Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package snallygaster for openSUSE:Factory checked in at 2021-06-19 23:03:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/snallygaster (Old) and /work/SRC/openSUSE:Factory/.snallygaster.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "snallygaster" Sat Jun 19 23:03:10 2021 rev:5 rq:900703 version:0.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/snallygaster/snallygaster.changes 2021-05-21 21:50:47.750039685 +0200 +++ /work/SRC/openSUSE:Factory/.snallygaster.new.2625/snallygaster.changes 2021-06-19 23:03:40.667730294 +0200 @@ -1,0 +2,9 @@ +Fri Jun 18 06:37:49 UTC 2021 - Sebastian Wagner <sebix+novell....@sebix.at> + +- Update to version 0.0.10: + - New test for Wordpress duplicator installer files and directory listings. + - Move from Travis CI to Github Actions. + - Fix and silence new pylint warnings. +- remove obsolete fix-codestyle.patch + +------------------------------------------------------------------- Old: ---- fix-codestyle.patch snallygaster-0.0.9.tar.gz New: ---- snallygaster-0.0.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ snallygaster.spec ++++++ --- /var/tmp/diff_new_pack.gvjzcV/_old 2021-06-19 23:03:41.075730923 +0200 +++ /var/tmp/diff_new_pack.gvjzcV/_new 2021-06-19 23:03:41.079730929 +0200 @@ -17,7 +17,7 @@ Name: snallygaster -Version: 0.0.9 +Version: 0.0.10 Release: 0 Summary: Tool to scan for hidden files on HTTP servers License: CC0-1.0 @@ -25,8 +25,6 @@ URL: https://github.com/hannob/snallygaster Source: https://files.pythonhosted.org/packages/source/s/snallygaster/snallygaster-%{version}.tar.gz Source1: https://github.com/hannob/snallygaster-testdata/archive/refs/heads/master.tar.gz#/testdata.tar.gz -# PATCH-FIX-UPSTREAM fix-codestyle.patch -- fixes codestyle to pass pylint testcase -Patch0: https://github.com/hannob/snallygaster/pull/58.patch#/fix-codestyle.patch BuildRequires: python-rpm-macros BuildRequires: python3-setuptools # SECTION test requirements @@ -59,7 +57,6 @@ # -n snallygaster-testdata-master mkdir snallygaster-testdata-master/.git/ echo '[core]' > snallygaster-testdata-master/.git/config -%patch0 -p1 %build %python3_build ++++++ snallygaster-0.0.9.tar.gz -> snallygaster-0.0.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/.github/workflows/runtests.yml new/snallygaster-0.0.10/.github/workflows/runtests.yml --- old/snallygaster-0.0.9/.github/workflows/runtests.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/snallygaster-0.0.10/.github/workflows/runtests.yml 2021-06-17 11:19:22.000000000 +0200 @@ -0,0 +1,25 @@ +name: snallygaster tests +on: +- pull_request +- push + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [3.8,3.9,3.10-dev] + steps: + - uses: actions/checkout@v2 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + pip install pycodestyle pyflakes pylint dlint pyupgrade + - name: Run tests + run: | + python3 -m unittest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/.travis.yml new/snallygaster-0.0.10/.travis.yml --- old/snallygaster-0.0.9/.travis.yml 2020-09-11 20:43:00.000000000 +0200 +++ new/snallygaster-0.0.10/.travis.yml 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +0,0 @@ -language: python -python: - - "3.7" - - "3.8" - - "3.9-dev" -# Fails due to https://github.com/pypa/wheel/issues/354 -# - "nightly" -env: - global: - - RUN_ONLINETESTS=1 -install: - - pip install -r requirements.txt - - pip install pycodestyle pyflakes pylint dlint pyupgrade -script: - - python3 -m unittest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/PKG-INFO new/snallygaster-0.0.10/PKG-INFO --- old/snallygaster-0.0.9/PKG-INFO 2020-10-01 14:03:36.346673300 +0200 +++ new/snallygaster-0.0.10/PKG-INFO 2021-06-17 11:43:27.413193200 +0200 @@ -1,95 +1,11 @@ Metadata-Version: 2.1 Name: snallygaster -Version: 0.0.9 +Version: 0.0.10 Summary: Tool to scan for secret files on HTTP servers Home-page: https://github.com/hannob/snallygaster Author: Hanno B??ck Author-email: ha...