[Hardening] allow monitoring and serviceprocessors to perform interna…

…l requests against non verified SSL urls

geonode/monitoring/models.py

@@ -1829,7 +1829,11 @@ def do_autoconfigure():
     # get list of services
     wsite = urlparse(settings.SITEURL)
     # default host
-    hosts = [(wsite.hostname, gethostbyname(wsite.hostname),)]
+    try:
+        _host_by_name = gethostbyname(wsite.hostname)
+    except BaseException:
+        _host_by_name = '127.0.0.1'
+    hosts = [(wsite.hostname, _host_by_name,)]
     # default geonode
     geonode_name = settings.MONITORING_SERVICE_NAME or '{}-geonode'.format(
         wsite.hostname)
@@ -1840,7 +1844,11 @@ def do_autoconfigure():
         if val.get('BACKEND') == 'geonode.geoserver':
             gname = '{}-geoserver'.format(k)
             gsite = urlparse(val['LOCATION'])
-            ghost = (gsite.hostname, gethostbyname(gsite.hostname),)
+            try:
+                _host_by_name = gethostbyname(gsite.hostname)
+            except BaseException:
+                _host_by_name = '127.0.0.1'
+            ghost = (gsite.hostname, _host_by_name,)
             if ghost not in hosts:
                 hosts.append(ghost)
             geoservers.append((gname, val['LOCATION'], ghost,))

geonode/monitoring/service_handlers.py

@@ -189,7 +189,7 @@ def _collect(self, *args, **kwargs):
         if not base_url:
             raise ValueError("Service {} should have url provided".format(self.service.name))
         url = '{}{}'.format(base_url.rstrip('/'), self.PATH)
-        rdata = requests.get(url, timeout=10)
+        rdata = requests.get(url, timeout=10, verify=False)
         if rdata.status_code != 200:
             raise ValueError("Error response from api: ({}) {}".format(url, rdata))
         data = rdata.json()['metrics']['metric']
@@ -206,7 +206,7 @@ def _collect(self, since, until, *args, **kwargs):
         if not base_url:
             raise ValueError("Service {} should have url provided".format(self.service.name))
         url = '{}/monitoring/api/beacon/{}/'.format(base_url.rstrip('/'), self.service.service_type.name)
-        rdata = requests.get(url, timeout=10)
+        rdata = requests.get(url, timeout=10, verify=False)
         if rdata.status_code != 200:
             raise ValueError("Error response from api: ({}) {}".format(url, rdata))
         data = rdata.json()

geonode/monitoring/utils.py

@@ -131,7 +131,8 @@ def get_requests(self, format=None, since=None, until=None):
         resp = requests.get(
             rest_url,
             auth=HTTPBasicAuth(username, password),
-            timeout=30)
+            timeout=30,
+            verify=False)
         doc = bs(resp.content, features="lxml")
         links = doc.find_all('a')
         for l in links:
@@ -149,7 +150,8 @@ def get_request(self, href, format=format):
         r = requests.get(
             href,
             auth=HTTPBasicAuth(username, password),
-            timeout=30)
+            timeout=30,
+            verify=False)
         if r.status_code != 200:
             log.warning('Invalid response for %s: %s', href, r)
             return

geonode/security/utils.py

@@ -183,7 +183,8 @@ def get_geofence_rules_count():
         r = requests.get(url + 'rest/geofence/rules/count.json',
                          headers=headers,
                          auth=HTTPBasicAuth(user, passwd),
-                         timeout=10)
+                         timeout=10,
+                         verify=False)
         if (r.status_code < 200 or r.status_code > 201):
             logger.warning("Could not retrieve GeoFence Rules count.")
 
@@ -214,7 +215,8 @@ def get_highest_priority():
         r = requests.get(url + 'rest/geofence/rules.json?page=' + str(rules_count - 1) + '&entries=1',
                          headers=headers,
                          auth=HTTPBasicAuth(user, passwd),
-                         timeout=10)
+                         timeout=10,
+                         verify=False)
         if (r.status_code < 200 or r.status_code > 201):
             logger.warning("Could not retrieve GeoFence Rules count.")
 
@@ -246,7 +248,8 @@ def purge_geofence_all():
             r = requests.get(url + 'rest/geofence/rules.json',
                              headers=headers,
                              auth=HTTPBasicAuth(user, passwd),
-                             timeout=10)
+                             timeout=10,
+                             verify=False)
             if (r.status_code < 200 or r.status_code > 201):
                 logger.warning("Could not Retrieve GeoFence Rules")
             else:
@@ -291,7 +294,8 @@ def purge_geofence_layer_rules(resource):
             url, workspace, resource.layer.name),
         headers=headers,
         auth=HTTPBasicAuth(user, passwd),
-        timeout=10
+        timeout=10,
+        verify=False
     )
     if (r.status_code >= 200 and r.status_code < 300):
         gs_rules = r.json()

geonode/services/serviceprocessors/wms.py

@@ -495,7 +495,10 @@ def harvest_resource(self, resource_id, geonode_service):
     def _probe_geonode_wms(self, raw_url):
         url = urlsplit(raw_url)
         base_url = '%s://%s/' % (url.scheme, url.netloc)
-        response = requests.get('%sapi/ows_endpoints/' % base_url, {}, timeout=30)
+        response = requests.get(
+            '%sapi/ows_endpoints/' % base_url, {},
+            timeout=30,
+            verify=False)
         content = response.content
         status = response.status_code
         content_type = response.headers['Content-Type']
@@ -522,7 +525,9 @@ def _enrich_layer_metadata(self, geonode_layer):
         url = urlsplit(self.url)
         base_url = '%s://%s/' % (url.scheme, url.netloc)
         response = requests.get(
-            '%sapi/layers/?name=%s' % (base_url, layername), {}, timeout=10)
+            '%sapi/layers/?name=%s' % (base_url, layername), {},
+            timeout=10,
+            verify=False)
         content = response.content
         status = response.status_code
         content_type = response.headers['Content-Type']