github
diff --git a/‎java/integration-tests-lib/mitm_proxy.py
Copy file name to clipboard
+173Lines changed: 173 additions & 0 deletions b/‎java/integration-tests-lib/mitm_proxy.py
Copy file name to clipboard
+173Lines changed: 173 additions & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitattributes
Copy file name to clipboard
+9Lines changed: 9 additions & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitattributes
Copy file name to clipboard
+9Lines changed: 9 additions & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitignore
Copy file name to clipboard
+5Lines changed: 5 additions & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitignore
Copy file name to clipboard
+5Lines changed: 5 additions & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/build.gradle
Copy file name to clipboard
+16Lines changed: 16 additions & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/build.gradle
Copy file name to clipboard
+16Lines changed: 16 additions & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/buildless-fetches.expected
Copy file name to clipboard
+1Lines changed: 1 addition & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/buildless-fetches.expected
Copy file name to clipboard
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/diagnostics.expected
Copy file name to clipboard
+70Lines changed: 70 additions & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/diagnostics.expected
Copy file name to clipboard
+70Lines changed: 70 additions & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/force_sequential_test_execution
Copy file name to clipboard
+3Lines changed: 3 additions & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/force_sequential_test_execution
Copy file name to clipboard
+3Lines changed: 3 additions & 0 deletions
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.jar
Copy file name to clipboard
62.2 KB b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.jar
Copy file name to clipboard
62.2 KB
diff --git a/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.properties
Copy file name to clipboard
+7Lines changed: 7 additions & 0 deletions b/‎java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.properties
Copy file name to clipboard
+7Lines changed: 7 additions & 0 deletions
@@ -0,0 +1,173 @@
+import http.server
+import sys
+import os
+import socket
+import ssl
+import random
+from datetime import datetime, timedelta, timezone
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography import utils, x509
+from cryptography.hazmat.primitives.asymmetric import rsa, dsa
+
+import select
+
+
+def generateCA(ca_cert_file, ca_key_file):
+    ca_key = dsa.generate_private_key(4096)
+    name = x509.Name([
+        x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "US"),
+        x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "GitHub"),
+        x509.NameAttribute(x509.NameOID.COMMON_NAME, "GitHub CodeQL Proxy")])
+    ca_cert = x509.CertificateBuilder().subject_name(name).issuer_name(name)
+    ca_cert = ca_cert.public_key(ca_key.public_key())
+    ca_cert = ca_cert.serial_number(random.randint(50000000, 100000000))
+    ca_cert = ca_cert.not_valid_before(datetime.now(timezone.utc))
+    ca_cert = ca_cert.not_valid_after(
+        datetime.now(timezone.utc) + timedelta(days=3650))
+    ca_cert = ca_cert.add_extension(x509.BasicConstraints(
+        ca=True, path_length=None), critical=True)
+    ca_cert = ca_cert.add_extension(
+        x509.SubjectKeyIdentifier.from_public_key(ca_key.public_key()), critical=False)
+    ca_cert = ca_cert.sign(ca_key, hashes.SHA256())
+    with open(ca_cert_file, 'wb') as f:
+        f.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM))
+    with open(ca_key_file, 'wb') as f:
+        f.write(ca_key.private_bytes(encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()))
+
+
+def create_certificate(hostname):
+    pkey = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+    subject = x509.Name(
+        [x509.NameAttribute(x509.NameOID.COMMON_NAME, hostname)])
+
+    cert = x509.CertificateBuilder()
+    cert = cert.subject_name(subject).issuer_name(ca_certificate.subject)
+    cert = cert.public_key(pkey.public_key())
+    cert = cert.serial_number(random.randint(50000000, 100000000))
+    cert = cert.not_valid_before(datetime.now(timezone.utc)).not_valid_after(
+        datetime.now(timezone.utc) + timedelta(days=3650))
+    cert = cert.add_extension(x509.BasicConstraints(
+        ca=False, path_length=None), critical=True)
+    cert = cert.add_extension(
+        x509.SubjectAlternativeName([x509.DNSName(hostname), x509.DNSName(f"*.{hostname}")]), critical=False)
+
+    cert = cert.sign(ca_key, hashes.SHA256())
+
+    return (cert, pkey)
+
+
+class Handler(http.server.SimpleHTTPRequestHandler):
+    def check_auth(self):
+        username = os.getenv('PROXY_USER')
+        password = os.getenv('PROXY_PASSWORD')
+        if username is None or password is None:
+            return True
+
+        authorization = self.headers.get(
+            'Proxy-Authorization', self.headers.get('Authorization', ''))
+        authorization = authorization.split()
+        if len(authorization) == 2:
+            import base64
+            import binascii
