From 537601290b235c80021d986e4245cbb18fbebc3a Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 11 Nov 2024 10:44:23 +0000 Subject: [PATCH 01/15] C#: Add `CODEQL_PROXY_*` environment variable names --- .../EnvironmentVariableNames.cs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs index 345cb43453fc..d825e5daeb03 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs @@ -74,5 +74,20 @@ internal static class EnvironmentVariableNames /// Specifies the location of the diagnostic directory. /// public const string DiagnosticDir = "CODEQL_EXTRACTOR_CSHARP_DIAGNOSTIC_DIR"; + + /// + /// Specifies the hostname of the Dependabot proxy. + /// + public const string ProxyHost = "CODEQL_PROXY_HOST"; + + /// + /// Specifies the hostname of the Dependabot proxy. + /// + public const string ProxyPort = "CODEQL_PROXY_PORT"; + + /// + /// Contains the certificate used by the Dependabot proxy. + /// + public const string ProxyCertificate = "CODEQL_PROXY_CA_CERTIFICATE"; } } From 232caa7185880c150566dd42224162be58feef33 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 11 Nov 2024 11:25:13 +0000 Subject: [PATCH 02/15] C#: Add `DependabotProxy` class --- .../DependabotProxy.cs | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs new file mode 100644 index 000000000000..5b47189c7454 --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -0,0 +1,53 @@ +using System; +using System.IO; +using Semmle.Util; + +namespace Semmle.Extraction.CSharp.DependencyFetching +{ + internal class DependabotProxy + { + private readonly string? host; + private readonly string? port; + private readonly FileInfo? certFile; + + /// + /// The full address of the Dependabot proxy, if available. + /// + internal readonly string? Address; + + /// + /// Gets a value indicating whether a Dependabot proxy is configured. + /// + internal bool IsConfigured => !string.IsNullOrEmpty(this.Address); + + internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) + { + // Obtain and store the address of the Dependabot proxy, if available. + this.host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); + this.port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); + + if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port)) + { + return; + } + + this.Address = $"http://{this.host}:{this.port}"; + + // Obtain and store the proxy's certificate, if available. + var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate); + + if (string.IsNullOrWhiteSpace(cert)) + { + return; + } + + var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); + Directory.CreateDirectory(certDirPath.FullName); + + this.certFile = new FileInfo(Path.Join(certDirPath.FullName, "proxy.crt")); + + using var writer = this.certFile.CreateText(); + writer.Write(cert); + } + } +} From 8ca75602d8a5c25abdd770e0958981cfcb6ed218 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 19 Nov 2024 12:26:54 +0000 Subject: [PATCH 03/15] C#: Initialise `DependabotProxy` in `DotNetCliInvoker` --- .../DotNet.cs | 2 +- .../DotNetCliInvoker.cs | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index edfea049a81b..439f00754dda 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -27,7 +27,7 @@ private DotNet(IDotNetCliInvoker dotnetCliInvoker, ILogger logger, TemporaryDire Info(); } - private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet")), logger, tempWorkingDirectory) { } + private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), tempWorkingDirectory), logger, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index 4295cce67167..b81b393e42a0 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -12,12 +12,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching internal sealed class DotNetCliInvoker : IDotNetCliInvoker { private readonly ILogger logger; + private readonly DependabotProxy proxy; public string Exec { get; } - public DotNetCliInvoker(ILogger logger, string exec) + public DotNetCliInvoker(ILogger logger, string exec, TemporaryDirectory tempWorkingDirectory) { this.logger = logger; + this.proxy = new DependabotProxy(tempWorkingDirectory); this.Exec = exec; logger.LogInfo($"Using .NET CLI executable: '{Exec}'"); } @@ -38,6 +40,14 @@ private ProcessStartInfo MakeDotnetStartInfo(string args, string? workingDirecto startInfo.EnvironmentVariables["DOTNET_CLI_UI_LANGUAGE"] = "en"; startInfo.EnvironmentVariables["MSBUILDDISABLENODEREUSE"] = "1"; startInfo.EnvironmentVariables["DOTNET_SKIP_FIRST_TIME_EXPERIENCE"] = "true"; + + // Configure the proxy settings, if applicable. + this.proxy.ApplyProxy(this.logger, startInfo); + + this.logger.LogInfo(startInfo.EnvironmentVariables["HTTP_PROXY"] ?? ""); + this.logger.LogInfo(startInfo.EnvironmentVariables["HTTPS_PROXY"] ?? ""); + this.logger.LogInfo(startInfo.EnvironmentVariables["SSL_CERT_FILE"] ?? ""); + return startInfo; } From 6cd5711313c9e47f39845b24051e6ecaee5df519 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 19 Nov 2024 13:23:05 +0000 Subject: [PATCH 04/15] C#: Set environment variables for proxy for calls to `dotnet` --- .../DependabotProxy.cs | 14 ++++++++++++++ .../DotNetCliInvoker.cs | 4 ---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 5b47189c7454..96ba3452cefe 