C#: Load Dependabot Proxy certificate in DependabotProxy, and implement IDisposable

2026-04-24 08:15:14 +02:00 · 2024-12-03 18:47:47 +00:00
parent ca251fb840
commit ee7f0b0f2a
3 changed files with 19 additions and 4 deletions
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
@@ -1,12 +1,13 @@
 using System;
 using System.Diagnostics;
 using System.IO;
+using System.Security.Cryptography.X509Certificates;
 using Semmle.Util;
 using Semmle.Util.Logging;

 namespace Semmle.Extraction.CSharp.DependencyFetching
 {
-    public class DependabotProxy
+    public class DependabotProxy : IDisposable
    {
        private readonly string? host;
        private readonly string? port;
@@ -20,6 +21,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        /// The path to the temporary file where the certificate is stored.
        /// </summary>
        internal readonly string? CertificatePath;
+        /// <summary>
+        /// The certificate used for the Dependabot proxy.
+        /// </summary>
+        internal readonly X509Certificate2? Certificate;

        /// <summary>
        /// Gets a value indicating whether a Dependabot proxy is configured.
@@ -60,6 +65,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            writer.Write(cert);

            logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}");
+
+            this.Certificate = new X509Certificate2(this.CertificatePath);
        }

        internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo)
@@ -73,5 +80,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address);
            startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName);
        }
+
+        public void Dispose()
+        {
+            if (this.Certificate != null)
+            {
+                this.Certificate.Dispose();
+            }
+        }
    }
 }
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
@@ -545,6 +545,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        public void Dispose()
        {
            nugetPackageRestorer?.Dispose();
+            dependabotProxy.Dispose();
            if (cleanupTempWorkingDirectory)
            {
                tempWorkingDirectory?.Dispose();
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
@@ -600,13 +600,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            {
                httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address);

-                if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath))
+                if (this.dependabotProxy.Certificate != null)
                {
-                    X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath);
                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) =>
                    {
                        chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
-                        chain.ChainPolicy.CustomTrustStore.Add(proxyCert);
+                        chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate);
                        return chain.Build(cert);
                    };
                }