From 174cb7c0e2a538abbbeb49c100d5b52f31fe1362 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Dec 2024 18:47:47 +0000 Subject: [PATCH] C#: Load Dependabot Proxy certificate in `DependabotProxy`, and implement `IDisposable` --- .../DependabotProxy.cs | 17 ++++++++++++++++- .../DependencyManager.cs | 1 + .../NugetPackageRestorer.cs | 5 ++--- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 207d19777cc..7d0f21d65b1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -1,12 +1,13 @@ using System; using System.Diagnostics; using System.IO; +using System.Security.Cryptography.X509Certificates; using Semmle.Util; using Semmle.Util.Logging; namespace Semmle.Extraction.CSharp.DependencyFetching { - public class DependabotProxy + public class DependabotProxy : IDisposable { private readonly string? host; private readonly string? port; @@ -20,6 +21,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching /// The path to the temporary file where the certificate is stored. /// internal readonly string? CertificatePath; + /// + /// The certificate used for the Dependabot proxy. + /// + internal readonly X509Certificate2? Certificate; /// /// Gets a value indicating whether a Dependabot proxy is configured. @@ -60,6 +65,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching writer.Write(cert); logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); + + this.Certificate = new X509Certificate2(this.CertificatePath); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) @@ -73,5 +80,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); } + + public void Dispose() + { + if (this.Certificate != null) + { + this.Certificate.Dispose(); + } + } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index de930867598..bbd5ecbd127 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -545,6 +545,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching public void Dispose() { nugetPackageRestorer?.Dispose(); + dependabotProxy.Dispose(); if (cleanupTempWorkingDirectory) { tempWorkingDirectory?.Dispose(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 3663265f5b9..8ea25c72f36 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -600,13 +600,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); - if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath)) + if (this.dependabotProxy.Certificate != null) { - X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath); httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => { chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust; - chain.ChainPolicy.CustomTrustStore.Add(proxyCert); + chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate); return chain.Build(cert); }; }