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -1,6 +1,8 @@ using System; +using System.Diagnostics; using System.IO; using Semmle.Util; +using Semmle.Util.Logging; namespace Semmle.Extraction.CSharp.DependencyFetching { @@ -49,5 +51,17 @@ internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) using var writer = this.certFile.CreateText(); writer.Write(cert); } + + internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) + { + // If the proxy isn't configured, we have nothing to do. + if (!this.IsConfigured) return; + + logger.LogInfo($"Setting up Dependabot proxy at {this.Address}"); + + startInfo.EnvironmentVariables["HTTP_PROXY"] = this.Address; + startInfo.EnvironmentVariables["HTTPS_PROXY"] = this.Address; + startInfo.EnvironmentVariables["SSL_CERT_FILE"] = this.certFile?.FullName; + } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index b81b393e42a0..522d3e9ffd45 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -44,10 +44,6 @@ private ProcessStartInfo MakeDotnetStartInfo(string args, string? workingDirecto // Configure the proxy settings, if applicable. this.proxy.ApplyProxy(this.logger, startInfo); - this.logger.LogInfo(startInfo.EnvironmentVariables["HTTP_PROXY"] ?? ""); - this.logger.LogInfo(startInfo.EnvironmentVariables["HTTPS_PROXY"] ?? ""); - this.logger.LogInfo(startInfo.EnvironmentVariables["SSL_CERT_FILE"] ?? ""); - return startInfo; } From de415d68cfa0428c2b133c5311014aced6a8807a Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 29 Nov 2024 13:18:58 +0000 Subject: [PATCH 05/15] C#: Add more logging to `DependabotProxy` --- .../DependabotProxy.cs | 10 ++++++++-- .../DotNetCliInvoker.cs | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 96ba3452cefe..c1db0b99017a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -22,7 +22,7 @@ internal class DependabotProxy /// internal bool IsConfigured => !string.IsNullOrEmpty(this.Address); - internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) + internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) { // Obtain and store the address of the Dependabot proxy, if available. this.host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); @@ -30,26 +30,32 @@ internal DependabotProxy(TemporaryDirectory tempWorkingDirectory) if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port)) { + logger.LogInfo("No Dependabot proxy credentials are configured."); return; } this.Address = $"http://{this.host}:{this.port}"; + logger.LogInfo($"Dependabot proxy configured at {this.Address}"); // Obtain and store the proxy's certificate, if available. var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate); if (string.IsNullOrWhiteSpace(cert)) { + logger.LogInfo("No certificate configured for Dependabot proxy."); return; } var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); Directory.CreateDirectory(certDirPath.FullName); - this.certFile = new FileInfo(Path.Join(certDirPath.FullName, "proxy.crt")); + var certFilePath = Path.Join(certDirPath.FullName, "proxy.crt"); + this.certFile = new FileInfo(certFilePath); using var writer = this.certFile.CreateText(); writer.Write(cert); + + logger.LogInfo($"Stored Dependabot proxy certificate at {certFilePath}"); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index 522d3e9ffd45..597acc58259a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -19,7 +19,7 @@ internal sealed class DotNetCliInvoker : IDotNetCliInvoker public DotNetCliInvoker(ILogger logger, string exec, TemporaryDirectory tempWorkingDirectory) { this.logger = logger; - this.proxy = new DependabotProxy(tempWorkingDirectory); + this.proxy = new DependabotProxy(logger, tempWorkingDirectory); this.Exec = exec; logger.LogInfo($"Using .NET CLI executable: '{Exec}'"); } From 87bd21e12c311cf57965c33eb058add1aebf16ec Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 13:40:37 +0000 Subject: [PATCH 06/15] C#: Use `Add` for environment variables --- .../DependabotProxy.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index c1db0b99017a..462cde58c87b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -65,9 +65,9 @@ internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) logger.LogInfo($"Setting up Dependabot proxy at {this.Address}"); - startInfo.EnvironmentVariables["HTTP_PROXY"] = this.Address; - startInfo.EnvironmentVariables["HTTPS_PROXY"] = this.Address; - startInfo.EnvironmentVariables["SSL_CERT_FILE"] = this.certFile?.FullName; + startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.Address); + startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); + startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); } } } From e999ec1ecf8736a5815522df5ffd97f8c6a1061b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 14:17:06 +0000 Subject: [PATCH 07/15] C# Expose `CertificatePath` from `DependabotProxy` --- .../DependabotProxy.cs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 462cde58c87b..56bf08de9cc8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -16,6 +16,10 @@ internal class DependabotProxy /// The full address of the Dependabot proxy, if available. /// internal readonly string? Address; + /// + /// The path to the temporary file where the certificate is stored. + /// + internal readonly string? CertificatePath; /// /// Gets a value indicating whether a Dependabot proxy is configured. @@ -49,13 +53,13 @@ internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); Directory.CreateDirectory(certDirPath.FullName); - var certFilePath = Path.Join(certDirPath.FullName, "proxy.crt"); - this.certFile = new FileInfo(certFilePath); + this.