urllib3
ã®1.9ã®æç¹ã§ã次ã®èŠåãåŒã³åºãããšã«1å衚瀺ãããŸãã
/usr/local/lib/python2.7/site-packages/requests-2.4.0-py2.7.egg/requests/packages/urllib3/connectionpool.py:730: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html (This warning will only appear once by default.)
InsecureRequestWarning)
䜿çšããå Žåã¯verify=False
ãããã¯ãŸããèšå®ã«æçšã§ãããrequests.packages.urllib3.disable_warnings()
ïŒ
ããã¯ããã¹ãŠã®äººãåæããããã§ã¯ãªãèšèšäžã®æ±ºå®ã§ããããšãç解ããŠããŸãã :)
warnings
ã¢ãžã¥ãŒã«ã䜿çšãããšãããããã°ããŒãã«ã¬ãã«ã§ç¡å¹ã«ã§ãããšæããŸãã ããã«ããã®ã³ã°ãæäœããã«ã¯ïŒç§ãæ£ããèŠããŠããå ŽåïŒã urllib3
ã«ã¢ã¯ã»ã¹ããå¿
èŠããããŸãïŒãããŠãããææžåããŸãïŒã®ã§ãHTTPSã®èšŒææžæ€èšŒã䜿çšããªããŠãŒã¶ãŒã®ããã«ãããææžåããããšã«å察ããŸããæ¥ç¶ã
ç§ã¯ãããã®èŠåããã®ãŸãŸã«ããŠããããšã«åŒ·ãè³æã§ãã ã¯ãã圌ãã¯è¿·æã§ãããçç±ããããŸãã ã©ã¡ãããšããã°ãç§ã¯ããããªãã«ããŠãç§ãã¡ã®ãã®ãšäº€æããããšæã£ãŠããŸãïŒ = P
ãã®æç¹ã§ã @ Lukasaãšç§ããã®æ©èœã§-1ã§ããããšã¯ããªãæçœã§ãã @kennethreitz @shazowãæèŠã¯ãããŸããïŒ
èŠåãéèŠã§ããããšã«ããçšåºŠåæããŸãããèæ ®ããªããã°ãªããªãèŠçŽ ã¯è€æ°ãããšæããŸãã
éçºè
ã®èŠ³ç¹ããã¯ãç§ãããã«ã€ããŠç¥ã£ãŠããããšãç¥ã£ãŠããã®ã§ãæ°ãåãããããããªãã«ããããšãã§ããŸãã ç§ã¯ããã±ãŒãžã«æ
£ããŠããªãã®ã§ãããã¥ã¡ã³ããèªãã ãšãã«èŠåã§ããã®ãœãªã¥ãŒã·ã§ã³ã¯å®éã«ã¯æ©èœããŸããã§ããã @Lukasaãrequests
åºæã®äœããäœãããšã«ã€ããŠæ瀺ããã¢ã€ãã¢ã奜ãã§ãã
ãŠãŒã¶ãŒã®èŠ³ç¹ãããç§pip
ä»æ¥pyvmomi
ãpip
ãšãšãã«ã€ã³ã¹ããŒã«ããŸãããããã¯ãå
éšã§requests
ã䜿çšããŸãã requests
ããµã€ã¬ã³ããµããŒãã©ã€ãã©ãªã§ããå Žåã«ãŠãŒã¶ãŒã«è¿ãããã®ã¯ãå®éã«ã¯äžéæãªãšã©ãŒã§ãã
ã¯ãã requests.packages.urllib3.disable_warnings()
ã¯ãèŠåã¢ãžã¥ãŒã«ã®ãã£ã«ã¿ãªã³ã°ã䜿çšããŠãªãã«ããããã®ã·ã§ãŒãã«ããã§ãã
ãã®åœ±é¿ã«ã€ããŠäœããã®èŠåãåºãããšã匷ããå§ãããŸãã urllib3ãäŒæãããå Žåã¯+0.5ãåªåãå ããŠãªã¯ãšã¹ãåºæã®ãã®ãè¿œå ããå Žåã¯+1ã -èŠåããªãå Žåã¯-1ã
å¿ èŠã«å¿ããŠãurllib3èŠåã¡ãã»ãŒãžãæ§æå¯èœã«ããããããªãŒããŒã©ã€ãããŠãä»ã®æ¹æ³ã§åãããžãã¯ã«äŸ¿ä¹ã§ããããã«ããããšãã§ããŸãã
ç¹°ãè¿ãã«ãªããŸãããç§ã¯ãã®ã¡ãã»ãŒãžããŠãŒã¶ãŒã«æµå¯Ÿçã§ãããšã¯èããŠããŸãããéåžžã«äŸ¡å€ããããšæããŸãã ããã§ãpyvmomiãTLS蚌ææžã®æ€èšŒããªãã«ããããšãããããŸãããããã¯ãããªãéèŠãªæ å ±ã§ãã
ãšã¯èšããã®ã®ãç§ã¯ãããæ²é»ãããããã®ããå€ãã®èŠæ±ãæã£ãŠããããšã«å察ããŸããã
ãããæ¬åœã«ããã¯pyvmomi
ãã°ã ãšæããŸãã ãã®ããã«å°æããããªãå Žåã¯ãããŒã«ã§èŠåãç¡å¹ã«ããå¿
èŠããããŸãã ããŒã«ã蚌ææžã®æ€èšŒãå®è¡ããŠããªããããäžéšã®ããŒã«ãè¡ã£ãŠããæ¥ç¶ãMITMæ»æã«ãããããå¯èœæ§ãããããšããŠãŒã¶ãŒã«èŠåããããšã¯ãç§ãã¡ã®ä»äºã§ã¯ãããŸããã
ãã£ã¹ã«ãã·ã§ã³ã®çãããããããšãïŒ çããã®ã³ã¡ã³ãã«æè¬ããç©äºãè¡ãããæ¹æ³ã®äŸ¡å€ãšãã®çç±ãç解ããã®ãæäŒã£ãŠãããŸããã ãã£ãšäžè¬çãªã±ãŒã¹ãèŠãã®ã«èŠåŽããŠããŸããïŒ :)
æéãèš±ãéããä»æ¥ã¯ãããã«åãçµã¿ããrequests-yãã®æ¹æ³ã§æ²é»ãããŸãã ãã£ãŒãããã¯ã¯å€§æè¿ã§ãïŒ
@invisiblethreat質åãããå Žåã¯ãIRCã«æ°è»œã«
ãªã¯ãšã¹ããWebhookã§äœ¿çšãããå Žåãæ€èšãããã©ããçåã«æã£ãŠããŸãã ã¹ã¯ãªããã®JSONåºåãæ±æããªãããã«èŠåãæå¶ããªããã°ãªããŸããïŒãŸãã¯äœãã足ããªãã®ã§ããïŒïŒ
@macterraç解ã§ããŸããã èŠåãç¡å¹ã«ããããã®ä»£æ¿æŠç¥ããæ¢ãã§ãã...ïŒ
ãŸããWebhookã蚌ææžã®æ€èšŒãç¡å¹ã«ããŠããçç±ãéåžžã«ããããŸããã ãã®ãŸãŸã«ããŠãããããšæããŸãã
ããã«ãçµæãåŸãããã«ã¹ã¯ãªããããstdoutããã€ãåŠçããŠããå ŽåãèŠåãstderrããåºåããããããJSONåºåãæ±æããªãããã«ããå¿ èŠããããŸãã
ããã§ããèŠåãstderrã«ããå Žåã¯ãåé¡ãããŸããã ã³ã³ãœãŒã«ã®åºåãèŠãŠãããããŸããã§ãããééãã§ãã
urllib3ã®ããã¥ã¡ã³ãã§ã¯ãªãããªã¯ãšã¹ãã®ããã¥ã¡ã³ããæãããã«ãããã«ã¹ã¿ãã€ãºããå¿ èŠããããšæããŸãã
ãã®èŠåæ©èœãäœãéæããããšãæå³ããèŠåãã©ã®ããã«å¶åŸ¡ãããããšãæå³ããã®ãç解ã§ããŸããã
requests
ã䜿çšããã¢ãžã¥ãŒã«ãããã verify=False
åŒæ°ã䜿çšããŠãªã¯ãšã¹ããè¡ãå¿
èŠããããŸãã ããã«ãããã¢ãžã¥ãŒã«ã®ãŠãŒã¶ãŒã«äžèŠãªèŠåã衚瀺ãããŸãã äžå¿
