koji

Clone

#4388 kojikamid fixes
Merged a month ago by tkopecek. Opened a month ago by tkopecek.
tkopecek/koji vm-fix  into  master

file modified
+10 -6 
@@ -45,7 +45,14 @@ 
 

  from configparser import RawConfigParser
 

  from optparse import OptionParser
 

  

- from defusedxml import xmlrpc
 

+ try:
 

+     # patching xmlrpc to protect against XML related attacks
 

+     from defusedxml import xmlrpc
 

+     xmlrpc.monkey_patch()
 

+ except ImportError:
 

+     # just use stdlib in case defusedxml is missing
 

+     pass
 

+ import xmlrpc.client  # nosec B411, we don't always have non-stdlib libraries
 

  import six    # noqa: F401, needed for imported code
 

  

  
@@ -53,9 +60,6 @@ 
 

  

  KOJIKAMID = True
 

  

- # patching xmlrpc to protect against XML related attacks
 

- xmlrpc.monkey_patch()
 

- 

  # INSERT kojikamid dup #
 

  

  
@@ -341,7 +345,7 @@ 
 

              elif checksum_type == 'sha256':
 

                  checksum = hashlib.sha256()
 

              elif checksum_type == 'md5':
 

-                 checksum = md5_constructor.md5()  # noqa: F821
 

+                 checksum = md5_constructor()  # noqa: F821
 

              else:
 

                  raise BuildError('Unknown checksum type %s for %s' % (  # noqa: F821
 

                                   checksum_type,
 
@@ -638,7 +642,7 @@ 
 

          macaddr, gateway = find_net_info()
 

      logger.debug('found MAC address %s, connecting to %s:%s',
 

                   macaddr, gateway, MANAGER_PORT)
 

-     server = xmlrpc.xmlrpc_client.ServerProxy(
 

+     server = xmlrpc.client.ServerProxy(
 

          'http://%s:%s/' % (gateway, MANAGER_PORT), allow_none=True
 

      )
 

      # we would set a timeout on the socket here, but that is apparently not

no initial comment

import xmlrpc doesn't appears to get us xmlrpc.client. pre-defused code had the latter.

Rather than simply wrap monkey_patch() in a try, it would be better to note that it's not available during the earlier import and make this simply a conditional

rebased onto c057c29
a month ago 
-    server = xmlrpc.xmlrpc_client.ServerProxy(
+    server = xmlrpc.client.ServerProxy(

For whatever reason, defusedxml.xmlrpc does not have a client global. It still uses the old name. The have their own py2/3 import wrapper and assign to xmlrpc_client for both cases.

Perhaps something like this?

@@ -50,6 +50,7 @@ try:
 except ImportError:
     import xmlrpc  # nosec B411, we don't always have non-stdlib libraries
+    import xmlrpc.client
     defusedxml_enabled = False
 import six    # noqa: F401, needed for imported code

@@ -61,6 +62,9 @@ KOJIKAMID = True
 if defusedxml_enabled:
     # patching xmlrpc to protect against XML related attacks
     xmlrpc.monkey_patch()
+    xmlrpc_client = xmlrpc.xmlrpc_client
+else:
+    xmlrpc_client = xmlrpc.client

And then use xmlrpc_client in our calls.

Alternately, we could probably just import xmlrpc.client directly and rely on monkey_patch to fix the underlying libs (the client class should be the same object either way).

rebased onto e17671c
a month ago

simplified a bit

Metadata Update from @tkopecek:
- Pull-request tagged with: no_qe
a month ago

:thumbsup:

rebased onto e17671c
a month ago

Commit 83b4fb5 fixes this pull-request

Pull-Request has been merged by tkopecek
a month ago
Metadata
None

no_qe

Changes Summary 1
+10 -6
file changed
vm/kojikamid.py
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.