From 60ac0f2df85e4e4655b96b358dcc1ba40fe61a3e Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 5 May 2020 15:28:58 -0600 Subject: Specify npm cafile setting * [cafile](https://docs.npmjs.com/using-npm/config#cafile) * Use host network for development scripts * Specify path to JAVA keystore in list command * Add CHANGELOG entry --- CHANGELOG.md | 5 +++++ Gemfile.lock | 2 +- bin/docker-build | 2 +- bin/docker-shell | 1 + lib/license/management/shell.rb | 7 +++++- lib/license/management/version.rb | 2 +- spec/fixtures/js/custom-npm.crt | 23 ++++++++++++++++++++ spec/integration/js/npm_spec.rb | 38 +++++++++++++++++++++++++++++++++ spec/support/integration_test_helper.rb | 6 ++++++ 9 files changed, 82 insertions(+), 4 deletions(-) create mode 100644 spec/fixtures/js/custom-npm.crt diff --git a/CHANGELOG.md b/CHANGELOG.md index 556bcd6..ed22bad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # GitLab License management changelog +## v3.8.0 + +- Add support for NPM [cafile](https://docs.npmjs.com/using-npm/config#cafile) option. (!145) +- Specify path to Java keystore file when listing contents. (!45) + ## v3.7.6 - Exclude `devDependencies` from scan report. (!141) diff --git a/Gemfile.lock b/Gemfile.lock index 98d898c..2cdd726 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (3.7.6) + license-management (3.8.0) license_finder (~> 6.0.0) spandx (~> 0.1) diff --git a/bin/docker-build b/bin/docker-build index 39a9160..2cd819f 100755 --- a/bin/docker-build +++ b/bin/docker-build @@ -6,7 +6,7 @@ cd "$(dirname "$0")/.." if command -v docker; then IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} - docker build -t "$IMAGE_NAME" . + docker build --network=host -t "$IMAGE_NAME" . else echo "Install docker: https://docs.docker.com/engine/installation/" exit 1 diff --git a/bin/docker-shell b/bin/docker-shell index 6d146a8..617492a 100755 --- a/bin/docker-shell +++ b/bin/docker-shell @@ -8,5 +8,6 @@ IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} docker run --rm -it \ --entrypoint='' \ + --network=host \ --volume "$PWD":/opt/license-management \ "$IMAGE_NAME" /bin/bash -l diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index 9ff59c4..fcf8188 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -44,6 +44,7 @@ module License Dir.chdir custom_certificate_path.dirname do execute([:awk, SPLIT_SCRIPT, '<', custom_certificate_path]) execute('update-ca-certificates -v') + execute([:npm, :config, :set, :cafile, custom_certificate_path]) Dir.glob('custom.*.crt').each do |path| full_path = File.expand_path(path) @@ -58,7 +59,11 @@ module License '-storepass', 'changeit', '-keystore', "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" ]) - execute(["keytool -list -v -storepass changeit"]) + execute([ + :keytool, '-list', '-v', + '-storepass changeit', + '-keystore', "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" + ]) end end end diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index cfb570e..881fa37 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.7.6' + VERSION = '3.8.0' end end diff --git a/spec/fixtures/js/custom-npm.crt b/spec/fixtures/js/custom-npm.crt new file mode 100644 index 0000000..df2cb53 --- /dev/null +++ b/spec/fixtures/js/custom-npm.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2DCCAsCgAwIBAgIJAJFlQ9PD4dt0MA0GCSqGSIb3DQEBCwUAMIGAMQswCQYD +VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg +V2lkZ2l0cyBQdHkgTHRkMTkwNwYDVQQDDDBnaXRsYWItYWlyZ2FwLW5wbS5jLmdy +b3VwLXNlY3VyZS1hODlmZTcuaW50ZXJuYWwwHhcNMjAwNDAyMDMwOTAzWhcNMjEw +NDAyMDMwOTAzWjCBgDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDE5MDcGA1UEAwwwZ2l0 +bGFiLWFpcmdhcC1ucG0uYy5ncm91cC1zZWN1cmUtYTg5ZmU3LmludGVybmFsMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPXhYU45QQCF6oYWYwsgTNIn +cOMGT1hW4C/ZrSEPBSa4ET2lrMDyckLqMuMJ1Sf2eiWZ5nhI4daEJLlAXa7iMVwM +fFXd9SVXH7dBMxtdXW603UCsKidnnIA3STK/HxZQlhL1WH14QI6pQzxmDyjzCYcC +aHFN/33FasTnNKV2BC148NsH8bHNg0cCkuVU4Y6uYDfe7U9/p/nudJdEw+lpCCpo +lEsmMaa8bWLNoTjHivH46ayiGIMaDLUuLgR0w0ttYWFsK2XopLHk9J9M/pfOC9Bc +65NJTdXfBFebCNID0Q8XNOYmhV4DPHgXyaHlTYbCzzLhVRoL8zA24v+CM/KYaQID +AQABo1MwUTAdBgNVHQ4EFgQU/jo6T6AK0FE0Lqu3aMzVB6jE304wHwYDVR0jBBgw +FoAU/jo6T6AK0FE0Lqu3aMzVB6jE304wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAZPNsnnqDi9YXyJnvBIz0sk/tcrzg6t2oZFbMcoVDprOaUywo +Fc8I/0HdmVEBFcnffEH5jMM460uaoZ97xnaKZbiM0ndFWakcbW9Mq62l92/cmU40 +zZh5imVYuHC7BWeOurSFbZjMT9+td8SChGqZJN8fci3w6HxWXvh204KasxqCW1kp +N+Z83JhI5abxw7QjVizV8xbT2NPsgqp3lC7esMUnth6Up1Wn/YeD04kYRNnc2YJX +7vn8PVf8LZgp/FiMcDMXO4ED26rs4lL1XRTnfvU4jkPt8MKA27ldy9fTeKLP9/cY +x4VAajyXr+uQZG1VTgxYOv4cbHO8V9g6N0OOxA== +-----END CERTIFICATE----- diff --git a/spec/integration/js/npm_spec.rb b/spec/integration/js/npm_spec.rb index 9cc1565..0658df6 100644 --- a/spec/integration/js/npm_spec.rb +++ b/spec/integration/js/npm_spec.rb @@ -464,4 +464,42 @@ RSpec.describe "npm" do specify { expect(subject.licenses_for(item[0])).to match_array(item[2]) } end end + + context "when scanning a project with dependencies sourced from a custom registry" do + subject { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('js/custom-npm.crt') }) } + + before do + runner.add_file(".npmrc", "registry = https://#{private_npm_host}") + runner.add_file("package.json") do + JSON.pretty_generate({ + name: "js-npm", + version: "1.0.0", + description: "Test project for js-npm", + dependencies: { lodash: "4.17.10" }, + devDependencies: {}, + scripts: { test: "echo 'test'" } + }) + end + runner.add_file("package-lock.json") do + JSON.pretty_generate({ + name: "js-npm", + version: "1.0.0", + lockfileVersion: 1, + requires: true, + dependencies: { + lodash: { + version: "4.17.10", + resolved: "https://#{private_npm_host}/lodash/-/lodash-4.17.10.tgz", + integrity: "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + } + } + }) + end + end + + specify { expect(subject).to match_schema(version: '2.0') } + specify { expect(subject.dependency_names).to match_array(%w[js-npm lodash]) } + specify { expect(subject.licenses_for('js-npm')).to match_array(['MIT']) } + specify { expect(subject.licenses_for('lodash')).to match_array(['MIT']) } + end end diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb index b25297c..ead30d4 100644 --- a/spec/support/integration_test_helper.rb +++ b/spec/support/integration_test_helper.rb @@ -86,6 +86,12 @@ module IntegrationTestHelper end end + def private_npm_host + @private_npm_host ||= ENV.fetch('PRIVATE_NPM_HOST').tap do |host| + add_host(host, ENV.fetch('PRIVATE_NPM_IP')) + end + end + def private_pypi_host @private_pypi_host ||= ENV.fetch('PRIVATE_PYPI_HOST').tap do |host| add_host(host, ENV.fetch('PRIVATE_PYPI_IP')) -- cgit v1.2.3 From 2f72d7f8d2873aba27a834c91a7b58199bd41388 Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 5 May 2020 16:48:13 -0600 Subject: Check size of image in bytes --- .gitlab/test.yml | 2 ++ bin/docker-size | 13 +++++++++++++ 2 files changed, 15 insertions(+) create mode 100755 bin/docker-size diff --git a/.gitlab/test.yml b/.gitlab/test.yml index 5059269..19ad6d9 100644 --- a/.gitlab/test.yml +++ b/.gitlab/test.yml @@ -8,11 +8,13 @@ size: timeout: 3 minutes variables: GIT_STRATEGY: none + IMAGE_NAME: $TMP_IMAGE script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull $TMP_IMAGE - docker image ls $TMP_IMAGE - docker image inspect $TMP_IMAGE + - bin/docker-size lint: stage: test diff --git a/bin/docker-size b/bin/docker-size new file mode 100755 index 0000000..37a3da1 --- /dev/null +++ b/bin/docker-size @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +cd "$(dirname "$0")/.." + +IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} +MAX_SIZE=2684354560 +CURRENT_SIZE=$(docker image inspect "$IMAGE_NAME" --format='{{.Size}}') + +echo "Maximum (bytes): $MAX_SIZE" +echo "Current (bytes): $CURRENT_SIZE" +test "$MAX_SIZE" -gt "$CURRENT_SIZE" -- cgit v1.2.3 From 4366daaf65de6686013c75da474eac5c062ca800 Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 5 May 2020 16:57:41 -0600 Subject: Use environment variable instead of changing global configuration --- lib/license/finder/ext/npm.rb | 8 +++++++- lib/license/management/shell.rb | 1 - 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/license/finder/ext/npm.rb b/lib/license/finder/ext/npm.rb index 75c0855..48741f9 100644 --- a/lib/license/finder/ext/npm.rb +++ b/lib/license/finder/ext/npm.rb @@ -16,7 +16,7 @@ module LicenseFinder def prepare Dir.chdir(project_path) do - shell.execute("#{prepare_command} --production") + shell.execute("#{prepare_command} --production", env: