Allow HTTP connections to fetch database#2332
Allow HTTP connections to fetch database#2332aeisenberg merged 5 commits intogithub:mainfrom jrozner:http-database
Conversation
aeisenberg
left a comment
aeisenberg
left a comment
There was a problem hiding this comment.
Thanks for your contribution. This looks reasonable to me. I have a few suggestions.
extensions/ql-vscode/package.json
Outdated
| "codeQL.allowHttp": { | ||
| "type": "boolean", | ||
| "default": false, | ||
| "description": "Allow databases to be downloaded via HTTP" |
There was a problem hiding this comment.
| "description": "Allow databases to be downloaded via HTTP" | |
| "description": "Allow databases to be downloaded via HTTP. Warning: enabling this option will allow downloading from insecure servers." |
extensions/ql-vscode/package.json
Outdated
| "minimum": 0, | ||
| "description": "Report a warning for any join order whose metric exceeds this value." | ||
| }, | ||
| "codeQL.allowHttp": { |
There was a problem hiding this comment.
Please make it clear that this is related to database downloads only.
| "codeQL.allowHttp": { | |
| "codeQL.databaseDownload.allowHttp": { |
extensions/ql-vscode/src/config.ts
Outdated
| export const ALLOW_HTTP = new Setting( | ||
| "allowHttp", | ||
| ROOT_SETTING, | ||
| ); |
There was a problem hiding this comment.
| export const ALLOW_HTTP = new Setting( | |
| "allowHttp", | |
| ROOT_SETTING, | |
| ); | |
| const DATABASE_DOWNLOAD_SETTING = new Setting("databaseDownload", ROOT_SETTING); | |
| export const ALLOW_HTTP_SETTING = new Setting( | |
| "allowHttp", | |
| DATABASE_DOWNLOAD_SETTING, | |
| ); |
| } from "./common/github-url-identifier-helper"; | ||
| import { Credentials } from "./common/authentication"; | ||
| import { AppCommandManager } from "./common/commands"; | ||
| import { ALLOW_HTTP } from "./config"; |
There was a problem hiding this comment.
| import { ALLOW_HTTP } from "./config"; | |
| import { ALLOW_HTTP_SETTING } from "./config"; |
| } | ||
|
|
||
| validateHttpsUrl(databaseUrl); | ||
| if (!ALLOW_HTTP.getValue()) { |
There was a problem hiding this comment.
| if (!ALLOW_HTTP.getValue()) { | |
| if (!ALLOW_HTTP_SETTING.getValue()) { |
There was a problem hiding this comment.
Actually, on a deeper thought, can you push this check into the validateHttpsUrl method? Rename the method to validateUrl? This method parses the URL as well as check for https. It's probably better to continue to check that the URL parses regardless of whether or not it is https.
Something like this maybe:
function validateUrl(databaseUrl: string) {
let uri;
try {
uri = Uri.parse(databaseUrl, true);
} catch (e) {
throw new Error(`Invalid url: ${databaseUrl}`);
}
if (!ALLOW_HTTP_SETTING.getValue() && uri.scheme !== "https") {
throw new Error("Must use https for downloading a database.");
}
}
|
All changes made and fixed the linting issue from before. Ready for review |
Introduce a new config option to allow requests over HTTP when fetching a database from a URL.
aeisenberg
left a comment
aeisenberg
left a comment
There was a problem hiding this comment.
Thanks for the quick turnaround. Typo found.
|
I pushed a few minor changes to your branch: changelog note, typo fix in config description, and invalid variable reference fix. |
|
Awesome. Changes look good. Anything else you need from me? |
|
Nope. Let's wait for the checks to pass... |
aeisenberg
left a comment
aeisenberg
left a comment
There was a problem hiding this comment.
Thanks again for your contribution! I hope this is what you need.
2 participants
Introduce a new config option to allow requests over HTTP when fetching a database from a URL.
Closes #2324
Checklist
ready-for-doc-reviewlabel there.