èŠãªèŠåã¯éèŠãªèŠåãããèŠã«ããããŸãã
ç§ã®ã¢ãžã¥ãŒã«ãèŠåãç¡å¹ã«ããããšã¯çã«ããªã£ãŠããŸãããã¢ããªã±ãŒã·ã§ã³ã§requests
ã䜿çšããŠãä»ã®ã¢ãžã¥ãŒã«ã§ãèŠåãç¡å¹ã«ããŸãã
ã¢ãžã¥ãŒã«ã®ãŠãŒã¶ãŒã«èŠåãç¡å¹ã«ããããã«æ瀺ããå¿
èŠãããå Žåãç¶æ³ã¯è¯ããããŸããã requests
ã䜿çšããŠãããšããäºå®ã¯ãéåžžããŠãŒã¶ãŒãç¥ãå¿
èŠã®ãªãç®ã«èŠããªãå®è£
ã®è©³çŽ°ã§ãã ãããŠããŠãŒã¶ãŒã¯ãŸã ãã¹ãŠãæ²é»ããããã泚æãããªãã·ã§ã³ãããããŸããã
ã°ããŒãã«ãªèŠåã¯åœ¹ã«ç«ããªããšæããŸãã
ç§ã¯ããµãã¯ã©ã¹å¯èœæ§ãurllib3.HTTPSConnectionPool
ããŠäžæžã_validate_conn()
ãšmake requests
ä»ã®ã¢ãžã¥ãŒã«ããé¿ãé èœã®èŠåã«ç§ã®ã¢ãžã¥ãŒã«ã§ã®äœ¿çšããããã¯åçŽãªããšã®ããã«ããŸãã«ãå€ãã®ä»äºã®ããã§ãã
ãã®èŠåæ©èœãäœãéæããã®ãç解ã§ããŸãã
ã¢ãžã¥ãŒã«ã®ãŠãŒã¶ãŒã«äžèŠãªèŠåã衚瀺ãããŸãã
verify=False
ãèšå®ãããšããããã¯ãŒã¯æ¥ç¶ãä¿è·ãããªããªããŸãã ããã¯ãç§èŠã§ãããäžå¿
èŠãªèŠåã§ã¯ãªããéåžžã«é¢é£æ§ã®é«ãèŠåã§ãã 以åã¯èšŒææžãæ€èšŒããŠããªãããšãç¥ããªãã£ããŠãŒã¶ãŒã¯ããããçå®ã§ããããšãç¥ã£ãŠããŸãã
èŠåãã¢ãžã¥ãŒã«ã«ãšã£ãŠäŸ¡å€ããªãå Žåãã¢ããªã±ãŒã·ã§ã³å ã®ä»ã®ã¢ãžã¥ãŒã«ã«ãšã£ãŠäŸ¡å€ããªãå¯èœæ§ããããŸãïŒ1ã€ã®ãããã¯ãŒã¯ãã€ã³ãã§ã»ãã¥ãªãã£ãç Žæ£ãããšãä»ã®å Žæã§ããã«ã€ããŠå«ã¶æå³ã¯ãããŸããïŒã ã°ããŒãã«ã«ç¡å¹ã«ããŠãåé¡ã¯ãããŸããã
ãŠãŒã¶ãŒãç¹å®ã®ãªã¯ãšã¹ãã«å¯ŸããŠæ瀺çã«verify=False
ããªã¯ãšã¹ãããå ŽåãèŠåã衚瀺ããããšã®äŸ¡å€ãããããŸããã ã¢ãžã¥ãŒã«ã®äœæè
ãšããŠverify=False
ãèšå®ãããšãã¯ããŠãŒã¶ãŒã®èŠæ±ã«å¿ããŠèšå®ããŸãïŒãŸãã¯ãæªæãæã£ãŠããŸãããèŠåãæ¶ãããšãã§ãããããèŠåã圹ã«ç«ã¡ãŸããïŒã 確ãã«ãç§ã¯æªæã®ããããšãé¿ãããããèŠåãã°ããŒãã«ã«æ²é»ãããããªãããªããªããããã¯ã¢ããªã±ãŒã·ã§ã³ã®ä»ã®éšåãç¡æèã®ãã¡ã«å®å
šã§ãªãããšãããŠãããããã®èŠæ±ã«å¯ŸããæçšãªèŠåãåãé€ãããã ã
ãŸãããŠãŒã¶ãŒãæ€èšŒãæ瀺çã«ãªãã«ããŠãããªã¯ãšã¹ãã«å¯ŸããŠèŠåããªã³ã«ãããšãèŠåã1åã ãäžããããããããŠãŒã¶ãŒãèŠåãå¿ èŠãšãããªã¯ãšã¹ããé衚瀺ã«ãªããŸãã èŠåã¯ãç¹å®ã®ãªã¯ãšã¹ãã®URLã«èšåããŠããªãããããŠãŒã¶ãŒã«ãšã£ãŠãããŸã圹ã«ç«ã¡ãŸããã
1ã€ã®ãããã¯ãŒã¯ãã€ã³ãã§ã»ãã¥ãªãã£ãç Žæ£ãããšãã¢ããªã±ãŒã·ã§ã³ã§ã»ãã¥ãªãã£ãã§ãã¯ã圹ã«ç«ããªããªãããšã«åæããŸããããŸãããã©ãŠã¶ãã³ããŒãåæ§ã§ãã ãã©ãŠã¶ã䜿çšãããšãåã ã®URLã®ã»ãã¥ãªãã£ãã§ãã¯ããã€ãã¹ã§ããŸãããæ®ãã®URLã¯åŒãç¶ããã§ãã¯ããã®ã§ãæ°ã«å ¥ã£ãŠããŸãã
å éšãããã¯ãŒã¯å ã®èªå·±çœ²å蚌ææžã䜿çšããŠå éšãµãŒããŒãšéä¿¡ããã ãã§ãªããå€éšãã¹ããšãéä¿¡ããããŒã«ãããå Žåãå€éšéä¿¡ã確èªããããšæããŸãã ããã¯ããŠãŒã¶ãŒãšããŠã誀ã£ãŠä¿è·ãããŠããªããªã¯ãšã¹ãã«é¢ããèŠåã衚瀺ãããç¶æ³ã§ãã
ç§ãservice_foo
ã誰ãããããã¢ããªã§äœ¿çšããŠãããšèããŠãã ããã
import service_foo
import requests
session = service_foo.Session('https://10.0.0.1', verify=False)
data = session.get_data()
requests.put('https://example.com/submit', data=data)
service_foo
ã«ã¯2ã€ã®ãªãã·ã§ã³ããããŸãïŒ
https://10.0.0.1
éä¿¡ãããšããŠãŒã¶ãŒã¯åžžã«èŠåãåãåããŸãhttps://example.com/submit
ãžã®ãªã¯ãšã¹ããå®å
šã§ãªããŠãããŠãŒã¶ãŒã«èŠåã衚瀺ãããããšã¯ãããŸããhttps://example.com/submit
ãžã®ãªã¯ãšã¹ããå®å
šã§ãªããŠãããŠãŒã¶ãŒã«èŠåã衚瀺ãããããšã¯ãããŸããã©ã¡ãã®ãªãã·ã§ã³ãè¯ããšã¯æããŸãããããªãã·ã§ã³1ã¯èª€èŠå ±ãçºããŠãããããããæªãã§ãã ããããã¢ãžã¥ãŒã«ã䜿çšããå Žåã®å¯äœçšãšããŠããŠãŒã¶ãŒã®ã»ãã¥ãªãã£ãã§ãã¯ããªãã«ããã®ã¯æ°ãé²ãŸãªãã
ã·ã§ã«ã¹ã¯ãªããã䜿çšããŠãããè¡ããšããŠãŒã¶ãŒã¯ãã幞ãã§å®å šã«ãªããŸãã
curl --insecure -o data https://10.0.0.1/get_data
curl --upload-file data https://example.com/submit
ç§ã«ãšã£ãŠã¯ãPythonãã©ãããã©ãŒã ã®æ§æãå£ããŠããå Žåã«ã®ã¿èŠåãåºãã®ãçã«ããªã£ãŠããŸãã InsecureRequestWarning
ã¡ãã»ãŒãžã§ãªã³ã¯ãããŠããhttps://urllib3.readthedocs.org/en/latest/security.htmlããŒãžã¯ããã©ãããã©ãŒã ã®åé¡ãä¿®æ£ããæ¹æ³ã瀺ãããšãç®çãšããŠããŸãã ãŠãŒã¶ãŒãæ€èšŒã®ã¹ããããèŠæ±ããå ŽåããŠãŒã¶ãŒãhttps
ã§ã¯ãªãhttp
URLãèŠæ±ããå Žåã«èŠåã衚瀺ãããªãããã«ãèŠåã衚瀺ãããªãããã«ããå¿
