proxy certificate handling added #3365

mercedes-benz · Aug 20, 2024 · 95056b6 · 95056b6
1 parent d819107
commit 95056b6
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 3 deletions.
diff --git a/sechub-pds-solutions/gitleaks/docker/scripts/gitleaks.sh b/sechub-pds-solutions/gitleaks/docker/scripts/gitleaks.sh
@@ -55,5 +55,6 @@ gitleaks detect $gitleaks_options
 ## Define config file
 export SECRET_VALIDATOR_CONFIGFILE="$TOOL_FOLDER"/sechub-wrapper-secretvalidation-config.json
 echo "### Calling Secret-Validation Wrapper"
-java -jar "$TOOL_FOLDER"/secret-validation-wrapper.jar
-# java -Dhttp.proxyHost=localhost -Dhttp.proxyPort=1234 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=1234 -jar "$TOOL_FOLDER"/secret-validation-wrapper.jar
+java -Dhttp.proxyHost="$SECRET_VALIDATOR_PROXY_HOST" -Dhttp.proxyPort="$SECRET_VALIDATOR_PROXY_PORT" \
+     -Dhttps.proxyHost="$SECRET_VALIDATOR_PROXY_HOST" -Dhttps.proxyPort="$SECRET_VALIDATOR_PROXY_PORT" \
+     -jar "$TOOL_FOLDER"/sechub-wrapper-secretvalidation.jar
diff --git a/sechub-pds-solutions/gitleaks/helm/pds-gitleaks/templates/deployment.yaml b/sechub-pds-solutions/gitleaks/helm/pds-gitleaks/templates/deployment.yaml
@@ -63,6 +63,12 @@ spec:
               value: "{{ .Values.pds.encryption.secretKey }}"
             - name: PDS_HEARTBEAT_LOGGING
               value: "{{ .Values.pds.heartbeatLogging }}"
+            - name: SECRET_VALIDATOR_TRUSTALLCERTIFICATES
+              value: "{{ .Values.secretvalidation.ssl.trustallcertificates }}"
+            - name: SECRET_VALIDATOR_PROXY_HOST
+              value: "{{ .Values.secretvalidation.proxy.host }}"
+            - name: SECRET_VALIDATOR_PROXY_PORT
+              value: "{{ .Values.secretvalidation.proxy.port }}"
 {{- if .Values.deploymentComment }}
             # Setting DEPLOYMENT_COMMENT to a different value every time forces k8s to spin up a new container.
             # This way, you can force deployments e.g. when secrets have changed.

diff --git a/sechub-pds-solutions/gitleaks/helm/pds-gitleaks/values.yaml b/sechub-pds-solutions/gitleaks/helm/pds-gitleaks/values.yaml
@@ -22,6 +22,16 @@ resources:
     # Maximum container memory size
     memory: 1Gi
 
+# Settings for the secret-validation wrapper:
+secretvalidation:
+  ssl:
+    # Whether to trust all certificates
+    trustallcertificates: false
+  proxy:
+    # Optional: Here you can define your http proxy
+    host: none
+    port: 3128
+
 pds:
   startMode: localserver
   # Maximum upload size for source code: 50 MiB by default (50 * 1024 * 1024 = 52428800)

diff --git a/sechub-pds-solutions/pds-base/docker/PDS-Debian.dockerfile b/sechub-pds-solutions/pds-base/docker/PDS-Debian.dockerfile
@@ -178,7 +178,7 @@ COPY --from=builder "$PDS_ARTIFACT_FOLDER" "$PDS_FOLDER"
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get upgrade --assume-yes --quiet && \
-    apt-get install --assume-yes --quiet tree && \
+    apt-get install --assume-yes --quiet bind9-host curl netcat-openbsd tree && \
     apt-get clean
 
 COPY --chmod=755 install-java/debian "$DOWNLOAD_FOLDER/install-java/"