Skip to content
This repository has been archived by the owner on Oct 11, 2021. It is now read-only.

(GH-200) Make SecurityProtocol changes immediately #201

Merged
merged 4 commits into from
Jan 3, 2020
Merged

(GH-200) Make SecurityProtocol changes immediately #201

merged 4 commits into from
Jan 3, 2020

Conversation

gep13
Copy link
Member

@gep13 gep13 commented Jan 2, 2020
edited
Loading

Changes to the SecurityProtocolType should be made before creating any
request objects, otherwise those settings aren't applied to the request
object that already exists.

Relates to #200

@gep13 gep13 mentioned this pull request Jan 2, 2020
Closed
mkevenaar
mkevenaar approved these changes Jan 2, 2020
View reviewed changes
Copy link
Contributor

@mkevenaar mkevenaar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

mkevenaar
mkevenaar reviewed Jan 2, 2020
View reviewed changes
src/chocolatey.package.validator/infrastructure.app/utility/Utility.cs Outdated
@@ -119,6 +119,7 @@ public static bool url_is_valid(Uri url)
request.Timeout = 15000;
//This would allow 301 and 302 to be valid as well
request.AllowAutoRedirect = true;
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we want to change this into something like "Chocolatey Package Validator v0.4.2"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mkevenaar I actually had the same thought, but I wasn't sure on what the "normal" thing to do here is. The Unit Tests pass when using this as a UserAgent string, so there is no immediate reason to "not" do this. Will wait for other opinions here before making this change.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gep13 choco.exe uses "Chocolatey Command Line"
https://github.com/chocolatey/choco/blob/564a65235ea9b019fe0abbf3f9929b98da49ce5c/src/chocolatey/infrastructure.app/ApplicationParameters.cs#L95

@mkevenaar
Copy link
Contributor

@gep13 To make things easier to validate in the future, extra tests containing the URLs from #200 might be a good idea. But they would be harder to maintain as URLs could change and therefore the tests could fail.

@ferventcoder your thoughts?

@gep13
(maint) Remove whitespace
19e5f69
@gep13
(chocolateyGH-200) Make SecurityProtocol changes immediately
2d1f111 
Changes to the SecurityProtocolType should be made before creating any
request objects, otherwise those settings aren't applied to the request
object that already exists.
@gep13
Copy link
Member Author

gep13 commented Jan 2, 2020

@mkevenaar said...
extra tests containing the URLs from #200 might be a good idea

I had the same thought. I have added some tests to include the URL's that came up in issue #200

@gep13
(chocolateyGH-200) Add UserAgent to request
3eda55d 
Some websites don't respond unless a valid UserAgent header is send in
the request.
@gep13
(chocolateyGH-200) Add unit tests for edge case URL's
41abd4d 
It has been found that there are some URL's that are valid but that fail
validation.  These came up as part of this issue, so they have been
added as specific test cases to prevent regressions.  It could be that
over time these URL's change to no longer test what they are meant for,
but for now, they are a good indicator of the problems.
@gep13 gep13 merged commit ce83af0 into chocolatey:master Jan 3, 2020
@gep13 gep13 deleted the issue-200 branch January 3, 2020 14:25
AdmiringWorm
AdmiringWorm reviewed Jan 6, 2020
View reviewed changes
...hocolatey.package.validator.tests/infrastructure.app/DocsUrlShouldBeValidRequirementSpecs.cs
{
base.Context();

// This URL should require TLS 1.3 on the client, otherwise it won't be able to establish a connection
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noticed this now. The url isn't just TLS 1.3, but also uses TLS 1.2: https://gf.dev/tests/2s0nf10qgbt

Minor thing, but just wanted to mention it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AdmiringWorm AdmiringWorm AdmiringWorm left review comments

@mkevenaar mkevenaar mkevenaar approved these changes

@ferventcoder ferventcoder Awaiting requested review from ferventcoder

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gep13 @mkevenaar @AdmiringWorm