HTTP proxy not properly set

[Ektoplasma]

The issue

There is an issue in vt_handler#L49 where proxy settings are not properly fetched from the server settings:

        if self.server_config.get('http_proxy'):
            proxies['https'] = self.server_config.get('HTTPS_PROXY')

        if self.server_config.get('https_proxy'):
            proxies['http'] = self.server_config.get('HTTP_PROXY')

HTTP_PROXY and HTTPS_PROXY do not exist in uppercase, only lowercase, plus there is a confusion between http and https proxy.

Moreover, there is no possibility to disable the SSL cert verification, which is problematic for some proxy setups.

Solution

should be:

        if self.server_config.get('https_proxy'):
            proxies['https'] = self.server_config.get('https_proxy')

        if self.server_config.get('http_proxy'):
            proxies['http'] = self.server_config.get('http_proxy')

and for the other issue, add a ssl_verify setting server-wide (irisweb side), fetch it from vt_handler. Then, virus-total-apis doesn't use any ssl_verify argument unfortunately, so we should issue to them or do some patch on requests package...

[shoebilldev]

@Ektoplasma you self-assigned this issue, just checking you didn't want to contribute to the project yourself? if not I can create a pull request with your solution to the proxy setting.

Also a suggestion for avoiding having to set ssl_verify setting, consider just adding the cert for your local instance of virus total to your trusted ca folder inside the iris docker container - this is what we've done (but your idea to be able to pass through the flag would be superior).