Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: adds options to bypass SSL validation #837

Merged
merged 3 commits into from
Sep 23, 2021

Conversation

EverlastingBugstopper
Copy link
Contributor

@EverlastingBugstopper EverlastingBugstopper commented Sep 21, 2021

This fixes #720 by introducing two new flags to control Rover's client configuration.

From the docs attached to this PR:


Bypass SSL/TLS Validation

Sometimes, you may want to perform HTTPS requests from Rover, but skip validation checks. This is generally not recommended and insecure, but there are two flags you can use to configure how Rover validates HTTPS requests.

The --insecure-accept-invalid-hostnames flag will disable hostname validation. If hostname verification is not used, any valid certificate for any site will be trusted for use from any other. This introduces a significant vulnerability to man-in-the-middle attacks.

The --insecure-accept-invalid-certs flag will disable certificate validation. If invalid certificates are trusted, any certificate for any site will be trusted for use. This includes expired certificates. This introduces significant vulnerabilities, and should only be used as a last resort.

Copy link
Member

@abernix abernix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Though wouldn't mind a review from the others requested too. 😉

docs/source/configuring.md Outdated Show resolved Hide resolved
docs/source/configuring.md Outdated Show resolved Hide resolved
Copy link
Contributor

@o0Ignition0o o0Ignition0o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

I really like the naming, and the comments you've added to the options, and to configuring.md 🎉 !

I have never used AtomicLazyCell before, I tend to use once_cell::Lazy, I'll need to read more about it sometimes! :)

src/cli.rs Show resolved Hide resolved
@EverlastingBugstopper EverlastingBugstopper merged commit 451ba11 into main Sep 23, 2021
@EverlastingBugstopper EverlastingBugstopper deleted the avery/insecure-tls branch September 23, 2021 20:41
@@ -265,6 +265,13 @@ If you use a version control system besides Git, you can use the environment var

Currently, only Git is fully supported by Apollo Studio.

## Bypass TLS/SSL Validation
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Bypassing TLS/SSL validation" (lowercase validation)

@@ -265,6 +265,13 @@ If you use a version control system besides Git, you can use the environment var

Currently, only Git is fully supported by Apollo Studio.

## Bypass TLS/SSL Validation

In some configurations (often on internal networks) users may need Rover to communicate over encrypted channels (e.g., HTTPS) but avoid the more stringent digital certificate verifications which validate hostnames or may even wish to bypass the digital certificate validation entirely. This is generally not recommended and considered to be much less secure but for cases where it's necessary, there are two flags you can use to configure how Rover validates HTTPS requests:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace all instances of "may" with "might" where equivalent

Comma after "networks)"

"users may need" -> "you might need"

"which validate hostnames" -> "that validate hostnames." (end sentence)

"or may even wish" -> "You might even need"


In some configurations (often on internal networks) users may need Rover to communicate over encrypted channels (e.g., HTTPS) but avoid the more stringent digital certificate verifications which validate hostnames or may even wish to bypass the digital certificate validation entirely. This is generally not recommended and considered to be much less secure but for cases where it's necessary, there are two flags you can use to configure how Rover validates HTTPS requests:

- The `--insecure-accept-invalid-hostnames` flag will disable hostname validation. If hostname verification is not used, any valid certificate for any site will be trusted for use from any other. This introduces a significant vulnerability to man-in-the-middle attacks.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"will disable" -> "disables"

"man-in-the-middle" -> "person-in-the-middle" ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"any valid certificate for any site will be trusted for use from any other" <- Not 100% sure what this means?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"any valid certificate for any site will be trusted for use from any other"

if i understand correctly (this is yanked pretty much directly from the underlying library's docs) it'll just skip the step where it compares a specified hostname (like api.apollographql.com) to your local certs, meaning a cert for maliciouscert.com could be used in its place (but sometimes skipping this check is desirable on internal networks)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


- The `--insecure-accept-invalid-hostnames` flag will disable hostname validation. If hostname verification is not used, any valid certificate for any site will be trusted for use from any other. This introduces a significant vulnerability to man-in-the-middle attacks.

- The `--insecure-accept-invalid-certs` flag will disable certificate validation. If invalid certificates are trusted, any certificate for any site will be trusted for use. This includes expired certificates. This introduces significant vulnerabilities, and should only be used as a last resort.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"will disable" -> "disables"

"will be trusted" -> "is trusted"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature 🎉 new commands, flags, functionality, and improved error messages
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rover fails to introspect local HTTPS server with self-signed certificate
5 participants