From ccc96f95e51e965e6ea61742fad1c5092df56117 Mon Sep 17 00:00:00 2001 From: Vitalii Yulieff Date: Tue, 19 Sep 2023 17:46:44 +0400 Subject: [PATCH] (wip) add flag and config to force insecure requests --- src/coverage_reporter/api.cr | 16 ++----------- src/coverage_reporter/api/jobs.cr | 2 +- src/coverage_reporter/api/webhook.cr | 2 +- src/coverage_reporter/cli/cmd.cr | 17 +++++++++++++- src/coverage_reporter/config.cr | 4 +++- src/coverage_reporter/openssl_version.cr | 30 ++++++++++++++++++++++++ src/coverage_reporter/reporter.cr | 4 +++- 7 files changed, 56 insertions(+), 19 deletions(-) create mode 100644 src/coverage_reporter/openssl_version.cr diff --git a/src/coverage_reporter/api.cr b/src/coverage_reporter/api.cr index ab9582f3..663642dd 100644 --- a/src/coverage_reporter/api.cr +++ b/src/coverage_reporter/api.cr @@ -7,19 +7,6 @@ module CoverageReporter module Api extend self - OPENSSL_VERSION = `openssl version -v` - - WORKS = SemanticVersion.new(1, 1, 0) - matches = /.*(\d+)\.(\d+)\.(\d+).*/.match(OPENSSL_VERSION) - unless matches.nil? - major = matches[1].to_i - minor = matches[2].to_i - patch = matches[3].to_i - - current = SemanticVersion.new(major, minor, patch) - puts current - puts current < WORKS - end DEFAULT_HEADERS = HTTP::Headers{ "X-Coveralls-Reporter" => "coverage-reporter", @@ -57,7 +44,8 @@ module CoverageReporter end end - def tls_for(uri : URI) : OpenSSL::SSL::Context::Client? + def tls_for(uri : URI, force_insecure_requests : Bool = false) : OpenSSL::SSL::Context::Client? + return OpenSSL::SSL::Context::Client.insecure if force_insecure_requests return nil unless uri.scheme == "https" return nil if uri.host == "coveralls.io" diff --git a/src/coverage_reporter/api/jobs.cr b/src/coverage_reporter/api/jobs.cr index 3b9b2596..a9ff8a42 100644 --- a/src/coverage_reporter/api/jobs.cr +++ b/src/coverage_reporter/api/jobs.cr @@ -68,7 +68,7 @@ module CoverageReporter uri, body: body, headers: headers, - tls: Api.tls_for(uri) + tls: Api.tls_for(uri, @config.force_insecure_requests) ) end diff --git a/src/coverage_reporter/api/webhook.cr b/src/coverage_reporter/api/webhook.cr index b7e4dd2f..82547441 100644 --- a/src/coverage_reporter/api/webhook.cr +++ b/src/coverage_reporter/api/webhook.cr @@ -39,7 +39,7 @@ module CoverageReporter uri, headers: headers, body: data.to_json, - tls: Api.tls_for(uri) + tls: Api.tls_for(uri, @config.force_insecure_requests) ) end diff --git a/src/coverage_reporter/cli/cmd.cr b/src/coverage_reporter/cli/cmd.cr index 781c8891..8090a223 100644 --- a/src/coverage_reporter/cli/cmd.cr +++ b/src/coverage_reporter/cli/cmd.cr @@ -23,7 +23,8 @@ module CoverageReporter::Cli overrides: opts.overrides, parallel: opts.parallel?, repo_token: opts.repo_token, - measure: opts.debug? || opts.measure? + measure: opts.debug? || opts.measure?, + force_insecure_requests: opts.force_insecure_requests?, ) if opts.parallel_done? @@ -96,6 +97,7 @@ module CoverageReporter::Cli property? allow_empty = false property? measure = false property? no_fail = false + property? force_insecure_requests = false # CI options overrides property service_name : String? @@ -223,6 +225,19 @@ module CoverageReporter::Cli end end + parser.on("--force-insecure-requests", "Workaround for unsupported OpenSSL v1.0.2, which forces insecure HTTPS requests") do + if CoverageReporter::OpenSSLVersion.new.can_fail? + opts.force_insecure_requests = true + Log.warn "⚠️ Coverage Reporter is using insecure HTTPS requests!" + else + error_message = <<-ERROR + Using insecure HTTPS requests is not supported for OpenSSL => #{OpenSSLVersion::WORKS}. + ERROR + Log.error error_message + raise(error_message) + end + end + parser.on("version", "Show version") do puts VERSION exit 0 diff --git a/src/coverage_reporter/config.cr b/src/coverage_reporter/config.cr index ab712010..3ceb7c58 100644 --- a/src/coverage_reporter/config.cr +++ b/src/coverage_reporter/config.cr @@ -6,6 +6,7 @@ module CoverageReporter class Config getter repo_token : String? getter flag_name : String? + getter force_insecure_requests : Bool @options : Hash(Symbol, String)? @yaml : YamlConfig @@ -45,7 +46,8 @@ module CoverageReporter @flag_name : String? = nil, @overrides : CI::Options? = nil, @compare_ref : String? = nil, - @compare_sha : String? = nil + @compare_sha : String? = nil, + @force_insecure_requests : Bool = false ) @yaml = YamlConfig.read(path) diff --git a/src/coverage_reporter/openssl_version.cr b/src/coverage_reporter/openssl_version.cr new file mode 100644 index 00000000..96f20d5d --- /dev/null +++ b/src/coverage_reporter/openssl_version.cr @@ -0,0 +1,30 @@ +module CoverageReporter + class OpenSSLVersion + WORKS = SemanticVersion.new(1, 1, 0) + + def can_fail? + return current.not_nil! < WORKS unless current.nil? + + false + end + + private def current + matches = /.*?(\d+)\.(\d+)\.(\d+).*/.match(current_string) + return nil if matches.nil? + + major = matches[1].to_i + minor = matches[2].to_i + patch = matches[3].to_i + SemanticVersion.new(major, minor, patch) + end + + # TODO: rescue from unknown command + # TODO: return nil for windows + private def current_string + # examples: + # OpenSSL 1.0.2k-fips 26 Jan 2017 + # OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023) + `openssl version -v` + end + end +end diff --git a/src/coverage_reporter/reporter.cr b/src/coverage_reporter/reporter.cr index 2a1a849d..f53cf995 100644 --- a/src/coverage_reporter/reporter.cr +++ b/src/coverage_reporter/reporter.cr @@ -16,7 +16,8 @@ module CoverageReporter overrides : CI::Options? = nil, parallel : Bool = false, repo_token : String? = nil, - measure : Bool = false + measure : Bool = false, + force_insecure_requests : Bool = false class NoSourceFiles < BaseException def message @@ -82,6 +83,7 @@ module CoverageReporter compare_sha: settings.compare_sha, path: settings.config_path, overrides: settings.overrides, + force_insecure_requests: settings.force_insecure_requests, ) end