Ability to disable SSL cert verification

Adds a --no-ssl-verify argument.
Adds a no_ssl_verify boolean config option.
This commit is contained in:
Alan Hamlett 2017-05-05 17:09:17 -07:00
parent df7bf5cddb
commit 6f2176741d
9 changed files with 70 additions and 6 deletions

View file

@ -12,6 +12,7 @@ include =
.* .*
offline = false offline = false
proxy = https://user:pass@localhost:8080 proxy = https://user:pass@localhost:8080
no_ssl_verify = false
timeout = abc timeout = abc
api_url = https://localhost:0/api/v1/heartbeats api_url = https://localhost:0/api/v1/heartbeats
hostname = fromcfgfile hostname = fromcfgfile

View file

@ -1,6 +1,6 @@
usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN] usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN]
[--time time] [--lineno LINENO] [--cursorpos CURSORPOS] [--time time] [--lineno LINENO] [--cursorpos CURSORPOS]
[--entity-type ENTITY_TYPE] [--proxy PROXY] [--entity-type ENTITY_TYPE] [--proxy PROXY] [--no-ssl-verify]
[--project PROJECT] [--alternate-project ALTERNATE_PROJECT] [--project PROJECT] [--alternate-project ALTERNATE_PROJECT]
[--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline] [--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline]
[--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE] [--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE]

View file

@ -1,6 +1,6 @@
usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN] usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN]
[--time time] [--lineno LINENO] [--cursorpos CURSORPOS] [--time time] [--lineno LINENO] [--cursorpos CURSORPOS]
[--entity-type ENTITY_TYPE] [--proxy PROXY] [--entity-type ENTITY_TYPE] [--proxy PROXY] [--no-ssl-verify]
[--project PROJECT] [--alternate-project ALTERNATE_PROJECT] [--project PROJECT] [--alternate-project ALTERNATE_PROJECT]
[--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline] [--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline]
[--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE] [--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE]

View file

@ -1,6 +1,6 @@
usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN] usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN]
[--time time] [--lineno LINENO] [--cursorpos CURSORPOS] [--time time] [--lineno LINENO] [--cursorpos CURSORPOS]
[--entity-type ENTITY_TYPE] [--proxy PROXY] [--entity-type ENTITY_TYPE] [--proxy PROXY] [--no-ssl-verify]
[--project PROJECT] [--alternate-project ALTERNATE_PROJECT] [--project PROJECT] [--alternate-project ALTERNATE_PROJECT]
[--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline] [--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline]
[--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE] [--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE]

View file

@ -1,6 +1,6 @@
usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN] usage: wakatime [-h] [--entity FILE] [--key KEY] [--write] [--plugin PLUGIN]
[--time time] [--lineno LINENO] [--cursorpos CURSORPOS] [--time time] [--lineno LINENO] [--cursorpos CURSORPOS]
[--entity-type ENTITY_TYPE] [--proxy PROXY] [--entity-type ENTITY_TYPE] [--proxy PROXY] [--no-ssl-verify]
[--project PROJECT] [--alternate-project ALTERNATE_PROJECT] [--project PROJECT] [--alternate-project ALTERNATE_PROJECT]
[--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline] [--language LANGUAGE] [--hostname HOSTNAME] [--disableoffline]
[--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE] [--hidefilenames] [--exclude EXCLUDE] [--include INCLUDE]
@ -30,6 +30,8 @@ optional arguments:
--proxy PROXY optional proxy configuration. Supports HTTPS and SOCKS --proxy PROXY optional proxy configuration. Supports HTTPS and SOCKS
proxies. For example: https://user:pass@host:port or proxies. For example: https://user:pass@host:port or
socks5://user:pass@host:port or domain\user:pass socks5://user:pass@host:port or domain\user:pass
--no-ssl-verify disables SSL certificate verification for HTTPS
requests. By default, SSL certificates are verified.
--project PROJECT optional project name --project PROJECT optional project name
--alternate-project ALTERNATE_PROJECT --alternate-project ALTERNATE_PROJECT
optional alternate project name; auto-discovered optional alternate project name; auto-discovered

View file

@ -351,6 +351,32 @@ class MainTestCase(utils.TestCase):
self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].assert_called_once_with(ANY, cert=None, proxies={'https': proxy}, stream=False, timeout=60, verify=True) self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].assert_called_once_with(ANY, cert=None, proxies={'https': proxy}, stream=False, timeout=60, verify=True)
def test_disable_ssl_verify_argument(self):
response = Response()
response.status_code = 201
self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].return_value = response
with utils.TemporaryDirectory() as tempdir:
entity = 'tests/samples/codefiles/emptyfile.txt'
shutil.copy(entity, os.path.join(tempdir, 'emptyfile.txt'))
entity = os.path.realpath(os.path.join(tempdir, 'emptyfile.txt'))
config = 'tests/samples/configs/good_config.cfg'
args = ['--file', entity, '--config', config, '--no-ssl-verify']
retval = execute(args)
self.assertEquals(retval, SUCCESS)
self.assertEquals(sys.stdout.getvalue(), '')
self.assertEquals(sys.stderr.getvalue(), '')
self.patched['wakatime.session_cache.SessionCache.get'].assert_called_once_with()
self.patched['wakatime.session_cache.SessionCache.delete'].assert_not_called()
self.patched['wakatime.session_cache.SessionCache.save'].assert_called_once_with(ANY)
self.patched['wakatime.offlinequeue.Queue.push'].assert_not_called()
self.patched['wakatime.offlinequeue.Queue.pop'].assert_called_once_with()
self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].assert_called_once_with(ANY, cert=None, proxies=ANY, stream=False, timeout=60, verify=False)
def test_write_argument(self): def test_write_argument(self):
response = Response() response = Response()
response.status_code = 0 response.status_code = 0

