add cancel inspection for bank or medical websites

Author: 6C656C65

README.md

@@ -34,6 +34,8 @@
 - Inspection SSL
 - Custom page for 403 Forbidden
 - Support distant (http) blacklist
+- Shortcuts
+- Cancel inspection on bank site
 
 ## 📦 **Installation**
 
@@ -77,7 +79,6 @@ If you encounter any problems, or if you want to use the program in a particular
 
 ## 🔧 **To do**
 
-- Cancel inspection on bank site
 - Support content analysis
 - Caching of latest and most searched pages
 - Adding ACL

config.ini.example

@@ -25,4 +25,5 @@ shortcuts = config/shortcuts.txt
 ssl_inspect = false
 inspect_ca_cert = certs/ca/cert.pem
 inspect_ca_key = certs/ca/key.pem
-inspect_certs_folder = certs/
+inspect_certs_folder = certs/
+cancel_inspect = config/cancel_inspect.txt

config/cancel_inspect.example.txt

@@ -0,0 +1 @@
+mybank.com

pyproxy.py

@@ -43,11 +43,6 @@
         type=str,
         help="Path to the block log file"
     )
-    parser.add_argument(
-        "--shortcuts",
-        type=str,
-        help="Path to the shortcuts file"
-    )
     parser.add_argument(
         "--html-403",
         type=str,
@@ -70,6 +65,11 @@
         type=str,
         help="Path to the text file containing the list of URLs to block"
     )
+    parser.add_argument(
+        "--shortcuts",
+        type=str,
+        help="Path to the text file containing the list of shortcuts"
+    )
     parser.add_argument("--no-logging-access", action="store_true", help="Disable access logging")
     parser.add_argument("--no-logging-block", action="store_true", help="Disable block logging")
     parser.add_argument("--ssl-inspect", action="store_true", help="Enable SSL inspection")
@@ -80,6 +80,11 @@
         type=str,
         help="Path to the generated certificates folder"
     )
+    parser.add_argument(
+        "--cancel-inspect",
+        type=str,
+        help="Path to the text file containing the list of URLs without ssl inspection"
+    )
 
     args = parser.parse_args()
 
@@ -158,6 +163,11 @@
         if args.inspect_ca_key
         else config.get('Security', 'inspect_ca_key', fallback="certs/ca/key.pem")
     )
+    cancel_inspect = (
+        args.inspect_ca_key
+        if args.inspect_ca_key
+        else config.get('Security', 'cancel_inspect', fallback="config/cancel_inspect.txt")
+    )
 
     proxy = ProxyServer(
         host=host,
@@ -176,7 +186,8 @@
         shortcuts=shortcuts,
         inspect_ca_cert=inspect_ca_cert,
         inspect_ca_key=inspect_ca_key,
-        inspect_certs_folder=inspect_certs_folder
+        inspect_certs_folder=inspect_certs_folder,
+        cancel_inspect=cancel_inspect
     )
 
     proxy.start()

utils/cancel_inspect.py

@@ -0,0 +1,88 @@
+"""
+cancel_inspect.py
+
+This module contains functions and a process to load and monitor cancel inspection entries.
+It reads a file containing cancel inspection data and checks whether specific entries exist
+in that file. The file is monitored in a background thread for live updates.
+
+Functions:
+- load_cancel_inspect: Loads the cancel inspection list from a file into a list.
+- cancel_inspect_process: Process that listens for URL-like entries and checks
+  if they exist in the cancel inspection list.
+"""
+
+import multiprocessing
+import time
+import sys
+import threading
+
+def load_cancel_inspect(cancel_inspect_path: str) -> dict:
+    """
+    Loads cancel inspection entries from a file into a list.
+    
+    Args:
+        cancel_inspect_path (str): The path to the file containing the entries.
+    
+    Returns:
+        list: A list containing each line (entry) from the file.
+    """
+    cancel_inspect = []
+
+    with open(cancel_inspect_path, 'r', encoding='utf-8') as f:
+        for line in f:
+            cancel_inspect.append(line)
+
+    return cancel_inspect
+
+# pylint: disable=too-many-locals
+def cancel_inspect_process(
+    queue: multiprocessing.Queue,
+    result_queue: multiprocessing.Queue,
+    cancel_inspect_path: str
+) -> None:
+    """
+    Process that monitors the cancel inspection file and checks if received entries exist in it.
+    
+    Args:
+        queue (multiprocessing.Queue): A queue to receive entries to check.
+        result_queue (multiprocessing.Queue): A queue to send back True/False depending on match.
+        cancel_inspect_path (str): Path to the file containing cancel inspection entries.
+    """
+    manager = multiprocessing.Manager()
+    cancel_inspect_data = manager.list(
+        load_cancel_inspect(cancel_inspect_path)
+    )
+
+    error_event = threading.Event()
+
+    def file_monitor() -> None:
+        try:
+            while True:
+                new_cancel_inspect = load_cancel_inspect(cancel_inspect_path)
+
+                cancel_inspect_data = new_cancel_inspect
+
+                time.sleep(5)
+        except (IOError, ValueError) as e:
+            print(f"File monitor error: {e}")
+            error_event.set()
+
+    monitor_thread = threading.Thread(target=file_monitor, daemon=True)
+    monitor_thread.start()
+
+    while True:
+        if error_event.is_set():
+            print("Error detected in file monitor thread, terminating process.")
+            sys.exit(1)
+
+        try:
+            url = queue.get()
+            print("url", url)
+            print("cancel_inspect_data", cancel_inspect_data)
+            if url in cancel_inspect_data:
+                result_queue.put(True)
+            else:
+                result_queue.put(False)
+
+        except KeyboardInterrupt:
+            break

