Skip to content

Add grpc-ssl-target option to CLI to override SSL target name for gRPC connections #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add grpc-ssl-target option to CLI to override SSL target name for gRPC connections #121

wants to merge 1 commit into from
+71 −36

Conversation

matiasdaloia
Copy link
Contributor

@matiasdaloia matiasdaloia commented Jun 4, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added a new CLI option to override the SSL target name for gRPC connections, improving flexibility when connecting to servers with mismatched certificates.

  • Documentation

    • Updated the changelog to include details for version 1.25.0 and document the new CLI option.

  • Style

    • Improved code formatting and organization for better readability (no impact on functionality).

@matiasdaloia matiasdaloia self-assigned this Jun 4, 2025
@matiasdaloia matiasdaloia requested a review from eeisegn June 4, 2025 09:01
@matiasdaloia matiasdaloia added the enhancement New feature or request label Jun 4, 2025
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Jun 4, 2025
edited
Loading

Walkthrough

A new CLI option --grpc-ssl-target was introduced to allow overriding the SSL target name for gRPC connections. This parameter is now supported across the CLI, configuration, and all relevant classes, ensuring it is passed to the gRPC client. Documentation and versioning were updated to reflect these changes.

Changes

File(s) Change Summary
CHANGELOG.md Added release notes for version 1.25.0, documenting the new CLI option and updated version links.
src/scanoss/init.py Updated __version__ from '1.24.0' to '1.25.0'.
src/scanoss/cli.py Added --grpc-ssl-target CLI argument and passed it to Scanner/Components constructors.
src/scanoss/components.py Added grpc_ssl_target parameter to Components class constructor.
src/scanoss/scanner.py Added grpc_ssl_target parameter to Scanner class constructor and passed to gRPC client.
src/scanoss/scanners/container_scanner.py Passed grpc_ssl_target from config to ScanossGrpc in ContainerScanner.
src/scanoss/scanners/scanner_config.py Added grpc_ssl_target attribute to ScannerConfig dataclass and initialization logic.
src/scanoss/scanossgrpc.py Added grpc_ssl_target to ScanossGrpc, GrpcConfig, and secure channel creation logic.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI
    participant Scanner/Components
    participant ScanossGrpc

    User->>CLI: Run command with --grpc-ssl-target
    CLI->>Scanner/Components: Instantiate with grpc_ssl_target
    Scanner/Components->>ScanossGrpc: Pass grpc_ssl_target to constructor
    ScanossGrpc->>ScanossGrpc: Create gRPC channel (override target if set)
    ScanossGrpc->>gRPC Server: Establish connection with (possibly overridden) SSL target
Loading

Suggested reviewers

  • eeisegn

Poem

A hop and a skip, a new flag appears,
For gRPC targets, let’s give three cheers!
SSL names now bend to your will,
Version bumped up—release notes to fill.
The rabbit approves, with a wiggle of ear,
For clever connections, the path is now clear!
🐇✨

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@matiasdaloia
Add grpc-ssl-target option to CLI to override SSL target name for g…
c7a07fb 
…RPC connections

Fix lint errors

Fix lint errors
@matiasdaloia matiasdaloia force-pushed the fix/mdaloia/support-override-grpc-domain-name branch from 309d7a1 to c7a07fb Compare June 4, 2025 09:05
coderabbitai[bot]
coderabbitai bot reviewed Jun 4, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
src/scanoss/components.py (2)

53-53: Use consistent type annotation for optional parameters.

For consistency with other optional parameters in this constructor, use Optional[str] = None instead of str = None.

-        grpc_ssl_target: str = None,
+        grpc_ssl_target: Optional[str] = None,

57-70: Update docstring to document the new parameter.

The grpc_ssl_target parameter is missing from the docstring documentation.

         :param grpc_proxy: Specific gRPC proxy (optional)
         :param ca_cert: TLS client certificate (optional)
+        :param grpc_ssl_target: SSL target name override for gRPC connections (optional)
         :param pac: Proxy Auto-Config file (optional)
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 65afdaf and c7a07fb.

📒 Files selected for processing (8)
  • CHANGELOG.md (2 hunks)
  • src/scanoss/__init__.py (1 hunks)
  • src/scanoss/cli.py (7 hunks)
  • src/scanoss/components.py (2 hunks)
  • src/scanoss/scanner.py (15 hunks)
  • src/scanoss/scanners/container_scanner.py (1 hunks)
  • src/scanoss/scanners/scanner_config.py (2 hunks)
  • src/scanoss/scanossgrpc.py (5 hunks)
🧰 Additional context used
🪛 LanguageTool
CHANGELOG.md

[grammar] ~13-~13: You’ve repeated a verb. Did you mean to only write one of them?
Context: ...hanges... ## [1.25.0] - 2025-06-04 ### Added - Add grpc-ssl-target option to CLI to over...

