pyatls: urllib3 and requests support with cleanup

[HernanGatta]

Overview

This PR contains various improvements and features. Namely, this PR:

1. restructures the validators into a deeper hierarchy for classes to have shorter, cleaner names, and so as to create space for additional validators in the future. For example, atls.validators.AzAasAciValidtor becomes atls.validators.azure.aas.aci.AciValidator;
2. adds support for monkey-patching urllib3 such that, with the patch in place, all HTTPS requests automatically become HTTP/aTLS requests, enabling users of urllib3 to leverage aTLS (this is not required for our usage, I left this here because it was the first idea I had to make requests work with aTLS, but I had a better one afterward and figured I could leave the direct urllib3 support if someone wants to use it);
3. adds support for aTLS for the requests library via an adapter that captures URLs with the httpa:// scheme and routes them into HTTP/aTLS connections, enabling users of requests to transparently adopt aTLS.

Note: Commits are structured to be reviewed independently.

Requests Adapter

The primary addition of this PR is item no. 3.

Since the requests adapter ties cleanly into the library, consumers of it can seamlessly leverage the library's support for connection pooling. With connection pooling, it is no longer necessary to create a new aTLS connection for every request. Instead, a readily established connection can be recycled for subsequent requests. This in turn dramatically reduces request latency.

The HTTPAAdapter captures requests made against URLs with the httpa:// scheme and uses this package's HTTPAConnection class. This automatically upgrades any requests made with that scheme to HTTP/aTLS.

Sample Usage:

import requests
from atls.utils.requests import HTTPAAdapter
from atls.validators.azure.aas import AciValidator

validator = AciValidator()

session = requests.Session()
session.mount("httpa://", HTTPAAdapter([validator]))

response = session.request("GET", "httpa://my.aci.confidentialservice.net/index")

print(f"Status: {response.status_code}")
print(f"Response: {response.text}")

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	1		0	0.02s
✅ PYTHON	black	17		0	0.94s
✅ PYTHON	flake8	17		0	0.53s
✅ PYTHON	isort	17		0	0.27s
✅ YAML	yamllint	5		0	0.27s

See detailed report in MegaLinter reports

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/[email protected] (59 linters)
• oxsecurity/megalinter/flavors/[email protected] (82 linters)

MegaLinter is graciously provided by

[zizhong]

Would be great to add the httpa example here.

[HernanGatta]

Added.

[zizhong]

nit: possibly low priority but better to add this as pytest.

[HernanGatta]

I'd like to add unit tests that run automatically but we need an ACI-capable server instance. I do want to add tests for things that can be tested without a server-side component, though; that's on my to-do list.

[zizhong]

How to set timeout for the connection in this case?

[HernanGatta]

session.request(..., timeout=)

[octaviansima]

Nit: can we just do this once at the top of the file?

[HernanGatta]

Changed.

[octaviansima]

Does this class need to be defined twice?

[HernanGatta]

If you look closely, they're slightly different.

[octaviansima]

Why can't we use this definition for the inner class in the other spot? The only difference I can see is where validators is gotten from

[octaviansima]

Why can't we use this definition for the inner class in the other spot? The only difference I can see is where validators is gotten from

[octaviansima]

Nit

Suggested change

	Validators: List[Validator]
	validators: List[Validator]