search

jenkinsci / fortify-plugin

Fortify Jenkins plugin
https://plugins.jenkins.io/fortify
Other
23 stars 29 forks source link

Proxy settings in JVM and in Jenkins does not allow the plugin to reach SSC server #63

Open flopma opened 1 year ago

flopma commented 1 year ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.361.4 OS: Linux - 4.18.0-372.26.1.el8_6.x86_64 --- Office-365-Connector:4.18.0 ace-editor:1.1 allure-jenkins-plugin:2.30.3 amazon-ecr:1.107.ve50d37906739 amazon-ecs:1.46 analysis-model-api:10.20.0 ansible:1.1 ansicolor:1.0.2 ant:481.v7b_09e538fcca antisamy-markup-formatter:155.v795fb_8702324 apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61 authentication-tokens:1.4 authorize-project:1.4.0 aws-credentials:191.vcb_f183ce58b_9 aws-java-sdk:1.12.287-357.vf82d85a_6eefd aws-java-sdk-cloudformation:1.12.287-357.vf82d85a_6eefd aws-java-sdk-codebuild:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ec2:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ecr:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ecs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-efs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-elasticbeanstalk:1.12.287-357.vf82d85a_6eefd aws-java-sdk-iam:1.12.287-357.vf82d85a_6eefd aws-java-sdk-logs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-minimal:1.12.287-357.vf82d85a_6eefd aws-java-sdk-sns:1.12.287-357.vf82d85a_6eefd aws-java-sdk-sqs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ssm:1.12.287-357.vf82d85a_6eefd bitbucket:223.vd12f2bca5430 bitbucket-pullrequest-builder:1.5.0 blueocean:1.25.8 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.25.8 blueocean-commons:1.25.8 blueocean-config:1.25.8 blueocean-core-js:1.25.8 blueocean-dashboard:1.25.8 blueocean-display-url:2.4.1 blueocean-events:1.25.8 blueocean-git-pipeline:1.25.8 blueocean-github-pipeline:1.25.8 blueocean-i18n:1.25.8 blueocean-jwt:1.25.8 blueocean-personalization:1.25.8 blueocean-pipeline-api-impl:1.25.8 blueocean-pipeline-editor:1.25.8 blueocean-pipeline-scm-api:1.25.8 blueocean-rest:1.25.8 blueocean-rest-impl:1.25.8 blueocean-web:1.25.8 bootstrap4-api:4.6.0-5 bootstrap5-api:5.2.1-3 bouncycastle-api:2.26 branch-api:2.1051.v9985666b_f6cc build-failure-analyzer:2.4.0 build-monitor-plugin:1.13+build.202205140447 build-name-setter:2.2.0 build-timeout:1.25 caffeine-api:2.9.3-65.v6a_47d0f4d1fe categorized-view:1.12 checks-api:1.8.0 chucknorris:1.4 claim:501.v3a_4f04704b_64 cloudbees-bitbucket-branch-source:791.vb_eea_a_476405b cloudbees-folder:6.758.vfd75d09eea_a_1 command-launcher:90.v669d7ccb_7c31 commons-httpclient3-api:3.1-3 commons-lang3-api:3.12.0-36.vd97de6465d5b_ commons-text-api:1.10.0-27.vb_fa_3896786a_7 conditional-buildstep:1.4.2 config-file-provider:3.11.1 configuration-as-code:1569.vb_72405b_80249 console-badge:1.1 copyartifact:1.48 credentials:1189.vf61b_a_5e2f62e credentials-binding:523.vd859a_4b_122e6 crowd2:3.2.1 dashboard-view:2.466.vdfefd95a_b_f8d data-tables-api:1.12.1-4 display-url-api:2.3.6 docker-commons:1.21 docker-java-api:3.2.13-37.vf3411c9828b9 docker-plugin:1.2.10 docker-workflow:528.v7c193a_0b_e67c durable-task:503.v57154d18d478 ec2:2.0.4 echarts-api:5.4.0-1 email-ext:2.92 embeddable-build-status:304.vdcf48d6b_d2eb envinject:2.881.v37c62073ff97 envinject-api:1.199.v3ce31253ed13 favorite:2.4.1 folder-properties:1.2.1 font-awesome-api:6.2.1-1 forensics-api:1.16.0 fortify:22.1.38 git:4.14.1 git-client:3.13.0 git-parameter:0.9.18 git-server:99.va_0826a_b_cdfa_d github:1.36.0 github-api:1.303-400.v35c2d8258028 github-branch-source:1696.v3a_7603564d04 gradle:2.1.1 h2-api:1.4.199 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.31 http_request:1.16 instance-identity:116.vf8f487400980 ionicons-api:31.v4757b_6987003 jackson2-api:2.14.1-313.v504cdd45c18b jacoco:3.3.2 jakarta-activation-api:2.0.1-2 jakarta-mail-api:2.0.1-2 javadoc:226.v71211feb_e7e9 javax-activation-api:1.2.0-5 javax-mail-api:1.6.2-8 jaxb:2.3.7-1 jdk-tool:63.v62d2fd4b_4793 jenkins-design-language:1.25.8 jjwt-api:0.11.5-77.v646c772fddb_0 jnr-posix-api:3.1.16-1 jquery:1.12.4-1 jquery3-api:3.6.1-2 jsch:0.1.55.61.va_e9ee26616e7 junit:1166.va_436e268e972 junit-attachments:101.v82f494a_00e9e junit-realtime-test-reporter:90.v7dc2c937f9a_8 ldap:2.12 lockable-resources:1069.v726298f53f8c log-parser:2.3.0 mailer:438.v02c7f0a_12fa_4 matrix-auth:3.1.5 matrix-project:785.v06b_7f47b_c631 maven-plugin:3.20 mercurial:1260.vdfb_723cdcc81 metrics:4.2.10-405.v60a_9cc74e923 mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a momentjs:1.1.1 nested-view:1.26 nexus-artifact-uploader:2.14 nexus-jenkins-plugin:3.16.459.vcdf273b_29f8c no-agent-job-purge:1.2 node-iterator-api:49.v58a_8b_35f8363 nodejs:1.5.1 nodelabelparameter:1.11.0 okhttp-api:4.9.3-108.v0feda04578cf pam-auth:1.10 parameterized-trigger:2.45 pipeline-aws:1.43 pipeline-build-step:2.18 pipeline-github-lib:38.v445716ea_edda_ pipeline-graph-analysis:195.v5812d95a_a_2f9 pipeline-groovy-lib:621.vb_44ce045b_582 pipeline-input-step:466.v6d0a_5df34f81 pipeline-maven:1235.v2db_ddd9f797b pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2118.v31fd5b_9944b_5 pipeline-model-definition:2.2118.v31fd5b_9944b_5 pipeline-model-extensions:2.2118.v31fd5b_9944b_5 pipeline-npm:0.9.2 pipeline-rest-api:2.28 pipeline-stage-step:296.v5f6908f017a_5 pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5 pipeline-stage-view:2.28 pipeline-utility-steps:2.14.0 plain-credentials:139.ved2b_9cf7587b plugin-util-api:2.18.0 popper-api:1.16.1-3 popper2-api:2.11.6-2 postgresql-api:42.3.3 prism-api:1.29.0-1 pubsub-light:1.17 rebuild:1.34 remote-file:1.23 resource-disposer:0.20 run-condition:1.5 schedule-build:345.vc2d8f6ef9182 scm-api:621.vda_a_b_055e58f7 script-security:1218.v39ca_7f7ed0a_c sectioned-view:1.25 snakeyaml-api:1.33-90.v80dcb_3814d35 sonar:2.15 sse-gateway:1.26 ssh-credentials:305.v8f4381501156 ssh-slaves:2.854.v7fd446b_337c9 ssh-steps:2.0.39.v831c5e6468b_c sshd:3.270.vb_a_e71e64c287 stashNotifier:1.28 strict-crumb-issuer:2.1.0 structs:324.va_f5d6774f3a_d swarm:3.38 terraform:1.0.10 throttle-concurrents:2.10 timestamper:1.21 token-macro:321.vd7cc1f2a_52c8 trilead-api:2.84.v72119de229b_7 uno-choice:2.6.4 variant:59.vf075fe829ccb versioncolumn:87.v8fe7c090a_d3b view-job-filters:2.3 warnings-ng:9.20.1 workflow-aggregator:590.v6a_d052e5a_a_b_5 workflow-api:1200.v8005c684b_a_c6 workflow-basic-steps:994.vd57e3ca_46d24 workflow-cps:3536.vb_8a_6628079d5 workflow-durable-task-step:1217.v38306d8fa_b_5c workflow-job:1254.v3f64639b_11dd workflow-multibranch:716.vc692a_e52371b_ workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:839.v35e2736cfd5c ws-cleanup:0.43 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Jenkins server runs on RHEL 8.6

