Skip to content

fix: do not set legacy proxy from maven or env (#7072)#7074

Merged
aikebah merged 1 commit intodependency-check:mainfrom
stklcode:fix/7072-proxy
Oct 23, 2024
Merged

fix: do not set legacy proxy from maven or env (#7072)#7074
aikebah merged 1 commit intodependency-check:mainfrom
stklcode:fix/7072-proxy

Conversation

@stklcode
Copy link
Copy Markdown
Contributor

@stklcode stklcode commented Oct 22, 2024

Fixes Issue

#7072

Description of Change

The Apache HTTPClient based downloader supports http(s).proxy* properties, so we do not need to use legacy logic. In legeacy mode http.nonProxyHosts is not honored, so setting both leads to issues due to missing proxy selectors.

Omit populating legacy properties resolves this issue. In addition we have to move the password decryption from Maven settings up, so it actually works.

Have test cases been added to cover the new functionality?

no

@boring-cyborg boring-cyborg Bot added the maven changes to the maven plugin label Oct 22, 2024
@stklcode stklcode marked this pull request as ready for review October 22, 2024 20:05
@aikebah aikebah self-assigned this Oct 23, 2024
aikebah
aikebah requested changes Oct 23, 2024
View reviewed changes
Comment thread maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@stklcode
fix: do not set legacy proxy from maven or env (dependency-check#7072) (
e6f022b 
dependency-check#7074)

The Apache HTTPClient based downloader supports http(s).proxy*
properties, so we do not need to use legacy logic. In legacy mode
http.nonProxyHosts is not honored, so setting both leads to issues due
to missing proxy selectors.

Omit populating legacy properties resolves this issue. In addition, we
have to move the password decryption from Maven settings up, so it
actually works.

Signed-off-by: Stefan Kalscheuer <[email protected]>
@aikebah aikebah added this to the 11.0.1 milestone Oct 23, 2024
jeremylong
jeremylong approved these changes Oct 23, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jeremylong jeremylong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aikebah aikebah mentioned this pull request Oct 23, 2024
Merged
@aikebah aikebah merged commit e2009ca into dependency-check:main Oct 23, 2024
@aikebah
Copy link
Copy Markdown
Collaborator

aikebah commented Oct 23, 2024

@stklcode Thanks for the PR

@stklcode stklcode deleted the fix/7072-proxy branch October 23, 2024 13:51
@github-actions github-actions Bot locked as resolved and limited conversation to collaborators Dec 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jeremylong jeremylong jeremylong approved these changes

@aikebah aikebah aikebah approved these changes

Assignees

@aikebah aikebah

Labels

maven changes to the maven plugin

Projects

None yet

Milestone

11.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@stklcode @aikebah @jeremylong