diff --git a/Cargo.lock b/Cargo.lock index 7eecefcd..ca95898b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -618,6 +618,7 @@ dependencies = [ "libc", "log", "maplit", + "native-tls", "nom", "once_cell", "ordered-float", diff --git a/Cargo.toml b/Cargo.toml index ac22f87d..6eca65bb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,3 @@ -# Necessary for 'cargo outdated' -cargo-features = ["resolver"] - [workspace] # Use the newer, better feature resolver. resolver = "2" diff --git a/hipcheck/Cargo.toml b/hipcheck/Cargo.toml index 64df3c89..5a83e8fe 100644 --- a/hipcheck/Cargo.toml +++ b/hipcheck/Cargo.toml @@ -56,12 +56,13 @@ ureq = { version = "2.9.7", default-features = false, features = [ "native-tls", ] } url = "2.2.2" -walkdir = "2" +walkdir = "2.5.0" which = { version = "6.0.1", default-features = false } -xml-rs = "0.8" +xml-rs = "0.8.20" +native-tls = "0.2.11" [target.'cfg(windows)'.dependencies.winapi] -version = "0.3" +version = "0.3.9" features = ["handleapi", "processenv", "winbase", "wincon", "winnt"] [build-dependencies] diff --git a/hipcheck/src/analysis/session/pm.rs b/hipcheck/src/analysis/session/pm.rs index cfd95334..30302161 100644 --- a/hipcheck/src/analysis/session/pm.rs +++ b/hipcheck/src/analysis/session/pm.rs @@ -11,11 +11,11 @@ use serde_json::Value; use std::cmp::max; use std::cmp::Ordering; use std::process::exit; +use std::sync::Arc; use url::Host; use url::Url; use xml::reader::EventReader; use xml::reader::XmlEvent; -//This entire module was largely copied from https://gitlab.mitre.org/software-assurance/repofinder const MAVEN: &str = CheckKind::Maven.name(); const NPM: &str = CheckKind::Npm.name(); @@ -364,7 +364,10 @@ fn extract_repo_for_npm(raw_package: &str) -> Result { }; // Make an HTTP request to that URL. - let response = ureq::get(®istry) + let response = ureq::AgentBuilder::new() + .tls_connector(Arc::new(native_tls::TlsConnector::new()?)) + .build() + .get(®istry) .call() .context("request to npm API failed, make sure the package name is correct as well as the project version")?; @@ -412,7 +415,10 @@ fn extract_repo_for_pypi(raw_package: &str) -> Result { }; // Make an HTTP request to that URL. - let response = ureq::get(®istry) + let response = ureq::AgentBuilder::new() + .tls_connector(Arc::new(native_tls::TlsConnector::new()?)) + .build() + .get(®istry) .call() .context("request to PYPI API failed, make sure the project name is correct (case matters) as well as the project version")?; @@ -444,7 +450,10 @@ fn extract_repo_for_pypi(raw_package: &str) -> Result { fn extract_repo_for_maven(url: &str) -> Result { // Make an HTTP request to that URL to get the POM file. - let response = ureq::get(url) + let response = ureq::AgentBuilder::new() + .tls_connector(Arc::new(native_tls::TlsConnector::new()?)) + .build() + .get(url) .call() .context("request to Maven API failed")?; diff --git a/hipcheck/src/data.rs b/hipcheck/src/data.rs index 1e479f49..6971d2c2 100644 --- a/hipcheck/src/data.rs +++ b/hipcheck/src/data.rs @@ -79,7 +79,7 @@ pub struct Fuzz { } pub fn get_fuzz_check(token: &str, repo_uri: Rc) -> Result { - let github = GitHub::new("google", "oss-fuzz", token); + let github = GitHub::new("google", "oss-fuzz", token)?; let github_result = github .fuzz_check(repo_uri) @@ -113,7 +113,7 @@ pub fn get_pull_request_reviews_from_github( repo: &str, token: &str, ) -> Result> { - let github = GitHub::new(owner, repo, token); + let github = GitHub::new(owner, repo, token)?; let results = github .get_reviews_for_pr() @@ -134,7 +134,7 @@ pub fn get_single_pull_request_review_from_github( pull_request: &u64, token: &str, ) -> Result { - let github_pr = GitHubPr::new(owner, repo, pull_request, token); + let github_pr = GitHubPr::new(owner, repo, pull_request, token)?; let github_result = github_pr .get_review_for_single_pr() diff --git a/hipcheck/src/data/github/authenticated_agent.rs b/hipcheck/src/data/github/authenticated_agent.rs index e6544b79..bfaabe08 100644 --- a/hipcheck/src/data/github/authenticated_agent.rs +++ b/hipcheck/src/data/github/authenticated_agent.rs @@ -1,7 +1,12 @@ //! Defines an authenticated [`Agent`] type that adds token auth to all requests. +use std::sync::Arc; + use crate::data::github::hidden::Hidden; +use crate::error::Result; +use native_tls::TlsConnector; use ureq::Agent; +use ureq::AgentBuilder; use ureq::Request; /// An [`Agent`] which authenticates requests with token auth. @@ -18,11 +23,14 @@ pub struct AuthenticatedAgent<'token> { impl<'token> AuthenticatedAgent<'token> { /// Construct a new authenticated agent. - pub fn new(token: &'token str) -> AuthenticatedAgent<'token> { - AuthenticatedAgent { - agent: Agent::new(), - token: Hidden::new(token), - } + pub fn new(token: &'token str) -> Result> { + let agent = AgentBuilder::new() + .tls_connector(Arc::new(TlsConnector::new()?)) + .build(); + + let token = Hidden::new(token); + + Ok(AuthenticatedAgent { agent, token }) } /// Make an authenticated GET request. diff --git a/hipcheck/src/data/github/mod.rs b/hipcheck/src/data/github/mod.rs index a07a2208..fd83990f 100644 --- a/hipcheck/src/data/github/mod.rs +++ b/hipcheck/src/data/github/mod.rs @@ -24,12 +24,12 @@ pub struct GitHub<'a> { } impl<'a> GitHub<'a> { - pub fn new(owner: &'a str, repo: &'a str, token: &'a str) -> GitHub<'a> { - GitHub { + pub fn new(owner: &'a str, repo: &'a str, token: &'a str) -> Result> { + Ok(GitHub { owner, repo, - agent: AuthenticatedAgent::new(token), - } + agent: AuthenticatedAgent::new(token)?, + }) } pub fn fuzz_check(&self, repo_uri: Rc) -> Result { @@ -54,13 +54,13 @@ impl<'a> GitHubPr<'a> { repo: &'a str, pull_request: &'a u64, token: &'a str, - ) -> GitHubPr<'a> { - GitHubPr { + ) -> Result> { + Ok(GitHubPr { owner, repo, pull_request, - agent: AuthenticatedAgent::new(token), - } + agent: AuthenticatedAgent::new(token)?, + }) } pub fn get_review_for_single_pr(&self) -> Result {