Merge pull request #1325 from robnadin/bitbucketserver-verify-ssl

Add option to bypass SSL verification for Bitbucket Server requests
danger · Oct 1, 2021 · b44e9e4 · b44e9e4
2 parents d7cb8e3 + 7524ac3
commit b44e9e4
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,7 +10,7 @@
 
 ## master
 <!-- Your comment below here -->
-
+* Add support to pass in `DANGER_BITBUCKETSERVER_VERIFY_SSL` to toggle SSL Verification for Bitbucket Server
 <!-- Your comment above here -->
 
 ## 8.4.0

diff --git a/lib/danger/request_sources/bitbucket_server.rb b/lib/danger/request_sources/bitbucket_server.rb
@@ -20,10 +20,12 @@ def self.env_vars
  end
 
  def self.optional_env_vars
- ["DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_KEY",
- "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_TITLE",
- "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_DESCRIPTION",
- "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_LOGO_URL"
+ [
+ "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_KEY",
+ "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_TITLE",
+ "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_DESCRIPTION",
+ "DANGER_BITBUCKETSERVER_CODE_INSIGHTS_REPORT_LOGO_URL",
+ "DANGER_BITBUCKETSERVER_VERIFY_SSL"
  ]
  end
 

diff --git a/lib/danger/request_sources/bitbucket_server_api.rb b/lib/danger/request_sources/bitbucket_server_api.rb
@@ -1,16 +1,18 @@
 # coding: utf-8
 
+require "openssl"
 require "danger/helpers/comments_helper"
 
 module Danger
  module RequestSources
  class BitbucketServerAPI
- attr_accessor :host, :pr_api_endpoint, :key, :project
+ attr_accessor :host, :verify_ssl, :pr_api_endpoint, :key, :project
 
  def initialize(project, slug, pull_request_id, environment)
  @username = environment["DANGER_BITBUCKETSERVER_USERNAME"]
  @password = environment["DANGER_BITBUCKETSERVER_PASSWORD"]
  self.host = environment["DANGER_BITBUCKETSERVER_HOST"]
+ self.verify_ssl = environment["DANGER_BITBUCKETSERVER_VERIFY_SSL"] == "false" ? false : true
  if self.host && !(self.host.include? "http://") && !(self.host.include? "https://")
  self.host = "https://" + self.host
  end
@@ -57,7 +59,7 @@ def post_comment(text)
  body = { text: text }.to_json
  post(uri, body)
  end
- 
+
  def update_pr_build_status(status, changeset, build_job_link, description)
  uri = URI("#{self.host}/rest/build-status/1.0/commits/#{changeset}")
  body = build_status_body(status, build_job_link, description)
@@ -73,7 +75,7 @@ def use_ssl
  def fetch_json(uri)
  req = Net::HTTP::Get.new(uri.request_uri, { "Content-Type" => "application/json" })
  req.basic_auth @username, @password
- res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl) do |http|
+ res = http(uri).start do |http|
  http.request(req)
  end
  JSON.parse(res.body, symbolize_names: true)
@@ -84,7 +86,7 @@ def post(uri, body)
  req.basic_auth @username, @password
  req.body = body
 
- res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl) do |http|
+ res = http(uri).start do |http|
  http.request(req)
  end
 
@@ -99,11 +101,18 @@ def post(uri, body)
  def delete(uri)
  req = Net::HTTP::Delete.new(uri.request_uri, { "Content-Type" => "application/json" })
  req.basic_auth @username, @password
- Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl) do |http|
+ http(uri).start do |http|
  http.request(req)
  end
  end
-
+
+ def http(uri)
+ http = Net::HTTP.new(uri.hostname, uri.port)
+ http.use_ssl = use_ssl
+ http.verify_mode = verify_ssl ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
+ http
+ end
+
  def build_status_body(status, build_job_link, description)
  body = Hash.new
  body["state"] = status

diff --git a/spec/lib/danger/request_sources/bitbucket_server_api_spec.rb b/spec/lib/danger/request_sources/bitbucket_server_api_spec.rb
@@ -31,7 +31,7 @@
  api = described_class.new("danger", "danger", 1, env)
  expect(api.send(:use_ssl)).to eq(true)
  end
- 
+
  it "post build successful" do
  allow(ENV).to receive(:[]).with("ENVDANGER_BITBUCKETSERVER_PASSWORD") { "supertopsecret" }
  stub_request(:post, "https://stash.example.com/rest/build-status/1.0/commits/04dede05fb802bf1e6c69782ae98592d29c03b80").
@@ -42,6 +42,36 @@
  changesetId = '04dede05fb802bf1e6c69782ae98592d29c03b80'
  response = api.update_pr_build_status("SUCCESSFUL",changesetId,"build_job_link", "description")
  expect(response).to eq(nil)
- end 
+ end
+ end
+
+ describe "ssl verification" do
+ it "sets ssl verification environment variable to false" do
+ stub_env = { "DANGER_BITBUCKETSERVER_HOST" => "https://my_url", "DANGER_BITBUCKETSERVER_VERIFY_SSL" => "false" }
+
+ api = described_class.new("danger", "danger", 1, stub_env)
+ expect(api.verify_ssl).to be_falsey
+ end
+
+ it "sets ssl verification environment variable to true" do
+ stub_env = { "DANGER_BITBUCKETSERVER_HOST" => "https://my_url", "DANGER_BITBUCKETSERVERVERIFY_SSL" => "true" }
+
+ api = described_class.new("danger", "danger", 1, stub_env)
+ expect(api.verify_ssl).to be_truthy
+ end
+
+ it "sets ssl verification environment variable to wrong input" do
+ stub_env = { "DANGER_BITBUCKETSERVER_HOST" => "https://my_url", "DANGER_BITBUCKETSERVER_VERIFY_SSL" => "wronginput" }
+
+ api = described_class.new("danger", "danger", 1, stub_env)
+ expect(api.verify_ssl).to be_truthy
+ end
+
+ it "unsets ssl verification environment variable" do
+ stub_env = { "DANGER_BITBUCKETSERVER_HOST" => "https://my_url" }
+
+ api = described_class.new("danger", "danger", 1, stub_env)
+ expect(api.verify_ssl).to be_truthy
+ end
  end
 end