jasima/majuna
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Explain why we do not verify roskomsvoboda certificate

Browse source
This commit is contained in:
Ana Custura 2024-02-19 12:17:49 +00:00
parent 51341c31e5
commit 84f4bbb60f
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
app/terraform/block_roskomsvoboda.py
View file

@ -41,7 +41,9 @@ class BlockRoskomsvobodaAutomation(BlockMirrorAutomation):
def _fetch(self, latest_rev: str) -> None:
self._data = None
try:
r = requests.get(f"https://dumps.rublacklist.net/fetch/{latest_rev}", timeout=180, verify=False)
# This endpoint routinely has an expired certificate, and it's more useful that we are consuming the
# data than that we are verifying the certificate.
r = requests.get(f"https://dumps.rublacklist.net/fetch/{latest_rev}", timeout=180, verify=False) # nosec: B501
r.raise_for_status()
zip_file = ZipFile(BytesIO(r.content))
self._data = zip_file.read("dump.xml")
@ -76,7 +78,9 @@ class BlockRoskomsvobodaAutomation(BlockMirrorAutomation):
latest_metadata = {"dump_rev": "0"}
else:
latest_metadata = json.loads(state.state)
latest_rev = requests.get("https://dumps.rublacklist.net/fetch/latest", timeout=30, verify=False).text.strip()
# This endpoint routinely has an expired certificate, and it's more useful that we are consuming the
# data than that we are verifying the certificate.
latest_rev = requests.get("https://dumps.rublacklist.net/fetch/latest", timeout=30, verify=False).text.strip() # nosec: B501
logging.debug("Latest revision is %s, already got %s", latest_rev, latest_metadata["dump_rev"])
if latest_rev != latest_metadata["dump_rev"]:
state.state = json.dumps({"dump_rev": latest_rev})