Prisma Cloud IDE 플러그인의 프록시 구성

• 고객은 IntelliJ IDEA 및 VS Code 플러그인 1에서 문제를 겪고 있습니다. 프록시를 사용하도록 구성된 경우 플러그인이 엔드포인트 에 연결하지 못합니다. 플러그인이 IDE 또는 시스템 전체 프록시의 프록시 설정을 활용하지 않는 것으로 보입니다.

• IntellijIDEA 플러그인을 사용하고 프록시를 사용하도록 구성된 경우 플러그인이 엔드포인트 에 연결하지 못합니다. 플러그인이 IDE에 설정된 프록시나 시스템 전체 프록시를 사용하지 않는 것 같습니다.

2024-10-08 12:14:40,284 [MainThread ] [WARNI] An unexpected error occurred getting the run configuration from <https://<FQDN>>/bridgecrew/api/v2/checkov/runConfiguration after multiple retries. Please verify your API key and Prisma API URL, and retry. If the problem persists, please enable debug logs and contact support. The error is: HTTPSConnectionPool(host='api.eu.prismacloud.io', port=443): Max retries exceeded with url: /login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x148affc80>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)')) Traceback (most recent call last): File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 203, in _new_conn sock = connection.create_connection( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 85, in create_connection raise err File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) TimeoutError: timed out

Proxy settings:

Visual Studio Code에서 프록시(http)를 사용하면 동일한 문제가 발생합니다.

1. export proxy setting via command export HTTPS_PROXY="http://:@:"

2. start Visual Studio Code via command code

3. Prisma Cloud 플러그인을 구성 하고 연결 테스트를 OK.

4. 전체 스캔 시작

"전체 검사 실행" 로그:

2024-10-11 09:55:35 [info]: Initiating Prisma Cloud VS Code extension version 1.0.21 2024-10-11 09:55:35 [info]: Plugin path: /Users/amusarra/.vscode/extensions/prismacloud.prisma-cloud-1.0.21 2024-10-11 09:55:35 [info]: customer is not supporting SAST 2024-10-11 09:55:35 [error]: Failed fetching a new JWT token, authorization on prisma failed: Request failed with status code 500 2024-10-11 09:55:35 [error]: CustomersModulesService is not enabled Or token not exists {"isEnabled":true} 2024-10-11 09:55:35 [info]: customer is not supporting SAST 2024-10-11 09:55:35 [info]: Installing Checkov with Docker 2024-10-11 09:55:35 [error]: The Checkov installation with Docker was failed {"error":{"name":"Error","message":"Command failed: docker pull bridgecrew/checkov:latest\nCannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?\n","stack":"Error: Command failed: docker pull bridgecrew/checkov:latest\nCannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?\n\n at genericNodeError (node:internal/errors:984:15)\n at wrappedFn (node:internal/errors:538:14)\n at ChildProcess.exithandler (node:child_process:423:12)\n at ChildProcess.emit (node:events:519:28)\n at ChildProcess.emit (node:domain:488:12)\n at maybeClose (node:internal/child_process:1105:16)\n at Socket.<anonymous> (node:internal/child_process:457:11)\n at Socket.emit (node:events:519:28)\n at Socket.emit (node:domain:488:12)\n at Pipe.<anonymous> (node:net:339:12)"}} 2024-10-11 09:55:35 [info]: Installing Checkov with Pip3 2024-10-11 09:55:35 [info]: Checking the Python version 2024-10-11 09:55:37 [error]: No executor found for undefined, aborting scan operation 2024-10-11 09:55:37 [info]: There are no installationId or jwtToken for sending analytics data 2024-10-11 09:55:49 [info]: Successfully installed Checkov using pip3 {"type":"pip3","entrypoint":"checkov"} 2024-10-11 09:55:54 [info]: proxy settings: "" 2024-10-11 09:55:54 [warn]: There are files opened from outside the workspace that won't be scanned in these directories: "/Users/amusarra/Library/Application Support/Code/logs/20241011T095522/window1/exthost/PrismaCloud.prisma-cloud" 2024-10-11 09:55:54 [info]: checkov --repo-id vscode/extension --quiet --soft-fail --output json --bc-api-key --directory "/Users/amusarra/dev/github/amusarra/tls-mutual-auth" 2024-10-11 09:56:20 [info]: Full error checkov process output: 2024-10-11 09:56:20,092 [MainThread ] [WARNI] An unexpected error occurred getting the run configuration from https://api.eu.prismacloud.io/bridgecrew/api/v2/checkov/runConfiguration after multiple retries. Please verify your API key and Prisma API URL, and retry. If the problem persists, please enable debug logs and contact support. The error is: HTTPSConnectionPool(host='api.eu.prismacloud.io', port=443): Max retries exceeded with url: /login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x1493f79e0>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)')) Traceback (most recent call last): File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 203, in _new_conn sock = connection.create_connection( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 85, in create_connection raise err File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) TimeoutError: timed out The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 791, in urlopen response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 492, in _make_request raise new_e File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 468, in _make_request self._validate_conn(conn) File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn conn.connect() File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 611, in connect self.sock = sock = self._new_conn() ^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connection.py", line 212, in _new_conn raise ConnectTimeoutError( urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x1493f79e0>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)') The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/checkov/common/bridgecrew/platform_integration.py", line 1021, in get_customer_run_config token = self.get_auth_token() ^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/cachetools/init.py", line 752, in wrapper v = func(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/checkov/common/bridgecrew/platform_integration.py", line 300, in get_auth_token request = self.http.request("POST", f"{self.prisma_api_url}/login", # type:ignore[no-untyped-call] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/_request_methods.py", line 118, in request return self.request_encode_body( ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/_request_methods.py", line 217, in request_encode_body return self.urlopen(method, url, **extra_kw) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/poolmanager.py", line 443, in urlopen response = conn.urlopen(method, u.request_uri, **kw) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( ^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( ^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( ^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/connectionpool.py", line 845, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/Users/amusarra/Library/Python/3.12/lib/python/site-packages/urllib3/util/retry.py", line 515, in increment raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.eu.prismacloud.io', port=443): Max retries exceeded with url: /login (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x1493f79e0>, 'Connection to api.eu.prismacloud.io timed out. (connect timeout=3.1)')) An error occurred getting data from the platform, including policy metadata. Because --include-all-checkov-policies was not used, Checkov cannot differentiate Checkov-only policies from platform policies, and no policies will get evaluated. Please resolve the error above or re-run with the --include-all-checkov-policies argument (but note that this will not include any custom platform configurations or policy metadata).

시스템 환경을 통해 구성하는 것과 달리 VS Code에서 프록시를 직접 설정하는 것이 가능합니다.

• 환경 : macOS 24.0.0 Darwin 커널 버전 24.0.0
• 파이썬 : 3.12
• IDE : IntelliJ IDEA 2024.2.3(Ultimate Edition)
• 프리즈마 플러그인:1.0.21

• 프록시 설정이 제거되었습니다.

• 설정 | 모양 및 동작 | 시스템 설정 | HTTP 프록시에서 사용자 프록시 구성 에 대한 지원은 다음 버전에서 도입되었습니다.
  
  JetBrains 제품 버전 2024.2.* 이상용 버전 1.0.23
  JetBrains 제품 버전 2020.3.*부터 2024.1.*까지에 대한 버전 1.0.23-203.241
  VS Code의 경우 이 github 이슈 에서 언급된 것처럼 프록시 지원이 이미 제공되었습니다.

• github 이슈