Skip to content

Commit

Permalink
SSL options
Browse files Browse the repository at this point in the history
  • Loading branch information
whatyouhide committed Aug 1, 2023
1 parent 0e8574c commit d7f525e
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 1 deletion.
41 changes: 40 additions & 1 deletion lib/excoveralls/poster.ex
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,20 @@ defmodule ExCoveralls.Poster do
body
}

case :httpc.request(:post, request, [timeout: 10_000], sync: true) do
http_options = [
timeout: 10_000,
ssl:
[
verify: :verify_peer,
depth: 2,
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]
# https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/inets
] ++ cacert_option()
]

case :httpc.request(:post, request, http_options, sync: true, body_format: :binary) do
{:ok, {{_protocol, status_code, _status_message}, _headers, _body}}
when status_code in 200..299 ->
{:ok, "Successfully uploaded the report to '#{endpoint}'."}
Expand All @@ -78,4 +91,30 @@ defmodule ExCoveralls.Poster do
{:error, "Failed to upload the report to '#{endpoint}' (reason: #{inspect(reason)})."}
end
end

defp cacert_option do
if Code.ensure_loaded?(CAStore) do
[cacertfile: String.to_charlist(CAStore.file_path())]
else
case :public_key.cacerts_load() do
:ok ->
[cacerts: :public_key.cacerts_get()]

{:error, reason} ->
raise ExCoveralls.ReportUploadError,
message: """
Failed to load OS certificates. We tried to use OS certificates because we
couldn't find the :castore library. If you want to use :castore, please add
{:castore, "~> 1.0"}
to your dependencies. Otherwise, make sure you can load OS certificates by
running :public_key.cacerts_load() and checking the result. The error we
got was:
#{inspect(reason)}
"""
end
end
end
end
1 change: 1 addition & 0 deletions mix.exs
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ defmodule ExCoveralls.Mixfile do

defp deps do
[
{:castore, "~> 1.0", optional: true},
{:jason, "~> 1.0"},
{:bypass, "~> 2.1.0", only: :test},
{:ex_doc, ">= 0.0.0", only: :dev, runtime: false},
Expand Down
1 change: 1 addition & 0 deletions mix.lock
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
%{
"bypass": {:hex, :bypass, "2.1.0", "909782781bf8e20ee86a9cabde36b259d44af8b9f38756173e8f5e2e1fabb9b1", [:mix], [{:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "d9b5df8fa5b7a6efa08384e9bbecfe4ce61c77d28a4282f79e02f1ef78d96b80"},
"castore": {:hex, :castore, "1.0.3", "7130ba6d24c8424014194676d608cb989f62ef8039efd50ff4b3f33286d06db8", [:mix], [], "hexpm", "680ab01ef5d15b161ed6a95449fac5c6b8f60055677a8e79acf01b27baa4390b"},
"cowboy": {:hex, :cowboy, "2.10.0", "ff9ffeff91dae4ae270dd975642997afe2a1179d94b1887863e43f681a203e26", [:make, :rebar3], [{:cowlib, "2.12.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "3afdccb7183cc6f143cb14d3cf51fa00e53db9ec80cdcd525482f5e99bc41d6b"},
"cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"},
"cowlib": {:hex, :cowlib, "2.12.1", "a9fa9a625f1d2025fe6b462cb865881329b5caff8f1854d1cbc9f9533f00e1e1", [:make, :rebar3], [], "hexpm", "163b73f6367a7341b33c794c4e88e7dbfe6498ac42dcd69ef44c5bc5507c8db0"},
Expand Down

0 comments on commit d7f525e

Please sign in to comment.