View file

@ -551,3 +551,29 @@ class MainTestCase(utils.TestCase):
headers = self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].call_args[0][0].headers headers = self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].call_args[0][0].headers
self.assertEquals(headers.get('X-Machine-Name'), hostname.encode('utf-8') if is_py3 else hostname) self.assertEquals(headers.get('X-Machine-Name'), hostname.encode('utf-8') if is_py3 else hostname)
def test_no_ssl_verify_from_config_file(self):
response = Response()
response.status_code = 201
self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].return_value = response
with utils.TemporaryDirectory() as tempdir:
entity = 'tests/samples/codefiles/emptyfile.txt'
shutil.copy(entity, os.path.join(tempdir, 'emptyfile.txt'))
entity = os.path.realpath(os.path.join(tempdir, 'emptyfile.txt'))
config = 'tests/samples/configs/has_ssl_verify_disabled.cfg'
args = ['--file', entity, '--config', config, '--timeout', '15']
retval = execute(args)
self.assertEquals(retval, SUCCESS)
self.assertEquals(sys.stdout.getvalue(), '')
self.assertEquals(sys.stderr.getvalue(), '')
self.patched['wakatime.session_cache.SessionCache.get'].assert_called_once_with()
self.patched['wakatime.session_cache.SessionCache.delete'].assert_not_called()
self.patched['wakatime.session_cache.SessionCache.save'].assert_called_once_with(ANY)
self.patched['wakatime.offlinequeue.Queue.push'].assert_not_called()
self.patched['wakatime.offlinequeue.Queue.pop'].assert_called_once_with()
self.patched['wakatime.packages.requests.adapters.HTTPAdapter.send'].assert_called_once_with(ANY, cert=None, proxies=ANY, stream=False, timeout=15, verify=False)

View file

@ -76,6 +76,10 @@ def parseArguments():
'https://user:pass@host:port or '+ 'https://user:pass@host:port or '+
'socks5://user:pass@host:port or ' + 'socks5://user:pass@host:port or ' +
'domain\\user:pass') 'domain\\user:pass')
parser.add_argument('--no-ssl-verify', dest='nosslverify',
action='store_true',
help='disables SSL certificate verification for HTTPS '+
'requests. By default, SSL certificates are verified.')
parser.add_argument('--project', dest='project', parser.add_argument('--project', dest='project',
help='optional project name') help='optional project name')
parser.add_argument('--alternate-project', dest='alternate_project', parser.add_argument('--alternate-project', dest='alternate_project',
@ -214,6 +218,8 @@ def parseArguments():
'https://user:pass@host:port or ' + 'https://user:pass@host:port or ' +
'socks5://user:pass@host:port or ' + 'socks5://user:pass@host:port or ' +
'domain\\user:pass.') 'domain\\user:pass.')
if configs.has_option('settings', 'no_ssl_verify'):
args.nosslverify = configs.getboolean('settings', 'no_ssl_verify')
if not args.verbose and configs.has_option('settings', 'verbose'): if not args.verbose and configs.has_option('settings', 'verbose'):
args.verbose = configs.getboolean('settings', 'verbose') args.verbose = configs.getboolean('settings', 'verbose')
if not args.verbose and configs.has_option('settings', 'debug'): if not args.verbose and configs.has_option('settings', 'debug'):

View file

@ -62,7 +62,8 @@ from .packages import tzlocal
def send_heartbeat(project=None, branch=None, hostname=None, stats={}, key=None, def send_heartbeat(project=None, branch=None, hostname=None, stats={}, key=None,
entity=None, timestamp=None, is_write=None, plugin=None, entity=None, timestamp=None, is_write=None, plugin=None,
offline=None, entity_type='file', hidefilenames=None, offline=None, entity_type='file', hidefilenames=None,
proxy=None, api_url=None, timeout=None, **kwargs): proxy=None, nosslverify=None, api_url=None, timeout=None,
**kwargs):
"""Sends heartbeat as POST request to WakaTime api server. """Sends heartbeat as POST request to WakaTime api server.
Returns `SUCCESS` when heartbeat was sent, otherwise returns an Returns `SUCCESS` when heartbeat was sent, otherwise returns an
@ -151,7 +152,8 @@ def send_heartbeat(project=None, branch=None, hostname=None, stats={}, key=None,
response = None response = None
try: try:
response = session.post(api_url, data=request_body, headers=headers, response = session.post(api_url, data=request_body, headers=headers,
proxies=proxies, timeout=timeout) proxies=proxies, timeout=timeout,
verify=not nosslverify)
except RequestException: except RequestException:
exception_data = { exception_data = {
sys.exc_info()[0].__name__: u(sys.exc_info()[1]), sys.exc_info()[0].__name__: u(sys.exc_info()[1]),
@ -286,6 +288,7 @@ def process_heartbeat(args, configs, hostname, heartbeat):
heartbeat['offline'] = args.offline heartbeat['offline'] = args.offline
heartbeat['hidefilenames'] = args.hidefilenames heartbeat['hidefilenames'] = args.hidefilenames
heartbeat['proxy'] = args.proxy heartbeat['proxy'] = args.proxy
heartbeat['nosslverify'] = args.nosslverify
heartbeat['api_url'] = args.api_url heartbeat['api_url'] = args.api_url
return send_heartbeat(**heartbeat) return send_heartbeat(**heartbeat)