Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with proxy #138

Open
amusarra opened this issue Oct 8, 2024 · 12 comments
Open

Problem with proxy #138

amusarra opened this issue Oct 8, 2024 · 12 comments

Comments

@amusarra
Copy link

amusarra commented Oct 8, 2024

Environment: macOS 24.0.0 Darwin Kernel Version 24.0.0
Python: 3.12
IDE: IntelliJ IDEA 2024.2.3 (Ultimate Edition)
IDE Config:

IntelliJ IDEA 2024.2.3 (Ultimate Edition)
Build #IU-242.23339.11, built on September 25, 2024
Licensed to Liferay Portal Security Audit / Antonio Musarra
Subscription is active until November 22, 2024.
For non-commercial open source development only.
Runtime version: 21.0.4+13-b509.17 aarch64 (JCEF 122.1.9)
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Toolkit: sun.lwawt.macosx.LWCToolkit
macOS 15.0.1
GC: G1 Young Generation, G1 Concurrent GC, G1 Old Generation
Memory: 2048M
Cores: 10
Registry:
  debugger.new.tool.window.layout=true
  ide.experimental.ui=true
  i18n.locale=
Non-Bundled Plugins:
  com.jetbrains.plugins.ini4idea (242.23339.18)
  com.github.bridgecrewio.prismacloud (1.0.22)
  com.mnr.java.intellij.idea.plugin.base64helper (2.0.3)
  com.jetbrains.darkPurpleTheme (1.3)
  com.jetbrains.space (242.23339.11)
  com.jetbrains.edu (2024.9-2024.2-1051)
  google-java-format (1.24.0.0)
  com.wrq.rearranger (6.0.18)
  com.intellij.properties.bundle.editor (242.22855.32)
  CheckStyle-IDEA (5.95.0)
  com.github.camork.fileExpander (2.5)
  com.intellij.mermaid (0.0.22+IJ.232)
  com.intellij.ml.llm (242.23339.40)
  org.asciidoctor.intellij.asciidoc (0.43.1)
  org.exbin.deltahex.intellij (0.2.10.1)
  io.snyk.snyk-intellij-plugin (2.9.1)
  com.github.copilot (1.5.25.10)
  org.sonarlint.idea (10.11.1.79663)
  zielu.gittoolbox (600.0.1+242)
Kotlin: 242.23339.11-IJ

Config 1 - Configuration of the IDE

When using the IntellijIDEA plugin, and it is configured to use a proxy, the plugin fails to connect to the endpoint. It seems that the plugin does not use the proxy set in the IDE or the system-wide proxy.

2024-10-08 12:14:40,284 [MainThread  ] [WARNI]  An unexpected error occurred getting the run configuration from https://<FQDN>/bridgecrew/api/v2/checkov/runConfiguration after multiple retries. Please verify your API key and Prisma API URL, and retry. If the problem persists, please enable debug logs and contact support. The error is: HTTPSConnectionPool(host='api.eu.prismacloud.io', port=443): Max retries exceeded with url: /login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x148affc80>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)'))
Traceback (most recent call last):
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 203, in _new_conn
    sock = connection.create_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 85, in create_connection
    raise err
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 73, in create_connection
    sock.connect(sa)
TimeoutError: timed out

Log 1 - Connection timeout when setting the proxy
@ChananM
Copy link
Collaborator

ChananM commented Oct 9, 2024

You are correct, we do not pass IntelliJ proxy settings to Checkov, and this is indeed an issue.
Can you please share how your proxy configuration looks under Appearance & Behavior | System Settings | HTTP Proxy?
If you can't share the data any mock values will suffice, I just want to make sure I reproduce the same issue.
By the way, if it can provide a temporary workaround, proxy configuration works in the VS Code extension

@amusarra
Copy link
Author

amusarra commented Oct 9, 2024

Hi @ChananM
I am using "Manual Proxy configuration" of HTTP type under Appearance & Behavior. I'm not using a publicly accessible proxy, so it wouldn't help you to have my proxy settings.

