Skip to content

Commit

Permalink
Merge pull request #1967 from r1chardj0n3s/insecure-localhost-exception
Browse files Browse the repository at this point in the history 
don't complain about localhost when checking security of index links
  • Loading branch information
@jezdez
jezdez committed Aug 11, 2014
2 parents 1605b76 + 704f658 commit 2ed6c87
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 26 deletions.
58 changes: 32 additions & 26 deletions pip/index.py
View file
Expand Up @@ -23,6 +23,7 @@
__all__ = ['PackageFinder']


LOCAL_HOSTNAMES = ('localhost', '127.0.0.1')
INSECURE_SCHEMES = {
"http": ["https"],
}
Expand Down Expand Up @@ -185,6 +186,36 @@ def _sort_versions(self, applicable_versions):
reverse=True
)

def _warn_about_insecure_transport_scheme(self, logger, location):
# Determine if this url used a secure transport mechanism
parsed = urlparse.urlparse(str(location))
if parsed.scheme in INSECURE_SCHEMES:
secure_schemes = INSECURE_SCHEMES[parsed.scheme]

if parsed.hostname in LOCAL_HOSTNAMES:
# localhost is not a security risk
pass
elif len(secure_schemes) == 1:
ctx = (location, parsed.scheme, secure_schemes[0],
parsed.netloc)
logger.warn("%s uses an insecure transport scheme (%s). "
"Consider using %s if %s has it available" %
ctx)
elif len(secure_schemes) > 1:
ctx = (
location,
parsed.scheme,
", ".join(secure_schemes),
parsed.netloc,
)
logger.warn("%s uses an insecure transport scheme (%s). "
"Consider using one of %s if %s has any of "
"them available" % ctx)
else:
ctx = (location, parsed.scheme)
logger.warn("%s uses an insecure transport scheme (%s)." %
ctx)

def find_requirement(self, req, upgrade):

def mkurl_pypi_url(url):
Expand Down Expand Up @@ -240,32 +271,7 @@ def mkurl_pypi_url(url):
logger.debug('URLs to search for versions for %s:' % req)
for location in locations:
logger.debug('* %s' % location)

# Determine if this url used a secure transport mechanism
parsed = urlparse.urlparse(str(location))
if parsed.scheme in INSECURE_SCHEMES:
secure_schemes = INSECURE_SCHEMES[parsed.scheme]

if len(secure_schemes) == 1:
ctx = (location, parsed.scheme, secure_schemes[0],
parsed.netloc)
logger.warn("%s uses an insecure transport scheme (%s). "
"Consider using %s if %s has it available" %
ctx)
elif len(secure_schemes) > 1:
ctx = (
location,
parsed.scheme,
", ".join(secure_schemes),
parsed.netloc,
)
logger.warn("%s uses an insecure transport scheme (%s). "
"Consider using one of %s if %s has any of "
"them available" % ctx)
else:
ctx = (location, parsed.scheme)
logger.warn("%s uses an insecure transport scheme (%s)." %
ctx)
self._warn_about_insecure_transport_scheme(logger, location)

found_versions = []
found_versions.extend(
Expand Down
32 changes: 32 additions & 0 deletions tests/unit/test_index.py
View file
Expand Up @@ -106,3 +106,35 @@ def test_ext_query(self):
)
def test_base_url(html, url, expected):
assert HTMLPage(html, url).base_url == expected


class MockLogger(object):
def __init__(self):
self.called = False

def warn(self, *args, **kwargs):
self.called = True


class TestInsecureTransport(object):
def _assert_call_to_logger(self, location, expected_result):
finder = PackageFinder([], [], session=[])
logger = MockLogger()
finder._warn_about_insecure_transport_scheme(logger, location)
assert logger.called == expected_result

def test_pypi_http(self):
location = 'http://pypi.python.org/something'
self._assert_call_to_logger(location, expected_result=True)

def test_pypi_https(self):
location = 'https://pypi.python.org/something'
self._assert_call_to_logger(location, expected_result=False)

def test_localhost_http(self):
location = 'http://localhost'
self._assert_call_to_logger(location, expected_result=False)

def test_localhost_by_ip(self):
location = 'http://127.0.0.1'
self._assert_call_to_logger(location, expected_result=False)

0 comments on commit 2ed6c87

Please sign in to comment.