mirror of
https://github.com/Chia-Network/chia-blockchain.git
synced 2025-01-07 17:59:35 +03:00
send --fix-ssl-permissions to stderr (#15972)
This commit is contained in:
parent
e6663c05d8
commit
06c7382cd4
@ -60,7 +60,7 @@ def ensure_ssl_dirs(dirs: List[Path]):
|
||||
"""Create SSL dirs with a default 755 mode if necessary"""
|
||||
for dir in dirs:
|
||||
if not dir.exists():
|
||||
dir.mkdir(mode=0o755)
|
||||
dir.mkdir(mode=0o755, parents=True)
|
||||
|
||||
|
||||
def generate_ca_signed_cert(ca_crt: bytes, ca_key: bytes, cert_out: Path, key_out: Path):
|
||||
|
@ -143,15 +143,18 @@ def check_ssl(root_path: Path) -> None:
|
||||
certs_to_check, keys_to_check = get_all_ssl_file_paths(root_path)
|
||||
invalid_files = verify_ssl_certs_and_keys(certs_to_check, keys_to_check)
|
||||
if len(invalid_files):
|
||||
print("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")
|
||||
print("@ WARNING: UNPROTECTED SSL FILE! @")
|
||||
print("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")
|
||||
for path, actual_permissions, expected_permissions in invalid_files:
|
||||
print(
|
||||
lines = [
|
||||
"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@",
|
||||
"@ WARNING: UNPROTECTED SSL FILE! @",
|
||||
"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@",
|
||||
*(
|
||||
get_ssl_perm_warning(path, actual_permissions, expected_permissions)
|
||||
) # lgtm [py/clear-text-logging-sensitive-data]
|
||||
print("One or more SSL files were found with permission issues.")
|
||||
print("Run the following to fix issues: chia init --fix-ssl-permissions")
|
||||
for path, actual_permissions, expected_permissions in invalid_files
|
||||
),
|
||||
"One or more SSL files were found with permission issues.",
|
||||
"Run the following to fix issues: chia init --fix-ssl-permissions",
|
||||
]
|
||||
print("\n".join(lines), file=sys.stderr)
|
||||
|
||||
|
||||
def check_and_fix_permissions_for_ssl_file(file: Path, mask: int, updated_mode: int) -> Tuple[bool, bool]:
|
||||
|
31
tests/util/test_ssl_check.py
Normal file
31
tests/util/test_ssl_check.py
Normal file
@ -0,0 +1,31 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
import pytest
|
||||
|
||||
from chia.ssl.create_ssl import create_all_ssl
|
||||
from chia.util.ssl_check import check_ssl
|
||||
|
||||
|
||||
def test_check_ssl_stream_with_bad_permissions(
|
||||
capsys: pytest.CaptureFixture[str],
|
||||
root_path_populated_with_config: Path,
|
||||
) -> None:
|
||||
with capsys.disabled():
|
||||
create_all_ssl(root_path=root_path_populated_with_config)
|
||||
root_path_populated_with_config.joinpath("config", "ssl", "daemon", "private_daemon.crt").chmod(mode=0o777)
|
||||
|
||||
check_ssl(root_path=root_path_populated_with_config)
|
||||
|
||||
with capsys.disabled():
|
||||
captured = capsys.readouterr()
|
||||
print(f"stdout: {captured.out!r}")
|
||||
print(f"stderr: {captured.err!r}")
|
||||
|
||||
assert captured.out == ""
|
||||
if sys.platform == "win32":
|
||||
assert captured.err == ""
|
||||
else:
|
||||
assert "WARNING: UNPROTECTED SSL FILE!" in captured.err
|
Loading…
Reference in New Issue
Block a user