default_env) end end @@ -32,5 +32,11 @@ module LicenseFinder end status.success? ? JSON.parse(stdout) : {} end + + def default_env + return {} unless shell.custom_certificate_installed? + + { 'NPM_CONFIG_CAFILE' => ENV.fetch('NPM_CONFIG_CAFILE', shell.custom_certificate_path.to_s) } + end end end diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index fcf8188..7baa6ba 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -44,7 +44,6 @@ module License Dir.chdir custom_certificate_path.dirname do execute([:awk, SPLIT_SCRIPT, '<', custom_certificate_path]) execute('update-ca-certificates -v') - execute([:npm, :config, :set, :cafile, custom_certificate_path]) Dir.glob('custom.*.crt').each do |path| full_path = File.expand_path(path) -- cgit v1.2.3 From b8528fe5d1a726ad21cf52a10afaf9ca189e8ccb Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 5 May 2020 17:01:32 -0600 Subject: Print docker metadata in script --- .gitlab/test.yml | 2 -- bin/docker-size | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/test.yml b/.gitlab/test.yml index 19ad6d9..43abc9f 100644 --- a/.gitlab/test.yml +++ b/.gitlab/test.yml @@ -12,8 +12,6 @@ size: script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull $TMP_IMAGE - - docker image ls $TMP_IMAGE - - docker image inspect $TMP_IMAGE - bin/docker-size lint: diff --git a/bin/docker-size b/bin/docker-size index 37a3da1..e5d3de2 100755 --- a/bin/docker-size +++ b/bin/docker-size @@ -8,6 +8,8 @@ IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} MAX_SIZE=2684354560 CURRENT_SIZE=$(docker image inspect "$IMAGE_NAME" --format='{{.Size}}') +docker image ls "$IMAGE_NAME" +docker image inspect "$IMAGE_NAME" echo "Maximum (bytes): $MAX_SIZE" echo "Current (bytes): $CURRENT_SIZE" test "$MAX_SIZE" -gt "$CURRENT_SIZE" -- cgit v1.2.3 From 100b925e97be4ff8bf9e09850df6a3cee536e4c6 Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 5 May 2020 17:03:46 -0600 Subject: Extract variable for keystore_path --- lib/license/management/shell.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index 7baa6ba..9053a3f 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -48,6 +48,7 @@ module License Dir.glob('custom.*.crt').each do |path| full_path = File.expand_path(path) execute([:openssl, :x509, '-in', full_path, '-text', '-noout']) + keystore_path = "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" execute([ :keytool, '-importcert', @@ -56,12 +57,12 @@ module License '-trustcacerts', '-noprompt', '-storepass', 'changeit', - '-keystore', "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" + '-keystore', keystore_path ]) execute([ :keytool, '-list', '-v', '-storepass changeit', - '-keystore', "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts" + '-keystore', keystore_path ]) end end -- cgit v1.2.3 From b963d8d572fdf93d9c76e45d400465d8c5c2fae0 Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 5 May 2020 17:07:29 -0600 Subject: Print size of docker image --- .gitlab/test.yml | 8 ++++++-- bin/docker-size | 15 --------------- 2 files changed, 6 insertions(+), 17 deletions(-) delete mode 100755 bin/docker-size diff --git a/.gitlab/test.yml b/.gitlab/test.yml index 43abc9f..52ec662 100644 --- a/.gitlab/test.yml +++ b/.gitlab/test.yml @@ -8,11 +8,15 @@ size: timeout: 3 minutes variables: GIT_STRATEGY: none - IMAGE_NAME: $TMP_IMAGE + MAX_SIZE: 2684354560 script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker pull $TMP_IMAGE - - bin/docker-size + - docker image ls $TMP_IMAGE + - export CURRENT_SIZE=$(docker image inspect $TMP_IMAGE --format='{{.Size}}') + - echo $MAX_SIZE + - echo $CURRENT_SIZE + - test $MAX_SIZE" -gt "$CURRENT_SIZE lint: stage: test diff --git a/bin/docker-size b/bin/docker-size deleted file mode 100755 index e5d3de2..0000000 --- a/bin/docker-size +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -cd "$(dirname "$0")/.." - -IMAGE_NAME=${IMAGE_NAME:-$(basename "$PWD"):latest} -MAX_SIZE=2684354560 -CURRENT_SIZE=$(docker image inspect "$IMAGE_NAME" --format='{{.Size}}') - -docker image ls "$IMAGE_NAME" -docker image inspect "$IMAGE_NAME" -echo "Maximum (bytes): $MAX_SIZE" -echo "Current (bytes): $CURRENT_SIZE" -test "$MAX_SIZE" -gt "$CURRENT_SIZE" -- cgit v1.2.3