NuGet - add allowInsecureConnections attribute to config (#810)

EyalDelarea · web-flow · commit 02686fc18f23 · 2025-01-01T14:42:56.000+02:00
diff --git a/build-info-extractor-nuget/src/main/java/org/jfrog/build/extractor/nuget/extractor/NugetRun.java b/build-info-extractor-nuget/src/main/java/org/jfrog/build/extractor/nuget/extractor/NugetRun.java
@@ -35,6 +35,7 @@
 import java.util.stream.Stream;
 
 import static org.jfrog.build.api.util.FileChecksumCalculator.*;
+import static org.jfrog.build.extractor.clientConfiguration.ArtifactoryClientConfiguration.DEFAULT_NUGET_ALLOW_INSECURE_CONNECTIONS;
 import static org.jfrog.build.extractor.clientConfiguration.ArtifactoryClientConfiguration.DEFAULT_NUGET_PROTOCOL;
 import static org.jfrog.build.extractor.packageManager.PackageManagerUtils.createArtifactoryClientConfiguration;
 
@@ -47,7 +48,7 @@ public class NugetRun extends PackageManagerExtractor {
     private static final String CONFIG_FILE_FORMAT = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
             "<configuration>\n" +
             "\t<packageSources>\n" +
-            "\t\t<add key=\"JFrogJenkins\" value=\"%s\" protocolVersion=\"%s\" />\n" +
+            "\t\t<add key=\"JFrogJenkins\" value=\"%s\" protocolVersion=\"%s\" allowInsecureConnections=\"%s\"/>\n" +
             "\t</packageSources>\n" +
             "\t<packageSourceCredentials>\n" +
             "\t\t<JFrogJenkins>\n" +
@@ -75,6 +76,7 @@ public class NugetRun extends PackageManagerExtractor {
     private String apiProtocol;
     private String module;
     private String nugetCmdArgs;
+    private boolean allowInsecureConnections;
     private List<String> dependenciesSources;
     private List<Module> modulesList = new ArrayList<>();
 
@@ -91,10 +93,11 @@ public class NugetRun extends PackageManagerExtractor {
      * @param module                    - NuGet module
      * @param username                  - JFrog platform username.
      * @param password                  - JFrog platform password.
+     * @param allowInsecureConnections  - Allow insecure package sources connection, should be used only for developing.
      * @param apiProtocol               - A string indicates which NuGet protocol should be used (V2/V3).
      */
 
-    public NugetRun(ArtifactoryManagerBuilder artifactoryManagerBuilder, String resolutionRepo, boolean useDotnetCli, String nugetCmdArgs, Log logger, Path path, Map<String, String> env, String module, String username, String password, String apiProtocol) {
+    public NugetRun(ArtifactoryManagerBuilder artifactoryManagerBuilder, String resolutionRepo, boolean useDotnetCli, String nugetCmdArgs, Log logger, Path path, Map<String, String> env, String module, String username, String password, String apiProtocol, Boolean allowInsecureConnections) {
         this.artifactoryManagerBuilder = artifactoryManagerBuilder;
         this.toolchainDriver = useDotnetCli ? new DotnetDriver(env, path, logger) : new NugetDriver(env, path, logger);
         this.workingDir = Files.isDirectory(path) ? path : path.toAbsolutePath().getParent();
@@ -106,6 +109,7 @@ public NugetRun(ArtifactoryManagerBuilder artifactoryManagerBuilder, String reso
         this.password = password;
         this.apiProtocol = StringUtils.isBlank(apiProtocol) ? DEFAULT_NUGET_PROTOCOL : apiProtocol;
         this.module = module;
+        this.allowInsecureConnections = allowInsecureConnections == null ? DEFAULT_NUGET_ALLOW_INSECURE_CONNECTIONS : allowInsecureConnections;
     }
 
     private static String removeQuotes(String str) {
@@ -160,7 +164,8 @@ public static void main(String[] ignored) {
                     handler.getModule(),
                     clientConfiguration.resolver.getUsername(),
                     clientConfiguration.resolver.getPassword(),
-                    clientConfiguration.dotnetHandler.apiProtocol());
+                    clientConfiguration.dotnetHandler.apiProtocol(),
+                    clientConfiguration.getNuGetAllowInsecureConnections());
             nugetRun.executeAndSaveBuildInfo(clientConfiguration);
         } catch (RuntimeException e) {
             ExceptionUtils.printRootCauseStackTrace(e, System.out);
@@ -208,7 +213,7 @@ private File prepareConfig(ArtifactoryManager artifactoryManager) throws Excepti
         if (!nugetCmdArgs.contains(toolchainDriver.getFlagSyntax(ToolchainDriverBase.CONFIG_FILE_FLAG)) && !nugetCmdArgs.contains(toolchainDriver.getFlagSyntax(ToolchainDriverBase.SOURCE_FLAG))) {
             configFile = File.createTempFile(NUGET_CONFIG_FILE_PREFIX, null);
             configFile.deleteOnExit();
-            addSourceToConfigFile(configFile.getAbsolutePath(), artifactoryManager, resolutionRepo, username, password, apiProtocol);
+            addSourceToConfigFile(configFile.getAbsolutePath(), artifactoryManager, resolutionRepo, username, password, apiProtocol, allowInsecureConnections);
         }
         return configFile;
     }
@@ -217,10 +222,10 @@ private File prepareConfig(ArtifactoryManager artifactoryManager) throws Excepti
      * We will write a temporary NuGet configuration using a string formater in order to support NuGet v3 protocol.
      * Currently the NuGet configuration utility doesn't allow setting protocolVersion.
      */
-    private void addSourceToConfigFile(String configPath, ArtifactoryManager client, String repo, String username, String password, String apiProtocol) throws Exception {
+    private void addSourceToConfigFile(String configPath, ArtifactoryManager client, String repo, String username, String password, String apiProtocol, boolean allowInsecureConnections) throws Exception {
         String sourceUrl = toolchainDriver.buildNugetSourceUrl(client, repo, apiProtocol);
         String protocolVersion = apiProtocol.substring(apiProtocol.length() - 1);
-        String configFileText = String.format(CONFIG_FILE_FORMAT, sourceUrl, protocolVersion, username, password);
+        String configFileText = String.format(CONFIG_FILE_FORMAT, sourceUrl, protocolVersion, Boolean.toString(allowInsecureConnections), username, password);
         try (PrintWriter out = new PrintWriter(configPath)) {
             out.println(configFileText);
         }
diff --git a/build-info-extractor-nuget/src/test/java/org/jfrog/build/extractor/nuget/extractor/NugetExtractorTest.java b/build-info-extractor-nuget/src/test/java/org/jfrog/build/extractor/nuget/extractor/NugetExtractorTest.java
@@ -31,6 +31,7 @@ public class NugetExtractorTest extends IntegrationTestsBase {
 
