Merge pull request #53 from GitGuardian/salomevoltz/scrt-4987-allow-s…

…elf-signed-certificates

Add optional 'allow self signed' option in settings

package.json

@@ -34,6 +34,11 @@
           "type": "string",
           "default": "",
           "markdownDescription": "Your API Key"
+        },
+        "gitguardian.allowSelfSigned": {
+          "type": "boolean",
+          "default": false,
+          "markdownDescription": "Allow Self Signed Certificates"
         }
       }
     },

src/extension.ts

@@ -10,7 +10,10 @@ import {
   scanFile,
   showAPIQuota,
 } from "./lib/ggshield-api";
-import { getConfiguration, setApiKey } from "./lib/ggshield-configuration";
+import {
+  getConfiguration,
+  setApiKey,
+} from "./lib/ggshield-configuration-utils";
 import {
   ExtensionContext,
   Uri,

src/gitguardian-interface/gitguardian-status-bar.ts

@@ -46,7 +46,11 @@ function getStatusBarConfig(status: StatusBarStatus): StatusBarConfig {
         command: "gitguardian.openSidebar",
       };
     case StatusBarStatus.ready:
-      return { text: "GitGuardian is ready", color: "statusBar.foreground" };
+      return {
+        text: "GitGuardian is ready",
+        color: "statusBar.foreground",
+        command: "gitguardian.openSidebar",
+      };
     case StatusBarStatus.scanning:
       return {
         text: "GitGuardian - Scanning...",

src/lib/ggshield-configuration-utils.ts

@@ -0,0 +1,38 @@
+import { getBinaryAbsolutePath } from "./ggshield-resolver-utils";
+import { ExtensionContext, workspace } from "vscode";
+import * as os from "os";
+import { GGShieldConfiguration } from "./ggshield-configuration";
+
+const apiUrlDefault = "https://dashboard.gitguardian.com/";
+
+/**
+ * Retrieve configuration from settings
+ *
+ * TODO: Check with Mathieu if this behaviour is expected
+ * @returns {GGShieldConfiguration} from the extension settings
+ */
+export function getConfiguration(
+  context: ExtensionContext
+): GGShieldConfiguration {
+  const config = workspace.getConfiguration("gitguardian");
+
+  const ggshieldPath: string | undefined = config.get("GGShieldPath");
+  const apiUrl: string | undefined = config.get("apiUrl");
+  const apiKey: string | undefined = config.get("apiKey");
+  const allowSelfSigned: boolean = config.get("allowSelfSigned", false);
+  return new GGShieldConfiguration(
+    ggshieldPath
+      ? ggshieldPath
+      : getBinaryAbsolutePath(os.platform(), os.arch(), context),
+    apiUrl || apiUrlDefault,
+    apiKey || "",
+    allowSelfSigned || false
+  );
+}
+
+export function setApiKey(
+  configuration: GGShieldConfiguration,
+  apiKey: string | undefined
+): void {
+  configuration.apiKey = apiKey ? apiKey : "";
+}

src/lib/ggshield-configuration.ts

@@ -1,52 +1,18 @@
-import { getBinaryAbsolutePath } from "./ggshield-resolver-utils";
-import { ExtensionContext, workspace } from "vscode";
-import * as os from "os";
-
-const apiUrlDefault = "https://dashboard.gitguardian.com/";
-
 export class GGShieldConfiguration {
   ggshieldPath: string;
   apiUrl: string;
   apiKey: string;
+  allowSelfSigned: boolean;
 
   constructor(
     ggshieldPath: string = "",
     apiUrl: string = "",
-    apiKey: string = ""
+    apiKey: string = "",
+    allowSelfSigned: boolean = false
   ) {
     this.ggshieldPath = ggshieldPath;
     this.apiUrl = apiUrl;
     this.apiKey = apiKey;
+    this.allowSelfSigned = allowSelfSigned;
   }
 }
-
-/**
- * Retrieve configuration from settings
- *
- * TODO: Check with Mathieu if this behaviour is expected
- * @returns {GGShieldConfiguration} from the extension settings
- */
-export function getConfiguration(
-  context: ExtensionContext
-): GGShieldConfiguration {
-  const config = workspace.getConfiguration("gitguardian");
-
-  const ggshieldPath: string | undefined = config.get("GGShieldPath");
-  const apiUrl: string | undefined = config.get("apiUrl");
-  const apiKey: string | undefined = config.get("apiKey");
-
-  return new GGShieldConfiguration(
-    ggshieldPath
-      ? ggshieldPath
-      : getBinaryAbsolutePath(os.platform(), os.arch(), context),
-    apiUrl ? apiUrl : apiUrlDefault,
-    apiKey ? apiKey : ""
-  );
-}
-
-export function setApiKey(
-  configuration: GGShieldConfiguration,
-  apiKey: string | undefined
-): void {
-  configuration.apiKey = apiKey ? apiKey : "";
-}

