Skip to content

Commit

Permalink
(wip) add flag and config to force insecure requests
Browse files Browse the repository at this point in the history
  • Loading branch information
@iurev
iurev committed Sep 19, 2023
1 parent 022d1db commit ccc96f9
Show file tree
Hide file tree
Showing 7 changed files with 56 additions and 19 deletions.
16 changes: 2 additions & 14 deletions src/coverage_reporter/api.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,6 @@ module CoverageReporter
module Api
extend self

OPENSSL_VERSION = `openssl version -v`

WORKS = SemanticVersion.new(1, 1, 0)
matches = /.*(\d+)\.(\d+)\.(\d+).*/.match(OPENSSL_VERSION)
unless matches.nil?
major = matches[1].to_i
minor = matches[2].to_i
patch = matches[3].to_i

current = SemanticVersion.new(major, minor, patch)
puts current
puts current < WORKS
end

DEFAULT_HEADERS = HTTP::Headers{
"X-Coveralls-Reporter" => "coverage-reporter",
Expand Down Expand Up @@ -57,7 +44,8 @@ module CoverageReporter
end
end

def tls_for(uri : URI) : OpenSSL::SSL::Context::Client?
def tls_for(uri : URI, force_insecure_requests : Bool = false) : OpenSSL::SSL::Context::Client?
return OpenSSL::SSL::Context::Client.insecure if force_insecure_requests
return nil unless uri.scheme == "https"
return nil if uri.host == "coveralls.io"

Expand Down
2 changes: 1 addition & 1 deletion src/coverage_reporter/api/jobs.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ module CoverageReporter
uri,
body: body,
headers: headers,
tls: Api.tls_for(uri)
tls: Api.tls_for(uri, @config.force_insecure_requests)
)
end

Expand Down
2 changes: 1 addition & 1 deletion src/coverage_reporter/api/webhook.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ module CoverageReporter
uri,
headers: headers,
body: data.to_json,
tls: Api.tls_for(uri)
tls: Api.tls_for(uri, @config.force_insecure_requests)
)
end

Expand Down
17 changes: 16 additions & 1 deletion src/coverage_reporter/cli/cmd.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ module CoverageReporter::Cli
overrides: opts.overrides,
parallel: opts.parallel?,
repo_token: opts.repo_token,
measure: opts.debug? || opts.measure?
measure: opts.debug? || opts.measure?,
force_insecure_requests: opts.force_insecure_requests?,
)

if opts.parallel_done?
Expand Down Expand Up @@ -96,6 +97,7 @@ module CoverageReporter::Cli
property? allow_empty = false
property? measure = false
property? no_fail = false
property? force_insecure_requests = false

# CI options overrides
property service_name : String?
Expand Down Expand Up @@ -223,6 +225,19 @@ module CoverageReporter::Cli
end
end

parser.on("--force-insecure-requests", "Workaround for unsupported OpenSSL v1.0.2, which forces insecure HTTPS requests") do
if CoverageReporter::OpenSSLVersion.new.can_fail?
opts.force_insecure_requests = true
Log.warn "⚠️ Coverage Reporter is using insecure HTTPS requests!"
else
error_message = <<-ERROR
Using insecure HTTPS requests is not supported for OpenSSL => #{OpenSSLVersion::WORKS}.
ERROR
Log.error error_message
raise(error_message)
end
end

parser.on("version", "Show version") do
puts VERSION
exit 0
Expand Down
4 changes: 3 additions & 1 deletion src/coverage_reporter/config.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ module CoverageReporter
class Config
getter repo_token : String?
getter flag_name : String?
getter force_insecure_requests : Bool

@options : Hash(Symbol, String)?
@yaml : YamlConfig
Expand Down Expand Up @@ -45,7 +46,8 @@ module CoverageReporter
@flag_name : String? = nil,
@overrides : CI::Options? = nil,
@compare_ref : String? = nil,
@compare_sha : String? = nil
@compare_sha : String? = nil,
@force_insecure_requests : Bool = false
)
@yaml = YamlConfig.read(path)

Expand Down
30 changes: 30 additions & 0 deletions src/coverage_reporter/openssl_version.cr
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
module CoverageReporter
class OpenSSLVersion
WORKS = SemanticVersion.new(1, 1, 0)

def can_fail?
return current.not_nil! < WORKS unless current.nil?

false
end

private def current
matches = /.*?(\d+)\.(\d+)\.(\d+).*/.match(current_string)
return nil if matches.nil?

major = matches[1].to_i
minor = matches[2].to_i
patch = matches[3].to_i
SemanticVersion.new(major, minor, patch)
end

# TODO: rescue from unknown command
# TODO: return nil for windows
private def current_string
# examples:
# OpenSSL 1.0.2k-fips 26 Jan 2017
# OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
`openssl version -v`
end
end
end
4 changes: 3 additions & 1 deletion src/coverage_reporter/reporter.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ module CoverageReporter
overrides : CI::Options? = nil,
parallel : Bool = false,
repo_token : String? = nil,
measure : Bool = false
measure : Bool = false,
force_insecure_requests : Bool = false

class NoSourceFiles < BaseException
def message
Expand Down Expand Up @@ -82,6 +83,7 @@ module CoverageReporter
compare_sha: settings.compare_sha,
path: settings.config_path,
overrides: settings.overrides,
force_insecure_requests: settings.force_insecure_requests,
)
end

Expand Down

0 comments on commit ccc96f9

Please sign in to comment.