èŠããããŸãã
ãŠãŒã¶ãŒãç¹å®ã®ãªã¯ãšã¹ãã«å¯ŸããŠæ瀺çã«verify = Falseããªã¯ãšã¹ãããå ŽåãèŠåã衚瀺ããããšã®äŸ¡å€ã¯ããããŸããã
ããŠãŒã¶ãŒãã¯èª°ã§ããïŒ ããªãã2人ã®èŽè¡ãæ··ä¹±ãããŠãããšç§ã¯ä¿¡ããŠããã®ã§ãããªãã®æçš¿ãéããŠããã®è³ªåã¯ç§ã®é ã«æµ®ãã³ç¶ããŸããã
ã¢ãžã¥ãŒã«ã®äœæè ãšããŠverify = Falseãèšå®ããå ŽåããŠãŒã¶ãŒã®èŠæ±ã«ãã£ãŠèšå®ããŸãïŒãŸãã¯æªæãæã£ãŠããŸãïŒã
ãŸãã¯ããªãã¯æ æ ¢ã§ãã èªå·±çœ²å蚌ææžãšçžäºéçšã§ããªããšãããŠãŒã¶ãŒããã®èŠæ ããã£ãããã蚌ææžã®æ€èšŒããªãã«ããããšã¯ãã®åé¡ã«å¯ŸåŠããæ¹æ³ã§ã¯ãªãã«ããããããã蚌ææžã®æ€èšŒããªãã«ããŸããã
ããã«ãããã¢ããªã±ãŒã·ã§ã³ã®ä»ã®éšåãç¡æèã®ãã¡ã«å®å šã§ãªãèŠæ±ãè¡ã£ãŠããå Žåã«ããããã®èŠæ±ã«å¯ŸããæçšãªèŠåãåé€ãããŸãã
ãã®æã¯ç§ãå°æãããŸãã ããã¯ãã¢ããªã±ãŒã·ã§ã³ã_ç¡æèã®ãã¡ã«_å®å šã§ãªãèŠæ±ãè¡ã£ããšãã«èŠåããããšã¯èš±å®¹ã§ããããã¢ããªã±ãŒã·ã§ã³ã_ç¥ã£ãŠããããã«_èŠæ±ãè¡ã£ãŠãåé¡ããªãããšã瀺åããŠããŸãã å®å šã§ãªããªã¯ãšã¹ããæ æã«è¡ãããšã¯ãç¡æèã®ãã¡ã«ããããããšããããããå®å šãã§ãããšã©ã®ããã«èŠãªãããã¹ããããããŸããã
ãŸãããŠãŒã¶ãŒã«ãã£ãŠæ€èšŒãæ瀺çã«ãªãã«ãããŠãããªã¯ãšã¹ãã«å¯ŸããŠèŠåããªã³ã«ãã
ã©ã®ãŠãŒã¶ãŒã§ããïŒ ã¢ãžã¥ãŒã«ã®äœæè ãšããŠãŒã¶ãŒããã©ã®ããã«åºå¥ããŸããïŒ
èŠåã¯ãç¹å®ã®ãªã¯ãšã¹ãã®URLã«èšåããŠããªãããããŠãŒã¶ãŒã«ãšã£ãŠãããŸã圹ã«ç«ã¡ãŸããã
èŠåã¹ãã ãçæãããªã¹ã¯ããããããèŠåã«ã¯ãªã¯ãšã¹ãã®URLãèšèŒããªãã§ãã ããã ããã®ç¹å®ã®éä¿¡ãå±éºã«ãããããŠãããã§ã¯ãªããããã®ã¢ããªã±ãŒã·ã§ã³ãå±éºã«ãããããŠããããš_äžåºŠ_èŠåããŸãã
ãã©ãŠã¶ã䜿çšãããšãåã ã®URLã®ã»ãã¥ãªãã£ãã§ãã¯ããã€ãã¹ã§ããŸãããæ®ãã®URLã¯åŒãç¶ããã§ãã¯ããã®ã§ãæ°ã«å ¥ã£ãŠããŸãã
ç¡å¹ãªèšŒææžã䜿çšããŠURLã«ã¢ã¯ã»ã¹ãããšããã©ãŠã¶ãã³ããŒã¯_èŠå_ããŸãã ãã€ã¢ãã°ããã¯ã¹ãå°å·ããURLããŒãèµ€ã§åŒ·èª¿è¡šç€ºããŸãã ãããç§ãã¡ãããŠããããšã§ãã ç§ãã¡ã¯ããªããäœããããã®ãæ¢ããŠããã®ã§ã¯ãªãããã ããããããã¯æªãïŒããšèšã£ãŠããã ãã§ãã ããªããç§ãã¡ã«æ±ããŠããããšã¯ããŠãŒã¶ãŒãç¹å®ã®URLã«å¯ŸããŠãã®èµ€ãèŠåããªãã«ããããšãèš±å¯ããããã«ãã©ãŠã¶ãã³ããŒã«æ±ããããšãšåãã§ãããã»ãã¥ãªãã£ãžã®åœ±é¿ãéåžžã«å€§ãããããããããããšãæåŠããããšãä¿èšŒããŸãã
å éšãããã¯ãŒã¯å ã®èªå·±çœ²å蚌ææžã䜿çšããŠå éšãµãŒããŒãšéä¿¡ããã ãã§ãªããå€éšãã¹ããšãéä¿¡ããããŒã«ãããå Žåãå€éšéä¿¡ã確èªããããšæããŸãã
ããããéä¿¡ããã¹ãŠç¢ºèªããå¿
èŠããããŸãã èªå·±çœ²å蚌ææžã確èªããŠãã ããïŒ ååŸããäºå®ã®èšŒææžãååŸããããšã確èªããŸãã verify=False
ã¯ãã»ãã¥ãªãã£ã«å¯Ÿãã倧ãã³ããŒã®ã¢ãããŒããšèŠãªãå¿
èŠããããŸããäºå®äžããã»ãã¥ãªãã£ããã蟌ã¿ãæ©èœãããã ãã§ãããšèšã£ãŠããŸãã ããã¯çµ¶å¯Ÿã«åé¡ãããŸãããããªãã«ã¯ãããèšãæš©å©ããããŸãããããç§éã¯ãããå®å
šã§ãªããšåŒã¶çŸ©åããããŸãã
ã©ã¡ãã®ãªãã·ã§ã³ãè¯ããšã¯æããŸãããããªãã·ã§ã³1ã¯èª€èŠå ±ãçºããŠãããããããæªãã§ãã
ãªãã·ã§ã³1ã¯èª€ã£ãã¢ã©ãŒã ãçºããã®ã§ã¯ãªããå®éã®ã¢ã©ãŒã ãçºããŸãã 10.0.0.1ãžã®éä¿¡ã¯_å®å šã§ãªã_ã®ã§ãä»ã®ãµããããŠã¯ãããŸããã
ã·ã§ã«ã¹ã¯ãªããã䜿çšããŠãããè¡ããšããŠãŒã¶ãŒã¯ãã幞ãã§å®å šã«ãªããŸãã
ãŠãŒã¶ãŒã¯ãã£ãšå¹žããããããŸããããå®å šã§ã¯ãããŸããã 以åãšãŸã£ããåãããã«å®å šã§ãã ãã®èŠåããªãã«ãããšãéæ³ã®ããã«èšŒææžã®æ€èšŒãç¡å¹ã«ãªããšããå°è±¡ãåããŠããããã§ãããããã§ã¯ãããŸããã ãã®å¿çã®æåŸã§ãããã«ã€ããŠããäžåºŠè§ŠããŸãã
ç§ã«ãšã£ãŠã¯ãPythonãã©ãããã©ãŒã ã®æ§æãå£ããŠããå Žåã«ã®ã¿èŠåãåºãã®ãçã«ããªã£ãŠããŸãã
ããããPythonãã©ãããã©ãŒã ã®æ§æãå£ããŠããŠãæªç¢ºèªã®ãªã¯ãšã¹ããèŠæ±ããªãã£ãå Žåã¯ã倧倱æããã¯ãã§ãã ãã©ãããã©ãŒã ãå®å
šãªTLSæ¥ç¶ã確ç«ã§ããªãå Žåã¯ããŠãŒã¶ãŒãïŒ verify=False
èšå®ããŠïŒæ°ã«ããªãããã«æ瀺çã«æ瀺ããå Žåãé€ããŠã絶察ã«æ¥ç¶ããªãã§ãã ãããããããšããŠããã®ã¯å±éºã§ãã
ããªãã¯èª€è§£ã®äžã§åããŠãããšæãã®ã§ãç§ã¯äœããéåžžã«æ確ã«ããããšæããŸãïŒaïŒ verify=False
ïŒç§ãã¡ã®èŠåè¡åïŒãèšå®ãããããŸãã¯bïŒ ssl
ã¢ãžã¥ãŒã«ãæ
æã«åŠšå®³ããã bïŒãæãŸããããšã¯ã§ãããèŠåãããŸããã ããã¯ãããªããæèµ·ããããã©ãããã©ãŒã ã®åé¡ãã®æŠå¿µã«è©²åœããå¯äžã®ç¶æ³ã§ãã urllib3ã®ãã«ãããŒãžã®ã¢ããã€ã¹ã¯ãä¿¡é Œã§ãã蚌ææžã®ãã³ãã«ãæåã§ã®èšŒææžã®æ€èšŒãªã©ããã©ãããã©ãŒã ã«é¢é£ããå¿
