Merge pull request #2332 from jrozner/http-database

aeisenberg · web-flow · commit 02f14821c810 · 2023-04-17T17:16:16.000-07:00
Allow HTTP connections to fetch database
diff --git a/extensions/ql-vscode/CHANGELOG.md b/extensions/ql-vscode/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## [UNRELEASED]
 
+- Add new configuration option to allow downloading databases from http, non-secure servers. [#2332](https://github.com/github/vscode-codeql/pull/2332)
+
 ## 1.8.2 - 12 April 2023
 
 - Fix bug where users could end up with the managed CodeQL CLI getting uninstalled during upgrades and not reinstalled. [#2294](https://github.com/github/vscode-codeql/pull/2294)
diff --git a/extensions/ql-vscode/package.json b/extensions/ql-vscode/package.json
@@ -293,6 +293,11 @@
           "scope": "window",
           "minimum": 0,
           "description": "Report a warning for any join order whose metric exceeds this value."
+        },
+        "codeQL.databaseDownload.allowHttp": {
+          "type": "boolean",
+          "default": false,
+          "description": "Allow database to be downloaded via HTTP. Warning: enabling this option will allow downloading from insecure servers."
         }
       }
     },
diff --git a/extensions/ql-vscode/src/config.ts b/extensions/ql-vscode/src/config.ts
@@ -608,3 +608,14 @@ export const CODESPACES_TEMPLATE = new Setting(
 export function isCodespacesTemplate() {
   return !!CODESPACES_TEMPLATE.getValue<boolean>();
 }
+
+const DATABASE_DOWNLOAD_SETTING = new Setting("databaseDownload", ROOT_SETTING);
+
+export const ALLOW_HTTP_SETTING = new Setting(
+  "allowHttp",
+  DATABASE_DOWNLOAD_SETTING,
+);
+
+export function allowHttp(): boolean {
+  return ALLOW_HTTP_SETTING.getValue<boolean>() || false;
+}
diff --git a/extensions/ql-vscode/src/databaseFetcher.ts b/extensions/ql-vscode/src/databaseFetcher.ts
@@ -27,6 +27,7 @@ import {
 } from "./common/github-url-identifier-helper";
 import { Credentials } from "./common/authentication";
 import { AppCommandManager } from "./common/commands";
+import { ALLOW_HTTP_SETTING } from "./config";
 
 /**
  * Prompts a user to fetch a database from a remote location. Database is assumed to be an archive file.
@@ -49,7 +50,7 @@ export async function promptImportInternetDatabase(
     return;
   }
 
-  validateHttpsUrl(databaseUrl);
+  validateUrl(databaseUrl);
 
   const item = await databaseArchiveFetcher(
     databaseUrl,
@@ -356,15 +357,15 @@ async function getStorageFolder(storagePath: string, urlStr: string) {
   return folderName;
 }
 
-function validateHttpsUrl(databaseUrl: string) {
+function validateUrl(databaseUrl: string) {
   let uri;
   try {
     uri = Uri.parse(databaseUrl, true);
   } catch (e) {
     throw new Error(`Invalid url: ${databaseUrl}`);
   }
 
-  if (uri.scheme !== "https") {
+  if (!ALLOW_HTTP_SETTING.getValue() && uri.scheme !== "https") {
     throw new Error("Must use https for downloading a database.");
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -293,6 +293,11 @@`
`293`	`293`	`"scope": "window",`
`294`	`294`	`"minimum": 0,`
`295`	`295`	`"description": "Report a warning for any join order whose metric exceeds this value."`
	`296`	`+ },`
	`297`	`+ "codeQL.databaseDownload.allowHttp": {`
	`298`	`+ "type": "boolean",`
	`299`	`+ "default": false,`
	`300`	`+ "description": "Allow database to be downloaded via HTTP. Warning: enabling this option will allow downloading from insecure servers."`
`296`	`301`	`}`
`297`	`302`	`}`
`298`	`303`	`},`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ import {`
`27`	`27`	`} from "./common/github-url-identifier-helper";`
`28`	`28`	`import { Credentials } from "./common/authentication";`
`29`	`29`	`import { AppCommandManager } from "./common/commands";`
	`30`	`+import { ALLOW_HTTP_SETTING } from "./config";`
`30`	`31`
`31`	`32`	`/**`
`32`	`33`	`* Prompts a user to fetch a database from a remote location. Database is assumed to be an archive file.`
`@@ -49,7 +50,7 @@ export async function promptImportInternetDatabase(`
`49`	`50`	`return;`
`50`	`51`	`}`
`51`	`52`
`52`		`- validateHttpsUrl(databaseUrl);`
	`53`	`+ validateUrl(databaseUrl);`
`53`	`54`
`54`	`55`	`const item = await databaseArchiveFetcher(`
`55`	`56`	`databaseUrl,`
`@@ -356,15 +357,15 @@ async function getStorageFolder(storagePath: string, urlStr: string) {`
`356`	`357`	`return folderName;`
`357`	`358`	`}`
`358`	`359`
`359`		`-function validateHttpsUrl(databaseUrl: string) {`
	`360`	`+function validateUrl(databaseUrl: string) {`
`360`	`361`	`let uri;`
`361`	`362`	`try {`
`362`	`363`	`uri = Uri.parse(databaseUrl, true);`
`363`	`364`	`} catch (e) {`
`364`	`365`	throw new Error(`Invalid url: ${databaseUrl}`);
`365`	`366`	`}`
`366`	`367`
`367`		`- if (uri.scheme !== "https") {`
	`368`	`+ if (!ALLOW_HTTP_SETTING.getValue() && uri.scheme !== "https") {`
`368`	`369`	`throw new Error("Must use https for downloading a database.");`
`369`	`370`	`}`
`370`	`371`	`}`