@hboeck.de License: CC0 -Description: # snallygaster - - Finds file leaks and other security problems on HTTP servers. - - what? - ===== - - snallygaster is a tool that looks for files accessible on web servers that shouldn't be public - and can pose a security risk. - - Typical examples include publicly accessible git repositories, backup files potentially containing - passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. - - As an introduction to these kinds of issues you may want to watch this talk: - * [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4) - - See the [TESTS.md](TESTS.md) file for an overview of all tests and links to further information - about the issues. - - install - ======= - - snallygaster is available [via pypi](https://pypi.python.org/pypi/snallygaster): - - ``` - pip3 install snallygaster - ``` - - It's a simple python 3 script, so you can just download the file "snallygaster" - and execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In - Debian- or Ubuntu-based distributions you can install them via: - - ``` - apt install python3-dnspython python3-urllib3 python3-bs4 - ``` - - distribution packages - ===================== - - Some Linux and BSD systems have snallygaster packaged: - - * [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster) - * [NetBSD](https://pkgsrc.se/security/snallygaster) - * [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/) - - faq - === - - Q: I want to contribute / send a patch / a pull request! - - A: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file. - - Q: What's that name? - - A: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon that - according to some legends was seen in Maryland and other parts of the US. There's no particular - backstory why this tool got named this way, other than that I was looking for a fun and - interesting name. - - I thought a name of some mythical creature would be nice, but most of those had the problem - that I would have had name collisions with other software. Checking the list of dragons on - Wikipedia I learned about the Snallygaster. The name sounded funny, the idea that there are - dragon legends in the US interesting and I found no other piece of software with that name. - - credit and thanks - ================= - - * Thanks to Tim Philipp Sch??fers and Sebastian Neef from the - [Internetwache](https://www.internetwache.org/) for plenty of ideas about things to look - for. - * Thanks to [Craig Young](https://secur3.us/) for many discussions during the - development of this script. - * Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python - programming during the development. - * Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of - things about Python packaging. - * Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom track at - 34C3 for letting me present this work. - - author - ====== - - snallygaster is developed and maintained by [Hanno B??ck](https://hboeck.de/). - Keywords: security,vulnerability,http Platform: UNKNOWN Classifier: Development Status :: 4 - Beta @@ -104,3 +20,90 @@ Classifier: Programming Language :: Python :: 3.8 Requires-Python: >=3 Description-Content-Type: text/markdown +License-File: LICENSE + +# snallygaster + +Finds file leaks and other security problems on HTTP servers. + +what? +===== + +snallygaster is a tool that looks for files accessible on web servers that shouldn't be public +and can pose a security risk. + +Typical examples include publicly accessible git repositories, backup files potentially containing +passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. + +As an introduction to these kinds of issues you may want to watch this talk: +* [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4) + +See the [TESTS.md](TESTS.md) file for an overview of all tests and links to further information +about the issues. + +install +======= + +snallygaster is available [via pypi](https://pypi.python.org/pypi/snallygaster): + +``` +pip3 install snallygaster +``` + +It's a simple python 3 script, so you can just download the file "snallygaster" +and execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In +Debian- or Ubuntu-based distributions you can install them via: + +``` +apt install python3-dnspython python3-urllib3 python3-bs4 +``` + +distribution packages +===================== + +Some Linux and BSD systems have snallygaster packaged: + +* [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster) +* [NetBSD](https://pkgsrc.se/security/snallygaster) +* [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/) + +faq +=== + +Q: I want to contribute / send a patch / a pull request! + +A: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file. + +Q: What's that name? + +A: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon that +according to some legends was seen in Maryland and other parts of the US. There's no particular +backstory why this tool got named this way, other than that I was looking for a fun and +interesting name. + +I thought a name of some mythical creature would be nice, but most