èŠãªãã¹ãŠã®æé ãå®è¡ãããããé©çšãããŸããã
Webã³ãã¥ããã£ã«ã¯ãä¿¡é Œãããã«ãŒã蚌ææžã«ãã£ãŠçœ²åããã蚌ææžã®ã¿ãæ€èšŒããå¿
èŠããããšããå±éºãªèŠæ¹ããããŸãã ãã®èŠæ¹ã¯å®å
šã«èŠåœéãã§ãã èªå·±çœ²å蚌ææžã«ééããå Žåã¯ãããããååã«æ€èšŒããå¿
èŠããããŸãã ããã¯å®å
šã«å®è¡å¯èœã§ãïŒ èªå·±çœ²å蚌ææžã.pem
ãã¡ã€ã«ã«è¿œå ããåŒæ°ãšããŠverify
æž¡ããŸãã
ãã³ãã«ãããŠãã.pem
ãã¡ã€ã«ãšã®çµã¿åããã§åé¡ãçºçããå Žåã¯ããç¥ãããã ãããmkcert.orgãæ¡åŒµããŠãç¬èªã®èšŒææžãä¿¡é Œã§ããã«ãŒããšé£çµã§ããããã«ããŸãã ãã ãã verify=False
ãå®å
šã§ãããšåœã£ãŠã¯ãããŸãããåã«å®å
šã§ã¯ãããŸããã
ãŸãããŠãŒã¶ãŒãæ€èšŒãæ瀺çã«ãªãã«ããŠãããªã¯ãšã¹ãã«å¯ŸããŠèŠåããªã³ã«ãããšãèŠåã1åã ãäžããããããããŠãŒã¶ãŒãèŠåãå¿ èŠãšãããªã¯ãšã¹ããé衚瀺ã«ãªããŸãã
ãããå°ãå°æããŸãã verify=False
ãèšå®ããããšã§ããã®ãªã¯ãšã¹ãã«å¯ŸããŠæ瀺çã«ãªãã«ããããšãã§ããŸããããªã¯ãšã¹ããäœæãããã€ã³ããè¶
ããŠãããäŒããæ¹æ³ã¯ãããŸããã ãŸãã蚌ææžã®æ€èšŒãç¡å¹ã«ããŠããããããããè¶
ããŠäŒéããçç±ã¯ãããŸããã ããªããããããæèã¯ãç§ãã¡ãããªãã®ã¢ããªã䜿çšããŠãã人ã«ã¯äœã®åœ±é¿ããããŸããã
ããªããç§ãã¡ã«æ±ããŠããããšã¯ããŠãŒã¶ãŒãç¹å®ã®URLã«å¯ŸããŠãã®èµ€ãèŠåããªãã«ããããšãèš±å¯ããããã«ãã©ãŠã¶ãã³ããŒã«æ±ããããšãšåãã§ãããã»ãã¥ãªãã£ãžã®åœ±é¿ãéåžžã«å€§ãããããããããããšãæåŠããããšãä¿èšŒããŸãã
ç§ã®ãã©ãŠã¶ã§ã¯ããéåžžã«å®å šã§ãªããæªç¢ºèªã®èšŒææžãæ°žç¶çã«åãå ¥ããããšãã§ããŸãã
10.0.0.1ãžã®éä¿¡ã¯å®å šã§ã¯ãªããããä»ã®ãµããããŠã¯ãªããŸããã
æ¥ç¶ã¯ãããžã¿ã«èšŒææžãæ€èšŒã§ããªããšããç¹ã§å®å šã§ã¯ãããŸãããã蚌ææžãæ€èšŒããŠããéä¿¡ããŠãããµãŒããŒãå®å šã§ãããã©ããã¯å®éã«ã¯ããããŸããã ããããéãããããã¯ãŒã¯å ã®ãµãŒããŒãšè©±ããŠãããšãã¯ããµãŒããŒã®ã»ãã¥ãªãã£ãæ¬åœã«ç¢ºèªã§ããŸãã
ããªãã¯èª€è§£ã®äžã§åããŠãããšæãã®ã§ãç§ã¯äœããéåžžã«æ確ã«ããããšæããŸãïŒaïŒverify = FalseïŒèŠååäœïŒãèšå®ããããbïŒæå³çã«èšå®ããã«ãªã¯ãšã¹ãã§æªæ€èšŒã®HTTPSãªã¯ãšã¹ããè¡ãæ¹æ³ã¯ãããŸããSSLã劚害ãã
ç§ã¯ããŠãŒã¶ãŒãç§ã«äžããURLã®èšŒææžãã§ãã¯ãšèŠåãç¡èŠããããšãããŠãŒã¶ãŒã®åžæãå°éããããšã«ãã£ãŠãã¢ãžã¥ãŒã«å
ã§ã©ã®ããã«ããŠåè¯ãªåžæ°ã«ãªãããšãã§ããã®ãçåã«æã£ãŠããŸãã ãããŠãèŠåã¢ãã«ãè¿œå ãã䟡å€ã verify=False
ãå«ããªã¯ãšã¹ãã§ããŠãŒã¶ãŒã«èŠåã衚瀺ãããå Žåã¯ã©ããªããŸããïŒ
èŠåã¡ã«ããºã ãæ æ
¢ãªã³ãŒããã©ã®ããã«ãã£ããã§ãããããããŸããããªããªããã³ãŒãã£ã³ã°ãããããªããã«ãªã¯ãšã¹ããè¡ãããã®ãããŠãŒã¶ãŒããªã¯ãšã¹ãããããã«ãªã¯ãšã¹ããè¡ãããã®ããåºå¥ã§ããªãããã§ãã requests
ãããªã¢ãžã¥ãŒã«ãã»ãã¥ãªãã£ããªã·ãŒãæ瀺ããã¹ãã§ã¯ãªããšæããŸãã èŠåã¯éåžžãéçºè
ã誀ã£ãã³ãŒããä¿®æ£ã§ããããã«ããããšãç®çãšããŠããããšãç解ããŸãããããã®èŠåã¯ãã®ãããªãã®ã§ã¯ãããŸããã èŠåããŠãŒã¶ãŒã®äžè¬çãªæè²ã®ããã ãã®ãã®ã§ããå ŽåããŠãŒã¶ãŒããããé ãããã®ç°¡åãªæ¹æ³ãããã¯ãã§ãã
èŠåãåãåãããšã¯ãããã°ã©ã ã®åºåãå°ç¡ãã«ããã®ã§ãèŠãç®ã ãã§ã¯ãããŸããã
èŠåã®è² ã®å€ãã衚瀺ãããªãã®ã§ããã®ãããªã°ããŒãã«ããªã·ãŒã®å€æŽãããã§é衚瀺ã«ããã®ãå«ããªå Žåã§ããã¢ãžã¥ãŒã«ã§èŠåããªãã«ããŸãã
Webã³ãã¥ããã£ã«ã¯ãä¿¡é Œãããã«ãŒã蚌ææžã«ãã£ãŠçœ²åããã蚌ææžã®ã¿ãæ€èšŒããå¿ èŠããããšããå±éºãªèŠæ¹ããããŸãã ãã®èŠæ¹ã¯å®å šã«èŠåœéãã§ãã
ãã®ãããªèŠæ¹ãããããšãç¥ããŸããã§ããã ã«ãŒã蚌ææžã«ãã£ãŠçœ²åããã蚌ææžã¯ããµã€ãã®ã»ãã¥ãªãã£ã«ã€ããŠå®éã«ã¯äœã蚌æããŸããã æªãããšããããã®ãªããå¿åã®èšŒææžãååŸããã®ã¯å®ãã§ãã
èªå·±çœ²å蚌ææžã«ééããå Žåã¯ãããããååã«æ€èšŒããå¿ èŠããããŸãã ããã¯å®å šã«å®è¡å¯èœã§ãïŒ èªå·±çœ²å蚌ææžã.pemãã¡ã€ã«ã«è¿œå ãããããåŒæ°ãšããŠæž¡ããŠæ€èšŒããŸãã
ãŠãŒã¶ãŒã¯ãå éšã®ä¿¡é Œã§ãããããã¯ãŒã¯ã®ããã«ã蚌ææžãååŸããããã®å®å šãªãã£ãã«ãå¿ èŠã«ãªããŸãã ãã ãããµãŒããŒèªäœãåãå éšãããã¯ãŒã¯å ã«ããå Žåã¯ãããŸãã¡ãªããããããŸããã ããããããã¯ãããã«ãããŠãŒã¶ãŒã決å®ãããã®ã§ãããã¢ãžã¥ãŒã«ã«ããªã·ãŒã課ãããšã¯ã§ããŸããã
ã»ãšãã©ã®å Žåã @ kankriã«åæããŸãã ãããæ¬æ¥ã®èšèšæå³ã§ããã
ç§ã¯äœããææ¡ããŸãâããã©ã«ãã§ç¡å¹ã«ããŸããããããå床æå¹ã«ããããŸãã¯ããããªã³ã«ããæ¹æ³ãææžåããããã®ç¬èªã®æ©èœãæã£ãŠããŸãã æå³ãããšããã«ã³ãŒãã䜿çšããããã«ããŠãŒã¶ãŒãéªéã«ãªããªãããã«ãããã®ã§ãã verify=False
