Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
remove git clone support
Browse files Browse the repository at this point in the history
lirshindalman committed Jan 1, 2025

Unverified

This user has not yet uploaded their public signing key.
1 parent b71a48b commit ce42d54
Showing 4 changed files with 17 additions and 20 deletions.
10 changes: 4 additions & 6 deletions checkov/common/goget/github/get_git.py
Original file line number Diff line number Diff line change
@@ -5,7 +5,6 @@
import shutil

from checkov.common.goget.base_getter import BaseGetter
from checkov.common.proxy.proxy_client import get_proxy_envs
from checkov.common.resource_code_logger_filter import add_resource_code_filter_to_logger
from checkov.common.util.contextmanagers import temp_environ

@@ -83,17 +82,16 @@ def do_get(self) -> str:

def _clone(self, git_url: str, clone_dir: str) -> None:
self.logger.debug(f"cloning {self.url if '@' not in self.url else self.url.split('@')[1]} to {clone_dir}")
proxy_env = get_proxy_envs()
with temp_environ(GIT_TERMINAL_PROMPT="0"): # disables user prompts originating from GIT
if self.branch:
Repo.clone_from(git_url, clone_dir, branch=self.branch, depth=1, env=proxy_env) # depth=1 for shallow clone
Repo.clone_from(git_url, clone_dir, branch=self.branch, depth=1) # depth=1 for shallow clone
elif self.commit_id: # no commit id support for branch
repo = Repo.clone_from(git_url, clone_dir, no_checkout=True, env=proxy_env) # need to be a full git clone
repo = Repo.clone_from(git_url, clone_dir, no_checkout=True) # need to be a full git clone
repo.git.checkout(self.commit_id)
elif self.tag:
Repo.clone_from(git_url, clone_dir, depth=1, b=self.tag, env=proxy_env)
Repo.clone_from(git_url, clone_dir, depth=1, b=self.tag)
else:
Repo.clone_from(git_url, clone_dir, depth=1, env=proxy_env)
Repo.clone_from(git_url, clone_dir, depth=1)

# Split source url into Git url and subdirectory path e.g. test.com/repo//repo/subpath becomes 'test.com/repo', '/repo/subpath')
# Also see reference implementation @ go-getter https://github.com/hashicorp/go-getter/blob/main/source.go
23 changes: 10 additions & 13 deletions checkov/common/proxy/proxy_client.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from __future__ import annotations

import os
from typing import Any, Optional
import logging
from typing import Any

import requests

@@ -10,13 +10,14 @@

class ProxyClient:
def __init__(self) -> None:
self.identity = env_vars_config.PROXY_HEADER_VALUE
self.proxy_ca_path = env_vars_config.PROXY_CA_PATH
if self.proxy_ca_path is None:
raise Exception("[ProxyClient] CA certificate path is missing")
logging.warning("[ProxyClient] CA certificate path is missing")

def get_session(self) -> requests.Session:
if not env_vars_config.PROXY_URL:
raise Exception('Please provide "PROXY_URL" env var')
logging.warning('Please provide "PROXY_URL" env var')
proxy_url = env_vars_config.PROXY_URL
session = requests.Session()
proxies = {
@@ -26,8 +27,13 @@ def get_session(self) -> requests.Session:
session.proxies.update(proxies)
return session

def update_request_header(self, request: requests.Request) -> None:
if env_vars_config.PROXY_HEADER_VALUE:
request.headers[env_vars_config.PROXY_HEADER_VALUE] = self.identity

def send_request(self, request: requests.Request) -> requests.Response:
session = self.get_session()
self.update_request_header(request=request)
prepared_request = session.prepare_request(request)
return session.send(prepared_request, verify=self.proxy_ca_path)

@@ -36,12 +42,3 @@ def call_http_request_with_proxy(request: requests.Request) -> Any:
proxy_client = ProxyClient()
return proxy_client.send_request(request=request)


def get_proxy_envs() -> Optional[dict[str, Optional[str]]]:
if os.getenv('PROXY_URL'):
proxy_env = os.environ.copy()
proxy_env["GIT_SSL_CAINFO"] = env_vars_config.PROXY_CA_PATH # Path to the CA cert
proxy_env["http_proxy"] = env_vars_config.PROXY_URL # Proxy URL
proxy_env["https_proxy"] = env_vars_config.PROXY_URL # HTTPS Proxy URL (if needed)
return proxy_env
return None
2 changes: 2 additions & 0 deletions checkov/common/util/env_vars_config.py
Original file line number Diff line number Diff line change
@@ -81,6 +81,8 @@ def __init__(self) -> None:
self.JAVA_FULL_DT = os.getenv('JAVA_FULL_DT', False)
self.PROXY_CA_PATH = os.getenv('PROXY_CA_PATH', None)
self.PROXY_URL = os.getenv('PROXY_URL', None)
self.PROXY_HEADER_VALUE = os.getenv('PROXY_HEADER_VALUE', None)
self.PROXY_HEADER_KEY = os.getenv('PROXY_HEADER_VALUE', None)


env_vars_config = EnvVarsConfig()
Original file line number Diff line number Diff line change
@@ -90,7 +90,7 @@ def _load_module(self, module_params: ModuleParams) -> ModuleContent:
headers={"Authorization": f"Bearer {module_params.token}"} if module_params.token else None
)
if os.getenv('PROXY_URL'):
logging.info('Send request with proxy')
logging.info('Sending request with proxy')
response = call_http_request_with_proxy(request)
else:
session = requests.Session()

0 comments on commit ce42d54

Please sign in to comment.