     private static final String NUGET_REMOTE_REPO = "build-info-tests-nuget-remote";
     private static final String CUSTOM_MODULE = "custom-module-name";
+    private static final boolean ALLOW_INSECURE_CONNECTIONS_TEST = true;
 
     private static final Path PROJECTS_ROOT = Paths.get(".").toAbsolutePath().normalize().resolve(Paths.get("src", "test", "resources", "org", "jfrog", "build", "extractor"));
 
@@ -95,7 +96,7 @@ public void nugetRunTest(Project project, String args, String moduleName, String
         try {
             // Run nuget restore install
             projectDir = createProjectDir(project);
-            NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2");
+            NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2",ALLOW_INSECURE_CONNECTIONS_TEST);
             executeAndAssertBuildInfo(nugetRun, expectedModules, expectedDependencies);
         } catch (Exception e) {
             fail(ExceptionUtils.getStackTrace(e));
@@ -117,7 +118,7 @@ public void dotnetCliRunTest(Project project, String args, String moduleName, St
         try {
             // Run nuget restore install
             projectDir = createProjectDir(project);
-            NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, true, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2");
+            NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, true, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2",ALLOW_INSECURE_CONNECTIONS_TEST);
             executeAndAssertBuildInfo(nugetRun, expectedModules, expectedDependencies);
         } catch (Exception e) {
             fail(ExceptionUtils.getStackTrace(e));
@@ -167,7 +168,7 @@ private Object[][] projectRootProvider() {
     private void getProjectRootTest(String args, String expectedProjectRootFileName) {
         try {
             File rootDir = PROJECTS_ROOT.resolve("projectRootTestDir").toFile();
-            NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, rootDir.toPath(), env, null, getUsername(), getAdminToken(), "v2");
+            NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, rootDir.toPath(), env, null, getUsername(), getAdminToken(), "v2",ALLOW_INSECURE_CONNECTIONS_TEST);
             File projectRoot = nugetRun.getProjectRootPath();
             assertTrue(projectRoot.getPath().endsWith(expectedProjectRootFileName));
         } catch (Exception e) {
diff --git a/build-info-extractor/src/main/java/org/jfrog/build/extractor/clientConfiguration/ArtifactoryClientConfiguration.java b/build-info-extractor/src/main/java/org/jfrog/build/extractor/clientConfiguration/ArtifactoryClientConfiguration.java
@@ -41,6 +41,7 @@ public class ArtifactoryClientConfiguration {
     // Try checksum deploy of files greater than 10KB
     public static final transient int DEFAULT_MIN_CHECKSUM_DEPLOY_SIZE_KB = 10;
     public static final String DEFAULT_NUGET_PROTOCOL = "v2";
+    public static final boolean DEFAULT_NUGET_ALLOW_INSECURE_CONNECTIONS = false;
 
     public final ResolverHandler resolver;
     public final PublisherHandler publisher;
@@ -54,6 +55,8 @@ public class ArtifactoryClientConfiguration {
     public final DockerHandler dockerHandler;
     public final GoHandler goHandler;
     public final PrefixPropertyHandler root;
+
+
     /**
      * To configure the props builder itself, so all method of this classes delegated from here
      */
@@ -208,6 +211,10 @@ public boolean getInsecureTls() {
         return root.getBooleanValue(PROP_INSECURE_TLS, false);
     }
 
+    public boolean getNuGetAllowInsecureConnections() {
+        return root.getBooleanValue(PROP_NUGET_ALLOW_INSECURE_CONNECTIONS, false);
+    }
+
     public void setInsecureTls(boolean enabled) {
         root.setBooleanValue(PROP_INSECURE_TLS, enabled);
     }
diff --git a/build-info-extractor/src/main/java/org/jfrog/build/extractor/clientConfiguration/ClientProperties.java b/build-info-extractor/src/main/java/org/jfrog/build/extractor/clientConfiguration/ClientProperties.java
@@ -70,4 +70,10 @@ public interface ClientProperties {
      * Property for whether to use relaxed ssl check and ignore issues with server certificate
      */
     String PROP_INSECURE_TLS = "insecureTls";
+
+    /**
+     * Property to allow NuGet package sources to use insecure connections (HTTP).
+     * This setting is enforced by the NuGet client and is not recommended for production use.
+     */
+    String PROP_NUGET_ALLOW_INSECURE_CONNECTIONS = "nuget.AllowInsecureConnections";
 }