ã¯æ©èœã§ããããã¹ããã©ã¯ãã£ã¹ã§ã¯ãããŸããã ããã¯ç§ãã¡ã®ä»äºã§ã¯ãããŸããã
verify=False
ãæ©èœã§ããããšã«åæããŸããã params=
ãŸãã¯cert=
ãšåãã¬ãã«ã®æ©èœã§ããããšã«åæããŸããã ããã¯ããã©ã«ãã§å®å
šãªå€ã«èšå®ãããå®å
šã§ãªãå€ã«èšå®ãããå¯èœæ§ãããæ©èœã§ãã 䟿å®ã®ããã«ã»ãã¥ãªãã£ãçªã®å€ã«æãåºãããšã¯ã人ã
ã«ãšã£ãŠå·šå€§ã§é
åçãªãªãã·ã§ã³ã§ãããè¡åã«æµæããå¿
èŠããããšæããŸãïŒãã ããçŠæ¢ãããã¹ãã§ã¯ãããŸããïŒã ç§ã¯åžžã«ãããªãã¯æããã«äžå®ã§ããã«éããªãããšããèãæ¹ã«åŸåããŸããããã1ã€ã§ã¯ãªã2ã€ã®ã¹ã€ãããããªãã¯ããããšãæå³ãããã©ããã¯æ°ã«ããŸããã
ãšã«ãããããã¯ç§ã®ãã®ã§ã¯ãªãããªãã®åŒã³ããã§ãã =ïŒ
@kankriãš@kennethreitzã®çºèšã«åæããŸã
verify = Falseã¯æ©èœã§ããããã¹ããã©ã¯ãã£ã¹ã®æ©èœã§ã¯ãããŸããã ããã¯ç§ãã¡ã®ä»äºã§ã¯ãããŸããã
ãããããŸããŸãšããŸãã
èŠåãç¡å¹ã«ããã人ã®ããã«ãããã¯ãããè¡ãæ¹æ³ã§ãã æšæºã©ã€ãã©ãªã®äžéšã§ããèŠåã¢ãžã¥ãŒã«ã䜿çšããå¿ èŠããããŸãã
import warnings
import requests
from requests.packages.urllib3 import exceptions
with warnings.catch_warnings():
warnings.simplefilter("ignore", exceptions.InsecureRequestWarning)
warnings.warn('a non-requests warning is not blocked')
print requests.get('https://rsa-md5.ssl.hboeck.de/', verify=False)
ããã«ãããã«ããŽãªInsecureRequestWarning
èŠåãç¡èŠããèŠåãã£ã«ã¿ãæ§æãããŸãã åºåã¯æ¬¡ã®ããã«ãªããŸãã
test.py:46: UserWarning: a non-requests warning
warnings.warn('a non-requests warning is not blocked')
<Response [403]>
ïŒãã¹ããµã€ãã¯ããŸããŸ403 ForbiddenããŒãžãè¿ããŸãããããã§ã¯éèŠã§ã¯ãããŸãããïŒ
ãã³ãã«ãããŠããurllib3
ããã±ãŒãžã®ã¯ã©ã¹ã䜿çšããå¿
èŠãããããããã¬ãã«ã®urllib3
ããã±ãŒãžãã€ã³ã¹ããŒã«ãããŠããå Žåã¯ããã®ã¯ã©ã¹ã䜿çšããªãããšã«æ³šæããŠãã ããã
ã³ãŒãã®å¯èœãªéãæå°ã®é åã§ã³ã³ããã¹ããããŒãžã£ãŒã䜿çšããå°ããªé¢æ°ãäœæã§ããŸãïŒãããããããã¹ãã§ãïŒã
def silent_unverified_get(*args, **kwargs):
kwargs['verify'] = False
with warnings.catch_warnings():
warnings.simplefilter("ignore", exceptions.InsecureRequestWarning)
return requests.get(*args, **kwargs)
ãŸãã¯åã«ãããè¡ããŸãïŒ
requests.packages.urllib3.disable_warnings()
@ã«ã«ãµ
ãŸãã¯åã«ãããè¡ããŸãïŒ
requests.packages.urllib3.disable_warnings()
ãªã¯ãšã¹ãããã¥ã¢ã«ã«ãã®æ©èœã«ã€ããŠã®èšåããªãããšãé€ããŠã
ãããç¥ã£ãŠãã人ããã¯ã»ã©é ãã§ããã warnings
ã¢ãžã¥ãŒã«ã¯ãPythonããã°ã©ããŒãèŠåãç¡å¹ã«ããããšãã«æ³šç®ãã¹ãæšæºããŒã«ã§ãããšç§ã¯äž»åŒµããŸãã ããã¯æšæºã©ã€ãã©ãªã®äžéšã§ãããååã«ææžåãããŠããŸãã
warnings
ãžã®requests
ããã¥ã¡ã³ãã«å
¥ããããšããå§ãããŸãããŸãã¯ã察å¿ããenable_warnings
ãããéããå¿
èŠã«å¿ããŠäŸ¿å©ãªdisable_warnings
é¢æ°ãžã®åç
§ãå
¥ããããšããå§ãããŸããé¢æ°ïŒãã®ãããªé¢æ°ã¯ãªãããã§ãïŒã
ç¹°ãè¿ããŸãããäžè¬çã«èŠåãç¡å¹ã«ããããããŸããã ã³ãŒãã§verify = Falseã_æ瀺çã«_èšå®ãããšãã«ããã®ç¹å®ã®èŠåãæ¶ãããã ãã§ãã ãã®ç¹å®ã®åœ¹ã«ç«ããªãèŠåãšã¯ç°ãªããä»ã®æçšãªèŠåããããããããŸããã ããã«ã€ããŠç解ããã®ããšãŠãé£ããã®ã¯äœã§ããïŒïŒ
@zaitcevèªåèªèº«ãç¹°ãè¿ããªã¹ã¯ããããŸãïŒ
requests.packages.urllib3.disable_warnings()
ãããŠãããã§ãããªãã«ãšã£ãŠåºãããå ŽåïŒ
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
æåŸã«ã @ zaitcevã«æ³šæããŠãã ãããä»è¡ã£ãã°ããã®æ€æ šããå£èª¿ãäœã®æ©æµãåããããªãããšãããããŸãã ç§ãã¡ã¯ãã¹ãŠãã©ã³ãã£ã¢ã§ãããããªãã«ç©ãäœãããã«äžããæéã¯éãããŠããããšãå¿ããªãã§ãã ããã ããªããæ±ãããæ¹æ³ã§ç§ãã¡ãæ±ã£ãŠã¿ãŠãã ããã
@zaitcevããã¯requestsã¢ãžã¥ãŒã«èªäœã§ã¯å€æŽãããªãããã§ãããä»ã®ã³ã¡ã³ãã«å ¥åããã³ãŒãã䜿çšã§ããããšãé¡ã£ãŠããŸãã ããã«ãããurllib3ã«ãã£ãŠçºè¡ãããèŠåãéžæçã«ç¡å¹ã«ã§ããã¯ãã§ãã
次ã®æ¹æ³ã§æå¶ããããšãã§ããŸãã
with warnings.catch_warnings():
warnings.filterwarnings("ignore", message=".*InsecurePlatformWarning.*")
...
