英文:
os.environ['SSL_CERT_FILE'] stores a path to a non-existing file in visual studio code while debugging
问题
这个问题直接关联到我的上一个问题,但涉及到一个不同的主题,所以我开了一个新的。
如前所述,我遇到了一个与缺少SSL证书有关的错误。只有在使用调试器运行脚本时,才会出现异常,而在终端、PyCharm或在VSCode中运行而没有调试器时则没有该错误。
在调试了一段时间后,我发现问题的原因是环境变量 os.environ['SSL_CERT_FILE']
,在这种情况下导致了一个不存在的路径 C:\\Users\\MYUSER~1\\AppData\\Local\\Temp\\_MEI97082\\certifi\\cacert.pem
。
- 在没有调试器或在PyCharm中启动脚本时,此变量未设置(调试导入的minio包显示,如果变量为空,则使用
certifi.where()
的结果)。 - 打开调试器时,在执行我的脚本的任何代码之前,它就被设置了(导入os并在第一行打印所有环境变量)。
- 如果我手动使用
del os.environ['SSL_CERT_FILE']
删除该变量,脚本的其余部分正常工作,但在下一次运行时该变量又会被设置。 - 我使用的是Python 3.11、MiniConda和Windows 10,Visual Studio Code已更新到最新版本1.77.0。
- 在
launch.json
中使用"env": {"SSL_CERT_FILE": "foo"}
设置环境变量将按预期覆盖变量,但是一旦删除这行,错误的值就会再次出现。 - 值中的部分“
..\\_MEI247522\\...
”每次运行都会改变。 - 创建一个全新的文件夹/项目问题仍然存在。
- 我还测试了另一个Python环境(Python 3.9.7),问题仍然相同。
- 根据用户@Horsing的建议:我还从脚本中删除了所有代码,除了
import os
。一旦导入os
并检查os.environ
,环境变量就已经被设置。
我真的不知道在脚本在调试器中运行时,为什么以及在哪里设置这个变量,以及是什么触发了它。任何帮助都将不胜感激,因为手动删除它不是一个好的解决方案!
附加信息
这是在VS Code中的Python调试控制台输出(我的用户名已更改)。为此,我删除了launch.json
并使用 Python:File
启动了调试器。
完整的代码:
import os
print(os.environ.get('SSL_CERT_FILE'))
控制台输出:
(minio) PS C:\Users\myuser\Documents\source\Python\minio-project> c:; cd 'c:\Users\myuser\Documents\source\Python\minio-project'; & 'C:\Users\myuser\Miniconda3\envs\minio\python.exe' 'c:\Users\myuser\.vscode\extensions\ms-python.python-2023.6.0\pythonFiles\lib\python\debugpy\adapter/../..\debugpy\launcher' '60007' '--' 'C:\Users\myuser\Documents\source\Python\minio-project\main.py'
C:\Users\MYUSER~1\AppData\Local\Temp\_MEI223042\certifi\cacert.pem
再次强调,打印出的路径在我的计算机上是不存在的。
英文:
This question is directly connected to my last question, however tackles a different topic so I am opening a new one.
As mentioned there I am getting an error relating to a missing SSL cert. The error does not appear when the script is started from Terminal, using PyCharm or running from VSCode, but without the debugger. Only when the script is run with the debugger, the exception is thrown.
After debugging a while I have found that the reason for the problem is the environment variable os.environ['SSL_CERT_FILE']
which in this case leads to a non-existing C:\\Users\\MYUSER~1\\AppData\\Local\\Temp\\_MEI97082\\certifi\\cacert.pem
- Starting the script without the debugger or in PyCharm, this variable is not set (debugging the imported minio package showed me that the result of
certifi.where()
is used if the variable is empty. - With the debugger on, it is set before any of my script is executed (import os and print out all environment variables in the first line)
- If I manually delete the variable with
del os.environ['SSL_CERT_FILE']
the rest of the script works fine, but the variable is again set in the next run - I am using python 3.11, MiniConda and Windows 10, Visual Studio Code is updated to the last version 1.77.0
- Setting the environment variable in
launch.json
with"env": {"SSL_CERT_FILE": "foo"}
will override the varible as expected, however as soon as I remove this line the wrong value appears again. - The part "
..\\_MEI247522\\...
