From a0cb9c19faf555e96b60866fbeb4133467218ebe Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 11 Nov 2024 10:44:23 +0000 Subject: [PATCH 01/15] C#: Add `CODEQL_PROXY_*` environment variable names --- .../EnvironmentVariableNames.cs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs index 345cb43453fc..d825e5daeb03 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs @@ -74,5 +74,20 @@ internal static class EnvironmentVariableNames /// Specifies the location of the diagnostic directory. /// public const string DiagnosticDir = "CODEQL_EXTRACTOR_CSHARP_DIAGNOSTIC_DIR"; + + /// + /// Specifies the hostname of the Dependabot proxy. + /// + public const string ProxyHost = "CODEQL_PROXY_HOST"; + + /// + /// Specifies the hostname of the Dependabot proxy. + /// + public const string ProxyPort = "CODEQL_PROXY_PORT"; + + /// + /// Contains the certificate used by the Dependabot proxy. + /// + public const string ProxyCertificate = "CODEQL_PROXY_CA_CERTIFICATE"; } } From 459b76ac3f45ac321c24c1e6686a6e95e1a592a5 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 11 Nov 2024 11:25:13 +0000 Subject: [PATCH 02/15] C#: Add `DependabotProxy` class --- .../DependabotProxy.cs | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs new file mode 100644 index 000000000000..5b47189c7454 --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -0,0 +1,53 @@ +using System; +using System.IO; +using Semmle.Util; + +namespace Semmle.Extraction.CSharp.DependencyFetching +{ + internal class DependabotProxy + { + private readonly string? host; + private readonly string? port; + private readonly FileInfo? certFile; + + /// + /// The full address of the Dependabot proxy, if available. + /// + internal readonly string? Address; + + /// + /// Gets a value indicating whether a Dependabot proxy is configured. + /// + internal bool IsConfigured => !string.IsNullOrEmpty(this.Address); + + internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) + { + // Obtain and store the address of the Dependabot proxy, if available. + this.host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); + this.port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); + + if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port)) + { + return; + } + + this.Address = $"http://{this.host}:{this.port}"; + + // Obtain and store the proxy's certificate, if available. + var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate); + + if (string.IsNullOrWhiteSpace(cert)) + { + return; + } + + var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); + Directory.CreateDirectory(certDirPath.FullName); + + this.certFile = new FileInfo(Path.Join(certDirPath.FullName, "proxy.crt")); + + using var writer = this.certFile.CreateText(); + writer.Write(cert); + } + } +} From c6f089585a15d29c4596b9d80418ba6dfd763fa9 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 19 Nov 2024 12:26:54 +0000 Subject: [PATCH 03/15] C#: Initialise `DependabotProxy` in `DotNetCliInvoker` --- .../DotNet.cs | 2 +- .../DotNetCliInvoker.cs | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index edfea049a81b..439f00754dda 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -27,7 +27,7 @@ private DotNet(IDotNetCliInvoker dotnetCliInvoker, ILogger logger, TemporaryDire Info(); } - private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet")), logger, tempWorkingDirectory) { } + private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), tempWorkingDirectory), logger, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index 4295cce67167..b81b393e42a0 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -12,12 +12,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching internal sealed class DotNetCliInvoker : IDotNetCliInvoker { private readonly ILogger logger; + private readonly DependabotProxy proxy; public string Exec { get; } - public DotNetCliInvoker(ILogger logger, string exec) + public DotNetCliInvoker(ILogger logger, string exec, TemporaryDirectory tempWorkingDirectory) { this.logger = logger; + this.proxy = new DependabotProxy(tempWorkingDirectory); this.Exec = exec; logger.LogInfo($"Using .NET CLI executable: '{Exec}'"); } @@ -38,6 +40,14 @@ private ProcessStartInfo MakeDotnetStartInfo(string args, string? workingDirecto startInfo.EnvironmentVariables["DOTNET_CLI_UI_LANGUAGE"] = "en"; startInfo.EnvironmentVariables["MSBUILDDISABLENODEREUSE"] = "1"; startInfo.EnvironmentVariables["DOTNET_SKIP_FIRST_TIME_EXPERIENCE"] = "true"; + + // Configure the proxy settings, if applicable. + this.proxy.ApplyProxy(this.logger, startInfo); + + this.logger.LogInfo(startInfo.EnvironmentVariables["HTTP_PROXY"] ?? ""); + this.logger.LogInfo(startInfo.EnvironmentVariables["HTTPS_PROXY"] ?? ""); + this.logger.LogInfo(startInfo.EnvironmentVariables["SSL_CERT_FILE"] ?? ""); + return startInfo; } From d6fda1ae72a9be12be61ff864eb3e31e69da1d0e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 19 Nov 2024 13:23:05 +0000 Subject: [PATCH 04/15] C#: Set environment variables for proxy for calls to `dotnet` --- .../DependabotProxy.cs | 14 ++++++++++++++ .../DotNetCliInvoker.cs | 4 ---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 5b47189c7454..96ba3452cefe 