of those had the problem +that I would have had name collisions with other software. Checking the list of dragons on +Wikipedia I learned about the Snallygaster. The name sounded funny, the idea that there are +dragon legends in the US interesting and I found no other piece of software with that name. + +credit and thanks +================= + +* Thanks to Tim Philipp Sch??fers and Sebastian Neef from the + [Internetwache](https://www.internetwache.org/) for plenty of ideas about things to look + for. +* Thanks to [Craig Young](https://secur3.us/) for many discussions during the + development of this script. +* Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python + programming during the development. +* Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of + things about Python packaging. +* Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom track at + 34C3 for letting me present this work. + +author +====== + +snallygaster is developed and maintained by [Hanno B??ck](https://hboeck.de/). + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/TESTS.md new/snallygaster-0.0.10/TESTS.md --- old/snallygaster-0.0.9/TESTS.md 2020-09-17 22:00:51.000000000 +0200 +++ new/snallygaster-0.0.10/TESTS.md 2021-06-17 11:19:22.000000000 +0200 @@ -345,6 +345,27 @@ with sensitive data like passwords in stack traces. +thumbsdb +-------- + +Image metadata from old Windows versions, may leak file names and thumbnails. + +* [Vinetto thumbnail parser](https://github.com/AtesComp/Vinetto) + + +duplicator +---------- + +Find leftover installer.php / installer-backup.php files from the Wordpress Duplicator +plugin. +Note: While this is claimed as "fixed" by the plugin authors in later versions as the +plugin tries to delete these files after the next login, a vulnerable state can still +happen if the files are not successfully deleted after a migration. + +* [Synacktiv: Remote code execution vulnerability in WordPress Duplicator](https://www.synacktiv.com/ressources/advisories/WordPress_Duplicator-1.2.40-RCE.pdf) +* [Anonleaks: KennotFM / Details zu Hack und Defacement](https://anonleaks.net/2021/optinfoil/kennotfm-details-zu-hack-und-defacement/) + + axfr ---- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/setup.py new/snallygaster-0.0.10/setup.py --- old/snallygaster-0.0.9/setup.py 2020-10-01 14:03:18.000000000 +0200 +++ new/snallygaster-0.0.10/setup.py 2021-06-17 11:40:55.000000000 +0200 @@ -11,7 +11,7 @@ setuptools.setup( name=package_name, - version="0.0.9", + version="0.0.10", description="Tool to scan for secret files on HTTP servers", long_description=readme, long_description_content_type='text/markdown', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/snallygaster new/snallygaster-0.0.10/snallygaster --- old/snallygaster-0.0.9/snallygaster 2020-09-27 15:18:49.000000000 +0200 +++ new/snallygaster-0.0.10/snallygaster 2021-06-17 11:20:30.000000000 +0200 @@ -739,6 +739,25 @@ @DEFAULT +def test_thumbsdb(url): + r = fetcher(url + "/Thumbs.db", binary=True) + if r and r[0:8] == b'\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1': + pout("thumbsdb", url + "/Thumbs.db") + + +@DEFAULT +def test_duplicator(url): + for fn in ['installer.php', 'installer-backup.php']: + r = fetcher("%s/%s" % (url, fn)) + if '/dup-installer/main.installer.php' in r: + pout("duplicator", "%s/%s" % (url, fn)) + for fn in ['backups-dup-pro', 'backups-dup-lite']: + r = fetcher("%s/wp-content/%s/" % (url, fn)) + if '>Index of /' in r: + pout("duplicator_dirlisting", "%s/wp-content/%s/" % (url, fn)) + + +@DEFAULT @HOSTNAME def test_axfr(qhost): try: @@ -746,7 +765,9 @@ ns = dns.resolver.resolve(qhost, 'NS') else: # dnspython before 2.0 ns = dns.resolver.query(qhost, 'NS') - except (dns.exception.DNSException, ConnectionResetError): + except (dns.exception.DNSException, dns.exception.Timeout, + ConnectionResetError, ConnectionRefusedError, + EOFError, socket.gaierror, TimeoutError, OSError): return for r in ns.rrset: r = str(r) @@ -771,9 +792,9 @@ axfr = dns.zone.from_xfr(dns.query.xfr(ip, qhost)) if axfr: pout("axfr", qhost, r) - except (dns.exception.DNSException, ConnectionResetError, - EOFError, socket.gaierror, ConnectionRefusedError, - TimeoutError, OSError): + except (dns.exception.DNSException, dns.exception.Timeout, + ConnectionResetError, ConnectionRefusedError, + EOFError, socket.gaierror, TimeoutError, OSError): pass diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/snallygaster.egg-info/PKG-INFO new/snallygaster-0.0.10/snallygaster.egg-info/PKG-INFO --- old/snallygaster-0.0.9/snallygaster.egg-info/PKG-INFO 2020-10-01 14:03:36.000000000 +0200 +++ new/snallygaster-0.0.10/snallygaster.egg-info/PKG-INFO 2021-06-17 11:43:27.000000000 +0200 @@ -1,95 +1,11 @@ Metadata-Version: 2.1 Name: snallygaster -Version: 0.0.9 +Version: 0.0.10 Summary: Tool to scan for secret files on HTTP servers Home-page: https://github.com/hannob/snallygaster Author: Hanno B??ck Author-email: ha...