src/lib/run-ggshield.ts

@@ -41,6 +41,10 @@ export function runGGShieldCommand(
   if (workspace.workspaceFolders?.length || 0 > 0) {
     options["cwd"] = workspace.workspaceFolders![0].uri.fsPath;
   }
+  // if allowSelfSigned is enabled, add the --allow-self-signed flag
+  if (configuration.allowSelfSigned) {
+    args = ["--allow-self-signed"].concat(args);
+  }
   let proc = spawnSync(ggshieldPath, args, options);
 
   return proc;

src/test/suite/lib/ggshield-configuration-utils.test.ts

@@ -0,0 +1,49 @@
+import * as simple from "simple-mock";
+import assert = require("assert");
+import { ExtensionContext, workspace } from "vscode";
+import { getConfiguration } from "../../../lib/ggshield-configuration-utils";
+
+suite("getConfiguration", () => {
+  let getConfigurationMock: simple.Stub<Function>;
+
+  setup(() => {
+    // Mock workspace.getConfiguration
+    getConfigurationMock = simple.mock(workspace, "getConfiguration");
+  });
+
+  teardown(() => {
+    simple.restore();
+  });
+
+  test("Vscode settings are correctly read", async () => {
+    getConfigurationMock.returnWith({
+      get: (key: string) => {
+        if (key === "GGShieldPath") {
+          return "path/to/ggshield";
+        }
+        if (key === "apiUrl") {
+          return "https://custom-url.com";
+        }
+        if (key === "apiKey") {
+          return "test-api-key";
+        }
+        if (key === "allowSelfSigned") {
+          return true;
+        }
+      },
+    });
+    const configuration = getConfiguration({} as ExtensionContext);
+
+    // Assert both workspace.getConfiguration  and GGShieldConfiguration constructor were called
+    assert(
+      getConfigurationMock.called,
+      "getConfiguration should be called once"
+    );
+
+    // Assert that the configuration has the expected values
+    assert.strictEqual(configuration.ggshieldPath, "path/to/ggshield");
+    assert.strictEqual(configuration.apiUrl, "https://custom-url.com");
+    assert.strictEqual(configuration.apiKey, "test-api-key");
+    assert.strictEqual(configuration.allowSelfSigned, true);
+  });
+});

src/test/suite/lib/run-ggshield.test.ts

@@ -17,8 +17,6 @@ suite("runGGShieldCommand", () => {
 
   test("Global env variables are set correctly", async () => {
     process.env.TEST_GLOBAL_VAR = "GlobalValue";
-
-    const spawnSyncSpy = simple.mock(childProcess, "spawnSync");
     runGGShield.runGGShieldCommand(
       {
         ggshieldPath: "path/to/ggshield",
@@ -29,14 +27,49 @@ suite("runGGShieldCommand", () => {
     );
 
     // Assert that spawnSync was called
-    assert(spawnSyncSpy.called, "spawnSync should be called once");
+    assert(spawnSyncMock.called, "spawnSync should be called once");
 
     // Check the arguments passed to spawnSync
-    const spawnSyncArgs = spawnSyncSpy.lastCall.args;
+    const spawnSyncArgs = spawnSyncMock.lastCall.args;
     const options = spawnSyncArgs[2];
     assert.strictEqual(options.env.TEST_GLOBAL_VAR, "GlobalValue");
 
-    simple.restore();
     delete process.env.TEST_GLOBAL_VAR;
   });
+
+  const testCasesAllowSelfSigned = [
+    {
+      allowSelfSigned: true,
+      description:
+        "GGshield is called with flag --allow-self-signed when allowSelfSigned is true",
+    },
+    {
+      allowSelfSigned: false,
+      description:
+        "GGshield is not called with flag --allow-self-signed when allowSelfSigned is false",
+    },
+  ];
+
+  testCasesAllowSelfSigned.forEach(({ allowSelfSigned, description }) => {
+    test(description, async () => {
+      process.env.TEST_GLOBAL_VAR = "GlobalValue";
+
+      runGGShield.runGGShieldCommand(
+        {
+          ggshieldPath: "path/to/ggshield",
+          apiUrl: "",
+          apiKey: "",
+          allowSelfSigned: allowSelfSigned,
+        } as GGShieldConfiguration,
+        ["test"]
+      );
+
+      assert(spawnSyncMock.called, "spawnSync should be called once");
+
+      const spawnSyncArgs = spawnSyncMock.lastCall.args;
+      const args = spawnSyncArgs[1];
+
+      assert.strictEqual(args[0] === "--allow-self-signed", allowSelfSigned);
+    });
+  });
 });