1
0
Fork 0
mirror of https://github.com/evilhero/mylar synced 2025-01-03 05:24:43 +00:00

FIX: fixed cache folder being publically exposed, FIX: added .secure folder and move cookies into secured location as required

This commit is contained in:
evilhero 2019-02-03 14:41:11 -05:00
parent 6b6ab8d285
commit ab4e87363e
3 changed files with 24 additions and 6 deletions

View file

@ -69,7 +69,7 @@ class info32p(object):
try: try:
with cfscrape.create_scraper() as s: with cfscrape.create_scraper() as s:
s.headers = self.headers s.headers = self.headers
cj = LWPCookieJar(os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat")) cj = LWPCookieJar(os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat"))
cj.load() cj.load()
s.cookies = cj s.cookies = cj
@ -248,7 +248,7 @@ class info32p(object):
with cfscrape.create_scraper() as s: with cfscrape.create_scraper() as s:
s.headers = self.headers s.headers = self.headers
cj = LWPCookieJar(os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat")) cj = LWPCookieJar(os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat"))
cj.load() cj.load()
s.cookies = cj s.cookies = cj
data = [] data = []
@ -403,7 +403,7 @@ class info32p(object):
except Exception as e: except Exception as e:
logger.error('%s Can\'t create session with cfscrape' % self.module) logger.error('%s Can\'t create session with cfscrape' % self.module)
self.session_path = session_path if session_path is not None else os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat") self.session_path = session_path if session_path is not None else os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat")
self.ses.cookies = LWPCookieJar(self.session_path) self.ses.cookies = LWPCookieJar(self.session_path)
if not os.path.exists(self.session_path): if not os.path.exists(self.session_path):
logger.fdebug('%s Session cookie does not exist. Signing in and Creating.' % self.module) logger.fdebug('%s Session cookie does not exist. Signing in and Creating.' % self.module)

View file

@ -76,6 +76,7 @@ _CONFIG_DEFINITIONS = OrderedDict({
'SHOW_ICONS': (bool, 'General', False), 'SHOW_ICONS': (bool, 'General', False),
'FORMAT_BOOKTYPE': (bool, 'General', False), 'FORMAT_BOOKTYPE': (bool, 'General', False),
'CLEANUP_CACHE': (bool, 'General', False), 'CLEANUP_CACHE': (bool, 'General', False),
'SECURE_DIR': (str, 'General', None),
'RSS_CHECKINTERVAL': (int, 'Scheduler', 20), 'RSS_CHECKINTERVAL': (int, 'Scheduler', 20),
'SEARCH_INTERVAL': (int, 'Scheduler', 360), 'SEARCH_INTERVAL': (int, 'Scheduler', 360),
@ -773,6 +774,25 @@ class Config(object):
except OSError: except OSError:
logger.error('[Cache Check] Could not create cache dir. Check permissions of datadir: ' + mylar.DATA_DIR) logger.error('[Cache Check] Could not create cache dir. Check permissions of datadir: ' + mylar.DATA_DIR)
if not self.SECURE_DIR:
self.SECURE_DIR = os.path.join(mylar.DATA_DIR, '.secure')
if not os.path.exists(self.SECURE_DIR):
try:
os.makedirs(self.SECURE_DIR)
except OSError:
logger.error('[Secure DIR Check] Could not create secure directory. Check permissions of datadir: ' + mylar.DATA_DIR)
#make sure the cookies.dat file is not in cache
for f in glob.glob(os.path.join(self.CACHE_DIR, '.32p_cookies.dat')):
try:
if os.path.isfile(f):
shutil.move(f, os.path.join(self.SECURE_DIR, '.32p_cookies.dat'))
except Exception as e:
logger.error('SECURE-DIR-MOVE] Unable to move cookies file into secure location. This is a fatal error.')
sys.exit()
if self.CLEANUP_CACHE is True: if self.CLEANUP_CACHE is True:
logger.fdebug('[Cache Cleanup] Cache Cleanup initiated. Will delete items from cache that are no longer needed.') logger.fdebug('[Cache Cleanup] Cache Cleanup initiated. Will delete items from cache that are no longer needed.')
cache_types = ['*.nzb', '*.torrent', '*.zip', '*.html', 'mylar_*'] cache_types = ['*.nzb', '*.torrent', '*.zip', '*.html', 'mylar_*']

View file

@ -99,9 +99,7 @@ def initialize(options):
}, },
'/cache': { '/cache': {
'tools.staticdir.on': True, 'tools.staticdir.on': True,
'tools.staticdir.dir': mylar.CONFIG.CACHE_DIR, 'tools.staticdir.dir': mylar.CONFIG.CACHE_DIR
'tools.auth_basic.on': False,
'tools.auth.on': False
} }
} }