fluidattacks-core 2.2.2__tar.gz → 2.2.4__tar.gz

{fluidattacks_core-2.2.2 → fluidattacks_core-2.2.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fluidattacks-core
-Version: 2.2.2
+Version: 2.2.4
 Summary: Fluid Attacks Core Library
 License: MPL-2.0
 Author: Development
@@ -16,7 +16,7 @@ Classifier: Programming Language :: Python :: 3.12
 Classifier: Topic :: Software Development :: Libraries
 Requires-Dist: GitPython (>=3.1.41)
 Requires-Dist: aiofiles (>=23.2.1)
-Requires-Dist: aiohttp (>=3.9.2)
+Requires-Dist: aiohttp (>=3.11.4)
 Requires-Dist: boto3 (>=1.34)
 Requires-Dist: certifi (>=2024.8.30)
 Requires-Dist: pathspec (>=0.12.1)

{fluidattacks_core-2.2.2 → fluidattacks_core-2.2.4}/fluidattacks_core/git/__init__.py

@@ -89,7 +89,8 @@ async def disable_quotepath(git_path: str) -> None:
 
 
 async def get_last_commit_info_new(
-    repo_path: str, filename: str
+    repo_path: str,
+    filename: str,
 ) -> CommitInfo | None:
     proc = await asyncio.create_subprocess_exec(
         "git",
@@ -192,7 +193,9 @@ async def get_modified_filenames(repo_path: str, commit_sha: str) -> list[str]:
 
 
 async def is_commit_in_branch(
-    repo_path: str, branch: str, commit_sha: str
+    repo_path: str,
+    branch: str,
+    commit_sha: str,
 ) -> bool:
     proc = await asyncio.create_subprocess_exec(
         "git",
@@ -260,7 +263,13 @@ def rebase(
     except (UnicodeDecodeError, UnicodeEncodeError) as exc:
         if ignore_errors:
             LOGGER.exception(
-                exc, extra={"extra": {"path": path, "new_path": new_path}}
+                exc,
+                extra={
+                    "extra": {
+                        "path": path,
+                        "new_path": new_path,
+                    }
+                },
             )
             return None
 
@@ -313,6 +322,7 @@ async def clone(
     is_pat: bool = False,
     arn: str | None = None,
     org_external_id: str | None = None,
+    follow_redirects: bool = True,
 ) -> tuple[str | None, str | None]:
     if credential_key:
         return await ssh_clone(
@@ -329,6 +339,7 @@ async def clone(
             temp_dir=temp_dir,
             token=None,
             user=user,
+            follow_redirects=follow_redirects,
         )
     if token is not None:
         return await https_clone(
@@ -340,6 +351,7 @@ async def clone(
             user=None,
             provider=provider,
             is_pat=is_pat,
+            follow_redirects=follow_redirects,
         )
     if arn is not None and org_external_id is not None:
         return await call_codecommit_clone(
@@ -356,6 +368,7 @@ async def clone(
             branch=repo_branch,
             repo_url=repo_url,
             temp_dir=temp_dir,
+            follow_redirects=follow_redirects,
         )
 
     raise InvalidParameter()

{fluidattacks_core-2.2.2 → fluidattacks_core-2.2.4}/fluidattacks_core/git/clone.py

@@ -80,6 +80,7 @@ async def https_clone(
     user: str | None = None,
     provider: str | None = None,
     is_pat: bool = False,
+    follow_redirects: bool = True,
 ) -> tuple[str | None, str | None]:
     url = format_url(
         repo_url=repo_url,
@@ -95,7 +96,7 @@ async def https_clone(
         "-c",
         "http.sslVerify=false",
         "-c",
-        "http.followRedirects=true",
+        f"http.followRedirects={follow_redirects}",
         *(
             [
                 "-c",
@@ -131,6 +132,7 @@ async def codecommit_clone(
     branch: str,
     repo_url: str,
     temp_dir: str,
+    follow_redirects: bool = True,
 ) -> tuple[str | None, str | None]:
     folder_to_clone_root = f"{temp_dir}/{uuid.uuid4()}"
     proc = await asyncio.create_subprocess_exec(
@@ -138,7 +140,7 @@ async def codecommit_clone(
         "-c",
         "http.sslVerify=false",
         "-c",
-        "http.followRedirects=true",
+        f"http.followRedirects={follow_redirects}",
         "clone",
         "--branch",
         branch,
@@ -167,6 +169,7 @@ async def call_codecommit_clone(
     temp_dir: str,
     arn: str,
     org_external_id: str,
+    follow_redirects: bool = True,
 ) -> tuple[str | None, str | None]:
     original_access_key = os.environ.get("AWS_ACCESS_KEY_ID")
     original_secret_key = os.environ.get("AWS_SECRET_ACCESS_KEY")
@@ -191,6 +194,7 @@ async def call_codecommit_clone(
             branch=branch,
             repo_url=repo_url,
             temp_dir=temp_dir,
+            follow_redirects=follow_redirects,
         )
 
