From 63ffbb3d9ef3f746ed8b21b525465e6758eab7b7 Mon Sep 17 00:00:00 2001 From: Chris Thornton Date: Tue, 27 Jun 2017 11:37:11 +0000 Subject: [PATCH 1/3] Ensure TLS certs are verified in requests By default, the requests library verifies TLS certs so this improves security. As it was, any outgoing requests through these methods could have been man-in-the-middled. --- nzbhydra/webaccess.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nzbhydra/webaccess.py b/nzbhydra/webaccess.py index 3e7ecbb..6ffcc3d 100644 --- a/nzbhydra/webaccess.py +++ b/nzbhydra/webaccess.py @@ -32,10 +32,10 @@ def getCleanProxyUrl(url): def get(url, **kwargs): global proxies myproxies = proxies if proxies is not None and furl(url).host not in ["127.0.0.1", "localhost"] and "192.168" not in str(url) else None - return requests.get(url, proxies=myproxies, verify=False, **kwargs) + return requests.get(url, proxies=myproxies, **kwargs) def post(url, **kwargs): global proxies myproxies = proxies if proxies is not None and furl(url).host not in ["127.0.0.1", "localhost"] and "192.168" not in str(url) else None - return requests.post(url, proxies=myproxies, verify=False, **kwargs) + return requests.post(url, proxies=myproxies, **kwargs) From 73a40e26c6ebac9d2f5aaa8832cc30f65132e08e Mon Sep 17 00:00:00 2001 From: Chris Thornton Date: Tue, 27 Jun 2017 11:41:33 +0000 Subject: [PATCH 2/3] Use https:// for infos sources --- nzbhydra/infos.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nzbhydra/infos.py b/nzbhydra/infos.py index dc9c4b5..7faa0fc 100644 --- a/nzbhydra/infos.py +++ b/nzbhydra/infos.py @@ -113,7 +113,7 @@ def imdbid_to_tmdbid(imdbid): def find_series_ids(input): - info = webaccess.get("http://api.tvmaze.com/search/shows?q=%s" % input) + info = webaccess.get("https://api.tvmaze.com/search/shows?q=%s" % input) info.raise_for_status() results = [] for result in info.json(): @@ -138,7 +138,7 @@ def title_from_id(identifier_key, identifier_value): if identifier_key == "imdbid": if identifier_value[0:2] != "tt": identifier_value = "tt%s" % identifier_value - url = furl("http://www.omdbapi.com").add({"i": identifier_value, "plot": "short", "r": "json"}).tostr() + url = furl("https://www.omdbapi.com").add({"i": identifier_value, "plot": "short", "r": "json"}).tostr() omdb = webaccess.get(url) return omdb.json()["Title"] @@ -146,7 +146,7 @@ def title_from_id(identifier_key, identifier_value): raise AttributeError("Unknown identifier %s" % identifier_key) tvmaze_key = "tvrage" if identifier_key == "rid" else "thetvdb" - tvmaze = webaccess.get(furl("http://api.tvmaze.com/lookup/shows").add({tvmaze_key: identifier_value}).url) + tvmaze = webaccess.get(furl("https://api.tvmaze.com/lookup/shows").add({tvmaze_key: identifier_value}).url) if tvmaze.status_code == 404: #Unfortunately TVMaze returns a 404 for unknown/invalid IDs raise ExternalApiInfoException("Unable to find id %s and value %s at TVMaze" % (identifier_key, identifier_value)) @@ -286,4 +286,4 @@ def convertIdToAny(fromType, possibleToTypes, id): - \ No newline at end of file + From 3fcab5987c782391631ab7a0ea44d15aed8611ab Mon Sep 17 00:00:00 2001 From: Chris Thornton Date: Tue, 27 Jun 2017 11:50:30 +0000 Subject: [PATCH 3/3] Use https for socks proxy IP lookup --- nzbhydra/socks_proxy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nzbhydra/socks_proxy.py b/nzbhydra/socks_proxy.py index 5eb64b6..bf55666 100644 --- a/nzbhydra/socks_proxy.py +++ b/nzbhydra/socks_proxy.py @@ -20,7 +20,7 @@ def setSOCKSproxy(sockshost,socksport): socket.socket = socks.socksocket try: - return urllib2.urlopen('http://ipinfo.io/ip').read().rstrip() + return urllib2.urlopen('https://ipinfo.io/ip').read().rstrip() except: return None