(REPEATED_VERBS)

🪛 Pylint (3.3.7)
src/scanoss/scanner.py

[error] 32-32: Unable to import 'importlib_resources'

(E0401)

[error] 33-33: Unable to import 'progress.bar'

(E0401)

[error] 34-34: Unable to import 'progress.spinner'

(E0401)

[error] 35-35: Unable to import 'pypac.parser'

(E0401)

[warning] 43-43: Unused ScanossSettings imported from scanoss_settings

(W0611)

[refactor] 72-72: Too many arguments (38/5)

(R0913)

[refactor] 72-72: Too many positional arguments (38/5)

(R0917)

[refactor] 72-72: Too many local variables (41/15)

(R0914)

[refactor] 289-289: Too many arguments (7/5)

(R0913)

[refactor] 289-289: Too many positional arguments (7/5)

(R0917)

[refactor] 337-337: Too many local variables (19/15)

(R0914)

[refactor] 337-337: Too many branches (20/12)

(R0912)

[refactor] 337-337: Too many statements (69/50)

(R0915)

[convention] 405-405: Line too long (157/100)

(C0301)

[refactor] 537-537: Too many arguments (7/5)

(R0913)

[refactor] 537-537: Too many positional arguments (7/5)

(R0917)

[refactor] 608-608: Too many local variables (18/15)

(R0914)

[refactor] 608-608: Too many branches (19/12)

(R0912)

[refactor] 608-608: Too many statements (65/50)

(R0915)

[convention] 662-662: Line too long (151/100)

(C0301)

[convention] 671-671: Line too long (157/100)

(C0301)

[convention] 680-680: Line too long (120/100)

(C0301)

[refactor] 758-758: Too many local variables (26/15)

(R0914)

[refactor] 758-758: Too many branches (31/12)

(R0912)

[refactor] 758-758: Too many statements (85/50)

(R0915)

src/scanoss/scanossgrpc.py

[convention] 181-181: Line too long (106/100)

(C0301)

[convention] 183-183: Line too long (106/100)

(C0301)

[convention] 185-185: Line too long (119/100)

(C0301)

[convention] 186-186: Line too long (116/100)

(C0301)

[convention] 190-190: Line too long (112/100)

(C0301)

[convention] 191-191: Line too long (117/100)

(C0301)

[convention] 195-195: Line too long (114/100)

(C0301)

🔇 Additional comments (20)
src/scanoss/__init__.py (1)

25-25: LGTM! Version bump is appropriate.

The minor version increment correctly reflects the addition of the new grpc-ssl-target feature.

CHANGELOG.md (2)

12-15: LGTM! Changelog entry properly documents the new feature.

The entry follows the established format and clearly describes the new grpc-ssl-target CLI option functionality.

🧰 Tools
🪛 LanguageTool

[grammar] ~13-~13: You’ve repeated a verb. Did you mean to only write one of them?
Context: ...hanges... ## [1.25.0] - 2025-06-04 ### Added - Add grpc-ssl-target option to CLI to over...

(REPEATED_VERBS)

529-530: Version comparison links correctly updated.

The changelog comparison links have been properly updated to include the new 1.25.0 version.

src/scanoss/components.py (1)

81-81: Parameter correctly passed to ScanossGrpc constructor.

The grpc_ssl_target parameter is properly propagated to the underlying gRPC client.

src/scanoss/scanners/scanner_config.py (2)

54-54: LGTM! Field properly typed and positioned.

The grpc_ssl_target field uses the correct Optional[str] type annotation and is logically positioned with other gRPC-related configuration fields.

73-73: Proper field initialization following established pattern.

The initialization using getattr(args, 'grpc_ssl_target', None) correctly follows the same pattern as other optional configuration fields.

src/scanoss/scanners/container_scanner.py (1)

231-231:

✅ Verification successful

Verify ContainerScannerConfig has grpc_ssl_target field.

The code is accessing config.grpc_ssl_target but the ContainerScannerConfig dataclass doesn't appear to include this field in the provided code. This could cause an AttributeError at runtime.

🏁 Script executed:

#!/bin/bash
# Description: Check if ContainerScannerConfig dataclass has grpc_ssl_target field
# Expected: The field should be defined in the dataclass

# Search for ContainerScannerConfig definition and grpc_ssl_target field
ast-grep --pattern $'@dataclass
class ContainerScannerConfig:
    $$$
    grpc_ssl_target: $_ = $_
    $$$'

# Also search for any grpc_ssl_target references in container scanner
rg -A 5 -B 5 "grpc_ssl_target" src/scanoss/scanners/

Length of output: 2444

No issues: grpc_ssl_target is defined in the config dataclass
The ScannerConfig dataclass in src/scanoss/scanners/scanner_config.py declares

grpc_ssl_target: Optional[str] = None

so using config.grpc_ssl_target in container_scanner.py is valid.

src/scanoss/scanner.py (2)

99-99: LGTM! Parameter addition and propagation looks correct.

