Last active
December 5, 2024 10:43
-
-
Save gregneagle/7fbee0ae5c35fafe12b7 to your computer and use it in GitHub Desktop.
A Python version of rtrouton's script that can handle an arbitrary number of URLs to be whitelisted
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| '''Ensures urls are in the Oracle Java exception.sites list''' | |
| # See https://derflounder.wordpress.com/2014/01/16/managing-oracles-java-exception-site-list/ | |
| import os | |
| import sys | |
| urls = [ | |
| 'http://server1.some.com', | |
| 'http://server2.another.com', | |
| 'http://server3.stillanother.com' | |
| ] | |
| java_whitelist_file = os.path.expanduser( | |
| '~/Library/Application Support/Oracle/Java/Deployment/security/' | |
| 'exception.sites') | |
| try: | |
| fileobject = open(java_whitelist_file) | |
| whitelist = fileobject.read().splitlines() | |
| fileobject.close() | |
| except (OSError, IOError): | |
| whitelist = [] | |
| whitelist_changed = False | |
| for url in urls: | |
| if url not in whitelist: | |
| whitelist.append(url) | |
| whitelist_changed = True | |
| if whitelist_changed: | |
| try: | |
| fileobject = open(java_whitelist_file, mode='w') | |
| fileobject.write('\n'.join(whitelist)) | |
| fileobject.close() | |
| except (OSError, IOError): | |
| print >> sys.stderr('Could not write %s' % java_whitelist_file) | |
| sys.exit(-1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| '''Configure Safari's Java plugin policies to allow access without security prompts''' | |
| import subprocess | |
| import sys | |
| import CoreFoundation | |
| from Foundation import NSDate | |
| from Foundation import NSMutableArray, NSMutableDictionary | |
| managed_policies = { | |
| 'com.oracle.java.JavaAppletPlugin': { | |
| 'PlugInHostnamePolicies': [ | |
| {'PlugInHostname': 'server1.some.com', | |
| 'PlugInRunUnsandboxed': True, | |
| 'PlugInPolicy': 'PlugInPolicyAllowNoSecurityRestrictions', | |
| 'PlugInLastVisitedDate': NSDate.date() | |
| }, | |
| {'PlugInHostname': 'server2.another.com', | |
| 'PlugInRunUnsandboxed': True, | |
| 'PlugInPolicy': 'PlugInPolicyAllowNoSecurityRestrictions', | |
| 'PlugInLastVisitedDate': NSDate.date() | |
| }, | |
| {'PlugInHostname': 'server3.stillanother.com', | |
| 'PlugInRunUnsandboxed': True, | |
| 'PlugInPolicy': 'PlugInPolicyAllowNoSecurityRestrictions', | |
| 'PlugInLastVisitedDate': NSDate.date() | |
| }, | |
| #{'PlugInHostname': 'www.java.com', | |
| # 'PlugInRunUnsandboxed': True, | |
| # 'PlugInPolicy': 'PlugInPolicyAllowNoSecurityRestrictions', | |
| # 'PlugInLastVisitedDate': NSDate.date() | |
| #}, | |
| ], | |
| }, | |
| } | |
| # check to see if Safari is running | |
| proc = subprocess.Popen(['/usr/bin/killall', '-s', 'Safari'], | |
| bufsize=-1, | |
| stdout=subprocess.PIPE, | |
| stderr=subprocess.PIPE) | |
| (out, err) = proc.communicate() | |
| if proc.returncode == 0: | |
| # killall returns 0 if a matching process is found | |
| print >> sys.stderr, ( | |
| "Safari is currently running: cannot set managed policies.") | |
| exit(-1) | |
| # read the current ManagedPlugInPolicies | |
| policy = CoreFoundation.CFPreferencesCopyAppValue( | |
| 'ManagedPlugInPolicies', 'com.apple.Safari') | |
| if policy: | |
| # policy is an immutable dict, | |
| # so we have to make a mutable copy | |
| current_policy = NSMutableDictionary.alloc( | |
| ).initWithDictionary_copyItems_(policy, True) | |
| else: | |
| # create an empty dict | |
| current_policy = {} | |
| for key in managed_policies.keys(): | |
| if key in current_policy: | |
| # make a mutable copy of the dict | |
| current_dict = current_policy[key] | |
| current_policy[key] = ( | |
| NSMutableDictionary.alloc( | |
| ).initWithDictionary_copyItems_( | |
| current_dict, True)) | |
| else: | |
| # create an empty dict | |
| current_policy[key] = {} | |
| if 'PlugInHostnamePolicies' in current_policy[key]: | |
| current_array = current_policy[key]['PlugInHostnamePolicies'] | |
| else: | |
| # create an empty array | |
| current_array = [] | |
| managed_hostnames = [ | |
| item.get('PlugInHostname') | |
| for item in managed_policies[key]['PlugInHostnamePolicies'] | |
| ] | |
| new_array = [ | |
| item for item in current_array | |
| if item.get('PlugInHostname') not in managed_hostnames | |
| ] | |
| #print "retained_dicts: %s" % new_array | |
| new_array.extend(managed_policies[key]['PlugInHostnamePolicies']) | |
| #print 'new_dicts: %s' % new_array | |
| # update the PlugInHostnamePolicies array | |
| current_policy[key]['PlugInHostnamePolicies'] = new_array | |
| # save the changed preference | |
| CoreFoundation.CFPreferencesSetAppValue( | |
| 'ManagedPlugInPolicies', current_policy, 'com.apple.Safari') | |
| CoreFoundation.CFPreferencesAppSynchronize( | |
| 'com.apple.Safari') | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment