https-everywhere-py/https_everywhere/_mozilla_preload_hsts.py at 3a9f9a2324fa328cd2e769cd9d200094b72216ff · jayvdb/https-everywhere-py · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import os.path

import requests
from logging_helper import setup_logging

from ._fetch import _storage_location
from ._util import _check_in, _reverse_host

logger = setup_logging()

_hg_url = "https://hg.mozilla.org/releases/mozilla-{version}/raw-file/tip/security/manager/ssl/nsSTSPreloadList.inc"
_VERSIONS = ["beta", "release"]


def _fetch_preload(version="release"):
    filename = _storage_location(_hg_url, version)
    if os.path.exists(filename):
        return filename

    r = requests.get(_hg_url.format(version=version))
    r.raise_for_status()

    with open(filename, "w") as f:
        f.write(r.text)

    return filename


def _load_preload_data(filename):
    with open(filename) as f:
        positive = set()
        negative = set()
        lines = [line.strip() for line in f.readlines()]
        start = lines.index("%%")
        lines = lines[start + 1:]
        end = lines.index("%%")
        lines = lines[:end]
        for line in lines:
            name, flag = line.split(",")
            name = name.strip()
            if flag.strip() == "1":
                positive.add(name)
            else:
                negative.add(name)
        return positive, negative


def _preload_remove_negative(remove_overlap=False):
    filename = _fetch_preload()
    domains, negative = _load_preload_data(filename)

    for name in negative:
        rv = _check_in(domains, name)
        if rv:
            logger.warning("Removing {} because of negative {}".format(rv, name))
            domains.remove(rv)

    if remove_overlap:
        entries = {}
        for name in domains:
            reversed_name = _reverse_host(name)
            assert reversed_name not in entries
            entries[reversed_name] = name

        previous = ""
        for item in sorted(entries.keys()):
            entry = entries[item]
            if not previous or previous not in item:
                previous = item
                continue

            domains.remove(entry)
            logger.warning(
                "Removing {} because of base domain {}".format(entry, entries[previous])
            )

    return domains