Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(general): add proxy to git clone from #6923

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
+26 −10
Open

feat(general): add proxy to git clone from #6923

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b7edd8b
.
lirshindalman Dec 24, 2024
fdcaf1a
.
lirshindalman Dec 24, 2024
6cfb4c2
Merge branch 'main' into add_procy_to_git_clone
lirshindalman Dec 24, 2024
db248da
.
lirshindalman Dec 24, 2024
7f61759
.
lirshindalman Dec 24, 2024
e0ac659
.
lirshindalman Dec 24, 2024
fbbfe96
.
lirshindalman Dec 24, 2024
f4ff4f0
.
lirshindalman Dec 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions checkov/common/goget/github/get_git.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import shutil

from checkov.common.goget.base_getter import BaseGetter
from checkov.common.proxy.proxy_client import get_proxy_envs
from checkov.common.resource_code_logger_filter import add_resource_code_filter_to_logger
from checkov.common.util.contextmanagers import temp_environ

Expand Down Expand Up @@ -82,16 +83,17 @@ def do_get(self) -> str:

def _clone(self, git_url: str, clone_dir: str) -> None:
self.logger.debug(f"cloning {self.url if '@' not in self.url else self.url.split('@')[1]} to {clone_dir}")
proxy_env = get_proxy_envs()
with temp_environ(GIT_TERMINAL_PROMPT="0"): # disables user prompts originating from GIT
if self.branch:
Repo.clone_from(git_url, clone_dir, branch=self.branch, depth=1) # depth=1 for shallow clone
Repo.clone_from(git_url, clone_dir, branch=self.branch, depth=1, env=proxy_env) # depth=1 for shallow clone
elif self.commit_id: # no commit id support for branch
repo = Repo.clone_from(git_url, clone_dir, no_checkout=True) # need to be a full git clone
repo = Repo.clone_from(git_url, clone_dir, no_checkout=True, env=proxy_env) # need to be a full git clone
repo.git.checkout(self.commit_id)
elif self.tag:
Repo.clone_from(git_url, clone_dir, depth=1, b=self.tag)
Repo.clone_from(git_url, clone_dir, depth=1, b=self.tag, env=proxy_env)
else:
Repo.clone_from(git_url, clone_dir, depth=1)
Repo.clone_from(git_url, clone_dir, depth=1, env=proxy_env)

# Split source url into Git url and subdirectory path e.g. test.com/repo//repo/subpath becomes 'test.com/repo', '/repo/subpath')
# Also see reference implementation @ go-getter https://github.com/hashicorp/go-getter/blob/main/source.go
Expand Down
Empty file added checkov/common/proxy/__init__.py
View file
Open in desktop
Empty file.
24 changes: 19 additions & 5 deletions .../terraform/module_loading/proxy_client.py → checkov/common/proxy/proxy_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,29 @@
from __future__ import annotations

import os
from typing import Any
from typing import Any, Optional

import requests

from checkov.common.util.env_vars_config import env_vars_config


class ProxyClient:
def __init__(self) -> None:
self.proxy_ca_path = os.getenv('PROXY_CA_PATH', None)
self.proxy_ca_path = env_vars_config.PROXY_CA_PATH
if self.proxy_ca_path is None:
raise Exception("[ProxyClient] CA certificate path is missing")

def get_session(self) -> requests.Session:
if not os.getenv('PROXY_URL', None):
if not env_vars_config.PROXY_URL:
raise Exception('Please provide "PROXY_URL" env var')
proxy_url = os.getenv('PROXY_URL')
proxy_url = env_vars_config.PROXY_URL
session = requests.Session()
proxies = {
"http": proxy_url,
"https": proxy_url,
}
session.proxies.update(proxies) # type: ignore
session.proxies.update(proxies)
return session

def send_request(self, request: requests.Request) -> requests.Response:
Expand All @@ -31,3 +35,13 @@ def send_request(self, request: requests.Request) -> requests.Response:
def call_http_request_with_proxy(request: requests.Request) -> Any:
proxy_client = ProxyClient()
return proxy_client.send_request(request=request)


def get_proxy_envs() -> Optional[dict[str, Optional[str]]]:
if os.getenv('PROXY_URL'):
proxy_env = os.environ.copy()
proxy_env["GIT_SSL_CAINFO"] = env_vars_config.PROXY_CA_PATH # Path to the CA cert
proxy_env["http_proxy"] = env_vars_config.PROXY_URL # Proxy URL
proxy_env["https_proxy"] = env_vars_config.PROXY_URL # HTTPS Proxy URL (if needed)
return proxy_env
return None
lirshindalman marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion checkov/terraform/module_loading/loaders/registry_loader.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
order_versions_in_descending_order,
get_version_constraints
)
from checkov.terraform.module_loading.proxy_client import call_http_request_with_proxy
from checkov.common.proxy.proxy_client import call_http_request_with_proxy

if TYPE_CHECKING:
from checkov.terraform.module_loading.module_params import ModuleParams
Expand Down
Loading