Merge pull request #88 from snyk/feat/allow_ignoring_unknown_ca

Feat/allow ignoring unknown ca
snyk · Apr 16, 2019 · 3fa649a · 3fa649a
2 parents 56b81e2 + 05f0355
commit 3fa649a
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 4 deletions.
diff --git a/lib/config.js b/lib/config.js
@@ -18,6 +18,7 @@ function initConfig(startingConfig) {
   config['snapshotIntervalMs'] = 60 * 60 * 1000;
   config['beaconUrl'] = 'https://homebase.snyk.io/api/v1/beacon';
   config['snapshotUrl'] = `https://homebase.snyk.io/api/v2/snapshot/${startingConfig.projectId}/node`;
+  config['allowUnknownCA'] = false;
 
   config['functionPaths'] = {
     repo: {
@@ -37,6 +38,7 @@ function initConfig(startingConfig) {
   const overrideables = [
     'snapshotUrl', 'snapshotIntervalMs', 'beaconIntervalMs',
     'enable', 'flushOnExit', 'projectId', 'functionPaths',
+    'allowUnknownCA',
   ];
   for (const key of overrideables) {
     if (key in startingConfig) {

diff --git a/lib/snapshot/reader.js b/lib/snapshot/reader.js
@@ -49,6 +49,7 @@ async function loadFromUpstream() {
     debug(`attempting to retrieve latest snapshot from ${url}`);
     const requestOptions = {
       json: true,
+      rejectUnauthorized: !config['allowUnknownCA'],
       headers: {'If-Modified-Since': lastModified.toUTCString()},
     };
     const response = await needle('get', url, requestOptions);

diff --git a/lib/transmitter.js b/lib/transmitter.js
@@ -24,7 +24,12 @@ function transmitEvents(url, projectId, agentId) {
     loadedSources: currentState.packages,
   };
 
-  postPromise = needle('post', url, body, {json: true})
+  const options = {
+    json: true,
+    rejectUnauthorized: !config['allowUnknownCA'],
+  };
+
+  postPromise = needle('post', url, body, options)
     .then((response) => {
       if (response && response.statusCode !== 200) {
         debug('Unexpected response for events transmission: ' +

diff --git a/test/snapshot.test.js b/test/snapshot.test.js
@@ -1,7 +1,9 @@
 const fs = require('fs');
 const test = require('tap').test;
+const nock = require('nock');
 const sinon = require('sinon');
 const path = require('path');
+const needle = require('needle');
 
 const config = require('../lib/config');
 const snapshotReader = require('../lib/snapshot/reader');
@@ -92,3 +94,32 @@ test('snapshot reader favours bundled snapshot when possible', async (t) => {
   existsStub.restore();
   t.end();
 });
+
+test('reader loading snapshot from upstream', async (t) => {
+  nock('https://homebase.snyk.io')
+    .get('/api/v2/snapshot/whatever/node')
+    .reply(200, []);
+  nock('https://homebase.snyk.io')
+    .get('/api/v2/snapshot/whatever/node')
+    .reply(200, []);
+
+  const needleSpy = sinon.spy(needle, 'request');
+
+  snapshotReader.loadFromUpstream();
+  t.equal(needleSpy.args[0][0], 'get', 'snapshots retrieved with get');
+  t.equal(needleSpy.args[0][1], 'https://homebase.snyk.io/api/v2/snapshot/whatever/node', 'url is correct');
+  const expectedRequestOptions = {
+    json: true,
+    rejectUnauthorized: true,
+    headers: {"If-Modified-Since": "Thu, 06 Dec 2018 14:02:33 GMT"},
+  };
+  t.deepEqual(needleSpy.args[0][3], expectedRequestOptions, 'request options are correct');
+
+  config['allowUnknownCA'] = true;
+  snapshotReader.loadFromUpstream();
+  expectedRequestOptions.rejectUnauthorized = false;
+  t.deepEqual(needleSpy.args[1][3], expectedRequestOptions, 'request options are correct');
+
+  t.ok(nock.isDone(), 'snapshot requests made');
+  nock.cleanAll();
+});
diff --git a/test/transmitter.test.js b/test/transmitter.test.js
@@ -1,22 +1,42 @@
 const test = require('tap').test;
 const proxyquire =  require('proxyquire');
 const nock = require('nock');
+const needle = require('needle');
 
 const sinon = require('sinon');
 const spy = sinon.spy();
 const debugMock = (loggerType) => (msg) => {spy(msg);};
 const state = require('../lib/state');
+const config = require('../lib/config');
+config.initConfig({projectId: 'some-project-id'});
 const transmitter = proxyquire('../lib/transmitter', {'debug': debugMock});
 
 test('Transmitter transmits 0 events for no events', async function (t) {
   nock('http://host')
-  .post('/method')
-  .reply(200, {});
+    .post('/method')
+    .reply(200, {});
+  nock('http://host')
+    .post('/method')
+    .reply(200, {});
 
   spy.resetHistory();
+  const needleSpy = sinon.spy(needle, 'request');
 
   await transmitter.transmitEvents('http://host/method', 'some-project-id', 'some-agent-id');
-  t.ok(nock.isDone(), 'empty transmission sent');
+  t.equal(needleSpy.args[0][0], 'post', 'beacons are being posted');
+  t.equal(needleSpy.args[0][1], 'http://host/method', 'url is correct');
+  t.ok('agentId' in needleSpy.args[0][2], 'agent ID is transmitted');
+  t.equal(needleSpy.args[0][2]['agentId'], 'some-agent-id', 'agent ID is correct');
+  t.ok('projectId' in needleSpy.args[0][2], 'project ID is transmitted');
+  t.equal(needleSpy.args[0][2]['projectId'], 'some-project-id', 'project ID is correct');
+  t.deepEqual(needleSpy.args[0][3], {json: true, rejectUnauthorized: true}, 'request options are correct');
+
+  config['allowUnknownCA'] = true;
+  await transmitter.transmitEvents('http://host/method', 'some-project-id', 'some-agent-id');
+  t.deepEqual(needleSpy.args[1][3], {json: true, rejectUnauthorized: false}, 'request options are correct');
+
+  t.ok(nock.isDone(), 'two transmissions sent');
+
   nock.cleanAll();
 });