+            auth_type = authorization[0]
+            if auth_type.lower() == "basic":
+                try:
+                    authorization = authorization[1].encode('ascii')
+                    authorization = base64.decodebytes(
+                        authorization).decode('ascii')
+                except (binascii.Error, UnicodeError):
+                    pass
+                else:
+                    authorization = authorization.split(':')
+                    if len(authorization) == 2:
+                        return username == authorization[0] and password == authorization[1]
+        return False
+
+    def do_CONNECT(self):
+        if not self.check_auth():
+            self.send_response(
+                http.HTTPStatus.PROXY_AUTHENTICATION_REQUIRED)
+            self.send_header('Proxy-Authenticate', 'Basic realm="Proxy"')
+            self.end_headers()
+            return
+        # split self.path into host and port
+        host, port = self.path.split(':')
+        port = int(port)
+        self.send_response(http.HTTPStatus.OK, 'Connection established')
+        self.send_header('Connection', 'close')
+        self.end_headers()
+        self.mitm(host, port)
+
+    # man in the middle SSL connection
+    def mitm(self, host, port):
+        ssl_client_context = ssl.create_default_context(
+            purpose=ssl.Purpose.CLIENT_AUTH)
+        if not os.path.exists("certs/" + host + '.pem'):
+            cert, pkey = create_certificate(host)
+            with open("certs/" + host + '.pem', 'wb') as f:
+                f.write(pkey.private_bytes(encoding=serialization.Encoding.PEM,
+                        format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()))
+                f.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+        ssl_client_context.load_cert_chain("certs/" + host + '.pem')
+        ssl_client_context.load_verify_locations(ca_certificate_path)
+        # wrap self.connection in SSL
+        client = ssl_client_context.wrap_socket(
+            self.connection, server_side=True)
+
+        # create socket to host:port
+        remote = socket.create_connection(
+            (host, port))
+        # wrap socket in SSL
+        ssl_server_context = ssl.create_default_context(
+            purpose=ssl.Purpose.SERVER_AUTH)
+        remote = ssl_server_context.wrap_socket(remote, server_hostname=host)
+
+        try:
+            while True:
+                ready, _, _ = select.select(
+                    [client, remote], [], [], 2.0)
+                if not ready:
+                    break
+                for src in ready:
+                    if src is client:
+                        dst = remote
+                    else:
+                        dst = client
+                    src.setblocking(False)
+                    dst.setblocking(True)
+                    pending = 8192
+                    while pending:
+                        try:
+                            data = src.recv(pending)
+                        except ssl.SSLWantReadError:
+                            break
+                        if not data:
+                            return
+                        pending = src.pending()
+                        dst.sendall(data)
+        finally:
+            remote.close()
+            client.close()
+
+    def do_GET(self):
+        raise NotImplementedError()
+
+
+if __name__ == '__main__':
+    port = int(sys.argv[1])
+    ca_certificate = None
+    ca_certificate_path = None
+    ca_key = None
+    if len(sys.argv) > 2:
+        ca_certificate_path = sys.argv[2]
+        with open(ca_certificate_path, 'rb') as f:
+            ca_certificate = x509.load_pem_x509_certificate(f.read())
+        with open(sys.argv[3], 'rb') as f:
+            ca_key = serialization.load_pem_private_key(
+                f.read(), password=None)
+
+    server_address = ('localhost', port)
+    httpd = http.server.HTTPServer(server_address, Handler)
+    httpd.serve_forever()
@@ -0,0 +1,9 @@
+#
+# https://help.github.com/articles/dealing-with-line-endings/
+#
+# Linux start script should use lf
+/gradlew        text eol=lf
+
+# These are Windows script files and should use crlf
+*.bat           text eol=crlf
+
@@ -0,0 +1,5 @@
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore Gradle build output directory
+build
@@ -0,0 +1,16 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This is a general purpose Gradle build.
+ * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples
+ */
+
+apply plugin: 'java-library'
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+  api 'org.apache.commons:commons-math3:3.6.1'
+}
@@ -0,0 +1 @@
+https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 1 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-gradle",
+    "name": "Java analysis extracted precise dependency graph information from tool Gradle"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
@@ -0,0 +1,3 @@
+# We currently have a bug where gradle tests become flaky when executed in parallel
+# - sometimes, gradle fails to connect to the gradle daemon.
+# Therefore, force this test to run sequentially.
@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar`