diff --git a/reviewboard/admin/security_checks.py b/reviewboard/admin/security_checks.py index 378bdd72c21a2621b99140a3c185d490ec141a9b..53f4297d205490d6da1344b2908a2c388825587e 100644 --- a/reviewboard/admin/security_checks.py +++ b/reviewboard/admin/security_checks.py @@ -13,6 +13,7 @@ from django.utils.translation import gettext_lazy as _ from djblets.log import log_timed from reviewboard.admin.server import build_server_url +from reviewboard.certs.manager import cert_manager _security_checks = OrderedDict() @@ -252,7 +253,10 @@ class ServerExecutableFileCheck(BaseExecutableFileCheck): f'executable file at {url}', default_level=logging.INFO, logger=logger): - data = urlopen(url).read() + data = urlopen( + url, + **cert_manager.build_urlopen_kwargs(url=url), + ).read() except HTTPError as e: # An HTTP 403 is also an acceptable response if e.code == 403: @@ -341,7 +345,10 @@ class BrowserExecutableFileCheck(BaseExecutableFileCheck): f'attachment at {url}', default_level=logging.INFO, logger=logger): - headers = urlopen(url).info() + headers = urlopen( + url, + **cert_manager.build_urlopen_kwargs(url=url), + ).info() return headers.get('Content-Disposition', '').startswith('attachment') diff --git a/reviewboard/cmdline/rbsite.py b/reviewboard/cmdline/rbsite.py index f0f26826a6746e9f8c3edb10edfd921a8835092a..f35fa93c762f361e1c4db4a1f597952b3f927fd0 100755 --- a/reviewboard/cmdline/rbsite.py +++ b/reviewboard/cmdline/rbsite.py @@ -1174,7 +1174,12 @@ class Site(object): url = get_register_support_url(force_is_admin=True) try: - urlopen(url, timeout=5).read() + from reviewboard.certs import cert_manager + urlopen( + url, + timeout=5, + **cert_manager.build_urlopen_kwargs(url=url), + ).read() except Exception: # There may be a number of issues preventing this from working, # such as a restricted network environment or a server issue on diff --git a/reviewboard/notifications/webhooks.py b/reviewboard/notifications/webhooks.py index 35e1a8691a12e84e0f8d95d23c874f61f170ba97..b4e021d33378e3a7fe42b6530867a835bc34b9d2 100644 --- a/reviewboard/notifications/webhooks.py +++ b/reviewboard/notifications/webhooks.py @@ -8,6 +8,7 @@ import logging from base64 import b64encode from collections import OrderedDict from datetime import datetime +from typing import TYPE_CHECKING from urllib.error import HTTPError from urllib.parse import urlencode, urlsplit, urlunsplit from urllib.request import Request, urlopen @@ -29,6 +30,7 @@ from djblets.webapi.encoders import (BasicAPIEncoder, JSONEncoderAdapter, ResourceAPIEncoder, XMLEncoderAdapter) from reviewboard import get_package_version +from reviewboard.certs.manager import cert_manager from reviewboard.notifications.models import WebHookTarget from reviewboard.reviews.models import Review, ReviewRequest from reviewboard.reviews.signals import (review_request_closed, @@ -37,6 +39,11 @@ from reviewboard.reviews.signals import (review_request_closed, review_published, reply_published) +if TYPE_CHECKING: + from collections.abc import Sequence + + from typelets.json import JSONDict + logger = logging.getLogger(__name__) @@ -277,7 +284,12 @@ def normalize_webhook_payload(payload, request, use_string_keys=False): return _normalize_value(payload) -def dispatch_webhook_event(request, webhook_targets, event, payload): +def dispatch_webhook_event( + request: HttpRequest, + webhook_targets: Sequence[WebHookTarget], + event: str, + payload: JSONDict, +) -> None: """Dispatch the given event and payload to the given WebHook targets. Args: @@ -289,7 +301,7 @@ def dispatch_webhook_event(request, webhook_targets, event, payload): The list of WebHook targets containing endpoint URLs to dispatch to. - event (unicode): + event (str): The name of the event being dispatched. payload (dict): @@ -417,7 +429,13 @@ def dispatch_webhook_event(request, webhook_targets, event, payload): headers['Authorization'] = \ 'Basic %s' % b64encode(credentials.encode('utf-8')) - urlopen(Request(url, body, headers)) + urlopen( + Request(url, body, headers), + **cert_manager.build_urlopen_kwargs( + url=url, + local_site=webhook_target.local_site, + ), + ) except Exception as e: logger.exception('[%s] Could not dispatch WebHook to %s: %s', log_timer.trace_id, webhook_target.url, e, diff --git a/reviewboard/scmtools/core.py b/reviewboard/scmtools/core.py index 12b696eb543704478b0b8bbb9bfab6c3e28f3638..e26254b9e23e45c27548fc22eff1ebda924676f8 100644 --- a/reviewboard/scmtools/core.py +++ b/reviewboard/scmtools/core.py @@ -20,6 +20,7 @@ from djblets.log import log_timed from djblets.util.properties import TypedProperty from typing_extensions import TypeAlias +from reviewboard.certs.manager import cert_manager from reviewboard.scmtools.errors import (AuthenticationError, FileNotFoundError, SCMError) @@ -1820,7 +1821,13 @@ class SCMClient: request.add_header('Authorization', f'Basic {auth_string}') - response = urlopen(request) + response = urlopen( + request, + **cert_manager.build_urlopen_kwargs( + url=url, + local_site=self.local_site, + ), + ) if (mime_type is None or response.info()['Content-Type'] == mime_type):