From 6bbc41274838c421f054f42092d7ba81433a2ac8 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Wed, 29 Jul 2015 09:40:49 -0700 Subject: [PATCH] Incorporated Schoen's feedback and really fixed py26 support?... --- .../letshelp_letsencrypt_apache.py | 15 ++++++++++----- .../letshelp_letsencrypt_apache_test.py | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache.py b/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache.py index c6b1fbfaf..94ba979d9 100755 --- a/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache.py +++ b/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache.py @@ -1,8 +1,11 @@ #!/usr/bin/env python """Let's Encrypt Apache configuration submission script""" import argparse +import atexit import contextlib import os +import re +import shutil import subprocess import sys import tarfile @@ -31,8 +34,9 @@ argument and the path to the binary. # Keywords likely to be found in filenames of sensitive files -_SENSITIVE_KEYWORDS = ["private", "secret", "cert", "crt", "key", "pem", "der", - "rsa", "dsa", "pass", "pw"] +_SENSITIVE_FILENAME_REGEX = re.compile(r"^(?!.*proxy_fdpass).*pass.*$|private|" + r"secret|cert|crt|key|\.pem|\.der|rsa|" + r"dsa|pw") def make_and_verify_selection(server_root, temp_dir): @@ -131,9 +135,9 @@ def safe_config_file(config_file): :rtype: bool """ - for keyword in _SENSITIVE_KEYWORDS: - if keyword in config_file: - return False + config_file_lower = config_file.lower() + if _SENSITIVE_FILENAME_REGEX.search(config_file_lower): + return False proc = subprocess.Popen(["file", config_file], stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -284,6 +288,7 @@ def main(): verify_config(args) tempdir = setup_tempdir(args) + atexit.register(lambda: shutil.rmtree(tempdir)) make_and_verify_selection(args.server_root, tempdir) tarpath = os.path.join(tempdir, "config.tar.gz") diff --git a/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache_test.py b/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache_test.py index 7ae394de7..c514118fb 100644 --- a/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache_test.py +++ b/letshelp-letsencrypt/letshelp_letsencrypt/letshelp_letsencrypt_apache_test.py @@ -206,8 +206,8 @@ class LetsHelpApacheTest(unittest.TestCase): testdir = tar.next() self.assertTrue(testdir.isdir()) - testdir_path = os.path.join(".", testdir_basename) - self.assertEqual(testdir.name, testdir_path) + self.assertEqual(os.path.basename(testdir.name), + testdir_basename) self.assertEqual(tar.next(), None)