methods
             + '/servers/{server_id}/action'.format(server_id=serverId),
             data='{"os-stop": null}',
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -724,7 +711,6 @@ class Client:  # pylint: disable=too-many-public-methods
             + '/servers/{server_id}/action'.format(server_id=serverId),
             data='{"suspend": null}',
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -737,7 +723,6 @@ class Client:  # pylint: disable=too-many-public-methods
             + '/servers/{server_id}/action'.format(server_id=serverId),
             data='{"resume": null}',
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -750,7 +735,6 @@ class Client:  # pylint: disable=too-many-public-methods
             + '/servers/{server_id}/action'.format(server_id=serverId),
             data='{"reboot":{"type":"HARD"}}',
             headers=self._requestHeaders(),
-            verify=VERIFY_SSL,
             timeout=self._timeout,
         )
 
@@ -762,7 +746,7 @@ class Client:  # pylint: disable=too-many-public-methods
         # We need api version 3.2 or greater
         try:
             r = self._session.get(
-                self._authUrl, verify=VERIFY_SSL, headers=self._requestHeaders()
+                self._authUrl, headers=self._requestHeaders()
             )
         except Exception:
             logger.exception('Testing')
diff --git a/server/src/uds/services/PhysicalMachines/service_base.py b/server/src/uds/services/PhysicalMachines/service_base.py
index 157c3e840..6bac521d0 100644
--- a/server/src/uds/services/PhysicalMachines/service_base.py
+++ b/server/src/uds/services/PhysicalMachines/service_base.py
@@ -30,11 +30,10 @@
 """
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 """
-import requests
 import logging
 import typing
 
-
+from uds.core.util import security
 from uds.core import services
 
 logger = logging.getLogger(__name__)
@@ -77,7 +76,7 @@ class IPServiceBase(services.Service):
             if wolurl:
                 logger.info('Launching WOL: %s', wolurl)
                 try:
-                    requests.get(wolurl, verify=False)
+                    security.secureRequestsSession(verify=False).get(wolurl)
                     # logger.debug('Result: %s', result)
                 except Exception as e:
                     logger.error('Error on WOL: %s', e)
diff --git a/server/src/uds/services/Proxmox/client/__init__.py b/server/src/uds/services/Proxmox/client/__init__.py
index 14e098a72..0c9898ef4 100644
--- a/server/src/uds/services/Proxmox/client/__init__.py
+++ b/server/src/uds/services/Proxmox/client/__init__.py
@@ -41,6 +41,8 @@ import requests
 
 from . import types
 
+
+from uds.core.util import security
 from uds.core.util.decorators import allowCache, ensureConected
 
 # DEFAULT_PORT = 8006
@@ -128,7 +130,7 @@ class ProxmoxClient:
         }
 
     @staticmethod
-    def checkError(response: requests.Response) -> typing.Any:
+    def checkError(response: 'requests.Response') -> typing.Any:
         if not response.ok:
             errMsg = 'Status code {}'.format(response.status_code)
             if response.status_code == 595:
@@ -152,11 +154,10 @@ class ProxmoxClient:
 
     def _get(self, path: str) -> typing.Any:
         try:
-            result = requests.get(
+            result = security.secureRequestsSession(verify=self._validateCert).get(
                 self._getPath(path),
                 headers=self.headers,
                 cookies={'PVEAuthCookie': self._ticket},
-                verify=self._validateCert,
                 timeout=self._timeout,
             )
 
@@ -174,12 +175,11 @@ class ProxmoxClient:
         data: typing.Optional[typing.Iterable[typing.Tuple[str, str]]] = None,
     ) -> typing.Any:
         try:
-            result = requests.post(
+            result = security.secureRequestsSession(verify=self._validateCert).post(
                 self._getPath(path),
-                data=data,
+                data=data,  # type: ignore
                 headers=self.headers,
                 cookies={'PVEAuthCookie': self._ticket},
-                verify=self._validateCert,
                 timeout=self._timeout,
             )
 
@@ -197,12 +197,11 @@ class ProxmoxClient:
         data: typing.Optional[typing.Iterable[typing.Tuple[str, str]]] = None,
     ) -> typing.Any:
         try:
-            result = requests.delete(
+            result = security.secureRequestsSession(verify=self._validateCert).delete(
                 self._getPath(path),
-                data=data,
+                data=data,  # type: ignore
                 headers=self.headers,
                 cookies={'PVEAuthCookie': self._ticket},
-                verify=self._validateCert,
                 timeout=self._timeout,
             )
 
@@ -230,11 +229,10 @@ class ProxmoxClient:
                 return
 
         try:
-            result = requests.post(
+            result = security.secureRequestsSession(verify=self._validateCert).post(
                 url=self._getPath('access/ticket'),
                 data=self._credentials,
                 headers=self.headers,
-                verify=self._validateCert,
                 timeout=self._timeout,
             )
             if not result.ok: