Bugfix/disable ssl errors fix (#110)

timabrmsn · web-flow · commit c003f2733101 · 2020-07-10T16:29:22.000-05:00
* fix for --disable-ssl-errors not actually doing anything

* update changelog
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,9 @@ how a consumer would use the library (e.g. adding unit tests, updating documenta
 
 - The `print` command on the `security-data` and `alerts` command groups has been replaced with the `search` command. 
     This was a name change only, all other functionality remains the same.
+   
+- A profile created with the `--disable-ssl-errors` flag will now correctly not verify SSL certs when making requests. A warning message is printed 
+    each time the CLI is run with a profile configured this way, as it is not recommended.
 
 ### Added
 
diff --git a/src/code42cli/sdk_client.py b/src/code42cli/sdk_client.py
@@ -1,6 +1,8 @@
 import py42.sdk
 import py42.settings
 import py42.settings.debug as debug
+import requests
+from click import secho
 from py42.exceptions import Py42UnauthorizedError
 from requests.exceptions import ConnectionError
 
@@ -15,6 +17,17 @@
 def create_sdk(profile, is_debug_mode):
     if is_debug_mode:
         py42.settings.debug.level = debug.DEBUG
+    if profile.ignore_ssl_errors == "True":
+        secho(
+            "Warning: Profile '{0}' has SSL verification disabled. Adding certificate verification "
+            "is strongly advised.".format(profile.name),
+            fg="red",
+            err=True,
+        )
+        requests.packages.urllib3.disable_warnings(
+            requests.packages.urllib3.exceptions.InsecureRequestWarning
+        )
+        py42.settings.verify_ssl_certs = False
     password = profile.get_password()
     return validate_connection(profile.authority_url, profile.username, password)
 
diff --git a/tests/test_sdk_client.py b/tests/test_sdk_client.py
@@ -28,6 +28,22 @@ def requests_exception(mocker):
     return mock_exception
 
 
+def test_create_sdk_when_profile_has_ssl_errors_disabled_sets_py42_setting_and_prints_warning(
+    profile, mocker, capsys
+):
+    mock_py42 = mocker.patch("code42cli.sdk_client.py42")
+    profile.ignore_ssl_errors = "True"
+    sdk = create_sdk(profile, False)
+    output = capsys.readouterr()
+    assert mock_py42.settings.verify_ssl_certs == False
+    assert (
+        "Warning: Profile '{0}' has SSL verification disabled. Adding certificate verification is strongly advised.".format(
+            profile.name
+        )
+        in output.err
+    )
+
+
 def test_create_sdk_when_py42_exception_occurs_raises_and_logs_cli_error(
     sdk_logger, mock_sdk_factory, requests_exception
 ):
