From 101e6aa7551fe608a4a37bc80d916e36c6ba0cd4 Mon Sep 17 00:00:00 2001 From: evilhero Date: Sun, 3 Feb 2019 15:03:40 -0500 Subject: [PATCH] FIX: fixed cache folder being publically exposed, FIX: added .secure folder and move cookies into secured location as required --- mylar/auth32p.py | 6 +++--- mylar/config.py | 21 +++++++++++++++++++++ mylar/webstart.py | 4 +--- 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/mylar/auth32p.py b/mylar/auth32p.py index 95575481..df269035 100644 --- a/mylar/auth32p.py +++ b/mylar/auth32p.py @@ -69,7 +69,7 @@ class info32p(object): try: with cfscrape.create_scraper() as s: s.headers = self.headers - cj = LWPCookieJar(os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat")) + cj = LWPCookieJar(os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat")) cj.load() s.cookies = cj @@ -248,7 +248,7 @@ class info32p(object): with cfscrape.create_scraper() as s: s.headers = self.headers - cj = LWPCookieJar(os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat")) + cj = LWPCookieJar(os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat")) cj.load() s.cookies = cj data = [] @@ -403,7 +403,7 @@ class info32p(object): except Exception as e: logger.error('%s Can\'t create session with cfscrape' % self.module) - self.session_path = session_path if session_path is not None else os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat") + self.session_path = session_path if session_path is not None else os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat") self.ses.cookies = LWPCookieJar(self.session_path) if not os.path.exists(self.session_path): logger.fdebug('%s Session cookie does not exist. Signing in and Creating.' % self.module) diff --git a/mylar/config.py b/mylar/config.py index 10b5eb8d..1b374f6f 100644 --- a/mylar/config.py +++ b/mylar/config.py @@ -3,6 +3,7 @@ from collections import OrderedDict from operator import itemgetter import os +import glob import codecs import shutil import re @@ -74,6 +75,7 @@ _CONFIG_DEFINITIONS = OrderedDict({ 'ALTERNATE_LATEST_SERIES_COVERS': (bool, 'General', False), 'SHOW_ICONS': (bool, 'General', False), 'FORMAT_BOOKTYPE': (bool, 'General', False), + 'SECURE_DIR': (str, 'General', None), 'RSS_CHECKINTERVAL': (int, 'Scheduler', 20), 'SEARCH_INTERVAL': (int, 'Scheduler', 360), @@ -770,6 +772,25 @@ class Config(object): except OSError: logger.error('[Cache Check] Could not create cache dir. Check permissions of datadir: ' + mylar.DATA_DIR) + + if not self.SECURE_DIR: + self.SECURE_DIR = os.path.join(mylar.DATA_DIR, '.secure') + + if not os.path.exists(self.SECURE_DIR): + try: + os.makedirs(self.SECURE_DIR) + except OSError: + logger.error('[Secure DIR Check] Could not create secure directory. Check permissions of datadir: ' + mylar.DATA_DIR) + + #make sure the cookies.dat file is not in cache + for f in glob.glob(os.path.join(self.CACHE_DIR, '.32p_cookies.dat')): + try: + if os.path.isfile(f): + shutil.move(f, os.path.join(self.SECURE_DIR, '.32p_cookies.dat')) + except Exception as e: + logger.error('SECURE-DIR-MOVE] Unable to move cookies file into secure location. This is a fatal error.') + sys.exit() + if all([self.GRABBAG_DIR is None, self.DESTINATION_DIR is not None]): self.GRABBAG_DIR = os.path.join(self.DESTINATION_DIR, 'Grabbag') logger.fdebug('[Grabbag Directory] Setting One-Off directory to default location: %s' % self.GRABBAG_DIR) diff --git a/mylar/webstart.py b/mylar/webstart.py index 3c41d9cb..c6c9d0e3 100755 --- a/mylar/webstart.py +++ b/mylar/webstart.py @@ -99,9 +99,7 @@ def initialize(options): }, '/cache': { 'tools.staticdir.on': True, - 'tools.staticdir.dir': mylar.CONFIG.CACHE_DIR, - 'tools.auth_basic.on': False, - 'tools.auth.on': False + 'tools.staticdir.dir': mylar.CONFIG.CACHE_DIR } }