Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(general): tolerate ${HTTPS_PROXY} without a scheme #6235

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

fix(general): tolerate ${HTTPS_PROXY} without a scheme #6235

wants to merge 8 commits into from

Conversation

andrew-rowson-lseg
Copy link

@andrew-rowson-lseg andrew-rowson-lseg commented May 3, 2024
edited by baz-review bot
Loading

User description

Description

urllib3.ProxyManager is quite opinionated about the value passed in as the proxy URL, in that it must at least have a scheme. Creating a ProxyManager with a schemeless URL throws an exception:

urllib3.exceptions.ProxySchemeUnknown: Proxy URL had no scheme, should start with http:// or https://

Checkov passes the value of os.environ['https_proxy'] directly into ProxyManager in platform_integration.py so if this value happens to not start with http:// or https://, then checkov crashes out.

I couldn't find anything authoritative on whether ${HTTPS_PROXY} should or shouldn't have a scheme. The best reference I could find was from the curl manual (https://curl.se/docs/manpage.html) which shows the "protocol" part as being optional.

HTTPS_PROXY [protocol://][:port]

Given that it then seems valid for ${HTTPS_PROXY} to contain a bare hostname (or host:port) pair, and it's certainly true in my environment, this patch checks to see if a scheme is present in the env var and then adds in a default if its absent.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Ensure BcPlatformIntegration can handle https_proxy environment variables without a scheme by defaulting to http. Modify platform_integration.py to parse the proxy URL and add a scheme if missing. Update tests in test_platform_integration.py to verify this behavior.

TopicDetails
Proxy Scheme Handling Handle schemeless https_proxy environment variables by adding a default scheme in BcPlatformIntegration.
Modified files (2)
  • checkov/common/bridgecrew/platform_integration.py
  • tests/common/test_platform_integration.py
Latest Contributors(2)
UserCommitDate
[email protected]feat-general-add-suppo...September 02, 2024
[email protected]...platform-general-handl...July 25, 2024
This pull request is reviewed by Baz. Join @andrew-rowson-lseg and the rest of your team on (Baz).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrew-rowson-lseg @AdamDev