mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
175 lines
5.4 KiB
Go
175 lines
5.4 KiB
Go
package util
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/url"
|
|
"os"
|
|
"os/exec"
|
|
"strings"
|
|
)
|
|
|
|
const PROXY_HOST = "CODEQL_PROXY_HOST"
|
|
const PROXY_PORT = "CODEQL_PROXY_PORT"
|
|
const PROXY_CA_CERTIFICATE = "CODEQL_PROXY_CA_CERTIFICATE"
|
|
const PROXY_URLS = "CODEQL_PROXY_URLS"
|
|
const GOPROXY_SERVER = "goproxy_server"
|
|
const GIT_SOURCE = "git_source"
|
|
|
|
type RegistryConfig struct {
|
|
Type string `json:"type"`
|
|
URL string `json:"url"`
|
|
}
|
|
|
|
// The address of the proxy including protocol and port (e.g. http://localhost:1234)
|
|
var proxy_address string
|
|
|
|
// The path to the temporary file that stores the proxy certificate, if any.
|
|
var proxy_cert_file string
|
|
|
|
// An array of goproxy server URLs.
|
|
var goproxy_servers []string
|
|
|
|
// An array of Git URLs.
|
|
var git_sources []string
|
|
|
|
// Stores the environment variables that we wish to pass on to `go` commands.
|
|
var proxy_vars []string = nil
|
|
|
|
// Keeps track of whether we have inspected the proxy environment variables.
|
|
// Needed since `proxy_vars` may be nil either way.
|
|
var proxy_vars_checked bool = false
|
|
|
|
// Tries to parse the given string value into an array of RegistryConfig values.
|
|
func parseRegistryConfigs(str string) ([]RegistryConfig, error) {
|
|
var configs []RegistryConfig
|
|
if err := json.Unmarshal([]byte(str), &configs); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return configs, nil
|
|
}
|
|
|
|
func getEnvVars() []string {
|
|
var result []string
|
|
|
|
if proxy_host, proxy_host_set := os.LookupEnv(PROXY_HOST); proxy_host_set && proxy_host != "" {
|
|
if proxy_port, proxy_port_set := os.LookupEnv(PROXY_PORT); proxy_port_set && proxy_port != "" {
|
|
proxy_address = fmt.Sprintf("http://%s:%s", proxy_host, proxy_port)
|
|
result = append(
|
|
result,
|
|
fmt.Sprintf("HTTP_PROXY=%s", proxy_address),
|
|
fmt.Sprintf("HTTPS_PROXY=%s", proxy_address),
|
|
fmt.Sprintf("http_proxy=%s", proxy_address),
|
|
fmt.Sprintf("https_proxy=%s", proxy_address),
|
|
)
|
|
|
|
slog.Info("Found private registry proxy", slog.String("proxy_address", proxy_address))
|
|
}
|
|
}
|
|
|
|
if proxy_cert, proxy_cert_set := os.LookupEnv(PROXY_CA_CERTIFICATE); proxy_cert_set && proxy_cert != "" {
|
|
// Write the certificate to a temporary file
|
|
slog.Info("Found certificate")
|
|
|
|
f, err := os.CreateTemp("", "codeql-proxy.crt")
|
|
if err != nil {
|
|
slog.Error("Failed to create temporary file for the proxy certificate", slog.String("error", err.Error()))
|
|
}
|
|
|
|
_, err = f.WriteString(proxy_cert)
|
|
if err != nil {
|
|
slog.Error("Failed to write to the temporary certificate file", slog.String("error", err.Error()))
|
|
}
|
|
|
|
err = f.Close()
|
|
if err != nil {
|
|
slog.Error("Failed to close the temporary certificate file", slog.String("error", err.Error()))
|
|
} else {
|
|
proxy_cert_file = f.Name()
|
|
result = append(result, fmt.Sprintf("SSL_CERT_FILE=%s", proxy_cert_file))
|
|
}
|
|
}
|
|
|
|
if proxy_urls, proxy_urls_set := os.LookupEnv(PROXY_URLS); proxy_urls_set && proxy_urls != "" {
|
|
val, err := parseRegistryConfigs(proxy_urls)
|
|
if err != nil {
|
|
slog.Error("Unable to parse proxy configurations", slog.String("error", err.Error()))
|
|
} else {
|
|
// We only care about private registry configurations that are relevant to Go and
|
|
// filter others out at this point.
|
|
for _, cfg := range val {
|
|
if cfg.Type == GOPROXY_SERVER {
|
|
goproxy_servers = append(goproxy_servers, cfg.URL)
|
|
slog.Info("Found GOPROXY server", slog.String("url", cfg.URL))
|
|
} else if cfg.Type == GIT_SOURCE {
|
|
parsed, err := url.Parse(cfg.URL)
|
|
if err == nil && parsed.Hostname() != "" {
|
|
git_source := parsed.Hostname() + parsed.Path + "*"
|
|
git_sources = append(git_sources, git_source)
|
|
slog.Info("Found Git source", slog.String("source", git_source))
|
|
} else {
|
|
slog.Warn("Not a valid URL for Git source", slog.String("url", cfg.URL))
|
|
}
|
|
}
|
|
}
|
|
|
|
goprivate := []string{}
|
|
|
|
if len(goproxy_servers) > 0 {
|
|
goproxy_val := "https://proxy.golang.org,direct"
|
|
|
|
for _, url := range goproxy_servers {
|
|
goproxy_val = url + "," + goproxy_val
|
|
}
|
|
|
|
result = append(result, fmt.Sprintf("GOPROXY=%s", goproxy_val), "GONOPROXY=")
|
|
}
|
|
|
|
if len(git_sources) > 0 {
|
|
goprivate = append(goprivate, git_sources...)
|
|
|
|
if proxy_cert_file != "" {
|
|
slog.Info("Configuring `git` to use proxy certificate", slog.String("path", proxy_cert_file))
|
|
cmd := exec.Command("git", "config", "--global", "http.sslCAInfo", proxy_cert_file)
|
|
|
|
out, cmdErr := cmd.CombinedOutput()
|
|
slog.Info(string(out))
|
|
|
|
if cmdErr != nil {
|
|
slog.Error("Failed to configure `git` to accept the certificate file", slog.String("error", cmdErr.Error()))
|
|
}
|
|
}
|
|
}
|
|
|
|
result = append(result, fmt.Sprintf("GOPRIVATE=%s", strings.Join(goprivate, ",")))
|
|
}
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
// Applies private package proxy related environment variables to `cmd`.
|
|
func ApplyProxyEnvVars(cmd *exec.Cmd) {
|
|
// If we haven't done so yet, check whether the proxy environment variables are set
|
|
// and extract information from them.
|
|
if !proxy_vars_checked {
|
|
proxy_vars = getEnvVars()
|
|
proxy_vars_checked = true
|
|
}
|
|
|
|
// If the proxy is configured, `proxy_vars` will be not `nil`. We append those
|
|
// variables to the existing environment to preserve those environment variables.
|
|
// If `cmd.Env` is not changed, then the existing environment is also preserved.
|
|
if proxy_vars != nil {
|
|
cmd.Env = append(os.Environ(), proxy_vars...)
|
|
}
|
|
|
|
slog.Debug(
|
|
"Applying private registry proxy environment variables",
|
|
slog.String("cmd_args", strings.Join(cmd.Args, " ")),
|
|
slog.String("proxy_vars", strings.Join(proxy_vars, ",")),
|
|
)
|
|
}
|