From da17125b975c15aa37b24d828d12c3a35c9cd96a Mon Sep 17 00:00:00 2001 From: Alan Hamlett Date: Fri, 29 Apr 2022 11:14:55 -0700 Subject: [PATCH] Prevent installing global url opener --- WakaTime.py | 137 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 81 insertions(+), 56 deletions(-) diff --git a/WakaTime.py b/WakaTime.py index 9e6ff8b..273cfdc 100644 --- a/WakaTime.py +++ b/WakaTime.py @@ -40,9 +40,9 @@ try: except ImportError: from configparser import ConfigParser, Error as ConfigParserError try: - from urllib2 import urlopen, urlretrieve, ProxyHandler, build_opener, install_opener, HTTPError + from urllib2 import Request, urlopen, HTTPError except ImportError: - from urllib.request import urlopen, urlretrieve, ProxyHandler, build_opener, install_opener + from urllib.request import Request, urlopen from urllib.error import HTTPError @@ -847,83 +847,98 @@ def reportMissingPlatformSupport(osname, arch): def request(url, last_modified=None): + req = Request(url) + req.add_header('User-Agent', 'github.com/wakatime/sublime-wakatime') + proxy = SETTINGS.get('proxy') if proxy: - opener = build_opener(ProxyHandler({ - 'http': proxy, - 'https': proxy, - })) - else: - opener = build_opener() + req.set_proxy(proxy, 'https') - headers = [('User-Agent', 'github.com/wakatime/sublime-wakatime')] if last_modified: - headers.append(('If-Modified-Since', last_modified)) - - opener.addheaders = headers - - install_opener(opener) + req.add_header('If-Modified-Since', last_modified) try: - resp = urlopen(url) + resp = urlopen(req) headers = dict(resp.getheaders()) if is_py2 else resp.headers return headers, resp.read(), resp.getcode() except HTTPError as err: if err.code == 304: return None, None, 304 if is_py2: - ssl._create_default_https_context = ssl._create_unverified_context - try: - resp = urlopen(url) - headers = dict(resp.getheaders()) if is_py2 else resp.headers - return headers, resp.read(), resp.getcode() - except HTTPError as err2: - if err2.code == 304: - return None, None, 304 - log(DEBUG, err.read().decode()) - log(DEBUG, err2.read().decode()) - raise - except IOError: - raise + with SSLCertVerificationDisabled(): + try: + resp = urlopen(req) + headers = dict(resp.getheaders()) if is_py2 else resp.headers + return headers, resp.read(), resp.getcode() + except HTTPError as err2: + if err2.code == 304: + return None, None, 304 + log(DEBUG, err.read().decode()) + log(DEBUG, err2.read().decode()) + raise + except IOError: + raise log(DEBUG, err.read().decode()) raise except IOError: if is_py2: - ssl._create_default_https_context = ssl._create_unverified_context - try: - resp = urlopen(url) - headers = dict(resp.getheaders()) if is_py2 else resp.headers - return headers, resp.read(), resp.getcode() - except HTTPError as err: - if err.code == 304: - return None, None, 304 - log(DEBUG, err.read().decode()) - raise - except IOError: - raise + with SSLCertVerificationDisabled(): + try: + resp = urlopen(url) + headers = dict(resp.getheaders()) if is_py2 else resp.headers + return headers, resp.read(), resp.getcode() + except HTTPError as err: + if err.code == 304: + return None, None, 304 + log(DEBUG, err.read().decode()) + raise + except IOError: + raise raise def download(url, filePath): + req = Request(url) + req.add_header('User-Agent', 'github.com/wakatime/sublime-wakatime') + proxy = SETTINGS.get('proxy') if proxy: - opener = build_opener(ProxyHandler({ - 'http': proxy, - 'https': proxy, - })) - else: - opener = build_opener() - opener.addheaders = [('User-Agent', 'github.com/wakatime/sublime-wakatime')] + req.set_proxy(proxy, 'https') - install_opener(opener) - - try: - urlretrieve(url, filePath) - except IOError: - if is_py2: - ssl._create_default_https_context = ssl._create_unverified_context - urlretrieve(url, filePath) - raise + with open(filePath, 'wb') as fh: + try: + resp = urlopen(req) + fh.write(resp.read()) + except HTTPError as err: + if err.code == 304: + return None, None, 304 + if is_py2: + with SSLCertVerificationDisabled(): + try: + resp = urlopen(req) + fh.write(resp.read()) + return + except HTTPError as err2: + log(DEBUG, err.read().decode()) + log(DEBUG, err2.read().decode()) + raise + except IOError: + raise + log(DEBUG, err.read().decode()) + raise + except IOError: + if is_py2: + with SSLCertVerificationDisabled(): + try: + resp = urlopen(url) + fh.write(resp.read()) + return + except HTTPError as err: + log(DEBUG, err.read().decode()) + raise + except IOError: + raise + raise def is_symlink(path): @@ -949,3 +964,13 @@ def createSymlink(): os.chmod(link, 509) # 755 except: log(traceback.format_exc()) + + +class SSLCertVerificationDisabled(object): + + def __enter__(self): + self.original_context = ssl._create_default_https_context + ssl._create_default_https_context = ssl._create_unverified_context + + def __exit__(self, *args, **kwargs): + ssl._create_default_https_context = self.original_context