Reproduction steps

Set on JVM the -Dhttp.proxyUser, -Dhttp.proxyPassword and -Dhttp.nonProxyHosts Set the proxy settings in Jenkins, proxy user, proxy password, non proxy hosts Setup the plugin and test the connection to SSC

The URL to SSC should be bypassing the proxy by using the non proxy hosts setup

Expected Results

Test to SSC connection succeeds

Actual Results

With checkbox Use Jenkins proxy OFF Result: Cannot connect to SSC server. java.io.IOException: Failed to authenticate with proxy

With checkbox Use Jenkins proxy ON Cannot connect to SSC server. java.io.IOException: Unexpected response code for CONNECT: 503

Anything else?

Seems the plugin is not taking care of the non proxy host value and still tries to use the proxy value - but the proxy must not be used in this specific case for the SSC URL.

flopma commented 1 year ago

Hello there, anyone to comment? Thank you

maftema commented 1 year ago

Any possible solution to this issue? Thank you

akaryakina commented 10 months ago

@flopma @maftema Sorry, I'm afraid I'm unable to reproduce the issue. I configured a proxy in Jenkins (Manage Jenkins -> Manage Plugins), added *.sscdomain.net to the "No Proxy Host" (each exception on a separate line), used correct credentials, then used Advanced... -> Validate Proxy and checked non-proxy and via-proxy URLs, everything was successful. Then, I enabled "Use Jenkins proxy" and tried Test Connection, and it worked well. Could you please give me exact values for No Proxy Host field and Validate Proxy URL and your SSC URL? We do have a logic in the plugin to check for No Proxy Host list, I am wondering if it's a matter of providing a correct pattern to have this excluded?

flopma commented 10 months ago

Hello Anna, thx for your reply. I'm out of office so can't answer your question right now. However, can you comment if you are using a proxy requiring authentication? Because this is the case for us here... Thx