search

PaperMtn / gitlab-watchman

Finding exposed secrets and personal data in GitLab
GNU General Public License v3.0
195 stars 27 forks source link

Disable SSL Veriry #5

Open itsecforu opened 3 years ago

itsecforu commented 3 years ago

Hey!

I got the error Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED on every step

How can i disable it to check without SSL?

itsecforu commented 3 years ago

no ideas ? :-(

PaperMtn commented 3 years ago

Hi. Do you have a valid SSL certificate on your GitLab instance?

I imagine this is caused as the requests library sets SSL verify as true by default, and it’s configured in GitLab Watchman to verify SSL as well.

It’s debatable the merits of turning this off, and I ’m reluctant to change it to not check by default as really most environments should be using a valid SSL certificate for GitLab instances.

If you’re building from source, you could change it yourself by modifying line 29 in gitlab-watchman/gitlab_watchman/gitlab_wrapper.py to verify_ssl=False

Let me know how it goes.

itsecforu commented 3 years ago

Hey! Thx u for feedback! Cert valid to 4757 year :-D I use self-signed certificate. I tried to add rootca.cert to /etc/pki/ca-certs/source/anchors/ , but it still doesnt work. with verify_ssl=False i got this output:

gitlab-watchman --timeframe a --all
No logging option selected, defaulting to Stdout
{"localtime": "2021-02-11 16:15:23,648", "level": "INFO", "source": "GitLab Watchman", "message": "GitLab Watchman started execution"}
{"localtime": "2021-02-11 16:15:23,649", "level": "INFO", "source": "GitLab Watchman", "message": "Version: 1.4.0"}
{"localtime": "2021-02-11 16:15:23,649", "level": "INFO", "source": "GitLab Watchman", "message": "Importing rules..."}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "31 rules loaded"}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "Getting everything..."}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "Searching for Passwords in blobs"}
HTTPSConnectionPool(host='gitlab.my.local', port=443): Max retries exceeded with url: /api/v4/search?scope=blobs&search=%22password%3A%22+-%28svg%7Cpng%7Cjpeg%7Cjpg%29&per_page=100&page= (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
{"localtime": "2021-02-11 16:23:30,186", "level": "CRITICAL", "source": "GitLab Watchman", "message": "'NoneType' object has no attribute 'headers'"}
{"localtime": "2021-02-11 16:23:30,186", "level": "INFO", "source": "GitLab Watchman", "message": "Searching for Passwords in commits"}
itsecforu commented 3 years ago

any ideas?