Merge branch '212921-offline-npm' into 'master'v3.8.0

Specify a custom CA for npm See merge request gitlab-org/security-products/license-management!145
author: Can Eldem <celdem@gitlab.com> 2020-05-06 11:42:04 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-05-06 11:42:04 +0000
commit: 6b40d051f8325ea957e60fc37abe26e97c5de2b6 (patch)
tree: f64e2d51b783c339609958de8af3564ecc92e632 /spec
parent: 8e427c7987e90a028e6d9f344a9f70bb13b6eee4 (diff)
parent: b963d8d572fdf93d9c76e45d400465d8c5c2fae0 (diff)
3 files changed, 67 insertions, 0 deletions
diff --git a/spec/fixtures/js/custom-npm.crt b/spec/fixtures/js/custom-npm.crt
new file mode 100644
index 0000000..df2cb53
--- /dev/null
+++ b/spec/fixtures/js/custom-npm.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsCgAwIBAgIJAJFlQ9PD4dt0MA0GCSqGSIb3DQEBCwUAMIGAMQswCQYD
+VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
+V2lkZ2l0cyBQdHkgTHRkMTkwNwYDVQQDDDBnaXRsYWItYWlyZ2FwLW5wbS5jLmdy
+b3VwLXNlY3VyZS1hODlmZTcuaW50ZXJuYWwwHhcNMjAwNDAyMDMwOTAzWhcNMjEw
+NDAyMDMwOTAzWjCBgDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDE5MDcGA1UEAwwwZ2l0
+bGFiLWFpcmdhcC1ucG0uYy5ncm91cC1zZWN1cmUtYTg5ZmU3LmludGVybmFsMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPXhYU45QQCF6oYWYwsgTNIn
+cOMGT1hW4C/ZrSEPBSa4ET2lrMDyckLqMuMJ1Sf2eiWZ5nhI4daEJLlAXa7iMVwM
+fFXd9SVXH7dBMxtdXW603UCsKidnnIA3STK/HxZQlhL1WH14QI6pQzxmDyjzCYcC
+aHFN/33FasTnNKV2BC148NsH8bHNg0cCkuVU4Y6uYDfe7U9/p/nudJdEw+lpCCpo
+lEsmMaa8bWLNoTjHivH46ayiGIMaDLUuLgR0w0ttYWFsK2XopLHk9J9M/pfOC9Bc
+65NJTdXfBFebCNID0Q8XNOYmhV4DPHgXyaHlTYbCzzLhVRoL8zA24v+CM/KYaQID
+AQABo1MwUTAdBgNVHQ4EFgQU/jo6T6AK0FE0Lqu3aMzVB6jE304wHwYDVR0jBBgw
+FoAU/jo6T6AK0FE0Lqu3aMzVB6jE304wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAZPNsnnqDi9YXyJnvBIz0sk/tcrzg6t2oZFbMcoVDprOaUywo
+Fc8I/0HdmVEBFcnffEH5jMM460uaoZ97xnaKZbiM0ndFWakcbW9Mq62l92/cmU40
+zZh5imVYuHC7BWeOurSFbZjMT9+td8SChGqZJN8fci3w6HxWXvh204KasxqCW1kp
+N+Z83JhI5abxw7QjVizV8xbT2NPsgqp3lC7esMUnth6Up1Wn/YeD04kYRNnc2YJX
+7vn8PVf8LZgp/FiMcDMXO4ED26rs4lL1XRTnfvU4jkPt8MKA27ldy9fTeKLP9/cY
+x4VAajyXr+uQZG1VTgxYOv4cbHO8V9g6N0OOxA==
+-----END CERTIFICATE-----
diff --git a/spec/integration/js/npm_spec.rb b/spec/integration/js/npm_spec.rb
index 9cc1565..0658df6 100644
--- a/spec/integration/js/npm_spec.rb
+++ b/spec/integration/js/npm_spec.rb
@@ -464,4 +464,42 @@ RSpec.describe "npm" do
       specify { expect(subject.licenses_for(item[0])).to match_array(item[2]) }
     end
   end
+
+  context "when scanning a project with dependencies sourced from a custom registry" do
+    subject { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('js/custom-npm.crt') }) }
+
+    before do
+      runner.add_file(".npmrc", "registry = https://#{private_npm_host}")
+      runner.add_file("package.json") do
+        JSON.pretty_generate({
+          name: "js-npm",
+          version: "1.0.0",
+          description: "Test project for js-npm",
+          dependencies: { lodash: "4.17.10" },
+          devDependencies: {},
+          scripts: { test: "echo 'test'" }
+        })
+      end
+      runner.add_file("package-lock.json") do
+        JSON.pretty_generate({
+          name: "js-npm",
+          version: "1.0.0",
+          lockfileVersion: 1,
+          requires: true,
+          dependencies: {
+            lodash: {
+              version: "4.17.10",
+              resolved: "https://#{private_npm_host}/lodash/-/lodash-4.17.10.tgz",
+              integrity: "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg=="
+            }
+          }
+        })
+      end
+    end
+
+    specify { expect(subject).to match_schema(version: '2.0') }
+    specify { expect(subject.dependency_names).to match_array(%w[js-npm lodash]) }
+    specify { expect(subject.licenses_for('js-npm')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('lodash')).to match_array(['MIT']) }
+  end
 end
diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb
index b25297c..ead30d4 100644
--- a/spec/support/integration_test_helper.rb
+++ b/spec/support/integration_test_helper.rb
@@ -86,6 +86,12 @@ module IntegrationTestHelper
     end
   end
 
+  def private_npm_host
+    @private_npm_host ||= ENV.fetch('PRIVATE_NPM_HOST').tap do |host|
+      add_host(host, ENV.fetch('PRIVATE_NPM_IP'))
+    end
+  end
+
   def private_pypi_host
     @private_pypi_host ||= ENV.fetch('PRIVATE_PYPI_HOST').tap do |host|
       add_host(host, ENV.fetch('PRIVATE_PYPI_IP'))
author	Can Eldem <celdem@gitlab.com>	2020-05-06 11:42:04 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-05-06 11:42:04 +0000
commit	6b40d051f8325ea957e60fc37abe26e97c5de2b6 (patch)
tree	f64e2d51b783c339609958de8af3564ecc92e632 /spec
parent	8e427c7987e90a028e6d9f344a9f70bb13b6eee4 (diff)
parent	b963d8d572fdf93d9c76e45d400465d8c5c2fae0 (diff)