fix proxy handle in BaseClient (demisto#11950)

anara123 · web-flow · commit b07cec3a80a7 · 2021-03-31T20:35:20.000+03:00
* fix proxy handle in BaseClient

* update secrets

* update secrets

* handle proxy and verify be removing the env vars

* extract proxy and cert verification to separate methods

* fix lint
diff --git a/Packs/Base/.secrets-ignore b/Packs/Base/.secrets-ignore
@@ -78,4 +78,6 @@ spki_sha256='94b716aeda21cd661949cfbf3f55457a277da712cdce0ab31989a4f288fad9b9',
 "94b716aeda21cd661949cfbf3f55457a277da712cdce0ab31989a4f288fad9b9",
 2.23.140.1
 '53e6baa124f54462786f1122e98e38ff1be3de82fe2a96b1849a8637043fd847eec7e0f53307bddf7a066565292d500c36c941f1f3bb9dcac807b2f4a0bfce1b',
-http://proxy
+http://proxy
+http://testproxy
+https://testproxy
diff --git a/Packs/Base/ReleaseNotes/1_7_30.md b/Packs/Base/ReleaseNotes/1_7_30.md
@@ -0,0 +1,3 @@
+#### Scripts
+##### CommonServerPython
+- Fixed an issue in **BaseClient**, which caused the request to ignore **REQUEST_CA_BUNDLE** when **proxy** was set to **false**.
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
@@ -495,22 +495,44 @@ def handle_proxy(proxy_param_name='proxy', checkbox_default_value=False, handle_
             'https': os.environ.get('HTTPS_PROXY') or os.environ.get('https_proxy', '')
         }
     else:
-        for k in ('HTTP_PROXY', 'HTTPS_PROXY', 'http_proxy', 'https_proxy'):
-            if k in os.environ:
-                del os.environ[k]
+        skip_proxy()
+
     if handle_insecure:
         if insecure_param_name is None:
             param_names = ('insecure', 'unsecure')
         else:
             param_names = (insecure_param_name,)  # type: ignore[assignment]
         for p in param_names:
             if demisto.params().get(p, False):
-                for k in ('REQUESTS_CA_BUNDLE', 'CURL_CA_BUNDLE'):
-                    if k in os.environ:
-                        del os.environ[k]
+                skip_cert_verification()
+
     return proxies
 
 
+def skip_proxy():
+    """
+    The function deletes the proxy environment vars in order to http requests to skip routing through proxy
+
+    :return: None
+    :rtype: ``None``
+    """
+    for k in ('HTTP_PROXY', 'HTTPS_PROXY', 'http_proxy', 'https_proxy'):
+        if k in os.environ:
+            del os.environ[k]
+
+
+def skip_cert_verification():
+    """
+    The function deletes the self signed certificate env vars in order to http requests to skip certificate validation.
+
+    :return: None
+    :rtype: ``None``
+    """
+    for k in ('REQUESTS_CA_BUNDLE', 'CURL_CA_BUNDLE'):
+        if k in os.environ:
+            del os.environ[k]
+
+
 def urljoin(url, suffix=""):
     """
         Will join url and its suffix
@@ -5444,7 +5466,10 @@ def __init__(self, base_url, verify=True, proxy=False, ok_codes=tuple(), headers
             self._auth = auth
             self._session = requests.Session()
             if not proxy:
-                self._session.trust_env = False
+                skip_proxy()
+
+            if not verify:
+                skip_cert_verification()
 
         def _implement_retry(self, retries=0,
                              status_list_to_retry=None,
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py
@@ -2055,6 +2055,62 @@ def test_http_request_response(self, requests_mock):
         res = self.client._http_request('get', 'event', resp_type='response')
         assert isinstance(res, requests.Response)
 
+    def test_http_request_proxy_false(self):
+        from CommonServerPython import BaseClient
+        import requests_mock
+
+        os.environ['http_proxy'] = 'http://testproxy:8899'
+        os.environ['https_proxy'] = 'https://testproxy:8899'
+
+        os.environ['REQUESTS_CA_BUNDLE'] = '/test1.pem'
+        client = BaseClient('http://example.com/api/v2/', ok_codes=(200, 201), proxy=False, verify=True)
+
+        with requests_mock.mock() as m:
+            m.get('http://example.com/api/v2/event')
+
+            res = client._http_request('get', 'event', resp_type='response')
+
+            assert m.last_request.verify == '/test1.pem'
+            assert not m.last_request.proxies
+            assert m.called is True
+
+    def test_http_request_proxy_true(self):
+        from CommonServerPython import BaseClient
+        import requests_mock
+
+        os.environ['http_proxy'] = 'http://testproxy:8899'
+        os.environ['https_proxy'] = 'https://testproxy:8899'
+
+        os.environ['REQUESTS_CA_BUNDLE'] = '/test1.pem'
+        client = BaseClient('http://example.com/api/v2/', ok_codes=(200, 201), proxy=True, verify=True)
+
+        with requests_mock.mock() as m:
+            m.get('http://example.com/api/v2/event')
+
+            res = client._http_request('get', 'event', resp_type='response')
+
+            assert m.last_request.verify == '/test1.pem'
+            assert m.last_request.proxies == {
+                'http': 'http://testproxy:8899',
+                'https': 'https://testproxy:8899'
+            }
+            assert m.called is True
+
+    def test_http_request_verify_false(self):
+        from CommonServerPython import BaseClient
+        import requests_mock
+
+        os.environ['REQUESTS_CA_BUNDLE'] = '/test1.pem'
+        client = BaseClient('http://example.com/api/v2/', ok_codes=(200, 201), proxy=True, verify=False)
+
+        with requests_mock.mock() as m:
+            m.get('http://example.com/api/v2/event')
+
+            res = client._http_request('get', 'event', resp_type='response')
+
+            assert m.last_request.verify is False
+            assert m.called is True
+
     def test_http_request_not_ok(self, requests_mock):
         from CommonServerPython import DemistoException
         requests_mock.get('http://example.com/api/v2/event', status_code=500)
diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.7.29",
+    "currentVersion": "1.7.30",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#### Scripts`
	`2`	`+##### CommonServerPython`
	`3`	`+- Fixed an issue in BaseClient, which caused the request to ignore REQUEST_CA_BUNDLE when proxy was set to false.`