     except ClientError as exc:

{fluidattacks_core-2.2.2 → fluidattacks_core-2.2.4}/fluidattacks_core/git/codecommit_utils.py

@@ -24,6 +24,7 @@ async def assume_role_and_execute_git(
     repo_url: str,
     branch: str,
     org_external_id: str,
+    follow_redirects: bool = True,
 ) -> str | None:
     original_access_key = os.environ.get("AWS_ACCESS_KEY_ID")
     original_secret_key = os.environ.get("AWS_SECRET_ACCESS_KEY")
@@ -44,7 +45,9 @@ async def assume_role_and_execute_git(
         os.environ["AWS_SESSION_TOKEN"] = credentials["SessionToken"]
         os.environ["AWS_DEFAULT_REGION"] = extract_region(repo_url)
 
-        return await codecommit_ls_remote(repo_url=repo_url, branch=branch)
+        return await codecommit_ls_remote(
+            repo_url=repo_url, branch=branch, follow_redirects=follow_redirects
+        )
 
     except ClientError as exc:
         LOGGER.exception(
@@ -81,14 +84,14 @@ async def assume_role_and_execute_git(
 
 
 async def _execute_git_command(
-    url: str, branch: str
+    url: str, branch: str, follow_redirects: bool = True
 ) -> tuple[bytes, bytes, int | None]:
     proc = await asyncio.create_subprocess_exec(
         "git",
         "-c",
         "http.sslVerify=false",
         "-c",
-        "http.followRedirects=true",
+        f"http.followRedirects={follow_redirects}",
         "ls-remote",
         "--",
         url,
@@ -104,10 +107,11 @@ async def _execute_git_command(
 async def codecommit_ls_remote(
     repo_url: str,
     branch: str = "HEAD",
+    follow_redirects: bool = True,
 ) -> str | None:
     try:
         stdout, _stderr, return_code = await _execute_git_command(
-            repo_url, branch
+            repo_url, branch, follow_redirects
         )
         if _stderr and return_code != 0:
             LOGGER.error(
@@ -136,10 +140,12 @@ async def call_codecommit_ls_remote(
     arn: str,
     branch: str,
     org_external_id: str,
+    follow_redirects: bool = True,
 ) -> str | None:
     return await assume_role_and_execute_git(
         repo_url=repo_url,
         arn=arn,
         branch=branch,
         org_external_id=org_external_id,
+        follow_redirects=follow_redirects,
     )

{fluidattacks_core-2.2.2 → fluidattacks_core-2.2.4}/fluidattacks_core/git/https_utils.py

@@ -12,14 +12,18 @@ LOGGER = logging.getLogger(__name__)
 
 
 async def _execute_git_command(
-    url: str, branch: str, is_pat: bool, token: str | None = None
+    url: str,
+    branch: str,
+    is_pat: bool,
+    token: str | None = None,
+    follow_redirects: bool = True,
 ) -> tuple[bytes, bytes, int | None]:
     proc = await asyncio.create_subprocess_exec(
         "git",
         "-c",
         "http.sslVerify=false",
         "-c",
-        "http.followRedirects=true",
+        f"http.followRedirects={follow_redirects}",
         *(
             [
                 "-c",
@@ -50,6 +54,7 @@ async def https_ls_remote(
     branch: str = "HEAD",
     provider: str | None = None,
     is_pat: bool = False,
+    follow_redirects: bool = True,
 ) -> str | None:
     url = format_url(
         repo_url=repo_url,
@@ -62,7 +67,7 @@ async def https_ls_remote(
 