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt"); + this.certFile = new FileInfo(this.CertificatePath); using var writer = this.certFile.CreateText(); writer.Write(cert); - logger.LogInfo($"Stored Dependabot proxy certificate at {certFilePath}"); + logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) From 984091d4a4cf8fa4e44fed4f22a9cc9f1fa1191d Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 14:18:24 +0000 Subject: [PATCH 08/15] C#: Propagate `DependabotProxy` instance down from `DependencyManager` --- .../DependabotProxy.cs | 2 +- .../DependencyManager.cs | 7 +++++-- .../Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs | 4 ++-- .../DotNetCliInvoker.cs | 4 ++-- .../NugetPackageRestorer.cs | 3 +++ 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 56bf08de9cc8..207d19777cc8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -6,7 +6,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { - internal class DependabotProxy + public class DependabotProxy { private readonly string? host; private readonly string? port; diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 4866df1260e2..de9308675982 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -27,6 +27,7 @@ public sealed partial class DependencyManager : IDisposable, ICompilationInfoCon private readonly ILogger logger; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly NugetPackageRestorer nugetPackageRestorer; + private readonly DependabotProxy dependabotProxy; private readonly IDotNet dotnet; private readonly FileContent fileContent; private readonly FileProvider fileProvider; @@ -106,9 +107,11 @@ void exitCallback(int ret, string msg, bool silent) return BuildScript.Success; }).Run(SystemBuildActions.Instance, startCallback, exitCallback); + dependabotProxy = new DependabotProxy(logger, tempWorkingDirectory); + try { - this.dotnet = DotNet.Make(logger, dotnetPath, tempWorkingDirectory); + this.dotnet = DotNet.Make(logger, dotnetPath, tempWorkingDirectory, dependabotProxy); runtimeLazy = new Lazy(() => new Runtime(dotnet)); } catch @@ -117,7 +120,7 @@ void exitCallback(int ret, string msg, bool silent) throw; } - nugetPackageRestorer = new NugetPackageRestorer(fileProvider, fileContent, dotnet, diagnosticsWriter, logger, this); + nugetPackageRestorer = new NugetPackageRestorer(fileProvider, fileContent, dotnet, dependabotProxy, diagnosticsWriter, logger, this); var dllLocations = fileProvider.Dlls.Select(x => new AssemblyLookupLocation(x)).ToHashSet(); dllLocations.UnionWith(nugetPackageRestorer.Restore()); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index 439f00754dda..a82a0a47f415 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -27,11 +27,11 @@ private DotNet(IDotNetCliInvoker dotnetCliInvoker, ILogger logger, TemporaryDire Info(); } - private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), tempWorkingDirectory), logger, tempWorkingDirectory) { } + private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger); - public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) => new DotNet(logger, dotNetPath, tempWorkingDirectory); + public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy); private void Info() { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index 597acc58259a..cdadfe1f5b8e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -16,10 +16,10 @@ internal sealed class DotNetCliInvoker : IDotNetCliInvoker public string Exec { get; } - public DotNetCliInvoker(ILogger logger, string exec, TemporaryDirectory tempWorkingDirectory) + public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy dependabotProxy) { this.logger = logger; - this.proxy = new DependabotProxy(logger, tempWorkingDirectory); + this.proxy = dependabotProxy; this.Exec = exec; logger.LogInfo($"Using .NET CLI executable: '{Exec}'"); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index f30760981f3a..96ab9300bdf6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -20,6 +20,7 @@ internal sealed partial class NugetPackageRestorer : IDisposable private readonly FileProvider fileProvider; private readonly FileContent fileContent; private readonly IDotNet dotnet; + private readonly DependabotProxy dependabotProxy; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly TemporaryDirectory legacyPackageDirectory; private readonly TemporaryDirectory missingPackageDirectory; @@ -32,6 +33,7 @@ public NugetPackageRestorer( FileProvider fileProvider, FileContent fileContent, IDotNet dotnet, + DependabotProxy dependabotProxy, IDiagnosticsWriter diagnosticsWriter, ILogger logger, ICompilationInfoContainer compilationInfoContainer) @@ -39,6 +41,7 @@ public NugetPackageRestorer( this.fileProvider = fileProvider; this.fileContent = fileContent; this.dotnet = dotnet; + this.dependabotProxy = dependabotProxy; this.diagnosticsWriter = diagnosticsWriter; this.logger = logger; this.compilationInfoContainer = compilationInfoContainer; From ca251fb840ffdfcda228baa1dd90b7e678c02ee0 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Dec 2024 14:20:11 +0000 Subject: [PATCH 09/15] C#: Set up proxy for `IsFeedReachable`, if configured --- .../NugetPackageRestorer.cs | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 96ab9300bdf6..dfa9349d4265 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -3,7 +3,9 @@ using System.Collections.Generic; using System.IO; using System.Linq; +using System.Net; using System.Net.Http; +using System.Security.Cryptography.X509Certificates; using System.Text; using System.Text.RegularExpressions; using System.Threading; @@ -591,7 +593,26 @@ private static async Task ExecuteGetRequest(string address, HttpClient httpClien private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, bool allowExceptions = true) { logger.LogInfo($"Checking if Nuget feed '{feed}' is reachable..."); - using HttpClient client = new(); + + // Configure the HttpClient to be aware of the Dependabot Proxy, if used. + HttpClientHandler httpClientHandler = new(); + if (this.dependabotProxy.IsConfigured) + { + httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); + + if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath)) + { + X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath); + httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => + { + chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust; + chain.ChainPolicy.CustomTrustStore.Add(proxyCert); + return chain.Build(cert); + }; + } + } + + using HttpClient client = new(httpClientHandler); for (var i = 0; i < tryCount; i++) { From ee7f0b0f2afb157a3ae2f52410ecd66e19cd414f Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Dec 2024 18:47:47 +0000 Subject: [PATCH 10/15] C#: Load Dependabot Proxy certificate in `DependabotProxy`, and implement `IDisposable` --- .../DependabotProxy.cs | 17 ++++++++++++++++- .../DependencyManager.cs | 1 + .../NugetPackageRestorer.cs | 5 ++--- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 207d19777cc8..7d0f21d65b1a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -1,12 +1,13 @@ using System; using System.Diagnostics; using System.IO; +using System.Security.Cryptography.X509Certificates; using Semmle.Util; using Semmle.Util.Logging; namespace Semmle.Extraction.CSharp.DependencyFetching { - public class DependabotProxy + public class DependabotProxy : IDisposable { private readonly string? host; private readonly string? port; @@ -20,6 +21,10 @@ public class DependabotProxy /// The path to the temporary file where the certificate is stored. /// internal readonly string? CertificatePath; + /// + /// The certificate used for the Dependabot proxy. + /// + internal readonly X509Certificate2? Certificate; /// /// Gets a value indicating whether a Dependabot proxy is configured. @@ -60,6 +65,8 @@ internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory writer.Write(cert); logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); + + this.Certificate = new X509Certificate2(this.CertificatePath); } internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) @@ -73,5 +80,13 @@ internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); } + + public void Dispose() + { + if (this.Certificate != null) + { + this.Certificate.Dispose(); + } + } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index de9308675982..bbd5ecbd127a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -545,6 +545,7 @@ private void AnalyseProject(FileInfo project) public void Dispose() { nugetPackageRestorer?.Dispose(); + dependabotProxy.Dispose(); if (cleanupTempWorkingDirectory) { tempWorkingDirectory?.Dispose(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index dfa9349d4265..a01b3ae96493 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -600,13 +600,12 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, { httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); - if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath)) + if (this.dependabotProxy.Certificate != null) { - X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath); httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => { chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust; - chain.ChainPolicy.CustomTrustStore.Add(proxyCert); + chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate); return chain.Build(cert); }; } From 2e80e09f52e2e8c1d4b54507dfca05e4bfd9d94e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Dec 2024 12:13:29 +0000 Subject: [PATCH 11/15] C#: Apply suggestions from code review for `DependabotProxy` --- .../DependabotProxy.cs | 69 ++++++++----------- .../DependencyManager.cs | 4 +- .../DotNet.cs | 4 +- .../DotNetCliInvoker.cs | 13 +++- .../NugetPackageRestorer.cs | 6 +- 5 files changed, 45 insertions(+), 51 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 7d0f21d65b1a..d1a5df4dbc5e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -9,84 +9,71 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { public class DependabotProxy : IDisposable { - private readonly string? host; - private readonly string? port; - private readonly FileInfo? certFile; + private readonly string