diff --git a/checkov/common/goget/github/get_git.py b/checkov/common/goget/github/get_git.py index 0368490c653..27923693d0c 100644 --- a/checkov/common/goget/github/get_git.py +++ b/checkov/common/goget/github/get_git.py @@ -5,6 +5,7 @@ import shutil from checkov.common.goget.base_getter import BaseGetter +from checkov.common.proxy.proxy_client import get_proxy_envs from checkov.common.resource_code_logger_filter import add_resource_code_filter_to_logger from checkov.common.util.contextmanagers import temp_environ @@ -82,16 +83,17 @@ def do_get(self) -> str: def _clone(self, git_url: str, clone_dir: str) -> None: self.logger.debug(f"cloning {self.url if '@' not in self.url else self.url.split('@')[1]} to {clone_dir}") + proxy_env = get_proxy_envs() with temp_environ(GIT_TERMINAL_PROMPT="0"): # disables user prompts originating from GIT if self.branch: - Repo.clone_from(git_url, clone_dir, branch=self.branch, depth=1) # depth=1 for shallow clone + Repo.clone_from(git_url, clone_dir, branch=self.branch, depth=1, env=proxy_env) # depth=1 for shallow clone elif self.commit_id: # no commit id support for branch - repo = Repo.clone_from(git_url, clone_dir, no_checkout=True) # need to be a full git clone + repo = Repo.clone_from(git_url, clone_dir, no_checkout=True, env=proxy_env) # need to be a full git clone repo.git.checkout(self.commit_id) elif self.tag: - Repo.clone_from(git_url, clone_dir, depth=1, b=self.tag) + Repo.clone_from(git_url, clone_dir, depth=1, b=self.tag, env=proxy_env) else: - Repo.clone_from(git_url, clone_dir, depth=1) + Repo.clone_from(git_url, clone_dir, depth=1, env=proxy_env) # Split source url into Git url and subdirectory path e.g. test.com/repo//repo/subpath becomes 'test.com/repo', '/repo/subpath') # Also see reference implementation @ go-getter https://github.com/hashicorp/go-getter/blob/main/source.go diff --git a/checkov/common/proxy/__init__.py b/checkov/common/proxy/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/checkov/terraform/module_loading/proxy_client.py b/checkov/common/proxy/proxy_client.py similarity index 75% rename from checkov/terraform/module_loading/proxy_client.py rename to checkov/common/proxy/proxy_client.py index 915047d345b..e3eba3f4c27 100644 --- a/checkov/terraform/module_loading/proxy_client.py +++ b/checkov/common/proxy/proxy_client.py @@ -31,3 +31,12 @@ def send_request(self, request: requests.Request) -> requests.Response: def call_http_request_with_proxy(request: requests.Request) -> Any: proxy_client = ProxyClient() return proxy_client.send_request(request=request) + + +def get_proxy_envs(): + proxy_env = os.environ.copy() + if os.getenv('PROXY_URL'): + proxy_env["GIT_SSL_CAINFO"] = os.getenv('PROXY_CA_PATH', None) # Path to the CA cert + proxy_env["http_proxy"] = os.getenv('PROXY_URL') # Proxy URL + proxy_env["https_proxy"] = os.getenv('PROXY_URL') # HTTPS Proxy URL (if needed) + return proxy_env diff --git a/checkov/terraform/module_loading/loaders/registry_loader.py b/checkov/terraform/module_loading/loaders/registry_loader.py index 61e1ee93f68..b9267479d40 100644 --- a/checkov/terraform/module_loading/loaders/registry_loader.py +++ b/checkov/terraform/module_loading/loaders/registry_loader.py @@ -19,7 +19,7 @@ order_versions_in_descending_order, get_version_constraints ) -from checkov.terraform.module_loading.proxy_client import call_http_request_with_proxy +from checkov.common.proxy.proxy_client import call_http_request_with_proxy if TYPE_CHECKING: from checkov.terraform.module_loading.module_params import ModuleParams