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -1,6 +1,8 @@ using System; +using System.Diagnostics; using System.IO; using Semmle.Util; +using Semmle.Util.Logging; namespace Semmle.Extraction.CSharp.DependencyFetching { @@ -49,5 +51,17 @@ internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) using var writer = this.certFile.CreateText(); writer.Write(cert); } + + internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) + { + // If the proxy isn't configured, we have nothing to do. + if (!this.IsConfigured) return; + + logger.LogInfo($"Setting up Dependabot proxy at {this.Address}"); + + startInfo.EnvironmentVariables["HTTP_PROXY"] = this.Address; + startInfo.EnvironmentVariables["HTTPS_PROXY"] = this.Address; + startInfo.EnvironmentVariables["SSL_CERT_FILE"] = this.certFile?.FullName; + } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index b81b393e42a0..522d3e9ffd45 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -44,10 +44,6 @@ private ProcessStartInfo MakeDotnetStartInfo(string args, string? workingDirecto // Configure the proxy settings, if applicable. this.proxy.ApplyProxy(this.logger, startInfo); - this.logger.LogInfo(startInfo.EnvironmentVariables["HTTP_PROXY"] ?? ""); - this.logger.LogInfo(startInfo.EnvironmentVariables["HTTPS_PROXY"] ?? ""); - this.logger.LogInfo(startInfo.EnvironmentVariables["SSL_CERT_FILE"] ?? ""); - return startInfo; } From 84d3532a0521055cfe3ecb5fd4a5bacd98257e71 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 29 Nov 2024 13:18:58 +0000 Subject: [PATCH 05/15] C#: Add more logging to `DependabotProxy` --- .../DependabotProxy.cs | 10 ++++++++-- .../DotNetCliInvoker.cs | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 96ba3452cefe..c1db0b99017a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -22,7 +22,7 @@ internal class DependabotProxy /// internal bool IsConfigured => !string.IsNullOrEmpty(this.Address); - internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) + internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) { // Obtain and store the address of the Dependabot proxy, if available. this.host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); @@ -30,26 +30,32 @@ internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port)) { + logger.LogInfo("No Dependabot proxy credentials are configured."); return; } this.Address = $"http://{this.host}:{this.port}"; + logger.LogInfo($"Dependabot proxy configured at {this.Address}"); // Obtain and store the proxy's certificate, if available. var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate); if (string.IsNullOrWhiteSpace(cert)) { + logger.LogInfo("No certificate configured for Dependabot proxy."); return; } var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); Directory.CreateDirectory(certDirPath.FullName); - this.certFile = new FileInfo(Path.Join(certDirPath.FullName, "proxy.crt")); + var certFilePath = Path.Join(certDirPath.FullName, "proxy.crt"); + this.certFile = new FileInfo(certFilePath); using var writer = this.certFile.CreateText(); writer.Write(cert); + + logger.LogInfo($"Stored Dependabot proxy certificate at {certFilePath}"); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index 522d3e9ffd45..597acc58259a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -19,7 +19,7 @@ internal sealed class DotNetCliInvoker : IDotNetCliInvoker public DotNetCliInvoker(ILogger logger, string exec, TemporaryDirectory tempWorkingDirectory) { this.logger = logger; - this.proxy = new DependabotProxy(tempWorkingDirectory); + this.proxy = new DependabotProxy(logger, tempWorkingDirectory); this.Exec = exec; logger.LogInfo($"Using .NET CLI executable: '{Exec}'"); } From 4a7413cf11b0511b4ad808af28c6cb52f97055cc Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 13:40:37 +0000 Subject: [PATCH 06/15] C#: Use `Add` for environment variables --- .../DependabotProxy.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index c1db0b99017a..462cde58c87b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -65,9 +65,9 @@ internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) logger.LogInfo($"Setting up Dependabot proxy at {this.Address}"); - startInfo.EnvironmentVariables["HTTP_PROXY"] = this.Address; - startInfo.EnvironmentVariables["HTTPS_PROXY"] = this.Address; - startInfo.EnvironmentVariables["SSL_CERT_FILE"] = this.certFile?.FullName; + startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.Address); + startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); + startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); } } } From 8b5050e427a57240451f05afd0eb62c51048b91c Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 14:17:06 +0000 Subject: [PATCH 07/15] C# Expose `CertificatePath` from `DependabotProxy` --- .../DependabotProxy.cs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 462cde58c87b..56bf08de9cc8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -16,6 +16,10 @@ internal class DependabotProxy /// The full address of the Dependabot proxy, if available. /// internal readonly string? Address; + /// + /// The path to the temporary file where the certificate is stored. + /// + internal readonly string? CertificatePath; /// /// Gets a value indicating whether a Dependabot proxy is configured. @@ -49,13 +53,13 @@ internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); Directory.CreateDirectory(certDirPath.FullName); - var certFilePath = Path.Join(certDirPath.FullName, "proxy.crt"); - this.certFile = new FileInfo(certFilePath); + this.