host; + private readonly string port; /// /// The full address of the Dependabot proxy, if available. /// - internal readonly string? Address; + internal string Address { get; } /// /// The path to the temporary file where the certificate is stored. /// - internal readonly string? CertificatePath; + internal string? CertificatePath { get; private set; } /// /// The certificate used for the Dependabot proxy. /// - internal readonly X509Certificate2? Certificate; + internal X509Certificate2? Certificate { get; private set; } - /// - /// Gets a value indicating whether a Dependabot proxy is configured. - /// - internal bool IsConfigured => !string.IsNullOrEmpty(this.Address); - - internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) + internal static DependabotProxy? GetDependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) { // Obtain and store the address of the Dependabot proxy, if available. - this.host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); - this.port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); + var host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); + var port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port)) { logger.LogInfo("No Dependabot proxy credentials are configured."); - return; + return null; } - this.Address = $"http://{this.host}:{this.port}"; - logger.LogInfo($"Dependabot proxy configured at {this.Address}"); + var result = new DependabotProxy(host, port); + logger.LogInfo($"Dependabot proxy configured at {result.Address}"); // Obtain and store the proxy's certificate, if available. var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate); - if (string.IsNullOrWhiteSpace(cert)) + if (!string.IsNullOrWhiteSpace(cert)) { logger.LogInfo("No certificate configured for Dependabot proxy."); - return; - } - var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); - Directory.CreateDirectory(certDirPath.FullName); + var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy")); + Directory.CreateDirectory(certDirPath.FullName); + + result.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt"); + var certFile = new FileInfo(result.CertificatePath); - this.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt"); - this.certFile = new FileInfo(this.CertificatePath); + using var writer = certFile.CreateText(); + writer.Write(cert); - using var writer = this.certFile.CreateText(); - writer.Write(cert); + logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}"); - logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}"); + result.Certificate = new X509Certificate2(result.CertificatePath); + } - this.Certificate = new X509Certificate2(this.CertificatePath); + return result; } - internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo) + private DependabotProxy(string host, string port) { - // If the proxy isn't configured, we have nothing to do. - if (!this.IsConfigured) return; - - logger.LogInfo($"Setting up Dependabot proxy at {this.Address}"); - - startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.Address); - startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address); - startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName); + this.host = host; + this.port = port; + this.Address = $"http://{this.host}:{this.port}"; } public void Dispose() { - if (this.Certificate != null) - { - this.Certificate.Dispose(); - } + this.Certificate?.Dispose(); } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index bbd5ecbd127a..cf4c6d73bd65 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -27,7 +27,7 @@ public sealed partial class DependencyManager : IDisposable, ICompilationInfoCon private readonly ILogger logger; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly NugetPackageRestorer nugetPackageRestorer; - private readonly DependabotProxy dependabotProxy; + private readonly DependabotProxy? dependabotProxy; private readonly IDotNet dotnet; private readonly FileContent fileContent; private readonly FileProvider fileProvider; @@ -107,7 +107,7 @@ void exitCallback(int ret, string msg, bool silent) return BuildScript.Success; }).Run(SystemBuildActions.Instance, startCallback, exitCallback); - dependabotProxy = new DependabotProxy(logger, tempWorkingDirectory); + dependabotProxy = DependabotProxy.GetDependabotProxy(logger, tempWorkingDirectory); try { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index a82a0a47f415..c1fdcc06e91b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -27,11 +27,11 @@ private DotNet(IDotNetCliInvoker dotnetCliInvoker, ILogger logger, TemporaryDire Info(); } - private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { } + private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger); - public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy); + public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy); private void Info() { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs index cdadfe1f5b8e..19f0f3dbe0d9 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs @@ -12,11 +12,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching internal sealed class DotNetCliInvoker : IDotNetCliInvoker { private readonly ILogger logger; - private readonly DependabotProxy