Merge pull request #2415 from bunkerity/dev

Author: TheophileDiot

.github/workflows/container-build.yml

@@ -139,7 +139,7 @@ jobs:
           command: cves,recommendations
           image: local/${{ inputs.IMAGE }}
           only-fixed: true
-          only-package-types: apk,pypi
+          only-package-types: apk
           exit-code: true
       # Push image
       - name: Push image

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 - [BUGFIX] Ensure template defaults settings are correctly retrieved by jobs and templates.
 - [BUGFIX] No longer completely delete all PRO plugins data upon PRO deactivation, allowing for easier reactivation without losing data.
+- [BUGFIX] Enhance cache robustness by using dict.get() for lookups to avoid KeyError exceptions during cache operations.
 - [SECURITY] Make sure the files/dirs in /usr/share/bunkerweb have the appropriate permissions to prevent unauthorized access to sensitive files on Linux integration
 
 ## v1.6.2-rc5 - 2025/06/17

docs/advanced.md

@@ -215,12 +215,16 @@ def check_line(kind: str, line: bytes) -> Tuple[bool, bytes]:
                     if url in failed_urls:
                         if url_file not in urls:
                             aggregated_recap[kind]["failed_count"] += 1
-                    elif isinstance(cached_url, dict) and cached_url["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp():
+                    elif (
+                        isinstance(cached_url, dict)
+                        and cached_url.get("last_update")
+                        and cached_url["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp()
+                    ):
                         LOGGER.debug(f"URL {url} has already been downloaded less than 1 hour ago, skipping download...")
                         if url_file not in urls:
                             aggregated_recap[kind]["skipped_urls"] += 1
                         # Remove first line (URL) and add to content
-                        content += b"\n".join(cached_url["data"].split(b"\n")[1:]) + b"\n"
+                        content += b"\n".join(cached_url.get("data", b"").split(b"\n")[1:]) + b"\n"
                     else:
                         failed = False
                         LOGGER.info(f"Downloading blacklist data from {url} ...")

src/common/core/blacklist/jobs/blacklist-download.py

@@ -157,12 +157,16 @@ def check_line(kind: str, line: bytes) -> Tuple[bool, bytes]:
                     if url in failed_urls:
                         if url_file not in urls:
                             aggregated_recap[kind]["failed_count"] += 1
-                    elif isinstance(cached_url, dict) and cached_url["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp():
+                    elif (
+                        isinstance(cached_url, dict)
+                        and cached_url.get("last_update")
+                        and cached_url["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp()
+                    ):
                         LOGGER.debug(f"URL {url} has already been downloaded less than 1 hour ago, skipping download...")
                         if url_file not in urls:
                             aggregated_recap[kind]["skipped_urls"] += 1
                         # Remove first line (URL) and add to content
-                        content += b"\n".join(cached_url["data"].split(b"\n")[1:]) + b"\n"
+                        content += b"\n".join(cached_url.get("data", b"").split(b"\n")[1:]) + b"\n"
                     else:
                         failed = False
                         LOGGER.info(f"Downloading greylist data from {url} ...")

src/common/core/greylist/jobs/greylist-download.py

@@ -75,8 +75,8 @@ def request_mmdb() -> Optional[Response]:
                 response = request_mmdb()
 
             if response and response.status_code == 200:
-                skip_dl = response.content.find(bytes_hash(job_cache["data"], algorithm="sha1").encode()) != -1
-            elif job_cache["last_update"] < (datetime.now().astimezone() - timedelta(weeks=1)).timestamp():
+                skip_dl = response.content.find(bytes_hash(job_cache.get("data", b"%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"), algorithm="sha1").encode()) != -1
+            elif job_cache.get("last_update") and job_cache["last_update"] < (datetime.now().astimezone() - timedelta(weeks=1)).timestamp():
                 LOGGER.warning("Unable to check if the cache file is the latest version from db-ip.com and file is older than 1 week, checking anyway...")
                 skip_dl = False
 
@@ -118,7 +118,7 @@ def request_mmdb() -> Optional[Response]:
             if job_cache:
                 # Check if file has changed
                 new_hash = file_hash(tmp_path)
-                if new_hash == job_cache["checksum"]:
+                if new_hash == job_cache.get("checksum"):
                     LOGGER.info("New file is identical to cache file, reload is not needed")
                     sys_exit(0)
         except BaseException as e:

src/common/core/jobs/jobs/mmdb-asn.py

@@ -75,8 +75,8 @@ def request_mmdb() -> Optional[Response]:
                 response = request_mmdb()
 
             if response and response.status_code == 200:
-                skip_dl = response.content.find(bytes_hash(job_cache["data"], algorithm="sha1").encode()) != -1
-            elif job_cache["last_update"] < (datetime.now().astimezone() - timedelta(weeks=1)).timestamp():
+                skip_dl = response.content.find(bytes_hash(job_cache.get("data", b"%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"), algorithm="sha1").encode()) != -1
+            elif job_cache.get("last_update") and job_cache["last_update"] < (datetime.now().astimezone() - timedelta(weeks=1)).timestamp():
                 LOGGER.warning("Unable to check if the cache file is the latest version from db-ip.com and file is older than 1 week, checking anyway...")
                 skip_dl = False
 
@@ -118,7 +118,7 @@ def request_mmdb() -> Optional[Response]:
             if job_cache:
                 # Check if file has changed
                 new_hash = file_hash(tmp_path)
-                if new_hash == job_cache["checksum"]:
+                if new_hash == job_cache.get("checksum"):
                     LOGGER.info("New file is identical to cache file, reload is not needed")
                     sys_exit(0)
         except BaseException as e:

src/common/core/jobs/jobs/mmdb-country.py

@@ -70,7 +70,11 @@
 
 def load_public_suffix_list(job):
     job_cache = job.get_cache(PSL_STATIC_FILE, with_info=True, with_data=True)
-    if isinstance(job_cache, dict) and job_cache["last_update"] < (datetime.now().astimezone() - timedelta(days=1)).timestamp():
+    if (
+        isinstance(job_cache, dict)
+        and job_cache.get("last_update")
+        and job_cache["last_update"] < (datetime.now().astimezone() - timedelta(days=1)).timestamp()
+    ):
         return job_cache["data"].decode("utf-8").splitlines()
 
     try:

src/common/core/letsencrypt/jobs/certbot-new.py

@@ -178,11 +178,11 @@ def get_download_url(repo_url, version=None) -> Tuple[bool, str]:
         plugin_registry = JOB.get_cache("plugin_registry.json", with_info=True, with_data=True)
 
         if isinstance(plugin_registry, dict):
-            up_to_date = plugin_registry["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp()
+            up_to_date = plugin_registry.get("last_update") and plugin_registry["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp()
 
             if up_to_date:
                 try:
-                    plugin_registry = loads(plugin_registry["data"])
+                    plugin_registry = loads(plugin_registry.get("data"))
                 except BaseException as e:
                     LOGGER.debug(format_exc())
                     LOGGER.error(f"Failed to load the plugin registry data from cache: \n{e}")

src/common/core/modsecurity/jobs/download-crs-plugins.py

@@ -122,12 +122,16 @@ def check_line(line):
                 if url in failed_urls:
                     if url_file not in urls:
                         aggregated_recap["failed_count"] += 1
-                elif isinstance(cached_url, dict) and cached_url["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp():
+                elif (
+                    isinstance(cached_url, dict)
+                    and cached_url.get("last_update")
+                    and cached_url["last_update"] > (datetime.now().astimezone() - timedelta(hours=1)).timestamp()
+                ):
                     LOGGER.debug(f"URL {url} has already been downloaded less than 1 hour ago, skipping download...")
                     if url_file not in urls:
                         aggregated_recap["skipped_urls"] += 1
                     # Remove first line (URL) and add to content
-                    content += b"\n".join(cached_url["data"].split(b"\n")[1:]) + b"\n"
+                    content += b"\n".join(cached_url.get("data", b"").split(b"\n")[1:]) + b"\n"
                 else:
                     LOGGER.info(f"Downloading Real IP data from {url} ...")
                     failed = False