ç§ã®å Žåããªã¯ãšã¹ããçŽæ¥äœ¿çšããŠããªãã®ã§ããã®ããã«æå¶ããããšã§ãåŸã§å£ããããšãå°ãå¿é ããå¿ èŠããªããªããŸãã
@zaitcevãããŸã§ã®ãã¹ãŠã®ææ¡ããŸãšãããšã次ã®ãããªããšãã§ããŸãã
verify = False
if not verify:
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
r = requests.get('https://www.example.com', verify=verify)
@utkonosããã«ãããåŸç¶ã®ãã¹ãŠã®ãªã¯ãšã¹ãã«å¯ŸããŠèŠåãç¡å¹ã®ãŸãŸã«ãªããŸãã
ä»ã®äŸããŸãšããŠãããã©ã«ãã®Session
ãæ¡åŒµããŸããïŒãšã«ããã requests.get
ãšä»ã®ã·ã§ãŒãã«ãããäžæçãªSession
äœæããããïŒïŒ
from requests.packages.urllib3 import exceptions
class Session(requests.sessions.Session):
def request(self, *args, **kwargs):
if not kwargs.get('verify', self.verify):
with warnings.catch_warnings():
warnings.simplefilter('ignore', exceptions.InsecurePlatformWarning)
warnings.simplefilter('ignore', exceptions.InsecureRequestWarning)
return super(Session, self).request(*args, **kwargs)
else:
return super(Session, self).request(*args, **kwargs)
requests
ããã®ãã¹ãŠã®èŠåãç¡å¹ã«ããããšã¯ãããããæªãèãã§ããããå°ãè¯ããããããŸããïŒ
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
ç§ããããã©ã®ããã«åŠçããããèŠçŽãããšïŒ
import warnings
with warnings.catch_warnings():
warnings.simplefilter("error")
try:
req = requests.get("https://an-insecure-server.com")
except (RuntimeWarning, requests.exceptions.SSLError)::
log.error("Making an insecure request")
warnings.simplefilter("ignore")
req = requests.get("https://an-insecure-server.com")
ããã«ããããªã¯ãšã¹ããå®å šã§ãªããã©ããã確èªããurllibèŠåãé衚瀺ã«ããŠããŠãŒã¶ãŒã«å¯ŸããŠç¬èªã®ãã©ãŒãããã®èŠåãåºãããšãã§ããŸãã ãªã¯ãšã¹ãã¯2åè¡ãå¿ èŠããããŸãã é€å€å¥ã®å¹ ãçããããã«ç·šéãããŸããã
except Exception:
ã¯éåžžã«åºãã§ãã ããªãã¯æ¬åœã«ãããæãã§ããŸããã
äžèšã¯ããã®è°è«ã®äž¡åŽã®æžå¿µã«å¯ŸåŠããããã®äœããã®æ¹æ³ã«ãªããŸãã
代ããã«ãã£ããã§ããExceptionã®ãµãã¯ã©ã¹ãã¹ããŒããŸãããïŒ
ãŸãã¯logging.captureWarnings()
䜿çšããŸã
å¥ã®æ¹æ³ã¯ãurllib3ãé¢ä¿ããŠããããšãç¥ãããã®åå空éãããŒãã³ãŒãã£ã³ã°ããããšã§ããtuukkamustonenã«ããã³ã¡ã³ããåç §ããŠãã ããã ãããç§ã®äž»ãªå察æèŠã§ããã圌ãã¯ãããæ£ããæ©èœãããããšãã§ããã§ããããç§ã¯ãã«ãªã¯ãšã¹ãã§ããããæäŸããããšããããŸããã ãããã圌ãã¯åé¡ãååšããããšãåŠå®ãããã¹ãŠã®ãŠãŒã¶ãŒã«ãäŸå€ãé€ããŠãããrequests.packages.urllib3ã€ã³ããŒãäŸå€ãããã®ãããªã²ã©ãåé¿çãèãåºãããã«èšããŸãã ãã®æç¹ã§ã誰ãã圌ãããã£ãšééã£ãŠããããšãèªããªããã°ãªããªãã®ã§ãç§ãã¡ã¯ç«ã¡åŸçããŠããŸãã
ãããç§ã®äž»ãªå察æèŠã§ããã圌ãã¯ãããæ£ããæ©èœãããããšãã§ããã§ããããç§ã¯ãã«ãªã¯ãšã¹ãã§ããããæäŸããããšããããŸããã ãããã圌ãã¯åé¡ãååšããããšãåŠå®ãããã¹ãŠã®ãŠãŒã¶ãŒã«ãäŸå€ãé€ããŠãããrequests.packages.urllib3ã€ã³ããŒãäŸå€ãããã®ãããªã²ã©ãåé¿çãèãåºãããã«èšããŸãã ãã®æç¹ã§ã誰ãã圌ãããã£ãšééã£ãŠããããšãèªããªããã°ãªããªãã®ã§ãç§ãã¡ã¯ç«ã¡åŸçããŠããŸãã
@zaitcevç¹°ãè¿ãã«ãªããŸãããããã¯ã§ããéãæåãå°œãããŠãããã©ã³ãã£ã¢ã³ãã¥ããã£ã§ããããšãæãåºãããŠãã ããã ç§ãã¡ã¯ãã®åé¡ãè°è«ã®ããã«èªç±ã«æ®ããŸãããç§ãã¡ã¯ãããããã¯ãããããããªãè°è«ã劚ããããšã¯ããŸããã§ããã ç§ãã¡ã¯_ããªãã«è³ãåŸããŠããŸã_ã ç§ãã¡ãè¡ã£ãŠããªãã®ã¯ãç¶æ³ã®è©äŸ¡ã«ããã«åæããããšã§ãã åãªããŠãŒã¹ã±ãŒã¹ãããå€ãã®ãŠãŒã¹ã±ãŒã¹ã«é¢å¿ããããããããã¹ãŠã®ããŒãºã®ãã©ã³ã¹ãåãå¿ èŠãããå¯èœæ§ãèæ ®ããŠãã ããã
ããªãã®ãã«ãªã¯ãšã¹ãã«é¢ããŠã¯ãããªããåžžã«ç¡èŠããŠãã_éåžžã«ç¹å®ã®çç±_ã®ããã«æåŠãããŸããïŒ ã€ã¢ã³ãåŒçšããŠèªåèªèº«ãåŒçšãããŠãã ããïŒ
ç· ããããã®å£°æã¯æ¬¡ã®ãšããã§ããããããã¯ã»ãšãã©urllib3ã«ãããããã§ã®åãå ¥ãã«äŸåããã®ã§ãããã§é²å±ãèŠããããŸã§ãããéããŸãã ãïŒåŒ·èª¿é±å±±ïŒ
ä»æ¥ã®æç¹ã§ãurllib3ã«ãã®åé¡ã«é¢é£ãããã«ãªã¯ãšã¹ããŸãã¯åé¡ã¯ãŸã 衚瀺ãããŠããŸããã ãã®ãããžã§ã¯ãã®èª°ãããªãã®éªéããããããã®äœæ¥ã®çºçã劚ãããããŠããŸããã_çŸåšããªãã«åæããŠããªã_ãããç§ãã¡ã¯èªåãã¡ã§ãããè¡ãããšãéžæããŠããŸããã
ãã ãããã®ãããã®ç©Žãåã³äžããªã¹ã¯ãããã®ã§ãç¹°ãè¿ããŸãã
ãããç§ã®äž»ãªå察æèŠã§ããã圌ãã¯ãããæ£ããæ©èœãããããšãã§ããã¯ãã§ãã
ç§ã¯ããªãã®ãããããã®ä»äºããæ£ãããããããšãä¿¡ããŠããŸããã ãã®ã¹ã¬ããã§äœåºŠãèšã£ãããã«ãçŸåšã®åäœã¯æãŸãããšæããŸãã å®å šã§ãªãTLSèŠæ±ãè¡ãããšã¯æªãèãã§ããããŠãŒã¶ãŒã¯ããããªãããã«èŠåãããã¹ãã§ãã
ç§ã®ç«å Žã§ã¯ãç¹ã«ãã¹ã¯ãŒããåŠçããŠããã·ã¹ãã ã§ã¯ããŠãŒã¶ãŒãé©åã«ä¿è·ãããŠããªãTLSèŠæ±ãè¡ã£ãŠãããšãã«_ç¥ã䟡å€ããããŸã_ã
ãã®ã¹ã¬ããã«ã¯ããããã®èŠåãç¡å¹ã«ããããã®ãªã¯ãšã¹ãã¬ãã«ã®ããã¯ãæ€èšããå¿
èŠããããšããverify=False
ãšverify=None
éã«ä»¥åã¯ååšããªãã£ãåºå¥ãè¿œå ããå¿
èŠããããšèããŠããŸãã åè
ã®æ¹ãåŸè
ãããã¯ããã«ç°¡åã§ããããšãããããŸãã
verify = Falseãšverify = Noneãåºå¥ããªãããã«+1ããŸãã ç§ã¯ã©ã¡ããããµããŒãããŸãïŒ
