From 870d1e79725349090c38096070fe346b71de1c46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20Scha=CC=88fer?= <101886095+PeterSchafer@users.noreply.github.com> Date: Tue, 21 Jun 2022 16:47:14 +0200 Subject: [PATCH] chore: override no_proxy from parent env before launching cliv1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit avoid accidental and purposeful redirecting of traffic between cliv1 and cliv2 Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> chore: support different casing for proxy related env variables Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> Signed-off-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com> --- cliv2/internal/cliv2/cliv2.go | 26 +++++++++++++++++++++ cliv2/internal/cliv2/cliv2_test.go | 37 ++++++++++++++++++++++++------ cliv2/internal/utils/array.go | 34 +++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 7 deletions(-) diff --git a/cliv2/internal/cliv2/cliv2.go b/cliv2/internal/cliv2/cliv2.go index 7138c0c10e..d0d153385d 100644 --- a/cliv2/internal/cliv2/cliv2.go +++ b/cliv2/internal/cliv2/cliv2.go @@ -37,6 +37,12 @@ const SNYK_INTEGRATION_NAME_ENV = "SNYK_INTEGRATION_NAME" const SNYK_INTEGRATION_VERSION_ENV = "SNYK_INTEGRATION_VERSION" const SNYK_HTTPS_PROXY_ENV = "HTTPS_PROXY" const SNYK_HTTP_PROXY_ENV = "HTTP_PROXY" +const SNYK_HTTP_NO_PROXY_ENV = "NO_PROXY" +const SNYK_NPM_PROXY_ENV = "NPM_CONFIG_PROXY" +const SNYK_NPM_HTTPS_PROXY_ENV = "NPM_CONFIG_HTTPS_PROXY" +const SNYK_NPM_HTTP_PROXY_ENV = "NPM_CONFIG_HTTP_PROXY" +const SNYK_NPM_NO_PROXY_ENV = "NPM_CONFIG_NO_PROXY" +const SNYK_NPM_ALL_PROXY = "ALL_PROXY" const SNYK_CA_CERTIFICATE_LOCATION_ENV = "NODE_EXTRA_CA_CERTS" const ( @@ -156,9 +162,29 @@ func PrepareV1EnvironmentVariables(input []string, integrationName string, integ } if err == nil { + + // apply blacklist: ensure that no existing no_proxy or other configuration causes redirecting internal communication that is meant to stay between cliv1 and cliv2 + blackList := []string{ + SNYK_HTTPS_PROXY_ENV, + SNYK_HTTP_PROXY_ENV, + SNYK_CA_CERTIFICATE_LOCATION_ENV, + SNYK_HTTP_NO_PROXY_ENV, + SNYK_NPM_NO_PROXY_ENV, + SNYK_NPM_HTTPS_PROXY_ENV, + SNYK_NPM_HTTP_PROXY_ENV, + SNYK_NPM_PROXY_ENV, + SNYK_NPM_ALL_PROXY, + } + + for _, key := range blackList { + inputAsMap = utils.Remove(inputAsMap, key) + } + + // fill expected values inputAsMap[SNYK_HTTPS_PROXY_ENV] = proxyAddress inputAsMap[SNYK_HTTP_PROXY_ENV] = proxyAddress inputAsMap[SNYK_CA_CERTIFICATE_LOCATION_ENV] = caCertificateLocation + result = utils.ToSlice(inputAsMap, "=") } diff --git a/cliv2/internal/cliv2/cliv2_test.go b/cliv2/internal/cliv2/cliv2_test.go index 2a39600b08..99c840484d 100644 --- a/cliv2/internal/cliv2/cliv2_test.go +++ b/cliv2/internal/cliv2/cliv2_test.go @@ -12,9 +12,19 @@ import ( "github.com/stretchr/testify/assert" ) -func Test_PrepareV1EnvironmentVariables_Fill(t *testing.T) { - - input := []string{"something=1", "in=2", "here=3=2"} +func Test_PrepareV1EnvironmentVariables_Fill_and_Filter(t *testing.T) { + + input := []string{ + "something=1", + "in=2", + "here=3=2", + "no_proxy=something", + "NPM_CONFIG_PROXY=something", + "NPM_CONFIG_HTTPS_PROXY=something", + "NPM_CONFIG_HTTP_PROXY=something", + "npm_config_no_proxy=something", + "ALL_PROXY=something", + } expected := []string{"something=1", "in=2", "here=3=2", "SNYK_INTEGRATION_NAME=foo", "SNYK_INTEGRATION_VERSION=bar", "HTTP_PROXY=proxy", "HTTPS_PROXY=proxy", "NODE_EXTRA_CA_CERTS=cacertlocation"} actual, err := cliv2.PrepareV1EnvironmentVariables(input, "foo", "bar", "proxy", "cacertlocation") @@ -25,10 +35,23 @@ func Test_PrepareV1EnvironmentVariables_Fill(t *testing.T) { assert.Nil(t, err) } -func Test_PrepareV1EnvironmentVariables_DontOverrideExisting(t *testing.T) { +func Test_PrepareV1EnvironmentVariables_DontOverrideExistingIntegration(t *testing.T) { - input := []string{"something=1", "in=2", "here=3", "SNYK_INTEGRATION_NAME=exists", "SNYK_INTEGRATION_VERSION=already", "HTTP_PROXY=proxy", "HTTPS_PROXY=proxy", "NODE_EXTRA_CA_CERTS=cacertlocation"} - expected := input + input := []string{"something=1", "in=2", "here=3", "SNYK_INTEGRATION_NAME=exists", "SNYK_INTEGRATION_VERSION=already"} + expected := []string{"something=1", "in=2", "here=3", "SNYK_INTEGRATION_NAME=exists", "SNYK_INTEGRATION_VERSION=already", "HTTP_PROXY=proxy", "HTTPS_PROXY=proxy", "NODE_EXTRA_CA_CERTS=cacertlocation"} + + actual, err := cliv2.PrepareV1EnvironmentVariables(input, "foo", "bar", "proxy", "cacertlocation") + + sort.Strings(expected) + sort.Strings(actual) + assert.Equal(t, expected, actual) + assert.Nil(t, err) +} + +func Test_PrepareV1EnvironmentVariables_OverrideProxyAndCerts(t *testing.T) { + + input := []string{"something=1", "in=2", "here=3", "http_proxy=exists", "https_proxy=already", "NODE_EXTRA_CA_CERTS=again", "no_proxy=312123"} + expected := []string{"something=1", "in=2", "here=3", "SNYK_INTEGRATION_NAME=foo", "SNYK_INTEGRATION_VERSION=bar", "HTTP_PROXY=proxy", "HTTPS_PROXY=proxy", "NODE_EXTRA_CA_CERTS=cacertlocation"} actual, err := cliv2.PrepareV1EnvironmentVariables(input, "foo", "bar", "proxy", "cacertlocation") @@ -38,7 +61,7 @@ func Test_PrepareV1EnvironmentVariables_DontOverrideExisting(t *testing.T) { assert.Nil(t, err) } -func Test_PrepareV1EnvironmentVariables_DontOverrideExisting2(t *testing.T) { +func Test_PrepareV1EnvironmentVariables_Fail_DontOverrideExisting(t *testing.T) { input := []string{"something=1", "in=2", "here=3", "SNYK_INTEGRATION_NAME=exists"} expected := input diff --git a/cliv2/internal/utils/array.go b/cliv2/internal/utils/array.go index 8076891a5c..03c8b73368 100644 --- a/cliv2/internal/utils/array.go +++ b/cliv2/internal/utils/array.go @@ -51,3 +51,37 @@ func ToSlice(input map[string]string, combineBy string) []string { return result } + +// Removes a given key from the input map and uses FindKeyCaseInsensitive() for this. The resulting map is being returned. +func Remove(input map[string]string, key string) map[string]string { + found := false + key, found = FindKeyCaseInsensitive(input, key) + if found { + delete(input, key) + } + return input +} + +// This method determines whether the given key is in the input map, it therefore looks for the exact match and the key in all capital or lower case letters. +// If the key in any of these versions was found, it'll be returned alongside with a boolean indicating whether or not it was found. +func FindKeyCaseInsensitive(input map[string]string, key string) (string, bool) { + + found := false + + // look for exact match + _, found = input[key] + + // look for lower case match + if !found { + key = strings.ToLower(key) + _, found = input[key] + } + + // look for upper case match + if !found { + key = strings.ToUpper(key) + _, found = input[key] + } + + return key, found +}