Skip to content

Specify verify=True to hopefully satisfy CodeQL #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
rayluo wants to merge 1 commit into from
Closed

Specify verify=True to hopefully satisfy CodeQL #792

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 17 additions & 5 deletions tests/test_e2e.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1362,8 +1362,19 @@ def test_at_pop_calling_pattern(self):
# and then fallback to bearer token code path.
# We skip it here because this test case has not yet initialize self.app
# assert self.app.is_pop_supported()

api_endpoint = "https://20.190.132.47/beta/me"
resp = requests.get(api_endpoint, verify=False) # @suppress py/bandit/requests-ssl-verify-disabled
verify = True # Hopefully this will make CodeQL happy
if verify:
self.skipTest("""
The api_endpoint is for test only and has no proper SSL certificate,
so you would have to disable SSL certificate checks and run this test case manually.
We tried suppressing the CodeQL warning by adding this in the proper places
@suppress py/bandit/requests-ssl-verify-disabled
but it did not work.
""")
# @suppress py/bandit/requests-ssl-verify-disabled
resp = requests.get(api_endpoint, verify=verify) # CodeQL [SM03157]
self.assertEqual(resp.status_code, 401, "Initial call should end with an http 401 error")
result = self._get_shr_pop(**dict(
self.get_lab_user(usertype="cloud"), # This is generally not the current laptop's default AAD account
Expand All @@ -1374,10 +1385,11 @@ def test_at_pop_calling_pattern(self):
nonce=self._extract_pop_nonce(resp.headers.get("WWW-Authenticate")),
),
))
# The api_endpoint is for test only and has no proper SSL certificate,
# so we suppress the CodeQL warning for disabling SSL certificate checks
# @suppress py/bandit/requests-ssl-verify-disabled
resp = requests.get(api_endpoint, verify=False, headers={
resp = requests.get(
api_endpoint,
# CodeQL [SM03157]
verify=verify, # @suppress py/bandit/requests-ssl-verify-disabled
headers={
"Authorization": "pop {}".format(result["access_token"]),
})
self.assertEqual(resp.status_code, 200, "POP resource should be accessible")
Expand Down
Loading