satusd.py: add validity check and else trees

read_config() now only add values, if the key is valid. otherwise ist passes. if read_loglevel() returns false, loglevel ist set to warning. typos fixed.
2019-09-17 19:07:07 +02:00 · 2019-09-17 19:07:07 +02:00 · b053403836
commit b053403836
parent 22cbb6f6e0
1 changed files with 14 additions and 4 deletions
--- a/statusd.py
+++ b/statusd.py
@ -4,7 +4,7 @@
 # date: 26.07.2019
 # email: berhsi@web.de

-# server, who listen for ipv4 connections at port 10001. now with ssl
+# server, which listens for ipv4 connections at port 10001. now with ssl
 # encrypted connection and client side authentication.

 import socket
@ -32,8 +32,10 @@ def read_config(CONFIGFILE, CONFIG):
                if not line[0] in ('#', ';', '\n', '\r'):
                    key, value = (line.strip().split('='))
                    key = strip_argument(key).upper()
-                    value = strip_argument(value)
-                    CONFIG[key] = value
+                    if key in CONFIG.keys():
+                        value = strip_argument(value)
+                        CONFIG[key] = value
+                    else: pass
    else:
        logging.error('Failed to read {}'.format(CONFIGFILE))
        logging.error('Using default values')
@ -250,9 +252,16 @@ def main():
    if loglevel != False:
        logger = logging.getLogger()
        logger.setLevel(loglevel)
+    else:
+        loglevel = logging.WARNING
+        logger = logging.getLogger()
+        logger.setLevel(loglevel)
+        loggin.warning('Invalid value for loglevel. Set default value')

    print_config(CONFIG)

+    # todo: zertifikate sollten nur lesbar sein!
+
    if certs_readable(CONFIG) == False:
        logging.error('Cert check failed\nExit')
        exit()
@ -264,6 +273,7 @@ def main():
    context.load_verify_locations(cafile = CONFIG['CLIENT_CERT'])
    context.set_ciphers('EECDH+AESGCM')   # only ciphers for tls 1.2 and 1.3
    context.options = ssl.OP_CIPHER_SERVER_PREFERENCE
+    # ssl + kompression = schlecht
    context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0)
    logging.debug('SSL context created')
    # print_ciphers(context.get_ciphers())
@ -312,7 +322,7 @@ def main():
                        logging.info('Failed to change status')
                        if conn:
                            conn.send(b'\x03')
-                # recive_handle returns false:
+                # receive_handle returns false:
                else:
                    logging.info('Invalid argument recived: {}'.format(raw_data))
                    logging.debug('Send {} back'.format(b'\x03'))