diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
index 207d19777cc..7d0f21d65b1 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
@@ -1,12 +1,13 @@
using System;
using System.Diagnostics;
using System.IO;
+using System.Security.Cryptography.X509Certificates;
using Semmle.Util;
using Semmle.Util.Logging;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
- public class DependabotProxy
+ public class DependabotProxy : IDisposable
{
private readonly string? host;
private readonly string? port;
@@ -20,6 +21,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// The path to the temporary file where the certificate is stored.
///
internal readonly string? CertificatePath;
+ ///
+ /// The certificate used for the Dependabot proxy.
+ ///
+ internal readonly X509Certificate2? Certificate;
///
/// Gets a value indicating whether a Dependabot proxy is configured.
@@ -60,6 +65,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
writer.Write(cert);
logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}");
+
+ this.Certificate = new X509Certificate2(this.CertificatePath);
}
internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo)
@@ -73,5 +80,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address);
startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName);
}
+
+ public void Dispose()
+ {
+ if (this.Certificate != null)
+ {
+ this.Certificate.Dispose();
+ }
+ }
}
}
diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
index de930867598..bbd5ecbd127 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
@@ -545,6 +545,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
public void Dispose()
{
nugetPackageRestorer?.Dispose();
+ dependabotProxy.Dispose();
if (cleanupTempWorkingDirectory)
{
tempWorkingDirectory?.Dispose();
diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
index 3663265f5b9..8ea25c72f36 100644
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
@@ -600,13 +600,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
{
httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address);
- if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath))
+ if (this.dependabotProxy.Certificate != null)
{
- X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath);
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) =>
{
chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
- chain.ChainPolicy.CustomTrustStore.Add(proxyCert);
+ chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate);
return chain.Build(cert);
};
}