The grpc_ssl_target parameter is properly added to the constructor and correctly passed to the ScanossGrpc instance. This enables the SSL target override functionality for the scanner.

Also applies to: 173-173

25-51: Import reorganization improves code organization.

The import statements have been reorganized for better clarity and consistency.

🧰 Tools
🪛 Pylint (3.3.7)

[error] 32-32: Unable to import 'importlib_resources'

(E0401)

[error] 33-33: Unable to import 'progress.bar'

(E0401)

[error] 34-34: Unable to import 'progress.spinner'

(E0401)

[error] 35-35: Unable to import 'pypac.parser'

(E0401)

[warning] 43-43: Unused ScanossSettings imported from scanoss_settings

(W0611)

src/scanoss/scanossgrpc.py (4)

106-106: LGTM! Parameter properly added and stored.

The grpc_ssl_target parameter is correctly added to the constructor and stored as an instance variable.

Also applies to: 136-136

176-179: LGTM! Correct implementation of SSL target override.

The logic properly sets the gRPC channel option grpc.ssl_target_name_override only when grpc_ssl_target is provided. This is the correct gRPC option for overriding SSL target names.

185-195: LGTM! All secure channels properly configured.

All grpc.secure_channel calls have been consistently updated to include the options=channel_options parameter, ensuring the SSL target override is applied to all gRPC stubs.

🧰 Tools
🪛 Pylint (3.3.7)

[convention] 185-185: Line too long (119/100)

(C0301)

[convention] 186-186: Line too long (116/100)

(C0301)

[convention] 190-190: Line too long (112/100)

(C0301)

[convention] 191-191: Line too long (117/100)

(C0301)

[convention] 195-195: Line too long (114/100)

(C0301)

708-708: LGTM! Configuration dataclass and factory properly updated.

The GrpcConfig dataclass and create_grpc_config_from_args factory function are correctly updated to include the new grpc_ssl_target parameter.

Also applies to: 725-725

src/scanoss/cli.py (7)

764-769: Proper registration of --grpc-ssl-target CLI option
The new --grpc-ssl-target flag is correctly added for all scan/grpc sub-commands and adheres to the existing argument style.

1147-1148: Propagate SSL target override to Scanner
Passing grpc_ssl_target=args.grpc_ssl_target into the Scanner constructor ensures the override flows into gRPC channel creation.

1627-1628: Propagate SSL target override to Components (vulns)
The Components constructor now correctly accepts grpc_ssl_target, enabling SSL target override in the vulnerability lookup.

1663-1664: Propagate SSL target override to Components (semgrep)
The semgrep sub-command correctly forwards grpc_ssl_target=args.grpc_ssl_target.

1702-1703: Propagate SSL target override to Components (search)
The component search sub-command now includes the SSL target override parameter.

1748-1749: Propagate SSL target override to Components (versions)
The versions sub-command correctly passes grpc_ssl_target into the Components client.

1784-1785: Propagate SSL target override to Components (provenance)
The provenance sub-command now forwards grpc_ssl_target to the underlying gRPC client.

src/scanoss/scanner.py

FAST_WINNOWING = False
try:
from scanoss_winnowing.winnowing import Winnowing

FAST_WINNOWING = True
except ModuleNotFoundError or ImportError:
except ModuleNotFoundError or ImportError: # noqa: PLW0711
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix incorrect exception syntax.

The exception handling syntax is incorrect and will cause a runtime error. The or operator should not be used in exception handling.

-except ModuleNotFoundError or ImportError:  # noqa: PLW0711
+except (ModuleNotFoundError, ImportError):  # noqa: PLW0711
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
except ModuleNotFoundError or ImportError: # noqa: PLW0711
except (ModuleNotFoundError, ImportError): # noqa: PLW0711
🧰 Tools
🪛 Pylint (3.3.7)

[warning] 58-60: Exception to catch is the result of a binary "or" operation

(W0711)

🤖 Prompt for AI Agents 
In src/scanoss/scanner.py at line 58, the exception handling uses incorrect
syntax with 'or' between exceptions. Replace 'except ModuleNotFoundError or
ImportError:' with 'except (ModuleNotFoundError, ImportError):' to correctly
catch both exceptions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@eeisegn eeisegn Awaiting requested review from eeisegn

At least 1 approving review is required to merge this pull request.

Assignees

@matiasdaloia matiasdaloia

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@matiasdaloia