     try:
         stdout, _stderr, return_code = await _execute_git_command(
-            url, branch, is_pat, token
+            url, branch, is_pat, token, follow_redirects
         )
         if _stderr and return_code != 0:
             LOGGER.error(
@@ -96,6 +101,7 @@ async def call_https_ls_remote(
     branch: str,
     provider: str | None,
     is_pat: bool,
+    follow_redirects: bool = True,
 ) -> str | None:
     if user is not None and password is not None:
         return await https_ls_remote(
@@ -103,6 +109,7 @@ async def call_https_ls_remote(
             user=user,
             password=password,
             branch=branch,
+            follow_redirects=follow_redirects,
         )
     if token is not None:
         return await https_ls_remote(
@@ -111,10 +118,12 @@ async def call_https_ls_remote(
             branch=branch,
             provider=provider or "",
             is_pat=is_pat,
+            follow_redirects=follow_redirects,
         )
     if repo_url.startswith("http"):
         return await https_ls_remote(
             repo_url=repo_url,
             branch=branch,
+            follow_redirects=follow_redirects,
         )
     raise InvalidParameter()

fluidattacks_core-2.2.4/fluidattacks_core/git/remote.py

@@ -0,0 +1,199 @@
+import base64
+import logging
+from contextlib import suppress
+
+import aiohttp
+from urllib3.exceptions import LocationParseError
+from urllib3.util import Url, parse_url
+
+from ..http.client import request
+from ..http.validations import HTTPValidationError
+from .classes import InvalidParameter
+from .codecommit_utils import call_codecommit_ls_remote
+from .https_utils import call_https_ls_remote
+from .ssh_utils import call_ssh_ls_remote
+
+LOGGER = logging.getLogger(__name__)
+
+
+def _format_redirected_url(
+    original_url: Url,
+    redirect_url: Url,
+) -> str:
+    return (
+        redirect_url._replace(
+            query=None,
+            path=(redirect_url.path or "").removesuffix("info/refs"),
+        ).url
+        if original_url.host == redirect_url.host
+        else original_url.url
+    )
+
+
+async def get_redirected_url(
+    url: str,
+    user: str | None,
+    password: str | None,
+    token: str | None,
+    is_pat: bool,
+) -> str:
+    if user is not None and password is not None:
+        with suppress(LocationParseError):
+            return await _get_redirected_url(
+                parse_url(url)._replace(auth=None).url,
+                authorization="Basic "
+                + base64.b64encode(f"{user}:{password}".encode()).decode(),
+            )
+        return await _get_redirected_url(
+            url,
+            authorization="Basic "
+            + base64.b64encode(f"{user}:{password}".encode()).decode(),
+        )
+    if token is not None and is_pat:
+        return await _get_redirected_url(
+            url,
+            authorization=(
+                "Basic "
+                + base64.b64encode(f":{token}".encode()).decode()
+            ),
+        )
+    if token is not None and not is_pat:
+        return await _get_redirected_url(url, authorization=f"Bearer {token}")
+    if url.startswith("http"):
+        return await _get_redirected_url(url)
+    raise InvalidParameter()
+
+
+async def _get_redirected_url(
+    url: str,
+    authorization: str | None = None,
+) -> str:
+    try:
+        return await _get_url(url, authorization=authorization)
+    except (
+        TimeoutError,
+        ValueError,
+        aiohttp.ClientError,
+        HTTPValidationError,
+    ) as exc:
+        LOGGER.warning(
+            "Failed to get redirected-url",
+            extra={"extra": {"url": url, "exc": exc}},
+        )
+        return url
+
+
+async def _get_url(
+    original_url: str,
+    *,
+    redirect_url: str = "",
+    max_retries: int = 5,
+    authorization: str | None = None,
+) -> str:
+    try:
+        original = parse_url(original_url.removesuffix("/"))
+        url = (
+            parse_url(redirect_url.removesuffix("/"))
+            if redirect_url else original
+        )
+    except LocationParseError as exc:
+        raise HTTPValidationError(f"Invalid URL {redirect_url}") from exc
+
+    if max_retries < 1:
+        return _format_redirected_url(original, url)
+
+    # https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols
+    url = (
+        url._replace(path=(url.path or "") + "/info/refs")
+        if not (url.path or "").endswith("info/refs")
+        else url
+    )
+    url = url._replace(query="service=git-upload-pack")
+
+    result = await request(
+        url.url,
+        method="GET",
+        headers={
+            "Host": url.host or "",
+            "Accept": "*/*",
+            "Accept-Encoding": "deflate, gzip",
+            "Pragma": "no-cache",
+            "Accept-Language": "*",
+            **({"Authorization": authorization} if authorization else {}),
+        },
+    )
+    if result.status == 200:
+        return _format_redirected_url(original, url)
+    if (
+        result.status > 300
+        and result.status < 400
+        and "Location" in result.headers
+    ):
+        with suppress(LocationParseError):
+            _url = parse_url(result.headers["Location"])
+            return await _get_url(
+                original_url,
+                redirect_url=result.headers["Location"],
+                max_retries=max_retries - 1,
+                authorization=authorization if _url.host == url.host else None,
+            )
+
+        return await _get_url(
+            original_url,
+            redirect_url=result.headers["Location"],
+            max_retries=max_retries - 1,
+        )
+
+    return _format_redirected_url(original, url)
+
+
+async def ls_remote(
+    repo_url: str,
+    repo_branch: str,
+    *,
+    credential_key: str | None = None,
+    user: str | None = None,
+    password: str | None = None,
+    token: str | None = None,
+    provider: str | None = None,
+    is_pat: bool = False,
+    arn: str | None = None,
+    org_external_id: str | None = None,
+    follow_redirects: bool = True,
+) -> str | None:
+    last_commit: str | None = None
+    if credential_key is not None:
+        last_commit = await call_ssh_ls_remote(
+            repo_url,
+            credential_key,
+            repo_branch,
+        )
+    elif arn is not None and org_external_id is not None:
+        last_commit = await call_codecommit_ls_remote(
+            repo_url,
+            arn,
+            repo_branch,
+            org_external_id=org_external_id,
+            follow_redirects=follow_redirects,
+        )
+    else:
+        if not follow_redirects:
+            repo_url = await get_redirected_url(
+                repo_url,
+                user=user,
+                password=password,
+                token=token,
+                is_pat=is_pat,
+            )
+        last_commit = await call_https_ls_remote(
+            repo_url=repo_url,
+            user=user,
+            password=password,
+            token=token,
+            branch=repo_branch,
+            provider=provider,
+            is_pat=is_pat,
+            follow_redirects=follow_redirects,
+        )
+
+    return last_commit