" in the value will change from run to run - Creating a completely new folder/project the problem still exists
- I also tested with another python environment (Python 3.9.7) and the problem still is the same.
- From user @Horsing's suggestion: I have also removed all the code from my script, except for
import os
. As soon asos
is imported and I can inspectos.environ
, the environment variable is already set.
I honestly have no idea, where and why this variable is set when the script is run in the debugger and what triggers it. Any help would be much appreciated, since manually deleting it is not really a good solution!
Addition
Here is the Python Debug Console output in VS Code (with my username changed). For this I have removed the launch.json and started the debugger with Python:File
complete code:
import os
print(os.environ.get('SSL_CERT_FILE'))
console output:
(minio) PS C:\Users\myuser\Documents\source\Python\minio-project> c:; cd 'c:\Users\myuser\Documents\source\Python\minio-project'; & 'C:\Users\myuser\Miniconda3\envs\minio\python.exe' 'c:\Users\myuser\.vscode\extensions\ms-python.python-2023.6.0\pythonFiles\lib\python\debugpy\adapter/../..\debugpy\launcher' '60007' '--' 'C:\Users\myuser\Documents\source\Python\minio-project\main.py'
C:\Users\MYUSER~1\AppData\Local\Temp\_MEI223042\certifi\cacert.pem
Again, the printed path does not exist on my computer
答案1
得分: 0
我还没找到问题出现的原因,但在完全清理并重新安装后(这样做后我陷入了这个问题 :-/ ),问题解决了,环境变量也不再设置。
我会将此问题发布为 conda 存储库上的一个错误,因为这似乎是他们的问题,至少就我所知。
英文:
I have not found the reason this problem appeared, but after a complete clean re-intall (which neatly got me into this issue :-/ ) the problem is gone and the environment variable is not set anymore.
I will post this issue as a bug on the conda repo since it seems to be an their issue, at least as far as I can tell.
答案2
得分: 0
SSL_CERT_FILE 变量中设置的路径可疑地类似于运行 Windows 上由 PyInstaller 打包的 Python 应用程序时会获得的路径。
由于每次运行时 _MEI 目录名称都在更改,因此在可以一致地 不 看到 SSL_CERT_FILE 设置的最后位置与您的 Python 测试程序之间的代码部分必须在解包 PyInstaller 包,运行一些代码,然后继续执行修改环境后的 Python 解释器。
这种行为可能是由于恶意软件插入了代码路径中的某个位置,当您在 minio conda 环境内执行 python.exe 时。这可能是由调试器加载的库,或者由于某种原因只有调试路径激活了特定的恶意软件。也许恶意软件正在寻找 Web 浏览器行为,而 debugpy 满足这些要求(它确实打开了网络套接字)。
为什么恶意软件会修改 SSL_CERT_PATH?可能是为了执行针对 SSL/HTTPS 流量的中间人攻击,窃取密码、银行凭据、会话密钥等。为什么文件实际上不存在?也许恶意软件崩溃了,也许它在附加到实际上不是 Web 浏览器的进程时失败,或者它针对的特定软件并不在运行。
英文:
The path set in the SSL_CERT_FILE variable is suspiciously similar to what you would get when running a python application packaged by PyInstaller for windows.
Since the _MEI directory name is changing with each run, part of the code between the last place you can consistently not see SSL_CERT_FILE set and your python test program must be unpacking a PyInstaller package, running some code, then continuing on with executing the python interpreter with the modified environment.
This behavior could be due to malware that has inserted itself somewhere in the code path when you execute python.exe inside the minio conda environment. This could be in a library loaded by the debugger, or for some reason only the debugging path activates that particular malware. Maybe the malware is looking for web browser behavior and the debugpy satisfies those requirements (it does open a network socket).
Why would the malware modify SSL_CERT_PATH? Probably to perform a man-in-the-middle attack against ssl/https traffic, stealing passwords, banking credentials, session keys, etc. Why is the file not actually present? Maybe the malware crashed, maybe it failed when attaching to a process that isn't actually a web browser, or the specific software it's targeting.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论