Merge branch 'main' into feat/AzureOpenAI

bridgecrewio · Sep 19, 2023 · 71ccce6 · 71ccce6
2 parents c8101c7 + 74dc72b
commit 71ccce6
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 4 deletions.
diff --git a/checkov/common/bridgecrew/integration_features/features/fixes_integration.py b/checkov/common/bridgecrew/integration_features/features/fixes_integration.py
@@ -6,6 +6,9 @@
 from itertools import groupby
 from typing import TYPE_CHECKING, Any
 
+from urllib3 import PoolManager
+from urllib3.exceptions import ProtocolError
+
 from checkov.common.bridgecrew.integration_features.base_integration_feature import BaseIntegrationFeature
 from checkov.common.bridgecrew.integration_features.features.policy_metadata_integration import integration as metadata_integration
 from checkov.common.bridgecrew.platform_integration import bc_integration
@@ -112,8 +115,22 @@ def _get_fixes_for_file(
         if not self.bc_integration.http:
             raise AttributeError("HTTP manager was not correctly created")
 
-        logging.debug(f'Calling fixes API with payload: {json.dumps(payload)}, headers: {headers}, url: {self.fixes_url}')
-        request = self.bc_integration.http.request("POST", self.fixes_url, headers=headers, body=json.dumps(payload))  # type:ignore[no-untyped-call]
+        try:
+            logging.debug(f'Calling fixes API with payload: {json.dumps(payload)}, headers: {headers}, url: {self.fixes_url}')
+            request = self.bc_integration.http.request("POST", self.fixes_url, headers=headers, body=json.dumps(payload))  # type:ignore[no-untyped-call]
+
+        # When running via IDE we can fail here in case of running with -d when the poolManager is broken
+        except ProtocolError as e:
+            logging.error(f'Get fixes request for file {filename} failed with response code error: {e}')
+            if isinstance(self.bc_integration.http, PoolManager):
+                self.bc_integration.http = None
+                self.bc_integration.setup_http_manager(
+                    self.bc_integration.ca_certificate,
+                    self.bc_integration.no_cert_verify
+                )
+                request = self.bc_integration.http.request("POST", self.fixes_url, headers=headers, body=json.dumps(payload))  # type:ignore
+            else:
+                return None
 
         if request.status != 200:
             error_message = extract_error_message(request)

diff --git a/checkov/common/bridgecrew/platform_integration.py b/checkov/common/bridgecrew/platform_integration.py
@@ -121,6 +121,8 @@ def __init__(self) -> None:
         self.support_flag_enabled = False
         self.enable_persist_graphs = convert_str_to_bool(os.getenv('BC_ENABLE_PERSIST_GRAPHS', 'True'))
         self.persist_graphs_timeout = int(os.getenv('BC_PERSIST_GRAPHS_TIMEOUT', 60))
+        self.ca_certificate: str | None = None
+        self.no_cert_verify: bool = False
 
     def set_bc_api_url(self, new_url: str) -> None:
         self.bc_api_url = normalize_bc_url(new_url)
@@ -206,6 +208,9 @@ def setup_http_manager(self, ca_certificate: str | None = None, no_cert_verify:
         :param ca_certificate: an optional CA bundle to be used by both libraries.
         :param no_cert_verify: whether to skip SSL cert verification
         """
+        self.ca_certificate = ca_certificate
+        self.no_cert_verify = no_cert_verify
+
         ca_certificate = ca_certificate or os.getenv('BC_CA_BUNDLE')
         cert_reqs: str | None
 

diff --git a/checkov/version.py b/checkov/version.py
@@ -1 +1 @@
-version = '2.4.41'
+version = '2.4.42'
diff --git a/kubernetes/requirements.txt b/kubernetes/requirements.txt
@@ -1 +1 @@
-checkov==2.4.41
+checkov==2.4.42