{fluidattacks_core-2.2.2 → fluidattacks_core-2.2.4}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "fluidattacks-core"
-version = "2.2.2"
+version = "2.2.4"
 description = "Fluid Attacks Core Library"
 authors = ["Development <development@fluidattacks.com>"]
 license = "MPL-2.0"
@@ -17,7 +17,7 @@ classifiers = [
 [tool.poetry.dependencies]
 python = "^3.11"
 aiofiles = ">=23.2.1"
-aiohttp = ">=3.9.2"
+aiohttp = ">=3.11.4"
 boto3 = ">=1.34"
 certifi = ">=2024.8.30"
 GitPython = ">=3.1.41"

fluidattacks_core-2.2.2/fluidattacks_core/git/remote.py

@@ -1,51 +0,0 @@
-from .codecommit_utils import (
-    call_codecommit_ls_remote,
-)
-from .https_utils import (
-    call_https_ls_remote,
-)
-from .ssh_utils import (
-    call_ssh_ls_remote,
-)
-import logging
-
-LOGGER = logging.getLogger(__name__)
-
-
-async def ls_remote(
-    repo_url: str,
-    repo_branch: str,
-    *,
-    credential_key: str | None = None,
-    user: str | None = None,
-    password: str | None = None,
-    token: str | None = None,
-    provider: str | None = None,
-    is_pat: bool = False,
-    arn: str | None = None,
-    org_external_id: str | None = None,
-) -> str | None:
-    last_commit: str | None = None
-    if credential_key is not None:
-        last_commit = await call_ssh_ls_remote(
-            repo_url, credential_key, repo_branch
-        )
-    elif arn is not None and org_external_id is not None:
-        last_commit = await call_codecommit_ls_remote(
-            repo_url,
-            arn,
-            repo_branch,
-            org_external_id=org_external_id,
-        )
-    else:
-        last_commit = await call_https_ls_remote(
-            repo_url=repo_url,
-            user=user,
-            password=password,
-            token=token,
-            branch=repo_branch,
-            provider=provider,
-            is_pat=is_pat,
-        )
-
-    return last_commit