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt"); + this.certFile = new FileInfo(this.CertificatePath); using var writer = this.certFile.CreateText(); writer.Write(cert); - logger.LogInfo($"Stored Dependabot proxy certificate at {certFilePath}"); + logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) From 4d5c55e5339fc349c5f91193f1f0b8139677e27f Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 14:18:24 +0000 Subject: [PATCH 08/15] C#: Propagate `DependabotProxy` instance down from `DependencyManager` --- .../DependabotProxy.cs | 2 +- .../DependencyManager.cs | 7 +++++-- .../Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs | 4 ++-- .../DotNetCliInvoker.cs | 4 ++-- .../NugetPackageRestorer.cs | 3 +++ 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 56bf08de9cc8..207d19777cc8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -6,7 +6,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { - internal class DependabotProxy + public class DependabotProxy { private readonly string? host; private readonly string? port; diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 4866df1260e2..de9308675982 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -27,6 +27,7 @@ public sealed partial class DependencyManager : IDisposable, ICompilationInfoCon private readonly ILogger logger; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly NugetPackageRestorer nugetPackageRestorer; + private readonly DependabotProxy dependabotProxy; private readonly IDotNet dotnet; private readonly FileContent fileContent; private readonly FileProvider fileProvider; @@ -106,9 +107,11 @@ void exitCallback(int ret, string msg, bool silent) return BuildScript.Success; }).Run(SystemBuildActions.Instance, startCallback, exitCallback); + dependabotProxy = new DependabotProxy(logger, tempWorkingDirectory); + try { - this.dotnet = DotNet.Make(logger, dotnetPath, tempWorkingDirectory); + this.dotnet = DotNet.Make(logger, dotnetPath, tempWorkingDirectory, dependabotProxy); runtimeLazy = new Lazy(() => new Runtime(dotnet)); } catch @@ -117,7 +120,7 @@ void exitCallback(int ret, string msg, bool silent) throw; } - nugetPackageRestorer = new NugetPackageRestorer(fileProvider, fileContent, dotnet, diagnosticsWriter, logger, this); + nugetPackageRestorer = new NugetPackageRestorer(fileProvider, fileContent, dotnet, dependabotProxy, diagnosticsWriter, logger, this); var dllLocations = fileProvider.Dlls.Select(x => new AssemblyLookupLocation(x)).ToHashSet(); dllLocations.UnionWith(nugetPackageRestorer.Restore()); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index 439f00754dda..a82a0a47f415 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -27,11 +27,11 @@ private DotNet(IDotNetCliInvoker dotnetCliInvoker, ILogger logger, TemporaryDire Info(); } - private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), tempWorkingDirectory), logger, tempWorkingDirectory) { } + private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger); - public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) => new DotNet(logger, dotNetPath, tempWorkingDirectory); + public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy); private void Info() { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index 597acc58259a..cdadfe1f5b8e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -16,10 +16,10 @@ internal sealed class DotNetCliInvoker : IDotNetCliInvoker public string Exec { get; } - public DotNetCliInvoker(ILogger logger, string exec, TemporaryDirectory tempWorkingDirectory) + public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy dependabotProxy) { this.logger = logger; - this.proxy = new DependabotProxy(logger, tempWorkingDirectory); + this.proxy = dependabotProxy; this.Exec = exec; logger.LogInfo($"Using .NET CLI executable: '{Exec}'"); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 3895db3e4d40..fcb0ca747ef6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -21,6 +21,7 @@ internal sealed partial class NugetPackageRestorer : IDisposable private readonly FileProvider fileProvider; private readonly FileContent fileContent; private readonly IDotNet dotnet; + private readonly DependabotProxy dependabotProxy; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly TemporaryDirectory legacyPackageDirectory; private readonly TemporaryDirectory missingPackageDirectory; @@ -33,6 +34,7 @@ public NugetPackageRestorer( FileProvider fileProvider, FileContent fileContent, IDotNet dotnet, + DependabotProxy dependabotProxy, IDiagnosticsWriter diagnosticsWriter, ILogger logger, ICompilationInfoContainer compilationInfoContainer) @@ -40,6 +42,7 @@ public NugetPackageRestorer( this.fileProvider = fileProvider; this.fileContent = fileContent; this.dotnet = dotnet; + this.dependabotProxy = dependabotProxy; this.diagnosticsWriter = diagnosticsWriter; this.logger = logger; this.compilationInfoContainer = compilationInfoContainer; From 8886292eec1ce703d240ea52d377282b78ef215e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 14:20:11 +0000 Subject: [PATCH 09/15] C#: Set up proxy for `IsFeedReachable`, if configured --- .../NugetPackageRestorer.cs | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index fcb0ca747ef6..3663265f5b92 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -3,8 +3,9 @@ using System.Collections.Generic; using System.IO; using System.Linq; +using System.Net; using System.Net.Http; -using System.Security.Cryptography; +using System.Security.Cryptography.X509Certificates; using System.Text; using System.Text.RegularExpressions; using System.Threading; @@ -592,7 +593,26 @@ private static async Task ExecuteGetRequest(string address, HttpClient httpClien private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, bool allowExceptions = true) { logger.LogInfo($"Checking if Nuget feed '{feed}' is reachable..."); - using HttpClient client = new(); + + // Configure the HttpClient to be aware of the Dependabot Proxy, if used. + HttpClientHandler httpClientHandler = new(); + if (this.dependabotProxy.IsConfigured) + { + httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); + + if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath)) + { + X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath); + httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => + { + chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust; + chain.ChainPolicy.CustomTrustStore.Add(proxyCert); + return chain.Build(cert); + }; + } + } + + using HttpClient client = new(httpClientHandler); for (var i = 0; i < tryCount; i++) { From 174cb7c0e2a538abbbeb49c100d5b52f31fe1362 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Dec 2024 18:47:47 +0000 Subject: [PATCH 10/15] C#: Load Dependabot Proxy certificate in `DependabotProxy`, and implement `IDisposable` --- .../DependabotProxy.cs | 17 ++++++++++++++++- .../DependencyManager.cs | 1 + .../NugetPackageRestorer.cs | 5 ++--- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 207d19777cc8..7d0f21d65b1a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -1,12 +1,13 @@ using System; using System.Diagnostics; using System.IO; +using System.Security.Cryptography.X509Certificates; using Semmle.Util; using Semmle.Util.Logging; namespace Semmle.Extraction.CSharp.DependencyFetching { - public class DependabotProxy + public class DependabotProxy : IDisposable { private readonly string? host; private readonly string? port; @@ -20,6 +21,10 @@ public class DependabotProxy /// The path to the temporary file where the certificate is stored. /// internal readonly string? CertificatePath; + /// + /// The certificate used for the Dependabot proxy. + /// + internal readonly X509Certificate2? Certificate; /// /// Gets a value indicating whether a Dependabot proxy is configured. @@ -60,6 +65,8 @@ internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory writer.Write(cert); logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); + + this.Certificate = new X509Certificate2(this.CertificatePath); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) @@ -73,5 +80,13 @@ internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); } + + public void Dispose() + { + if (this.Certificate != null) + { + this.Certificate.Dispose(); + } + } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index de9308675982..bbd5ecbd127a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -545,6 +545,7 @@ private void AnalyseProject(FileInfo project) public void Dispose() { nugetPackageRestorer?.Dispose(); + dependabotProxy.Dispose(); if (cleanupTempWorkingDirectory) { tempWorkingDirectory?.Dispose(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 3663265f5b92..8ea25c72f369 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -600,13 +600,12 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, { httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); - if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath)) + if (this.dependabotProxy.Certificate != null) { - X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath); httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => { chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust; - chain.ChainPolicy.CustomTrustStore.Add(proxyCert); + chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate); return chain.Build(cert); }; } From 2bb59e2850e9423ee4b807f1ee522ea43d260bfa Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Dec 2024 12:13:29 +0000 Subject: [PATCH 11/15] C#: Apply suggestions from code review for `DependabotProxy` --- .../DependabotProxy.cs | 69 ++++++++----------- .../DependencyManager.cs | 4 +- .../DotNet.cs | 4 +- .../DotNetCliInvoker.cs | 13 +++- .../NugetPackageRestorer.cs | 6 +- 5 files changed, 45 insertions(+), 51 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 7d0f21d65b1a..d1a5df4dbc5e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -9,84 +9,71 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { public class DependabotProxy : IDisposable { - private readonly string? host; - private readonly string? port; - private readonly FileInfo? certFile; + private