Closed cociweb closed 2 months ago
Hey there @thastealth, mind taking a look at this issue as it has been labeled with an integration (epsonworkforce
) you are listed as a code owner for? Thanks!
(message by CodeOwnersMention)
epsonworkforce documentation epsonworkforce source (message by IssueLinks)
It looks like the python library this integration is based on is no longer available on GitHub which will make it more difficult to fix. The integration itself is pretty thin with most of the work being done in the Python library EpsonPrinterAPI. The owner hasn't responded to issues in a long time on this integration and they also had the Python package.
The changes to fix this issue would need to happen in that library or change the integration to do something different. The source for the library is available on PyPi and it is MIT licensed.
seems urllib is following the redirect from http to https, but choking on ssl certificate validation.
the below should help towards a fix. not sure how to proceed but maybe it will help someone. perhaps the api can be included in the integration since its only 50 odd lines.
changed lines: 1, 9-12 and 49
epsonprinterapi.py
import ssl
import urllib.request
from bs4 import BeautifulSoup
class EpsonPrinterAPI(object):
def __init__(self, ip, verify_ssl=True):
"""Initialize the link to the printer status page."""
self._resource = "http://" + ip + "/PRESENTATION/HTML/TOP/PRTINFO.HTML"
self.ctx = ssl.create_default_context()
if not verify_ssl:
self.ctx.check_hostname = False
self.ctx.verify_mode = ssl.CERT_NONE
self.available = True
self.soup = None
self.update()
def getSensorValue(self, sensor):
"""To make it the user easier to configure the cartridge type."""
if sensor == "black":
sensorCorrected = "BK"
elif sensor == "photoblack":
sensorCorrected = "PB"
elif sensor == "magenta":
sensorCorrected = "M"
elif sensor == "cyan":
sensorCorrected = "C"
elif sensor == "yellow":
sensorCorrected = "Y"
elif sensor == "clean":
sensorCorrected = "Waste"
else:
return 0;
try:
for li in self.soup.find_all("li", class_="tank"):
if sensorCorrected == "Waste":
div = li.find("div", class_="mbicn")
else:
div = li.find("div", class_="clrname")
if div != None and (div.contents[0] == sensorCorrected or sensorCorrected == "Waste"):
return int(li.find("div", class_="tank").findChild()["height"]) * 2
except Exception as e:
return 0
def update(self):
try:
"""Just fetch the HTML page."""
response = urllib.request.urlopen(self._resource, context=self.ctx)
data = response.read()
response.close()
self.soup = BeautifulSoup(data, "html.parser")
self.available = True
except Exception as e:
self.available = False
change to from homeassistant.const import CONF_HOST, CONF_MONITORED_CONDITIONS, CONF_VERIFY_SSL, PERCENTAGE
add below vol.Optional(CONF_VERIFY_SSL, default=True): cv.boolean,
add below verify_ssl = config.get(CONF_VERIFY_SSL)
change to api = EpsonPrinterAPI(host, verify_ssl)
thanks
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.
Dear Bot, coud you please keep it open for any wayfarer? - thanks!
Same issue with Epson ET-4850, even if the page http://
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.
bump
I (creator) don’t own this printer anymore and am no longer able to support this package. Feel free to fork it
I (creator) don’t own this printer anymore and am no longer able to support this package. Feel free to fork it
@ThaStealth You should open a PR, where you remove yourself as code owner, so the bot will not ping you anymore
So @edenhaus, you mean ADR is superor than closing security hole (with keeping backward compatibility?). Alternativelly, there was a possibility to ommit the parameter. ..Wrong direction in my opinion. To minimalise my efforts (from my freetime), I will leave this integration away and I'll move my work to custom hacs for myself and keep the security hole as it is.... Grat!
I'm also interested in this fix as I put a cert signed by (my own) CA to allow HTTPS. @cociweb will you put this in your custom hacs?
So your self signed CA is uploaded onto your Printer? In this case you need to upload your ssl pair to your HA to get a VALIDATED secured line. Otherwise it will be just an 'encrypted' line. You won't have enough trust that the encrypted line is truly your encrypted line. But of course, with my forked, custom hacs (and with proper parameters) you can get the validated and the untrusted (but secured) and ofc. the legacy plain http version too.
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.
Issue can be closed as the integration has been removed as it didn't meet our guidelines.
The problem
The problem is exactly the same as it was in #24035 years ago. Nowadays, the HTTP is highly not recommend insted of forcing the HTTPS. As the most of the devices support (and recommended) to use HTTPS even on LAN as well. So the provided workarounds in #24035 are not satisfactory and cannot be accepted as a solution to request insecure HTTP communication by device. If the SSL validation is not feasible for various reasons (unknown/various CA provider, various ssl versions, etc), as an interim/partial solution could be to ommit the ssl validation, but ssl (HTTPS) should be definitelly supported.
What version of Home Assistant Core has the issue?
N/A
What was the last working version of Home Assistant Core?
N/A
What type of installation are you running?
Home Assistant OS
Integration causing the issue
epsonworkforce
Link to integration documentation on our website
https://www.home-assistant.io/integrations/epsonworkforce
Diagnostics information
No response
Example YAML snippet
Anything in the logs that might be useful for us?
Additional information
No response