feat: Use Apache HTTPClient for downloads of public resources#6949
feat: Use Apache HTTPClient for downloads of public resources#6949
Conversation
…thenticating proxy
…clude KEV downloads
…o to the DownloaderIT
|
@aikebah tests are passing - should this still be a draft PR? |
|
@jeremylong All code as committed I consider final, so if you're eager to get a release out it would be fine to remove draft status and get 'most usages replaced' as feature for 11.0 The draft status is not-yet removed as there are a few analyzers that don't use the HTTPClient yet - Nexus and Artifactory IIRC, which could also be postponed for a later feature-update I guess. |
|
Confirmed... only NexusSearch and ArtifactorySearch are pending. As both are typically solutions within the enterprise datacenter not requiring proxy access I think it would be fine to finish up this part and leave the remainder phase-out of URLConnectionFactory for a later feature-release in the 11.x series. |
|
Thanks for the work on this PR! It looks like you have completed the groundwork for the remaining two analyzers (as seen in the |
|
Was a nice exercise for part of my holiday. NexusSearch currently cooking locally on lower velocity besides my daytime job. |
Fixes Issue #6800
Description of Change
Swap out use of RAW JDK http(s) handling by Apache HTTP-Client in order to also take into account the
https.proxyUserandhttps.proxyPasswordJAVA_TOOL_OPTIONsAdd a resources to document and support manual testing of HTTP-Basic Authenticating proxy usage.
Also lays the groundwork for resolving #5387 by adding Settings-keys for the credentials of a mirrored HostedSuppressions- and KnownExploitedVulnerabilities-file. CLI instances initialized from a custom properties file could already exploit this, but activation for all integrations is left as an excercise in the context of #5387.
For now only a draft, as there is still some direct raw usage left behind in the codebase that I also intend to replace by HTTPClient. However I think now is a good time to already collect feedback on the initial coding for the replacement of the Downloader class
Have test cases been added to cover the new functionality?
Not yet, intend to evaluate and potentially extend the existing testcases that already partially test the functionality