fix(curl): Remove --insecure flag from curl when downlaoding Piper binary (#5179)

Googlom · web-flow · commit f044ef106dd4 · 2024-11-21T13:30:03.000+05:00
* remove --insecure flag from binary download

* remove --insecure flag from binary download

* adjust unit tests
diff --git a/src/com/sap/piper/PiperGoUtils.groovy b/src/com/sap/piper/PiperGoUtils.groovy
@@ -83,7 +83,7 @@ class PiperGoUtils implements Serializable {
     private boolean downloadGoBinary(url) {
 
         try {
-            def httpStatus = steps.sh(returnStdout: true, script: "curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out '%{http_code}' --output ${piperExecutable} '${url}'")
+            def httpStatus = steps.sh(returnStdout: true, script: "curl --silent --retry 5 --retry-max-time 240 --location --write-out '%{http_code}' --output ${piperExecutable} '${url}'")
 
             if (httpStatus == '200') {
                 steps.sh(script: "chmod +x ${piperExecutable}")
diff --git a/test/groovy/com/sap/piper/PiperGoUtilsTest.groovy b/test/groovy/com/sap/piper/PiperGoUtilsTest.groovy
@@ -63,11 +63,11 @@ class PiperGoUtilsTest extends BasePiperTest {
         })
 
         shellCallRule.setReturnValue('[ -x ./piper ]', 1)
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '200')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '200')
 
         piperGoUtils.unstashPiperBin()
         assertThat(shellCallRule.shell.size(), is(4))
-        assertThat(shellCallRule.shell[1].toString(), is('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\''))
+        assertThat(shellCallRule.shell[1].toString(), is('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\''))
         assertThat(shellCallRule.shell[2].toString(), is('chmod +x piper'))
         assertThat(shellCallRule.shell[3].toString(), is('./piper version'))
     }
@@ -84,11 +84,11 @@ class PiperGoUtilsTest extends BasePiperTest {
         })
 
         shellCallRule.setReturnValue('[ -x ./piper ]', 1)
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/testTag/piper\'', '200')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/testTag/piper\'', '200')
 
         piperGoUtils.unstashPiperBin()
         assertThat(shellCallRule.shell.size(), is(4))
-        assertThat(shellCallRule.shell[1].toString(), is('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/testTag/piper\''))
+        assertThat(shellCallRule.shell[1].toString(), is('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/testTag/piper\''))
         assertThat(shellCallRule.shell[2].toString(), is('chmod +x piper'))
         assertThat(shellCallRule.shell[3].toString(), is('./piper version'))
     }
@@ -101,8 +101,8 @@ class PiperGoUtilsTest extends BasePiperTest {
 
         shellCallRule.setReturnValue('[ -x ./piper ]', 1)
         shellCallRule.setReturnValue('./piper version', "1.2.3")
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\'', '404')
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '200')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\'', '404')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '200')
 
         // this mocks utils.unstash - mimic stash not existing
         helper.registerAllowedMethod("unstash", [String.class], { stashFileName ->
@@ -112,8 +112,8 @@ class PiperGoUtilsTest extends BasePiperTest {
         piperGoUtils.unstashPiperBin()
         assertThat(shellCallRule.shell.size(), is(5))
         assertThat(shellCallRule.shell[0].toString(), is('[ -x ./piper ]'))
-        assertThat(shellCallRule.shell[1].toString(), is('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\''))
-        assertThat(shellCallRule.shell[2].toString(), is('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\''))
+        assertThat(shellCallRule.shell[1].toString(), is('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\''))
+        assertThat(shellCallRule.shell[2].toString(), is('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\''))
         assertThat(shellCallRule.shell[3].toString(), is('chmod +x piper'))
         assertThat(shellCallRule.shell[4].toString(), is ('./piper version'))
     }
@@ -124,8 +124,8 @@ class PiperGoUtilsTest extends BasePiperTest {
         piperGoUtils.metaClass.getLibrariesInfo = {-> return [[name: 'piper-lib-os', version: 'notAvailable']]}
 
         shellCallRule.setReturnValue('[ -x ./piper ]', 1)
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\'', '404')
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '500')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\'', '404')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '500')
 
         helper.registerAllowedMethod("unstash", [String.class], { stashFileName ->
             return []
@@ -141,8 +141,8 @@ class PiperGoUtilsTest extends BasePiperTest {
         piperGoUtils.metaClass.getLibrariesInfo = {-> return [[name: 'piper-lib-os', version: 'notAvailable']]}
 
         shellCallRule.setReturnValue('[ -x ./piper ]', 1)
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\'', '404')
-        shellCallRule.setReturnValue('curl --insecure --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '500')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/download/notAvailable/piper\'', '404')
+        shellCallRule.setReturnValue('curl --silent --retry 5 --retry-max-time 240 --location --write-out \'%{http_code}\' --output piper \'https://github.com/SAP/jenkins-library/releases/latest/download/piper\'', '500')
 
         helper.registerAllowedMethod("unstash", [String.class], { stashFileName ->
             return []