@hboeck.de License: CC0 -Description: # snallygaster - - Finds file leaks and other security problems on HTTP servers. - - what? - ===== - - snallygaster is a tool that looks for files accessible on web servers that shouldn't be public - and can pose a security risk. - - Typical examples include publicly accessible git repositories, backup files potentially containing - passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. - - As an introduction to these kinds of issues you may want to watch this talk: - * [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4) - - See the [TESTS.md](TESTS.md) file for an overview of all tests and links to further information - about the issues. - - install - ======= - - snallygaster is available [via pypi](https://pypi.python.org/pypi/snallygaster): - - ``` - pip3 install snallygaster - ``` - - It's a simple python 3 script, so you can just download the file "snallygaster" - and execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In - Debian- or Ubuntu-based distributions you can install them via: - - ``` - apt install python3-dnspython python3-urllib3 python3-bs4 - ``` - - distribution packages - ===================== - - Some Linux and BSD systems have snallygaster packaged: - - * [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster) - * [NetBSD](https://pkgsrc.se/security/snallygaster) - * [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/) - - faq - === - - Q: I want to contribute / send a patch / a pull request! - - A: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file. - - Q: What's that name? - - A: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon that - according to some legends was seen in Maryland and other parts of the US. There's no particular - backstory why this tool got named this way, other than that I was looking for a fun and - interesting name. - - I thought a name of some mythical creature would be nice, but most of those had the problem - that I would have had name collisions with other software. Checking the list of dragons on - Wikipedia I learned about the Snallygaster. The name sounded funny, the idea that there are - dragon legends in the US interesting and I found no other piece of software with that name. - - credit and thanks - ================= - - * Thanks to Tim Philipp Sch??fers and Sebastian Neef from the - [Internetwache](https://www.internetwache.org/) for plenty of ideas about things to look - for. - * Thanks to [Craig Young](https://secur3.us/) for many discussions during the - development of this script. - * Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python - programming during the development. - * Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of - things about Python packaging. - * Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom track at - 34C3 for letting me present this work. - - author - ====== - - snallygaster is developed and maintained by [Hanno B??ck](https://hboeck.de/). - Keywords: security,vulnerability,http Platform: UNKNOWN Classifier: Development Status :: 4 - Beta @@ -104,3 +20,90 @@ Classifier: Programming Language :: Python :: 3.8 Requires-Python: >=3 Description-Content-Type: text/markdown +License-File: LICENSE + +# snallygaster + +Finds file leaks and other security problems on HTTP servers. + +what? +===== + +snallygaster is a tool that looks for files accessible on web servers that shouldn't be public +and can pose a security risk. + +Typical examples include publicly accessible git repositories, backup files potentially containing +passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. + +As an introduction to these kinds of issues you may want to watch this talk: +* [Attacking with HTTP Requests](https://www.youtube.com/watch?v=Bppr9rbmwz4) + +See the [TESTS.md](TESTS.md) file for an overview of all tests and links to further information +about the issues. + +install +======= + +snallygaster is available [via pypi](https://pypi.python.org/pypi/snallygaster): + +``` +pip3 install snallygaster +``` + +It's a simple python 3 script, so you can just download the file "snallygaster" +and execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. In +Debian- or Ubuntu-based distributions you can install them via: + +``` +apt install python3-dnspython python3-urllib3 python3-bs4 +``` + +distribution packages +===================== + +Some Linux and BSD systems have snallygaster packaged: + +* [Gentoo](https://packages.gentoo.org/packages/net-analyzer/snallygaster) +* [NetBSD](https://pkgsrc.se/security/snallygaster) +* [Arch Linux (git version)](https://aur.archlinux.org/packages/snallygaster-git/) + +faq +=== + +Q: I want to contribute / send a patch / a pull request! + +A: That's great, but please read the [CONTRIBUTIONS.md](CONTRIBUTIONS.md) file. + +Q: What's that name? + +A: [Snallygaster](https://en.wikipedia.org/wiki/Snallygaster) is the name of a dragon that +according to some legends was seen in Maryland and other parts of the US. There's no particular +backstory why this tool got named this way, other than that I was looking for a fun and +interesting name. + +I thought a name of some mythical creature would be nice, but most of those had the problem +that I would have had name collisions with other software. Checking the list of dragons on +Wikipedia I learned about the Snallygaster. The name sounded funny, the idea that there are +dragon legends in the US interesting and I found no other piece of software with that name. + +credit and thanks +================= + +* Thanks to Tim Philipp Sch??fers and Sebastian Neef from the + [Internetwache](https://www.internetwache.org/) for plenty of ideas about things to look + for. +* Thanks to [Craig Young](https://secur3.us/) for many discussions during the + development of this script. +* Thanks to [Sebastian Pipping](https://blog.hartwork.org/) for some help with Python + programming during the development. +* Thanks to [Benjamin Balder Bach](https://overtag.dk/) for teaching me lots of + things about Python packaging. +* Thanks to the organizers of Bornhack, Driving IT, SEC-T and the Rights and Freedom track at + 34C3 for letting me present this work. + +author +====== + +snallygaster is developed and maintained by [Hanno B??ck](https://hboeck.de/). + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/snallygaster.egg-info/SOURCES.txt new/snallygaster-0.0.10/snallygaster.egg-info/SOURCES.txt --- old/snallygaster-0.0.9/snallygaster.egg-info/SOURCES.txt 2020-10-01 14:03:36.000000000 +0200 +++ new/snallygaster-0.0.10/snallygaster.egg-info/SOURCES.txt 2021-06-17 11:43:27.000000000 +0200 @@ -1,5 +1,4 @@ .gitignore -.travis.yml CONTRIBUTIONS.md DEVELOPMENT.md Dockerfile @@ -10,6 +9,7 @@ requirements.txt setup.py snallygaster +.github/workflows/runtests.yml snallygaster.egg-info/PKG-INFO snallygaster.egg-info/SOURCES.txt snallygaster.egg-info/dependency_links.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/tests/test_codingstyle.py new/snallygaster-0.0.10/tests/test_codingstyle.py --- old/snallygaster-0.0.9/tests/test_codingstyle.py 2020-09-11 20:42:56.000000000 +0200 +++ new/snallygaster-0.0.10/tests/test_codingstyle.py 2021-06-17 11:19:22.000000000 +0200 @@ -10,7 +10,9 @@ subprocess.run(["pycodestyle", "--ignore=W503", "--max-line-length=100"] + pyfiles, check=True) subprocess.run(["pyflakes"] + pyfiles, check=True) - subprocess.run(["pylint", "--disable=missing-docstring,invalid-name,bad-continuation"] + subprocess.run(["pylint", "--disable=missing-docstring,invalid-name," + "bad-continuation,consider-using-with," + "too-many-lines"] + pyfiles, check=True) subprocess.run(["flake8", "--select=DUO"] + pyfiles, check=True) subprocess.run(["pyupgrade", "--keep-percent-format", "--py38-plus"] + pyfiles, check=True) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/snallygaster-0.0.9/tests/test_scan_testdata.py new/snallygaster-0.0.10/tests/test_scan_testdata.py --- old/snallygaster-0.0.9/tests/test_scan_testdata.py 2020-09-11 20:42:56.000000000 +0200 +++ new/snallygaster-0.0.10/tests/test_scan_testdata.py 2021-06-17 11:19:22.000000000 +0200 @@ -35,7 +35,9 @@ olddir = os.getcwd() os.chdir(tmp + "/testdata") httpd = http.server.HTTPServer(('localhost', 4443), http.server.SimpleHTTPRequestHandler) - httpd.socket = ssl.wrap_socket(httpd.socket, certfile=tmp + '/testdata/testserver.pem') + context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + context.load_cert_chain(certfile=tmp + '/testdata/testserver.pem') + httpd.socket = context.wrap_socket(httpd.socket, server_side=True) t = threading.Thread(target=httpd.serve_forever) t.daemon = True t.start()