For Java projects I don't use VSCode and I don't want to use it.

I await your response.
Many thanks.

@ChananM
Copy link
Collaborator

ChananM commented Oct 9, 2024

@amusarra I won't be able (and won't need) to access your proxy, but I will be able to see what is your use case. That's why I said mock values are also fine.
For example, are you using proxy authentication or not?
Either way, another workaround that might work until we'll fix this issue is to define your proxy as a global environment variable in your operating system (HTTPS_PROXY / https_proxy / HTTP_PROXY / http_proxy). I didn't try it myself but I think it should work.

@amusarra
Copy link
Author

amusarra commented Oct 9, 2024

Proxy require authentication, and setting the username and password on the IDEA Proxy Configuration.

With the global proxy via environment, same problem.

@amusarra
Copy link
Author

@amusarra I won't be able (and won't need) to access your proxy, but I will be able to see what is your use case. That's why I said mock values are also fine. For example, are you using proxy authentication or not? Either way, another workaround that might work until we'll fix this issue is to define your proxy as a global environment variable in your operating system (HTTPS_PROXY / https_proxy / HTTP_PROXY / http_proxy). I didn't try it myself but I think it should work.

image

@amusarra
Copy link
Author

Hi @ChananM
I confirm, also with Visual Studio Code the same problem when I use the proxy (http).

  1. export proxy setting via command export HTTPS_PROXY="http://<username>:<password>@<fqdn-proxy>:<proxy-port>"
  2. start Visual Studio Code via command code
  3. configure Prisma Cloud plugin and connection test it's OK
  4. start full scan

You can see the log of the "Run full Scan"

2024-10-11 09:55:35 [info]: Initiating Prisma Cloud VS Code extension version 1.0.21 
2024-10-11 09:55:35 [info]: Plugin path: /Users/amusarra/.vscode/extensions/prismacloud.prisma-cloud-1.0.21 
2024-10-11 09:55:35 [info]: customer is not supporting SAST 
2024-10-11 09:55:35 [error]: Failed fetching a new JWT token, authorization on prisma failed: Request failed with status code 500 
2024-10-11 09:55:35 [error]: CustomersModulesService is not enabled Or token not exists {"isEnabled":true}
2024-10-11 09:55:35 [info]: customer is not supporting SAST 
2024-10-11 09:55:35 [info]: Installing Checkov with Docker 
2024-10-11 09:55:35 [error]: The Checkov installation with Docker was failed {"error":{"name":"Error","message":"Command failed: docker pull bridgecrew/checkov:latest\nCannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?\n","stack":"Error: Command failed: docker pull bridgecrew/checkov:latest\nCannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?\n\n    at genericNodeError (node:internal/errors:984:15)\n    at wrappedFn (node:internal/errors:538:14)\n    at ChildProcess.exithandler (node:child_process:423:12)\n    at ChildProcess.emit (node:events:519:28)\n    at ChildProcess.emit (node:domain:488:12)\n    at maybeClose (node:internal/child_process:1105:16)\n    at Socket.<anonymous> (node:internal/child_process:457:11)\n    at Socket.emit (node:events:519:28)\n    at Socket.emit (node:domain:488:12)\n    at Pipe.<anonymous> (node:net:339:12)"}}
2024-10-11 09:55:35 [info]: Installing Checkov with Pip3 
2024-10-11 09:55:35 [info]: Checking the Python version 
2024-10-11 09:55:37 [error]: No executor found for undefined, aborting scan operation 
2024-10-11 09:55:37 [info]: There are no installationId or jwtToken for sending analytics data 
2024-10-11 09:55:49 [info]: Successfully installed Checkov using pip3 {"type":"pip3","entrypoint":"checkov"}
2024-10-11 09:55:54 [info]: proxy settings: "" 
2024-10-11 09:55:54 [warn]: There are files opened from outside the workspace that won't be scanned in these directories: "/Users/amusarra/Library/Application Support/Code/logs/20241011T095522/window1/exthost/PrismaCloud.prisma-cloud" 
2024-10-11 09:55:54 [info]: checkov --repo-id vscode/extension --quiet --soft-fail --output json --bc-api-key  --directory "/Users/amusarra/dev/github/amusarra/tls-mutual-auth" 
2024-10-11 09:56:20 [info]: Full error checkov process output: 
2024-10-11 09:56:20,092 [MainThread  ] [WARNI]  An unexpected error occurred getting the run configuration from https://api.eu.prismacloud.io/bridgecrew/api/v2/checkov/runConfiguration after multiple retries. Please verify your API key and Prisma API URL, and retry. If the problem persists, please enable debug logs and contact support. The error is: HTTPSConnectionPool(host='api.eu.prismacloud.io', port=443): Max retries exceeded with url: /login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x1493f79e0>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)'))
Traceback (most recent call last):
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 203, in _new_conn
    sock = connection.create_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 85, in create_connection
    raise err
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 73, in create_connection
    sock.connect(sa)
TimeoutError: timed out

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 791, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 492, in _make_request
    raise new_e
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 468, in _make_request
    self._validate_conn(conn)
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn
    conn.connect()
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 611, in connect
    self.sock = sock = self._new_conn()
                       ^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 212, in _new_conn
    raise ConnectTimeoutError(
urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x1493f79e0>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/checkov/common/bridgecrew/platform_integration.py", line 1021, in get_customer_run_config
    token = self.get_auth_token()
            ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/cachetools/__init__.py", line 752, in wrapper
    v = func(*args, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/checkov/common/bridgecrew/platform_integration.py", line 300, in get_auth_token
    request = self.http.request("POST", f"{self.prisma_api_url}/login",  # type:ignore[no-untyped-call]
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/_request_methods.py", line 118, in request
    return self.request_encode_body(
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/_request_methods.py", line 217, in request_encode_body
    return self.urlopen(method, url, **extra_kw)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/poolmanager.py", line 443, in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 875, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 875, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 875, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 845, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/retry.py", line 515, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.eu.prismacloud.io', port=443): Max retries exceeded with url: /login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x1493f79e0>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)'))
An error occurred getting data from the platform, including policy metadata. Because --include-all-checkov-policies was not used, Checkov cannot differentiate Checkov-only policies from platform policies, and no policies will get evaluated. Please resolve the error above or re-run with the --include-all-checkov-policies argument (but note that this will not include any custom platform configurations or policy metadata).
 
2024-10-11 09:56:20 [info]: Checkov execution failed due to: The Checkov execution exited with code 2

@ChananM
Copy link
Collaborator

ChananM commented Oct 13, 2024

@amusarra Thank you for your examples!
Can you please try to achieve this in VS Code via the IDE settings?
Unfortunately I can't attach a screenshot due to corporate firewall. Just enter the settings page and search for 'proxy'
Either way, I reached out to my product manager to prioritize this issue

@amusarra
Copy link
Author

Hi @ChananM
I set the proxy directly on VSCode and that way it works, unlike when it is set via system environment.

image

image

@ChananM
Copy link
Collaborator

ChananM commented Oct 14, 2024

Thanks @amusarra
Can you please reach out to your support representative so they will push for this fix?
Please tell them to refer to this issue in GitHub when opening a ticket

@amusarra
Copy link
Author

Hi @ChananM many thanks. I will proceed as you advised.

@ChananM
Copy link
Collaborator

ChananM commented Oct 21, 2024

Hi @amusarra, can you confirm whether your proxy is only HTTP or can it be accessed with HTTPS as well?

@amusarra
Copy link
Author

Hi @amusarra, can you confirm whether your proxy is only HTTP or can it be accessed with HTTPS as well?

Hi. Only HTTP, no HTTPS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amusarra @ChananM