readonly string host; + private readonly string port; /// /// The full address of the Dependabot proxy, if available. /// - internal readonly string? Address; + internal string Address { get; } /// /// The path to the temporary file where the certificate is stored. /// - internal readonly string? CertificatePath; + internal string? CertificatePath { get; private set; } /// /// The certificate used for the Dependabot proxy. /// - internal readonly X509Certificate2? Certificate; + internal X509Certificate2? Certificate { get; private set; } - /// - /// Gets a value indicating whether a Dependabot proxy is configured. - /// - internal bool IsConfigured => !string.IsNullOrEmpty(this.Address); - - internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) + internal static DependabotProxy? GetDependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) { // Obtain and store the address of the Dependabot proxy, if available. - this.host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); - this.port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); + var host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); + var port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port)) { logger.LogInfo("No Dependabot proxy credentials are configured."); - return; + return null; } - this.Address = $"http://{this.host}:{this.port}"; - logger.LogInfo($"Dependabot proxy configured at {this.Address}"); + var result = new DependabotProxy(host, port); + logger.LogInfo($"Dependabot proxy configured at {result.Address}"); // Obtain and store the proxy's certificate, if available. var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate); - if (string.IsNullOrWhiteSpace(cert)) + if (!string.IsNullOrWhiteSpace(cert)) { logger.LogInfo("No certificate configured for Dependabot proxy."); - return; - } - var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); - Directory.CreateDirectory(certDirPath.FullName); + var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); + Directory.CreateDirectory(certDirPath.FullName); + + result.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt"); + var certFile = new FileInfo(result.CertificatePath); - this.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt"); - this.certFile = new FileInfo(this.CertificatePath); + using var writer = certFile.CreateText(); + writer.Write(cert); - using var writer = this.certFile.CreateText(); - writer.Write(cert); + logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}"); - logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); + result.Certificate = new X509Certificate2(result.CertificatePath); + } - this.Certificate = new X509Certificate2(this.CertificatePath); + return result; } - internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) + private DependabotProxy(string host, string port) { - // If the proxy isn't configured, we have nothing to do. - if (!this.IsConfigured) return; - - logger.LogInfo($"Setting up Dependabot proxy at {this.Address}"); - - startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.Address); - startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); - startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); + this.host = host; + this.port = port; + this.Address = $"http://{this.host}:{this.port}"; } public void Dispose() { - if (this.Certificate != null) - { - this.Certificate.Dispose(); - } + this.Certificate?.Dispose(); } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index bbd5ecbd127a..cf4c6d73bd65 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -27,7 +27,7 @@ public sealed partial class DependencyManager : IDisposable, ICompilationInfoCon private readonly ILogger logger; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly NugetPackageRestorer nugetPackageRestorer; - private readonly DependabotProxy dependabotProxy; + private readonly DependabotProxy? dependabotProxy; private readonly IDotNet dotnet; private readonly FileContent fileContent; private readonly FileProvider fileProvider; @@ -107,7 +107,7 @@ void exitCallback(int ret, string msg, bool silent) return BuildScript.Success; }).Run(SystemBuildActions.Instance, startCallback, exitCallback); - dependabotProxy = new DependabotProxy(logger, tempWorkingDirectory); + dependabotProxy = DependabotProxy.GetDependabotProxy(logger, tempWorkingDirectory); try { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index a82a0a47f415..c1fdcc06e91b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -27,11 +27,11 @@ private DotNet(IDotNetCliInvoker dotnetCliInvoker, ILogger logger, TemporaryDire Info(); } - private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { } + private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger); - public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy); + public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy); private void Info() { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index cdadfe1f5b8e..19f0f3dbe0d9 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -12,11 +12,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching internal sealed class DotNetCliInvoker : IDotNetCliInvoker { private readonly ILogger logger; - private readonly DependabotProxy proxy; + private readonly DependabotProxy? proxy; public string Exec { get; } - public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy dependabotProxy) + public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy? dependabotProxy) { this.logger = logger; this.proxy = dependabotProxy; @@ -42,7 +42,14 @@ private ProcessStartInfo MakeDotnetStartInfo(string args, string? workingDirecto startInfo.EnvironmentVariables["DOTNET_SKIP_FIRST_TIME_EXPERIENCE"] = "true"; // Configure the proxy settings, if applicable. - this.proxy.ApplyProxy(this.logger, startInfo); + if (this.proxy != null) + { + logger.LogInfo($"Setting up Dependabot proxy at {this.proxy.Address}"); + + startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.proxy.Address); + startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.proxy.Address); + startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.proxy.CertificatePath); + } return startInfo; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 8ea25c72f369..1c90d3b7d89e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -22,7 +22,7 @@ internal sealed partial class NugetPackageRestorer : IDisposable private readonly FileProvider fileProvider; private readonly FileContent fileContent; private readonly IDotNet dotnet; - private readonly DependabotProxy dependabotProxy; + private readonly DependabotProxy? dependabotProxy; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly TemporaryDirectory legacyPackageDirectory; private readonly TemporaryDirectory missingPackageDirectory; @@ -35,7 +35,7 @@ public NugetPackageRestorer( FileProvider fileProvider, FileContent fileContent, IDotNet dotnet, - DependabotProxy dependabotProxy, + DependabotProxy? dependabotProxy, IDiagnosticsWriter diagnosticsWriter, ILogger logger, ICompilationInfoContainer compilationInfoContainer) @@ -596,7 +596,7 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, // Configure the HttpClient to be aware of the Dependabot Proxy, if used. HttpClientHandler httpClientHandler = new(); - if (this.dependabotProxy.IsConfigured) + if (this.dependabotProxy != null) { httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); From 1569621605b9eb2ff089eb39b554af12e54ac672 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Dec 2024 12:25:45 +0000 Subject: [PATCH 12/15] C#: Don't initialise `DependabotProxy` on Windows or macOS --- .../DependabotProxy.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index d1a5df4dbc5e..09f5a15a21d6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -27,6 +27,13 @@ public class DependabotProxy : IDisposable internal static DependabotProxy? GetDependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) { + // Setting HTTP(S)_PROXY and SSL_CERT_FILE have no effect on Windows or macOS, + // but we would still end up using the Dependabot proxy to check for feed reachability. + // This would result in us discovering that the feeds are reachable, but `dotnet` would + // fail to connect to them. To prevent this from happening, we do not initialise an + // instance of `DependabotProxy` on those platforms. + if (SystemBuildActions.Instance.IsWindows() || SystemBuildActions.Instance.IsMacOs()) return null; + // Obtain and store the address of the Dependabot proxy, if available. var host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); var port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); From 671e61f3b36547a9a584c431f9c0022cc989f3c6 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Dec 2024 12:32:55 +0000 Subject: [PATCH 13/15] C#: Fix possible null dereference --- .../DependencyManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index cf4c6d73bd65..b8773f0ae4a6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -545,7 +545,7 @@ private void AnalyseProject(FileInfo project) public void Dispose() { nugetPackageRestorer?.Dispose(); - dependabotProxy.Dispose(); + dependabotProxy?.Dispose(); if (cleanupTempWorkingDirectory) { tempWorkingDirectory?.Dispose(); From 0d206bd0bb25c5c344e9aa23b1f9ec3080125c00 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 6 Dec 2024 13:13:15 +0000 Subject: [PATCH 14/15] C#: Explicitly close writer in `DependabotProxy` --- .../DependabotProxy.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 09f5a15a21d6..f3d92b38f0c8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -62,6 +62,7 @@ public class DependabotProxy : IDisposable using var writer = certFile.CreateText(); writer.Write(cert); + writer.Close(); logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}"); From 32d757f65c9527e9d03714d3d2e2f82b5f1d05e4 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 6 Dec 2024 13:13:41 +0000 Subject: [PATCH 15/15] C#: Create certificate from string, rather than file --- .../DependabotProxy.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index f3d92b38f0c8..895bd313ac30 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -66,7 +66,7 @@ public class DependabotProxy : IDisposable logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}"); - result.Certificate = new X509Certificate2(result.CertificatePath); + result.Certificate = X509Certificate2.CreateFromPem(cert); } return result;