Skip to content

Fix: Propagate --insecure parameter #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 3, 2021
Merged

Fix: Propagate --insecure parameter #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4111e32
fix: propagate ignoreUnknownCA setting from Snyk Code
Apr 30, 2021
0290866
test: fix tests after reachability update
Apr 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions src/axios.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,21 @@ import http from 'http';
import https from 'https';
import emitter from './emitter';

// Snyk CLI allow passing --insecure flag which allows self-signed certificates
// It updates global namespace property ignoreUnknownCA and we can use it in order
// to pass rejectUnauthorized option to https agent
export declare interface Global extends NodeJS.Global {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: maybe I am lacking some understanding but why do you have to extend the global object? Is this because typescript does not define the property that is already there?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Global is an Interface with defined properties and TypeScript interfaces are closed for additions. So we need to create our own interface.

ignoreUnknownCA: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Required: Does CA stand for certification Authorities? Could we add a comment explaining that?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CA should be widely known abbrev, so I don't wanna to add a comment just because of that. However, I can elaborate on a comment explaining, how it can be turned on.

}
declare const global: Global;

const agentOptions = {
keepAlive: true,
maxSockets: 100, // Maximum number of sockets to allow per host. Defaults to Infinity.
maxFreeSockets: 10,
freeSocketTimeout: 60000, // // Maximum number of sockets to leave open for 60 seconds in a free state. Only relevant if keepAlive is set to true. Defaults to 256.
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Arvi3d I am fairly sure this settings does nothing here 😇 It is not supported at https://nodejs.org/docs/latest-v12.x/api/http.html#http_new_agent_options and it looks like it is used only, when https://www.npmjs.com/package/agentkeepalive is around. I'd vote for removing it and typing agentOptions properly.

socketActiveTTL: 1000 * 60 * 10,
rejectUnauthorized: !global.ignoreUnknownCA,
};

const axios_ = axios.create({
Expand Down
12 changes: 7 additions & 5 deletions tests/api.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ describe('Requests to public API', () => {
if (response.type === 'error') return;
expect(new Set(response.value.configFiles)).toEqual(new Set(['.dcignore', '.gitignore']));
expect(new Set(response.value.extensions)).toEqual(
new Set(['.es', '.es6', '.htm', '.html', '.js', '.jsx', '.py', '.ts', '.tsx', '.vue', '.java']),
new Set(['.es', '.es6', '.htm', '.html', '.js', '.jsx', '.py', '.ts', '.tsx', '.vue', '.java', '.java-dummy']),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: Why do we now return .java-dummy in this list?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ask t-42 ¯_(ツ)_/¯ Looks like something reachability related.

);
});

Expand Down Expand Up @@ -404,8 +404,9 @@ describe('Requests to public API', () => {
} while (response.value.status !== AnalysisStatus.done);

expect(Object.keys(response.value.analysisResults.suggestions).length).toEqual(4);
expect(new Set(Object.keys(response.value.analysisResults.files)))
.toEqual(new Set(['/GitHubAccessTokenScrambler12.java', '/not/ignored/this_should_not_be_ignored.java']));
expect(new Set(Object.keys(response.value.analysisResults.files))).toEqual(
new Set(['/GitHubAccessTokenScrambler12.java', '/not/ignored/this_should_not_be_ignored.java']),
);

// Get analysis results without linters but with severity 3
do {
Expand All @@ -423,8 +424,9 @@ describe('Requests to public API', () => {
} while (response.value.status !== AnalysisStatus.done);

expect(Object.keys(response.value.analysisResults.suggestions).length).toEqual(2);
expect(new Set(Object.keys(response.value.analysisResults.files)))
.toEqual(new Set(['/GitHubAccessTokenScrambler12.java', '/not/ignored/this_should_not_be_ignored.java']));
expect(new Set(Object.keys(response.value.analysisResults.files))).toEqual(
new Set(['/GitHubAccessTokenScrambler12.java', '/not/ignored/this_should_not_be_ignored.java']),
);
},
TEST_TIMEOUT,
);
Expand Down
6 changes: 3 additions & 3 deletions tests/git.analysis.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ describe('Functional test of analysis', () => {
});

// Test DC JSON format first
expect(Object.keys(bundle.analysisResults.suggestions).length).toEqual(119);
expect(Object.keys(bundle.analysisResults.suggestions).length).toEqual(134);

const cweSuggestion = Object.values(bundle.analysisResults.suggestions).find(
s => s.id === 'java%2Fdc_interfile_project%2FPT',
Expand All @@ -105,8 +105,8 @@ describe('Functional test of analysis', () => {
expect(cweSuggestion?.title).toBeTruthy();
expect(cweSuggestion?.text).toBeTruthy();

expect(bundle.sarifResults?.runs[0].results?.length).toEqual(400);
expect(bundle.sarifResults?.runs[0].tool?.driver.rules?.length).toEqual(119);
expect(bundle.sarifResults?.runs[0].results?.length).toEqual(442);
expect(bundle.sarifResults?.runs[0].tool?.driver.rules?.length).toEqual(134);

const cweRule = bundle.sarifResults?.runs[0].tool?.driver.rules?.find(r => r.id === 'java/PT');
expect(cweRule?.properties?.cwe).toContain('CWE-23');
Expand Down