diff options
| author | Can Eldem <celdem@gitlab.com> | 2020-05-06 11:42:04 +0000 |
|---|---|---|
| committer | Can Eldem <celdem@gitlab.com> | 2020-05-06 11:42:04 +0000 |
| commit | 6b40d051f8325ea957e60fc37abe26e97c5de2b6 (patch) | |
| tree | f64e2d51b783c339609958de8af3564ecc92e632 | |
| parent | 8e427c7987e90a028e6d9f344a9f70bb13b6eee4 (diff) | |
| parent | b963d8d572fdf93d9c76e45d400465d8c5c2fae0 (diff) | |
Merge branch '212921-offline-npm' into 'master'v3.8.0
Specify a custom CA for npm
See merge request gitlab-org/security-products/license-management!145
| -rw-r--r-- | .gitlab/test.yml | 6 | ||||
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rwxr-xr-x | bin/docker-build | 2 | ||||
| -rwxr-xr-x | bin/docker-shell | 1 | ||||
| -rw-r--r-- | lib/license/finder/ext/npm.rb | 8 | ||||
| -rw-r--r-- | lib/license/management/shell.rb | 9 | ||||
| -rw-r--r-- | lib/license/management/version.rb | 2 | ||||
| -rw-r--r-- | spec/fixtures/js/custom-npm.crt | 23 | ||||
| -rw-r--r-- | spec/integration/js/npm_spec.rb | 38 | ||||
| -rw-r--r-- | spec/support/integration_test_helper.rb | 6 |
11 files changed, 95 insertions, 7 deletions
diff --git a/.gitlab/test.yml b/.gitlab/test.yml index 5059269..52ec662 100644 --- a/.gitlab/test.yml +++ b/.gitlab/test.yml @@ -8,11 +8,15 @@ size: timeout: 3 minutes variables: GIT_STRATEGY: none + MAX_SIZE: 2684354560 script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull $TMP_IMAGE - docker image ls $TMP_IMAGE - - docker image inspect $TMP_IMAGE + - export CURRENT_SIZE=$(docker image inspect $TMP_IMAGE --format='{{.Size}}') + - echo $MAX_SIZE + - echo $CURRENT_SIZE + - test $MAX_SIZE" -gt "$CURRENT_SIZE lint: stage: test diff --git a/CHANGELOG.md b/CHANGELOG.md index 556bcd6..ed22bad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # GitLab License management changelog +## v3.8.0 + +- Add support for NPM [cafile](https://docs.npmjs.com/using-npm/config#cafile) option. (!145) +- Specify path to Java keystore file when listing contents. (!45) + ## v3.7.6 - Exclude `devDependencies` from scan report. (!141) diff --git a/Gemfile.lock b/Gemfile.lock index 98d898c..2cdd726 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (3.7.6) + license-management (3.8.0) license_finder (~> 6.0.0) spandx (~> 0.1) diff --git a/bin/docker-build b/bin/docker-build index 39a9160..2cd819f 100755 --- a/bin/docker-build +++ b/bin/docker-build @@ -6,7 +6,7 @@ cd "$(dirname "$0")/.." if command -v docker; then IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} - docker build -t "$IMAGE_NAME" . + docker build --network=host -t "$IMAGE_NAME" . else echo "Install docker: https://docs.docker.com/engine/installation/" exit 1 diff --git a/bin/docker-shell b/bin/docker-shell index 6d146a8..617492a 100755 --- a/bin/docker-shell +++ b/bin/docker-shell @@ -8,5 +8,6 @@ IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} docker run --rm -it \ --entrypoint='' \ + --network=host \ --volume "$PWD":/opt/license-management \ "$IMAGE_NAME" /bin/bash -l diff --git a/lib/license/finder/ext/npm.rb b/lib/license/finder/ext/npm.rb index 75c0855..48741f9 100644 --- a/lib/license/finder/ext/npm.rb +++ b/lib/license/finder/ext/npm.rb @@ -16,7 +16,7 @@ module LicenseFinder def prepare Dir.chdir(project_path) do - shell.execute("#{prepare_command} --production") + shell.execute("#{prepare_command} --production", env: default_env) end end @@ -32,5 +32,11 @@ module LicenseFinder end status.success? ? JSON.parse(stdout) : {} end + + def default_env + return {} unless shell.custom_certificate_installed? + + { 'NPM_CONFIG_CAFILE' => ENV.fetch('NPM_CONFIG_CAFILE', shell.custom_certificate_path.to_s) } + end end end diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index 9ff59c4..9053a3f 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -48,6 +48,7 @@ module License Dir.glob('custom.