[sbws/master] config: stop allowing http servers without tls - tor-commits

7 Jan 2019

commit 1b2af9b8f0bbbfe22b8ee5c4c361f2535509987c
Author: juga0 juga@riseup.net
Date:   Fri Dec 14 14:02:11 2018 +0000
config: stop allowing http servers without tls
Destinations' Web servers must support TLS to avoid contents cache.
Fixes bug #28789. Bugfix v0.2.0.
---
 sbws/lib/destination.py        |  3 ---
 sbws/util/config.py            | 10 +++++++---
 tests/integration/conftest.py  |  3 +++
 tests/unit/util/test_config.py | 11 +++++++----
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/sbws/lib/destination.py b/sbws/lib/destination.py
index 1b4c192..ee67cd2 100644
--- a/sbws/lib/destination.py
+++ b/sbws/lib/destination.py
@@ -98,9 +98,6 @@ class Destination:
     def __init__(self, url, max_dl, verify):
         self._max_dl = max_dl
         u = urlparse(url)
-        # these things should have been verified in verify_config
-        assert u.scheme in ['http', 'https']
-        assert u.netloc
         self._url = u
         self._verify = verify
diff --git a/sbws/util/config.py b/sbws/util/config.py
index 67ec0e0..1aaff53 100644
--- a/sbws/util/config.py
+++ b/sbws/util/config.py
@@ -516,12 +516,16 @@ def _validate_enum(section, key, choices):
def _validate_url(section, key):
     value = section[key]
-    if not value.startswith(('http://', 'https://')):
-        return False, 'Must start with http:// or https://'
     url = urlparse(value)
-    assert url.scheme in ['http', 'https']
     if not url.netloc:
         return False, 'Does not appear to contain a hostname'
+    # It should be possible to have an URL that starts by http:// that uses
+    # TLS,but python requests is just checking the scheme starts by https
+    # when verifying certificate:
+    # https://github.com/requests/requests/blob/master/requests/adapters.py#L215  # noqa
+    # When the scheme is https but the protocol is not TLS, requests will hang.
+    if url.scheme != 'https' and not url.netloc.startswith('127.0.0.1'):
+        return False, 'URL scheme must be HTTPS (except for the test server)'
     return True, ''
diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py
index 7e1b727..b1312d9 100644
--- a/tests/integration/conftest.py
+++ b/tests/integration/conftest.py
@@ -72,6 +72,9 @@ def conf(sbwshome_dir):
     conf['tor']['run_dpath'] = os.path.join(sbwshome_dir, 'tor', 'run')
     conf['destinations']['foo'] = 'on'
     conf['destinations.foo'] = {}
+    # The test server is not using TLS. Ideally it should also support TLS
+    # If the url would start with https but the request is not using TLS,
+    # the request would hang.
     conf['destinations.foo']['url'] = 'http://127.0.0.1:28888/sbws.bin'
     conf['tor']['extra_lines'] = """  # noqa: E501
 DirAuthority auth1 orport=2002 no-v2 v3ident=D7DBC517EFD2BA1A5012CF1BD0BB38F17C8160BD 127.10.0.1:2003 AA45C13025C037F056E734169891878ED0880231
diff --git a/tests/unit/util/test_config.py b/tests/unit/util/test_config.py
index e3aba98..e1ce169 100644
--- a/tests/unit/util/test_config.py
+++ b/tests/unit/util/test_config.py
@@ -190,14 +190,17 @@ def test_validate_bool():
def test_validate_url():
     goods = [
-        'http://example.com', 'http://example.com/',
-        'http://example.com/foo.bar',
-        'http://example.com/foo/bar',
-        'http://user@example.com',
+        'https://example.com', 'https://example.com/',
+        'https://example.com/foo.bar',
+        'https://example.com/foo/bar',
+        'https://user@example.com',
+        'https://48.290.983.123:4443',
+        'http://127.0.0.1:8000'
     ]
     bads = [
         'ftp://example.com/foo.bar',
         'http://', 'http:///',
+        'http://example.com',
     ]
     for val in goods:
         d = {'': val}

    