ãããŠããããä¿®æ£ããããã©ããã«ãããããããªã¯ãšã¹ãããµããŒãããŠããããã¹ãŠã®ãã©ã³ãã£ã¢ã«æè¬ããŸãïŒããã¯çŽ æŽãããã©ã€ãã©ãªã§ã:)
ããã¯çŽ æŽãããã©ã€ãã©ãªã§ããããªãã®ãã¹ãŠã®åªåã«æè¬ããŸãã
æè¿Pythonããã±ãŒãžãã¢ããã°ã¬ãŒãããå€æ°ã®æ°ããInsecurePlatformWarningããªã³ãã¢ãŠãã«æ°ä»ããåŸããã®åé¡ã«ééããŸããã ã§ããããç§ã¯èªåã®ãŠãŒã¹ã±ãŒã¹ã«è²¢ç®ããŠããŸããããã¯èª¬åŸåããããšæããŸãã
ãªã¯ãšã¹ãã䜿çšããŠã4ã€ã®ç°ãªãç°å¢ã§jenkinsãµãŒããŒã管çããŠããŸãã 3ã€ã®ç°å¢ïŒéçºãã¹ããŒãžã³ã°ãæ¬çªïŒã«ã¯ãã¹ãŠæå¹ãªèšŒææžããããŸãã 4çªç®ã®ç°å¢ã¯ãéçºè ãããŒã«ã«ãã·ã³ã§å€æŽããã¹ãããããã«äœ¿çšã§ããvagrantä»®æ³ããã¯ã¹ã§ãã ããã«ã¯æå¹ãªèšŒææžããããŸããããããªã·ãŒã®åé¡ãšããŠããã¹ãŠã®ãµãŒããŒæ§æãæå·åãããŠããªãèŠæ±ãæåŠããŸãã
ç°å¢ã®jenkinsæ¥ç¶èšå®ïŒãµãŒããŒåãããŒã¯ã³ãªã©ïŒã«ã¯ãSSLæ€èšŒããªãã«ããããã®ç¹å®ã®ãã©ã°ãå«ãŸããŠããŸããããã¯vagrantç°å¢ã§ã¯Trueã«ã®ã¿èšå®ãããŸãã
ç§ã®èšå®ã§ã¯ããããžã§ã¯ããããªã倧ããããªã¯ãšã¹ãã©ã€ãã©ãªã®æç¡ã«ããããããå€ãã®ãªã¯ãšã¹ããè¡ãããå¯èœæ§ããããããèŠåãã°ããŒãã«ã«ç¡å¹ã«ããããšã¯ãå§ãã§ããŸããã ãããžã§ã¯ãã®äžéšã«ãã©ã¹ã³ã¢ããªã±ãŒã·ã§ã³ããã®ä»ã®ãã«ãã¹ã¬ããã®ã±ãŒã¹ãå«ãŸããŠããå Žåãé€ããŠãã¹ã³ãŒãå ã®èŠåãç¡å¹ã«ããŠãåé¡ãããŸããã
ç§ã®æèŠã§ã¯ãverify = Falseã®äœ¿çšã¯ãµããŒããããèŠåãªãã§æåŸ ã©ããã«æ©èœããã¯ãã§ãã ããããã€èš±å¯ããããèš±å¯ãããã©ããã¯ãã¢ããªã±ãŒã·ã§ã³éçºè ã決å®ããŸãã ããšãã°ãäžè¬çãªäœ¿çšã®ããã«ãã©ãŠã¶ãäœæããŠããå Žåãèµ€ãããã¹ãããããããã倧ããªç¢ºèªãã€ã¢ãã°ã衚瀺ããã«ããããTrueã«èšå®ããããšã¯æ±ºããŠãããŸããã ããããç§ããµãŒããŒãšã¯ã©ã€ã¢ã³ããææããŠããŠã蚌ææžãçºè¡ããªããšããç¬èªã®çç±ãããå Žåã¯ãã¯ãªãŒã³ãªãã°ãäœæããä»ã®æœåšçãªåé¡ãé ããªãããã«ããå¿ èŠããããŸãã
ããããã€èš±å¯ããããèš±å¯ãããã©ããã¯ãã¢ããªã±ãŒã·ã§ã³éçºè ã決å®ããŸãã
ãã®è«äºã¯ç§ãããªããšéããšããã§ãã ãã€äœ¿çšãããã¯éçºè 次第ã ãšæããŸãã ãããããã®éžæãåãå ¥ãããããã©ãããå€æããã®ã¯_user_次第ã ãšæããŸãã ãŠãŒã¶ãŒãéçºè ã®éžæã«ãã£ãŠãªã¹ã¯ã«ãããããŠããããšãç解ãããã®ãªã¹ã¯ãè©äŸ¡ã§ããããšã¯_éèŠ_ã§ãã
ããããç§ããµãŒããŒãšã¯ã©ã€ã¢ã³ããææããŠããŠã蚌ææžãçºè¡ããªããšããç¬èªã®çç±ãããå Žåã¯ãã¯ãªãŒã³ãªãã°ãäœæããä»ã®æœåšçãªåé¡ãé ããªãããã«ããå¿ èŠããããŸãã
ãããŠããã®ã³ã°ã³ã³ããã¹ããããŒãžã£ãŒã䜿çšããŠèŠåããã£ããã£ããããšã§ããããè¡ãããšãã§ããŸãã ãŸãããªã¯ãšã¹ãã§ãã®èŠåããªã¯ãšã¹ãã«åºæã®ãã®ã«ããŠããã£ããã£ããããããããšãæ€èšããŠããŸããããŸã çºçããŠããŸããã
@ jamie-sparkedã«äŒŒãç¶æ³ããããŸãã
ã»ãã¥ãªãã£ã®åŒ·åã«é¢ããLukasaã®ãã€ã³ãã¯ç解ããŠããŸããããŠãŒã¶ãŒã«æé©ãªãã®ã決å®ãããå¿
èŠããããšæããŸãã
Requestsã¯ã©ã€ãã©ãªã§ããããšã³ããŠãŒã¶ãŒã¢ããªã±ãŒã·ã§ã³ã§ã¯ãããŸããã IMOã§ã¯ãéçºè
ããŠãŒã¶ãŒãšèŠãªãå¿
èŠããããŸãã
ã¢ããªã±ãŒã·ã§ã³éçºè
ã¯ã蚌ææžã®æ€èšŒããªãã«ããããšã決å®ããå ŽåïŒã€ãŸããverify = FalseïŒãã»ãã¥ãªãã£ã®ééãã«ã€ããŠè²¬ä»»ãè² ãå¿
èŠããããŸãã
éçºè ãšããŠãç§ã¯èªåãäœããã¹ãããæ瀺ããããšããã©ã€ãã©ãªãããæè»æ§ãéèŠããŠããŸãã
ãšããã§ãä»ã®äººãèšã£ãããã«ãç§ã¯ãªã¯ãšã¹ãã_çŽ æŽããã_ãšæããŸãããããŠç§ã¯ããªãã®ãã¹ãŠã®åªåã«æè¬ããŸãã ããããšãã
@thalesacéçºè ã«æ±ºå®ãä»»ããŸãã ãã®ã¹ã¬ããã§äœåºŠã説æãããŠããããã«ããã®èŠåããªãã«ããããšã¯ããªãå¯èœã§ãã ãã ãããã¹ãŠã®èŠåããªãã«ããã¹ã€ããã¯1ã€ã§ã¯ãããŸãããæåã§ããããããè¡ãå¿ èŠããããŸãã ããã¯ããŠãŒã¶ãŒã«åå®å šã¬ãŒãã_æèçã«_åé€ãããè©Šã¿ã§ãã
å€å±€é²åŸ¡ãšèããŠãã ããã ãããã¬ã³ã®äŸãã䜿çšããããã«ãå®å
šè£
眮ããªã³ã§åŒŸäžžãå
¥ã£ãŠããªãéãšãã¬ãžã³ããæž¡ãããŸãã verify=False
ãã¹ãŠã®èŠåãç¡å¹ã«ããå Žåãããã¯ããã¬ãžã³ãæ¿å
¥ããããšãã«èªåçã«å®å
šãç¡å¹ã«ããŠã©ãŠã³ãããã£ã³ããŒããéãæã£ãŠããã®ãšåãã§ãã 䟿å©ïŒ ãã¡ããã å±éºïŒ ããªãã¯è³ããŸãã
æãå
¥ããŸãããããªãã®ã¢ãããžãŒã¢ãã«ã«ã¯åæããŸããã
verify = Falseã¯ããªãã®å®å
š/ã»ãã¥ãªãã£ã¡ã«ããºã ã ãšæããŸãã æ瀺çã«ïŒãŸãã¯æåã§ïŒç¡å¹ã«ããå Žåãæªè
ãæã£ãŠãããšãã«éãåžžã«èŠåãçºããããšã¯æãŸãããããŸããã æããã«ãããã©ã«ãã®åäœã¯ã»ãã¥ãªãã£ã®èãæ¹ã匷å¶ããå¿
èŠããããŸãã
ãšã«ãããããã¯ç§ã®èŠè§£ã§ããããããžã§ã¯ãã«æé©ã ãšæãããšãå®è¡ããå¿
èŠãããããšãç解ããŠããŸãã ãã¶ããããè¯ãã©ã€ãã©ãªã§ããçç±ã§ãã :)
ããããšã
ç§ã¯Lukasaã«ééããªãåæããŸããæåã®ã»ãã¥ãªãã£ã§ããéçºè ãšããŠãã³ãŒãã®äžéšã§verify = Falseã䜿çšããŠããå ŽåãèŠåã衚瀺ããããªãå Žåã¯ãèŠåãé衚瀺ã«ããå¿ èŠããããŸãã
ãšã«ãããããªãã®ããŒã ã¯ãŒã¯ã®åªããã©ã€ãã©ãªã®å€§ãã¡ã³ããããç¶æããå¿èãç§ãã¡ã«å¿çããããã«+10000ã
ç§ã®èŠæ¹ã§ã¯ãã¢ããªã±ãŒã·ã§ã³ããŠãŒã¶ãŒã«ãã£ãŠèšå®ãããURLã䜿çšããŠããå ŽåããŠãŒã¶ãŒã«ã¯æ€èšŒãç¡å¹ã«ãããªãã·ã§ã³ãæäŸããå¿ èŠããããŸãããã©ã®ãããªç¶æ³ã§ãèŠåã衚瀺ãããã¯ãã§ãã éçºè ãšããŠãæå¹ãªèšŒææžãæã£ãŠãããšã¯æãããªãURLã«æ¥ç¶ããŠããããšãäœããã®çç±ã§ããã£ãŠããå ŽåïŒèšŒææžã®æ¯æããè¡ããªãå éšãµãŒãã¹ããã¹ããªã©ïŒãç¡å¹ã«ãããªãã·ã§ã³ãå¿ èŠã§ããæ€èšŒãç¡å¹ã«ãããšãšãã«èŠåã
åæã«ãèŠåãã°ããŒãã«ã«äžåºŠã«ç¡å¹ã«ãããç¶æ³ãçºçããããšã¯äžè¬çã§ã¯ãªããšæããŸãããããããšãé»ã£ãŠç¡èŠãããã»ãã¥ãªãã£ã®åé¡ãç°¡åã«çºçããããã§ãã