*.crt').each do |path| full_path = File.expand_path(path) execute([:openssl, :x509, '-in', full_path, '-text', '-noout']) + keystore_path = "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" execute([ :keytool, '-importcert', @@ -56,9 +57,13 @@ module License '-trustcacerts', '-noprompt', '-storepass', 'changeit', - '-keystore', "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" + '-keystore', keystore_path + ]) + execute([ + :keytool, '-list', '-v', + '-storepass changeit', + '-keystore', keystore_path ]) - execute(["keytool -list -v -storepass changeit"]) end end end diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index cfb570e..881fa37 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.7.6' + VERSION = '3.8.0' end end diff --git a/spec/fixtures/js/custom-npm.crt b/spec/fixtures/js/custom-npm.crt new file mode 100644 index 0000000..df2cb53 --- /dev/null +++ b/spec/fixtures/js/custom-npm.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIJAJFlQ9PD4dt0MA0GCSqGSIb3DQEBCwUAMIGAMQswCQYD +VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg +V2lkZ2l0cyBQdHkgTHRkMTkwNwYDVQQDDDBnaXRsYWItYWlyZ2FwLW5wbS5jLmdy +b3VwLXNlY3VyZS1hODlmZTcuaW50ZXJuYWwwHhcNMjAwNDAyMDMwOTAzWhcNMjEw +NDAyMDMwOTAzWjCBgDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDE5MDcGA1UEAwwwZ2l0 +bGFiLWFpcmdhcC1ucG0uYy5ncm91cC1zZWN1cmUtYTg5ZmU3LmludGVybmFsMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPXhYU45QQCF6oYWYwsgTNIn +cOMGT1hW4C/ZrSEPBSa4ET2lrMDyckLqMuMJ1Sf2eiWZ5nhI4daEJLlAXa7iMVwM +fFXd9SVXH7dBMxtdXW603UCsKidnnIA3STK/HxZQlhL1WH14QI6pQzxmDyjzCYcC +aHFN/33FasTnNKV2BC148NsH8bHNg0cCkuVU4Y6uYDfe7U9/p/nudJdEw+lpCCpo +lEsmMaa8bWLNoTjHivH46ayiGIMaDLUuLgR0w0ttYWFsK2XopLHk9J9M/pfOC9Bc +65NJTdXfBFebCNID0Q8XNOYmhV4DPHgXyaHlTYbCzzLhVRoL8zA24v+CM/KYaQID +AQABo1MwUTAdBgNVHQ4EFgQU/jo6T6AK0FE0Lqu3aMzVB6jE304wHwYDVR0jBBgw +FoAU/jo6T6AK0FE0Lqu3aMzVB6jE304wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAZPNsnnqDi9YXyJnvBIz0sk/tcrzg6t2oZFbMcoVDprOaUywo +Fc8I/0HdmVEBFcnffEH5jMM460uaoZ97xnaKZbiM0ndFWakcbW9Mq62l92/cmU40 +zZh5imVYuHC7BWeOurSFbZjMT9+td8SChGqZJN8fci3w6HxWXvh204KasxqCW1kp +N+Z83JhI5abxw7QjVizV8xbT2NPsgqp3lC7esMUnth6Up1Wn/YeD04kYRNnc2YJX +7vn8PVf8LZgp/FiMcDMXO4ED26rs4lL1XRTnfvU4jkPt8MKA27ldy9fTeKLP9/cY +x4VAajyXr+uQZG1VTgxYOv4cbHO8V9g6N0OOxA== +-----END CERTIFICATE----- diff --git a/spec/integration/js/npm_spec.rb b/spec/integration/js/npm_spec.rb index 9cc1565..0658df6 100644 --- a/spec/integration/js/npm_spec.rb +++ b/spec/integration/js/npm_spec.rb @@ -464,4 +464,42 @@ RSpec.describe "npm" do specify { expect(subject.licenses_for(item[0])).to match_array(item[2]) } end end + + context "when scanning a project with dependencies sourced from a custom registry" do + subject { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('js/custom-npm.crt') }) } + + before do + runner.add_file(".npmrc", "registry = https://#{private_npm_host}") + runner.add_file("package.json") do + JSON.pretty_generate({ + name: "js-npm", + version: "1.0.0", + description: "Test project for js-npm", + dependencies: { lodash: "4.17.10" }, + devDependencies: {}, + scripts: { test: "echo 'test'" } + }) + end + runner.add_file("package-lock.json") do + JSON.pretty_generate({ + name: "js-npm", + version: "1.0.0", + lockfileVersion: 1, + requires: true, + dependencies: { + lodash: { + version: "4.17.10", + resolved: "https://#{private_npm_host}/lodash/-/lodash-4.17.10.tgz", + integrity: "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + } + } + }) + end + end + + specify { expect(subject).to match_schema(version: '2.0') } + specify { expect(subject.dependency_names).to match_array(%w[js-npm lodash]) } + specify { expect(subject.licenses_for('js-npm')).to match_array(['MIT']) } + specify { expect(subject.licenses_for('lodash')).to match_array(['MIT']) } + end end diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb index b25297c..ead30d4 100644 --- a/spec/support/integration_test_helper.rb +++ b/spec/support/integration_test_helper.rb @@ -86,6 +86,12 @@ module IntegrationTestHelper end end + def private_npm_host + @private_npm_host ||= ENV.fetch('PRIVATE_NPM_HOST').tap do |host| + add_host(host, ENV.fetch('PRIVATE_NPM_IP')) + end + end + def private_pypi_host @private_pypi_host ||= ENV.fetch('PRIVATE_PYPI_HOST').tap do |host| add_host(host, ENV.fetch('PRIVATE_PYPI_IP')) |