From 62e5596e332729adf76effc065828b04a0ba8409 Mon Sep 17 00:00:00 2001 From: Andrew Rowson Date: Wed, 1 May 2024 10:36:36 +0100 Subject: [PATCH 1/2] fix: tolerate without a scheme --- checkov/common/bridgecrew/platform_integration.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/checkov/common/bridgecrew/platform_integration.py b/checkov/common/bridgecrew/platform_integration.py index 19ae7da9925..1ebfa5d00d6 100644 --- a/checkov/common/bridgecrew/platform_integration.py +++ b/checkov/common/bridgecrew/platform_integration.py @@ -319,17 +319,21 @@ def setup_http_manager(self, ca_certificate: str | None = None, no_cert_verify: if self.http: return + # The `https_proxy` environment variable might be scheme-less. urllib3.ProxyManager expects a scheme, so set + # to a default of http:// if missing. + parsed_proxy_url = urllib3.util.parse_url(os.environ['https_proxy']) + if not parsed_proxy_url.scheme: + parsed_proxy_url = parsed_proxy_url._replace(scheme='http') if ca_certificate: os.environ['REQUESTS_CA_BUNDLE'] = ca_certificate cert_reqs = 'CERT_NONE' if no_cert_verify else 'REQUIRED' logging.debug(f'Using CA cert {ca_certificate} and cert_reqs {cert_reqs}') try: - parsed_url = urllib3.util.parse_url(os.environ['https_proxy']) self.http = urllib3.ProxyManager( - os.environ['https_proxy'], + parsed_proxy_url.url, cert_reqs=cert_reqs, ca_certs=ca_certificate, - proxy_headers=urllib3.make_headers(proxy_basic_auth=parsed_url.auth), # type:ignore[no-untyped-call] + proxy_headers=urllib3.make_headers(proxy_basic_auth=parsed_proxy_url.auth), # type:ignore[no-untyped-call] timeout=self.http_timeout, retries=self.http_retry, ) @@ -344,11 +348,10 @@ def setup_http_manager(self, ca_certificate: str | None = None, no_cert_verify: cert_reqs = 'CERT_NONE' if no_cert_verify else None logging.debug(f'Using cert_reqs {cert_reqs}') try: - parsed_url = urllib3.util.parse_url(os.environ['https_proxy']) self.http = urllib3.ProxyManager( - os.environ['https_proxy'], + parsed_proxy_url.url, cert_reqs=cert_reqs, - proxy_headers=urllib3.make_headers(proxy_basic_auth=parsed_url.auth), # type:ignore[no-untyped-call] + proxy_headers=urllib3.make_headers(proxy_basic_auth=parsed_proxy_url.auth), # type:ignore[no-untyped-call] timeout=self.http_timeout, retries=self.http_retry, ) From 6d1249dff4cfb67a95e0220de9c694a49308f8e2 Mon Sep 17 00:00:00 2001 From: Andrew Rowson Date: Fri, 3 May 2024 11:48:19 +0100 Subject: [PATCH 2/2] Added unit test --- tests/common/test_platform_integration.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/common/test_platform_integration.py b/tests/common/test_platform_integration.py index 003f5b5ce34..efd95c4170f 100644 --- a/tests/common/test_platform_integration.py +++ b/tests/common/test_platform_integration.py @@ -158,6 +158,16 @@ def test_is_valid_policy_filter(self): valid_filters=mock_prisma_policy_filter_response())) self.assertFalse(instance.is_valid_policy_filter(policy_filter={'policy.label': ['A', 'B']}, valid_filters={})) + def test_proxy_without_scheme(self): + current_proxy = os.environ['https_proxy'] + try: + os.environ['https_proxy'] = "127.0.0.1" + instance = BcPlatformIntegration() + instance.api_url = 'https://www.bridgecrew.cloud/v1' + instance.setup_http_manager() + finally: + os.environ['https_proxy'] = current_proxy + def test_setup_on_prem(self): instance = BcPlatformIntegration()