aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Hirsch, Ph.D <scivision@users.noreply.github.com>2019-11-26 15:17:59 -0500
committerMichael Hirsch, Ph.D <scivision@users.noreply.github.com>2019-12-05 23:07:16 -0500
commitccefc00a59c5766b3ca9db51bae9f1ba7d78e98a (patch)
tree954169394ab8fe0f1ff781ed2c67d983a0641210
parent298299d711e8bf577f931db80408df2e835ebda0 (diff)
downloadmeson-ccefc00a59c5766b3ca9db51bae9f1ba7d78e98a.zip
meson-ccefc00a59c5766b3ca9db51bae9f1ba7d78e98a.tar.gz
meson-ccefc00a59c5766b3ca9db51bae9f1ba7d78e98a.tar.bz2
use WrapDB domain whitelist, don't fallback to non-SSL when SSL available
In my opinion, we should not fall back to http:// from the SSL HSTS WrapDB URL, **for systems that have Python SSL** as that is controverting the point of HSTS + SSL. For systems that do not have Python SSL, they continue to work with a colored mlog.warning instead of only a stderr console print. attempt to stop masquerade URLS containing wrapdb.mesonbuild.com.evil.stuff.com
-rw-r--r--mesonbuild/wrap/wrap.py31
1 files changed, 19 insertions, 12 deletions
diff --git a/mesonbuild/wrap/wrap.py b/mesonbuild/wrap/wrap.py
index 941b29e..0b1903f 100644
--- a/mesonbuild/wrap/wrap.py
+++ b/mesonbuild/wrap/wrap.py
@@ -45,6 +45,9 @@ except ImportError:
req_timeout = 600.0
ssl_warning_printed = False
+whitelist_domain = 'https://wrapdb.mesonbuild.com/'
+whitelist_domain_nossl = 'http://wrapdb.mesonbuild.com/'
+masquerade_str = 'wrapdb.mesonbuild.com'
def quiet_git(cmd: typing.List[str], workingdir: str) -> typing.Tuple[bool, str]:
@@ -59,24 +62,26 @@ def quiet_git(cmd: typing.List[str], workingdir: str) -> typing.Tuple[bool, str]
def open_wrapdburl(urlstring: str) -> 'http.client.HTTPResponse':
global ssl_warning_printed
+
if has_ssl:
+ if not urlstring.startswith(whitelist_domain):
+ raise WrapException('{} is not a whitelisted URL'.format(urlstring))
try:
return urllib.request.urlopen(urlstring, timeout=req_timeout)
- except urllib.error.URLError:
- if not ssl_warning_printed:
- print('SSL connection failed. Falling back to unencrypted connections.', file=sys.stderr)
- ssl_warning_printed = True
+ except urllib.error.URLError as excp:
+ raise WrapException('WrapDB connection failed to {} with error {}'.format(urlstring, excp))
+
+ # following code is only for those without Python SSL
+ nossl_urlstring = urlstring.replace('https://', 'http://')
+ if not nossl_urlstring.startswith(whitelist_domain_nossl):
+ raise WrapException('{} is not a whitelisted URL'.format(nossl_urlstring))
if not ssl_warning_printed:
- print('Warning: SSL not available, traffic not authenticated.', file=sys.stderr)
+ mlog.warning('SSL module not available in {}: WrapDB traffic not authenticated.'.format(sys.executable))
ssl_warning_printed = True
- # Trying to open SSL connection to wrapdb fails because the
- # certificate is not known.
- if urlstring.startswith('https'):
- urlstring = 'http' + urlstring[5:]
try:
- return urllib.request.urlopen(urlstring, timeout=req_timeout)
- except urllib.error.URLError:
- raise WrapException('failed to get {} is the internet available?'.format(urlstring))
+ return urllib.request.urlopen(nossl_urlstring, timeout=req_timeout)
+ except urllib.error.URLError as excp:
+ raise WrapException('WrapDB connection failed to {} with error {}'.format(urlstring, excp))
class WrapException(MesonException):
@@ -309,6 +314,8 @@ class Resolver:
hostname = urllib.parse.urlparse(url).hostname
if hostname == 'wrapdb.mesonbuild.com' or hostname.endswith('.wrapdb.mesonbuild.com'):
resp = open_wrapdburl(url)
+ elif masquerade_str in url:
+ raise WrapException('{} may be a WrapDB-impersonating URL'.format(url))
else:
try:
resp = urllib.request.urlopen(url, timeout=req_timeout)