From 4bb49e3d5b865935e7b16d1d69e59b02c068b95a Mon Sep 17 00:00:00 2001 From: Jude N Date: Tue, 23 Jul 2019 00:34:08 -0400 Subject: [PATCH] Checkpoint commit (pylint support) --- .gitignore | 4 + README.md | 7 +- digestauth.py | 79 ------ requirements.txt | 2 + setup.cfg | 5 + setup.py | 28 +++ test_requirements.txt | 2 + vern.pylint | 574 ++++++++++++++++++++++++++++++++++++++++++ vern/__init__.py | 0 vern/digestauth.py | 74 ++++++ 10 files changed, 695 insertions(+), 80 deletions(-) create mode 100644 .gitignore delete mode 100644 digestauth.py create mode 100644 requirements.txt create mode 100644 setup.cfg create mode 100644 setup.py create mode 100644 test_requirements.txt create mode 100644 vern.pylint create mode 100644 vern/__init__.py create mode 100644 vern/digestauth.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a1782fb --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +env +vern.egg-info +vern/__pycache__ +*.swp diff --git a/README.md b/README.md index 62b2d9a..19baaab 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,10 @@ - This is still super-alpha code so its pretty useless. +- Dev environment +python3 -m venv ./env +source ./env/bin/activate +python3 setyp.py develop + - TODO: setup.py - source ./env/bin/activate - Run mitmproxy @@ -8,4 +13,4 @@ - cp mitmproxy-ca-cert.cer to /usr/share/ca-certificates/mitmproxy-ca-cert.crt - run sudo dpkg-reconfigure ca-certificates -- mitmdump -s digestauth.py +- Run with './env/bin/mitmdump -s ./vern/digestauth.py --set uname=' diff --git a/digestauth.py b/digestauth.py deleted file mode 100644 index 9c86fb0..0000000 --- a/digestauth.py +++ /dev/null @@ -1,79 +0,0 @@ - -from mitmproxy import ctx, exceptions -from requests.auth import HTTPDigestAuth -from requests.utils import parse_dict_header - -import re -import threading -import requests -import typing -import getpass - - -class DigestAuthenticator: - - def __init__(self): - self.lock = threading.Lock() - self.resubmitted_response = None - self._username = None - self._password = None - - def load(self, loader): - ctx.log.info('in load') - loader.add_option( - name = "uname", - typespec = typing.Text, - default = '', - help = "Please enter your user name" - ) - - def configure(self, updates): - ctx.log.info('updates: ' + str(updates)) - ctx.log.info('in configue: ' + str(ctx.options)) - if ctx.options.uname == '': - raise exceptions.OptionsError("Please enter a non-empty value for uname with --set uname=your_username") - else: - self._username = ctx.options.uname - self._password = getpass.getpass("Please enter the password for " + self._username + ": ") - - - def response(self, flow): - - if flow.response.status_code == 401 and 'Authorization' not in flow.request.headers: - - www_authenticate_header = flow.response.headers['WWW-Authenticate'] - - if 'digest' in www_authenticate_header.lower(): - - http_digest_auth = HTTPDigestAuth(self._username, self._password) - http_digest_auth.init_per_thread_state() - pat = re.compile(r'digest ', flags=re.IGNORECASE) - http_digest_auth._thread_local.chal = parse_dict_header(pat.sub('', www_authenticate_header, count=1)) - authorization_header = http_digest_auth.build_digest_header(flow.request.method, flow.request.url) - - resubmitted_headers = {} - resubmitted_headers.update(flow.request.headers) - resubmitted_headers.update({'Authorization': str(authorization_header)}) - if flow.request.method == 'GET': - resubmitted_response = requests.get(flow.request.url, headers=resubmitted_headers, allow_redirects=False) - else: - # TODO: This probably needs a data=payload arg... - resubmitted_response = requests.post(flow.request.url, headers=resubmitted_headers) - - if resubmitted_response.status_code == 301: - ctx.log.info("301 response headers: " + str(resubmitted_response.headers)) - - flow.response.status_code = resubmitted_response.status_code - flow.response.reason = resubmitted_response.reason - flow.response.content = resubmitted_response.text.encode('ascii') - - # TODO: additional response fields (headers and cookies) - - else: - # TODO: switch info to debug eventually - ctx.log("DigestAuthenticator other request: " + str(flow.response.status_code) + "\n\n", "info") - - -addons = [ - DigestAuthenticator() -] diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..5c77444 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +mitmproxy +requests diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..b54f4e2 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,5 @@ +[aliases] +test=pytest + +[tool:pytest] +addopts = --pylint --pylint-rcfile=vern.pylint diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..f9aa462 --- /dev/null +++ b/setup.