requests.packages.urllib3.disable_warnings()
ã¯ãããã¯ä»äºã§ã
ãã
requests.packages.urllib3.disable_warnings()
ã¯ããæ©èœããŠããŸãããïŒ ããã¯ç§ã®ããã«èŠåãæ²é»ãããŠããŸããã ããã§ãèŠåã®ç¡å¹åé¢æ°ãåŒã³åºããŠããŸããèŠåé¢æ°ãåŒã³åºãããããã¯ãã¬ãŒã¹ã®äŸã次ã«ç€ºããŸãã
[+] https://drupal.org/ãžã®ãªãã€ã¬ã¯ããåãå ¥ããŸãã > /usr/lib/python2.7/dist-packages/urllib3/connectionpool.pyïŒ791ïŒ_validate_connïŒïŒ -> warnings.warnïŒïŒ ïŒPdbïŒbt / root / droopescan / droopescanïŒ5ïŒïŒïŒ -> droopescan.mainïŒïŒ /root/droopescan/dscan/droopescan.pyïŒ55ïŒmainïŒïŒ -> ds.runïŒïŒ /usr/local/lib/python2.7/dist-packages/cement/core/foundation.pyïŒ764ïŒrunïŒïŒ -> self.controller._dispatchïŒïŒ /usr/local/lib/python2.7/dist-packages/cement/core/controller.pyïŒ466ïŒ_dispatchïŒïŒ -> funcïŒïŒãè¿ã /usr/local/lib/python2.7/dist-packages/cement/core/controller.pyïŒ472ïŒ_dispatchïŒïŒ -> funcïŒïŒãè¿ã /root/droopescan/dscan/plugins/internal/scan.pyïŒ114ïŒdefaultïŒïŒ -> follow_redirectsïŒ /root/droopescan/dscan/plugins/internal/scan.pyïŒ230ïŒ_process_cms_identifyïŒïŒ -> if inst.cms_identifyïŒurlãopts ['timeout']ãself._generate_headersïŒhost_headerïŒïŒ== TrueïŒ /root/droopescan/dscan/plugins/internal/base_plugin_internal.pyïŒ910ïŒcms_identifyïŒïŒ ->ããããŒïŒ /root/droopescan/dscan/plugins/internal/base_plugin_internal.pyïŒ827ïŒenumerate_file_hashïŒïŒ -> r = self.session.getïŒurl + file_urlãtimeout = timeoutãheaders = headersïŒ /usr/lib/python2.7/dist-packages/requests/sessions.pyïŒ480ïŒgetïŒïŒ -> return self.requestïŒ 'GET'ãurlã** kwargsïŒ /usr/lib/python2.7/dist-packages/requests/sessions.pyïŒ468ïŒrequestïŒïŒ -> resp = self.sendïŒprepã** send_kwargsïŒ /usr/lib/python2.7/dist-packages/requests/sessions.pyïŒ576ïŒsendïŒïŒ -> r = adapter.sendïŒrequestã** kwargsïŒ /usr/lib/python2.7/dist-packages/requests/adapters.pyïŒ376ïŒsendïŒïŒ ->ã¿ã€ã ã¢ãŠã=ã¿ã€ã ã¢ãŠã /usr/lib/python2.7/dist-packages/urllib3/connectionpool.pyïŒ559ïŒurlopenïŒïŒ -> body = bodyãheaders = headersïŒ /usr/lib/python2.7/dist-packages/urllib3/connectionpool.pyïŒ345ïŒ_make_requestïŒïŒ -> self._validate_connïŒconnïŒ > /usr/lib/python2.7/dist-packages/urllib3/connectionpool.pyïŒ791ïŒ_validate_connïŒïŒ -> warnings.warnïŒïŒ
以äžã¯pip freeze
ã®åºåã§ããç§ã¯debianãã¹ãã䜿çšããŠããŸãïŒ
argparse == 1.2.1 beautifulsoup4 == 4.4.1 ã»ã¡ã³ã== 2.6.2 chardet == 2.3.0 colorama == 0.3.3 ã«ãã¬ããž== 4.0.3 æå·å== 1.2.1 distlib == 0.2.1 -e git + git @ github.comïŒdroope / droopescan.git @ 6524a9235e89a6fdb3ef304ee8dc4cb73eca0386ïŒegg = droopescan-éçº enum34 == 1.1.2 funcsigs == 0.4 å ç©== 3.0.4 html5lib == 0.999 httplib2 == 0.9.1 idna == 2.0 ipaddress == 1.0.16 lxml == 3.5.0 æ°Žé== 3.5.2 ã¢ãã¯== 1.3.0 ndg-httpsclient == 0.4.0 nose == 1.3.7 pbr == 1.8.1 pyOpenSSL == 0.15.1 pyasn1 == 0.1.9 pycurl == 7.21.5 pystache == 0.5.4 python-apt == 1.1.0b1 python-debian == 0.1.27 python-debianbts == 2.6.0 reportbug == 6.6.6 ãªã¯ãšã¹ã== 2.9.1 å¿ç== 0.3.0 åè©Šè¡== 1.3.3 6 == 1.10.0 urllib3 == 1.13.1 ãã€ãŒã«== 0.26.0 wsgiref == 0.1.2
ããããšãã
ããã
disable_warnings
ã¯ãèŠåé¢æ°ã®åŒã³åºãã劚ãããã®ã§ã¯ãªããåºåãæå¶ããã ãã§ãã ä»ã®ã³ãŒãã§ãã¹ãŠã®èŠåãæå¹ã«ãªã£ãŠãããšãåé¡ãçºçããå¯èœæ§ããããŸãã
ããã«ã¡ã¯@Lukasa ã
ifã®åŸã«ãã¬ãŒã¯ãã€ã³ãã眮ããŸãã çµå±ãç§ã¯ããŸãã«ãå€ãã®åé¡ã«ééããã®ã§ãdebianãã¹ãã®äœ¿çšããããŸããããããŠããã¯ãããã®1ã€ã§ããå¯èœæ§ãéåžžã«é«ãã§ãã ç§ã¯èªåã®ã³ã¡ã³ããç¡èŠããŸããäœãèµ·ãã£ãã®ãã¯ããããŸããããå€ãã®äººã«åœ±é¿ãäžãããã®ã§ã¯ãªãå¯èœæ§ããããŸãã
ããããšãïŒ
ããã«
ãããããªããdebianã®ããã±ãŒãžã䜿ã£ãŠããã®ãªãã圌ãã®ãã³ããŒã®ãªãããžãã¯ãããã§äœããå£ããå¯èœæ§ããããŸãã
verify=False
ãæå®ããŠå®å
šã§ãªãèŠæ±ãè¡ããä»ã®å Žæã§è¡ãããä»ã®èŠæ±ã®èŠåã«å¹²æžããããšãªãããã®èŠæ±ã®èŠåã衚瀺ããããªãå Žåã¯ãå®å
šã«åççãšæãããŸãã
from requests.packages.urllib3.exceptions import InsecureRequestWarning
...
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=InsecureRequestWarning)
resp = requests.get(url, verify=False) # InsecureRequestWarning suppressed for this request
resp = requests.get(url, verify=False) # InsecureRequestWarning not suppressed for this request
...
æãåèã«ãªãã³ã¡ã³ã
ãŸãã¯åã«ãããè¡ããŸãïŒ