proxy; + private readonly DependabotProxy? proxy; public string Exec { get; } - public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy dependabotProxy) + public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy? dependabotProxy) { this.logger = logger; this.proxy = dependabotProxy; @@ -42,7 +42,14 @@ private ProcessStartInfo MakeDotnetStartInfo(string args, string? workingDirecto startInfo.EnvironmentVariables["DOTNET_SKIP_FIRST_TIME_EXPERIENCE"] = "true"; // Configure the proxy settings, if applicable. - this.proxy.ApplyProxy(this.logger, startInfo); + if (this.proxy != null) + { + logger.LogInfo($"Setting up Dependabot proxy at {this.proxy.Address}"); + + startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.proxy.Address); + startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.proxy.Address); + startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.proxy.CertificatePath); + } return startInfo; } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index a01b3ae96493..d0c0af6b768b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -22,7 +22,7 @@ internal sealed partial class NugetPackageRestorer : IDisposable private readonly FileProvider fileProvider; private readonly FileContent fileContent; private readonly IDotNet dotnet; - private readonly DependabotProxy dependabotProxy; + private readonly DependabotProxy? dependabotProxy; private readonly IDiagnosticsWriter diagnosticsWriter; private readonly TemporaryDirectory legacyPackageDirectory; private readonly TemporaryDirectory missingPackageDirectory; @@ -35,7 +35,7 @@ public NugetPackageRestorer( FileProvider fileProvider, FileContent fileContent, IDotNet dotnet, - DependabotProxy dependabotProxy, + DependabotProxy? dependabotProxy, IDiagnosticsWriter diagnosticsWriter, ILogger logger, ICompilationInfoContainer compilationInfoContainer) @@ -596,7 +596,7 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, // Configure the HttpClient to be aware of the Dependabot Proxy, if used. HttpClientHandler httpClientHandler = new(); - if (this.dependabotProxy.IsConfigured) + if (this.dependabotProxy != null) { httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address); From 7369d043ed1e9438e69cf9c4c7b4bdcd988e6465 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Dec 2024 12:25:45 +0000 Subject: [PATCH 12/15] C#: Don't initialise `DependabotProxy` on Windows or macOS --- .../DependabotProxy.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index d1a5df4dbc5e..09f5a15a21d6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -27,6 +27,13 @@ public class DependabotProxy : IDisposable internal static DependabotProxy? GetDependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory) { + // Setting HTTP(S)_PROXY and SSL_CERT_FILE have no effect on Windows or macOS, + // but we would still end up using the Dependabot proxy to check for feed reachability. + // This would result in us discovering that the feeds are reachable, but `dotnet` would + // fail to connect to them. To prevent this from happening, we do not initialise an + // instance of `DependabotProxy` on those platforms. + if (SystemBuildActions.Instance.IsWindows() || SystemBuildActions.Instance.IsMacOs()) return null; + // Obtain and store the address of the Dependabot proxy, if available. var host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost); var port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort); From 952488c2d843d2a0196311f638051b4026b8a32c Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Dec 2024 12:32:55 +0000 Subject: [PATCH 13/15] C#: Fix possible null dereference --- .../DependencyManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index cf4c6d73bd65..b8773f0ae4a6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -545,7 +545,7 @@ private void AnalyseProject(FileInfo project) public void Dispose() { nugetPackageRestorer?.Dispose(); - dependabotProxy.Dispose(); + dependabotProxy?.Dispose(); if (cleanupTempWorkingDirectory) { tempWorkingDirectory?.Dispose(); From 653d68ea9472b93be390545b27381c98ed7756da Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 6 Dec 2024 13:13:15 +0000 Subject: [PATCH 14/15] C#: Explicitly close writer in `DependabotProxy` --- .../DependabotProxy.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index 09f5a15a21d6..f3d92b38f0c8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -62,6 +62,7 @@ public class DependabotProxy : IDisposable using var writer = certFile.CreateText(); writer.Write(cert); + writer.Close(); logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}"); From c8ccfe40a550026411ecde0a8bc78b7486a4407e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 6 Dec 2024 13:13:41 +0000 Subject: [PATCH 15/15] C#: Create certificate from string, rather than file --- .../DependabotProxy.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs index f3d92b38f0c8..895bd313ac30 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs @@ -66,7 +66,7 @@ public class DependabotProxy : IDisposable logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}"); - result.Certificate = new X509Certificate2(result.CertificatePath); + result.Certificate = X509Certificate2.CreateFromPem(cert); } return result;