Merge branch 'offline-tests' into 'master'v3.19.2

Combine default/custom x509 certificates in TLS validation

See merge request gitlab-org/security-products/license-management!194

4 files changed, 22 insertions, 12 deletions

diff --git a/lib/license/finder/ext/bower.rb b/lib/license/finder/ext/bower.rb
index 2219b18..9b302f6 100644
--- a/lib/license/finder/ext/bower.rb
+++ b/lib/license/finder/ext/bower.rb
@@ -3,7 +3,15 @@
 module LicenseFinder
   class Bower < PackageManager
     def prepare
-      shell.execute([:bower, :install, '--allow-root'], env: default_env)
+      shell.execute([
+        :bower,
+        :install,
+        '--allow-root',
+        '--production',
+        '--verbose',
+        '--loglevel',
+        :debug
+      ], env: default_env)
     end
 
     def current_packages
@@ -18,7 +26,7 @@ module LicenseFinder
 
     def bower_output
       stdout, _stderr, status = Dir.chdir(project_path) do
-        shell.execute([:bower, :list, '--json', '-l', 'action', '--allow-root'])
+        shell.execute([:bower, :list, '--json', '-l', 'action', '--allow-root'], env: default_env)
       end
       return {} unless status.success?
 
@@ -48,12 +56,15 @@ module LicenseFinder
     end
 
     def default_env
-      return {} unless shell.custom_certificate_installed?
-
-      {
-        'NPM_CONFIG_CAFILE' => ENV.fetch('NPM_CONFIG_CAFILE', shell.custom_certificate_path.to_s),
-        'bower_ca' => ENV.fetch('bower_ca', shell.custom_certificate_path.to_s)
+      @default_env ||= {
+        'NPM_CONFIG_CAFILE' => ENV.fetch('NPM_CONFIG_CAFILE', shell.default_certificate_path).to_s,
+        'bower_ca' => ENV.fetch('bower_ca', shell.default_certificate_path).to_s,
+        'bower_directory' => ENV.fetch('bower_directory', vendor_path.join('bower_components')).to_s
       }
     end
+
+    def vendor_path
+      Pathname.pwd.join('.gitlab', 'cache', 'vendor')
+    end
   end
 end
diff --git a/lib/license/management/python.rb b/lib/license/management/python.rb
index 740b5c4..ede792e 100644
--- a/lib/license/management/python.rb
+++ b/lib/license/management/python.rb
@@ -54,9 +54,7 @@ module License
       end
 
       def default_env
-        return {} unless shell.custom_certificate_installed?
-
-        { 'PIP_CERT' => ENV.fetch('PIP_CERT', shell.custom_certificate_path.to_s) }
+        { 'PIP_CERT' => ENV.fetch('PIP_CERT', shell.default_certificate_path).to_s }
       end
     end
   end
diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb
index 47639df..1a99895 100644
--- a/lib/license/management/shell.rb
+++ b/lib/license/management/shell.rb
@@ -4,11 +4,12 @@ module License
   module Management
     class Shell
       SPLIT_SCRIPT = "'BEGIN {x=0;} /BEGIN CERT/{x++} { print > \"custom.\" x \".crt\" }'"
-      attr_reader :custom_certificate_path, :logger
+      attr_reader :default_certificate_path, :custom_certificate_path, :logger
 
       def initialize(logger: License::Management.logger, certificate: ENV['ADDITIONAL_CA_CERT_BUNDLE'])
         @logger = logger
         @custom_certificate_path = Pathname.new('/usr/local/share/ca-certificates/custom.crt')
+        @default_certificate_path = Pathname.new('/etc/ssl/certs/ca-certificates.crt')
         trust!(certificate) if present?(certificate)
       end
 
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 5402857..d9e2383 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.19.1'
+    VERSION = '3.19.2'
   end
 end