Incorporated Schoen's feedback and really fixed py26 support?...

2026-06-08 16:22:18 -04:00 · 2015-07-29 09:40:49 -07:00 · 2015-07-29 09:40:49 -07:00 · 6bbc412748
commit 6bbc412748
parent 50ce91b769
2 changed files with 12 additions and 7 deletions
--- a/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache.py
+++ b/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache.py
@ -1,8 +1,11 @@
 #!/usr/bin/env python
 """Let's Encrypt Apache configuration submission script"""
 import argparse
+import atexit
 import contextlib
 import os
+import re
+import shutil
 import subprocess
 import sys
 import tarfile
@ -31,8 +34,9 @@ argument and the path to the binary.


 # Keywords likely to be found in filenames of sensitive files
-_SENSITIVE_KEYWORDS = ["private", "secret", "cert", "crt", "key", "pem", "der",
-                       "rsa", "dsa", "pass", "pw"]
+_SENSITIVE_FILENAME_REGEX = re.compile(r"^(?!.*proxy_fdpass).*pass.*$|private|"
+                                       r"secret|cert|crt|key|\.pem|\.der|rsa|"
+                                       r"dsa|pw")


 def make_and_verify_selection(server_root, temp_dir):
@ -131,9 +135,9 @@ def safe_config_file(config_file):
    :rtype: bool

    """
-    for keyword in _SENSITIVE_KEYWORDS:
-        if keyword in config_file:
-            return False
+    config_file_lower = config_file.lower()
+    if _SENSITIVE_FILENAME_REGEX.search(config_file_lower):
+        return False

    proc = subprocess.Popen(["file", config_file],
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@ -284,6 +288,7 @@ def main():

    verify_config(args)
    tempdir = setup_tempdir(args)
+    atexit.register(lambda: shutil.rmtree(tempdir))
    make_and_verify_selection(args.server_root, tempdir)

    tarpath = os.path.join(tempdir, "config.tar.gz")
--- a/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache_test.py
+++ b/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache_test.py
@ -206,8 +206,8 @@ class LetsHelpApacheTest(unittest.TestCase):

                    testdir = tar.next()
                    self.assertTrue(testdir.isdir())
-                    testdir_path = os.path.join(".", testdir_basename)
-                    self.assertEqual(testdir.name, testdir_path)
+                    self.assertEqual(os.path.basename(testdir.name),
+                                     testdir_basename)

                    self.assertEqual(tar.next(), None)