utils/proxy.py

@@ -22,6 +22,7 @@
 
 from utils.filter import filter_process
 from utils.shortcuts import shortcuts_process
+from utils.cancel_inspect import cancel_inspect_process
 from utils.logger import configure_file_logger, configure_console_logger
 
 class ProxyServer:
@@ -35,7 +36,7 @@ class ProxyServer:
     def __init__(self, host, port, debug, access_log, block_log,
                  html_403, no_filter, filter_mode, no_logging_access, no_logging_block, ssl_inspect,
                  blocked_sites, blocked_url, shortcuts, inspect_ca_cert,
-                 inspect_ca_key, inspect_certs_folder):
+                 inspect_ca_key, inspect_certs_folder, cancel_inspect):
         """
         Initializes the ProxyServer instance with the provided configurations.
         """
@@ -53,10 +54,14 @@ def __init__(self, host, port, debug, access_log, block_log,
         self.shortcuts_proc = None
         self.shortcuts_queue = multiprocessing.Queue()
         self.shortcuts_result_queue = multiprocessing.Queue()
+        self.cancel_inspect_proc = None
+        self.cancel_inspect_queue = multiprocessing.Queue()
+        self.cancel_inspect_result_queue = multiprocessing.Queue()
         self.console_logger = configure_console_logger()
         self.config_blocked_sites = blocked_sites
         self.config_blocked_url = blocked_url
         self.config_shortcuts = shortcuts
+        self.config_cancel_inspect = cancel_inspect
         self.config_inspect_cert = inspect_ca_cert
         self.config_inspect_key = inspect_ca_key
         self.config_inspect_certs_folder = inspect_certs_folder
@@ -145,6 +150,18 @@ def start(self):
             self.shortcuts_proc.start()
             self.console_logger.debug("[*] Starting the shortcuts process...")
 
+        if self.config_cancel_inspect and os.path.isfile(self.config_cancel_inspect):
+            self.cancel_inspect_proc = multiprocessing.Process(
+                target=cancel_inspect_process,
+                args=(
+                    self.cancel_inspect_queue,
+                    self.cancel_inspect_result_queue,
+                    self.config_cancel_inspect
+                )
+            )
+            self.cancel_inspect_proc.start()
+            self.console_logger.debug("[*] Starting the cancel inspection process...")
+
         server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         server.bind(self.host_port)
         server.listen(10)
@@ -198,11 +215,8 @@ def handle_http_request(self, client_socket, request):
 
         if self.config_shortcuts:
             domain, _ = self.parse_url(url)
-            print(url)
-            print(domain)
             self.shortcuts_queue.put(domain)
             shortcut_url = self.shortcuts_result_queue.get()
-            print(shortcut_url)
             if shortcut_url:
                 response = (
                     f"HTTP/1.1 302 Found\r\n"
@@ -344,6 +358,10 @@ def handle_https_connection(self, client_socket, first_line):
                 return
 
         if self.ssl_inspect:
+            self.cancel_inspect_queue.put(server_host)
+            not_inspect = self.cancel_inspect_result_queue.get()
+
+        if self.ssl_inspect and not not_inspect:
             cert_path, key_path = self.generate_certificate(server_host)
             client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
             client_context.load_cert_chain(certfile=cert_path, keyfile=key_path)