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +""" +Setup.py file for the vern project +""" + +from distutils.core import setup +import setuptools #pylint: disable=unused-import + +with open('requirements.txt') as fp: + INSTALL_REQUIRES = fp.read() + +with open('test_requirements.txt') as fp: + TESTS_REQUIRE = fp.read() + +setup( + name='vern', + version='1.0.0', + author='Jude N', + author_email='digest_auth_spam@pwan.org', + description='A proxy for responding to digest auth requests', + long_description='A proxy for responding to annoying digest auth requests', + url="https://pwan.org/git/?p=vern;a=summary", + packages=['vern'], + package_dir={'vern' : 'vern'}, + install_requires=INSTALL_REQUIRES, + tests_require=TESTS_REQUIRE, + setup_requires=['pytest-runner', 'pytest-pylint'], +) diff --git a/test_requirements.txt b/test_requirements.txt new file mode 100644 index 0000000..8a02e4e --- /dev/null +++ b/test_requirements.txt @@ -0,0 +1,2 @@ +pytest-pylint +pytest-runner diff --git a/vern.pylint b/vern.pylint new file mode 100644 index 0000000..a5615ae --- /dev/null +++ b/vern.pylint @@ -0,0 +1,574 @@ +[MASTER] + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +extension-pkg-whitelist= + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the blacklist. The +# regex matches against base names, not paths. +ignore-patterns= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use. +jobs=1 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Specify a configuration file. +#rcfile= + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED. +confidence= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once). You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable=print-statement, + parameter-unpacking, + unpacking-in-except, + old-raise-syntax, + backtick, + long-suffix, + old-ne-operator, + old-octal-literal, + import-star-module-level, + non-ascii-bytes-literal, + raw-checker-failed, + bad-inline-option, + locally-disabled, + file-ignored, + suppressed-message, + useless-suppression, + deprecated-pragma, + use-symbolic-message-instead, + apply-builtin, + basestring-builtin, + buffer-builtin, + cmp-builtin, + coerce-builtin, + execfile-builtin, + file-builtin, + long-builtin, + raw_input-builtin, + reduce-builtin, + standarderror-builtin, + unicode-builtin, + xrange-builtin, + coerce-method, + delslice-method, + getslice-method, + setslice-method, + no-absolute-import, + old-division, + dict-iter-method, + dict-view-method, + next-method-called, + metaclass-assignment, + indexing-exception, + raising-string, + reload-builtin, + oct-method, + hex-method, + nonzero-method, + cmp-method, + input-builtin, + round-builtin, + intern-builtin, + unichr-builtin, + map-builtin-not-iterating, + zip-builtin-not-iterating, + range-builtin-not-iterating, + filter-builtin-not-iterating, + using-cmp-argument, + eq-without-hash, + div-method, + idiv-method, + rdiv-method, + exception-message-attribute, + invalid-str-codec, + sys-max-int, + bad-python3-import, + deprecated-string-function, + deprecated-str-translate-call, + deprecated-itertools-function, + deprecated-types-field, + next-method-defined, + dict-items-not-iterating, + dict-keys-not-iterating, + dict-values-not-iterating, + deprecated-operator-function, + deprecated-urllib-function, + xreadlines-attribute, + deprecated-sys-function, + exception-escape, + comprehension-escape, + # vern-specific + line-too-long, + missing-docstring, + fixme + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member + + +[REPORTS] + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +#msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages. +reports=no + +# Activate the evaluation score. +score=yes + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit + + +[BASIC] + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style. +#argument-rgx= + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma. +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. +#class-attribute-rgx= + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming- +# style. +#class-rgx= + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style. +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style. +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma. +good-names=i, + j, + k, + ex, + Run, + _ + +# Include a hint for the correct naming format with invalid-name. +include-naming-hint=no + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. +#inlinevar-rgx= + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style. +#method-rgx= + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style. +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +# These decorators are taken in consideration only for invalid-name. +property-classes=abc.abstractproperty + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style. +#variable-rgx= + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package.. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + + +[STRING] + +# This flag controls whether the implicit-str-concat-in-sequence should +# generate a warning on implicit string concatenation in sequences defined over +# several lines. +check-str-concat-over-line-jumps=no + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module. +max-module-lines=1000 + +# List of optional constructs for which whitespace checking is disabled. `dict- +# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. +# `trailing-comma` allows a space between comma and closing bracket: (a, ). +# `empty-line` allows space-only lines. +no-space-check=trailing-comma, + dict-separator + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis. It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expected to +# not be used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore. +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + + +[LOGGING] + +# Format style used to check logging format string. `old` means using % +# formatting, while `new` is for `{}` formatting. +logging-format-style=old + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules=logging + + +[SIMILARITIES] + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[IMPORTS] + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules=optparse,tkinter.tix + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled). +ext-import-graph= + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled). +import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled). +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=cls + + +[DESIGN] + +# Maximum number of arguments for function / method. +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in an if statement. +max-bool-expr=5 + +# Maximum number of branch for function / method body. +max-branches=12 + +# Maximum number of locals for function / method body. +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body. +max-returns=6 + +# Maximum number of statements in function / method body. +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "BaseException, Exception". +overgeneral-exceptions=BaseException, + Exception diff --git a/vern/__init__.py b/vern/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/vern/digestauth.py b/vern/digestauth.py new file mode 100644 index 0000000..1717579 --- /dev/null +++ b/vern/digestauth.py @@ -0,0 +1,74 @@ +""" +mitmproxy addon +""" +import getpass +import re +import typing +import requests +from requests.auth import HTTPDigestAuth +from requests.utils import parse_dict_header +from mitmproxy import ctx +from mitmproxy.net.http import headers as nheaders + + +class DigestAuthenticator: + + def __init__(self): + self._username = None + self._password = None + + def load(self, loader): # pylint: disable=no-self-use + loader.add_option( + name="uname", + typespec=typing.Text, + default='', + help="Please enter your user name" + ) + + def configure(self, updates): # pylint: disable=unused-argument + if ctx.options.uname == '': + ctx.log.error("Please enter a non-empty value for uname with --set uname=your_username") + ctx.master.shutdown() + else: + self._username = ctx.options.uname + self._password = getpass.getpass("Please enter the password for " + self._username + ": ") + + def response(self, flow): + + if flow.response.status_code == 401 and 'Authorization' not in flow.request.headers: + + www_authenticate_header = flow.response.headers['WWW-Authenticate'] + + if 'digest' in www_authenticate_header.lower(): + + http_digest_auth = HTTPDigestAuth(self._username, self._password) + http_digest_auth.init_per_thread_state() + pat = re.compile(r'digest ', flags=re.IGNORECASE) + http_digest_auth._thread_local.chal = parse_dict_header(pat.sub('', www_authenticate_header, count=1)) # pylint: disable=protected-access + authorization_header = http_digest_auth.build_digest_header(flow.request.method, flow.request.url) + + resubmitted_headers = dict(flow.request.headers) + resubmitted_headers.update({'Authorization': str(authorization_header)}) + if flow.request.method == 'GET': + resubmitted_response = requests.get(flow.request.url, cookies=flow.request.cookies, headers=resubmitted_headers, allow_redirects=False) + else: + # TODO: This probably needs a data=payload arg... + resubmitted_response = requests.post(flow.request.url, headers=resubmitted_headers) + + if resubmitted_response.status_code == 301: + ctx.log.info("301 response headers: " + str(resubmitted_response.headers)) + + flow.response.status_code = resubmitted_response.status_code + flow.response.reason = resubmitted_response.reason + flow.response.content = resubmitted_response.text.encode('ascii') + + flow.response.headers = nheaders.Headers(**dict(resubmitted_response.headers)) + flow.response.cookies = dict(resubmitted_response.cookies) + + else: + # TODO: switch info to debug eventually + ctx.log.info("DigestAuthenticator other request: " + str(flow.response.status_code) + "\n\n", "info") + +addons = [ # pylint: disable=C0103 + DigestAuthenticator() +] -- 2.39.2