Merge pull request #187 from bridgecrewio/add-no-cert-verify

add option for no cert verify

Author: mikeurbanski1

src/main/kotlin/com/bridgecrew/services/CheckovScanService.kt

@@ -146,11 +146,16 @@ class CheckovScanService {
 
     private fun getCertParams(cmds: ArrayList<String>): ArrayList<String> {
         val certPath = settings?.certificate
+        val noCertVerify = settings?.noCertVerify
         if (!certPath.isNullOrEmpty()) {
             cmds.add("-ca")
             cmds.add(certPath)
-            return cmds
         }
+
+        if (noCertVerify == true) {
+            cmds.add("--no-cert-verify")
+        }
+
         return cmds
     }
 

src/main/kotlin/com/bridgecrew/settings/CheckovSettingsConfigurable.kt

@@ -21,7 +21,8 @@ class CheckovSettingsConfigurable(val project: Project) : Configurable {
         val settings = CheckovSettingsState().getInstance()
         return !checkovSettingsComponent.apiTokenField.text.equals(settings?.apiToken) ||
                 !checkovSettingsComponent.certificateField.text.equals(settings?.certificate) ||
-                !checkovSettingsComponent.prismaURLField.text.equals(settings?.prismaURL)
+                !checkovSettingsComponent.prismaURLField.text.equals(settings?.prismaURL) ||
+                !checkovSettingsComponent.noCertVerifyField.isSelected().equals(settings?.noCertVerify)
     }
 
     override fun apply() {
@@ -30,6 +31,7 @@ class CheckovSettingsConfigurable(val project: Project) : Configurable {
         settings?.apiToken = checkovSettingsComponent.apiTokenField.text.trim()
         settings?.certificate = checkovSettingsComponent.certificateField.text.trim()
         settings?.prismaURL = checkovSettingsComponent.prismaURLField.text.trim()
+        settings?.noCertVerify = checkovSettingsComponent.noCertVerifyField.isSelected()
         if (apiTokenModified){
             project.messageBus.syncPublisher(CheckovSettingsListener.SETTINGS_TOPIC).settingsUpdated()
         }
@@ -41,6 +43,7 @@ class CheckovSettingsConfigurable(val project: Project) : Configurable {
         checkovSettingsComponent.apiTokenField.text = setting?.apiToken
         checkovSettingsComponent.certificateField.text = setting?.certificate
         checkovSettingsComponent.prismaURLField.text = setting?.prismaURL
+        checkovSettingsComponent.noCertVerifyField.setSelected(setting?.noCertVerify == true)
 
 
     }

src/main/kotlin/com/bridgecrew/settings/CheckovSettingsState.kt

@@ -17,6 +17,7 @@ class CheckovSettingsState() : PersistentStateComponent<CheckovSettingsState> {
     var apiToken: String = ""
     var certificate: String = ""
     var prismaURL: String = ""
+    var noCertVerify: Boolean = false
 
     fun getInstance(): CheckovSettingsState? {
         return ApplicationManager.getApplication().getService(CheckovSettingsState::class.java)

src/main/kotlin/com/bridgecrew/ui/CheckovSettingsComponent.kt

@@ -7,23 +7,25 @@ import com.intellij.uiDesigner.core.GridConstraints
 import java.awt.Insets
 import javax.swing.JLabel
 import javax.swing.JTextField
+import javax.swing.JCheckBox
 
 class CheckovSettingsComponent () {
     private var rootPanel: JPanel = JPanel()
     val apiTokenField: JTextField = JTextField()
     val certificateField: JTextField = JTextField()
     val prismaURLField: JTextField = JTextField()
+    val noCertVerifyField: JCheckBox = JCheckBox()
 
     init {
         rootPanel.layout = GridLayoutManager(1, 2, Insets(0, 0, 0, 0), -1, -1)
-        val settingsPanel = JPanel(GridLayoutManager(3, 2, Insets(0, 0, 0, 0), -1, -1))
+        val settingsPanel = JPanel(GridLayoutManager(5, 2, Insets(0, 0, 0, 0), -1, -1))
 
         val apiTokenLabel = JLabel("Token (Required)")
         apiTokenLabel.labelFor = apiTokenField
         settingsPanel.add(apiTokenLabel, createGridRowCol(0,0,GridConstraints.ANCHOR_WEST))
         settingsPanel.add(apiTokenField, createGridRowCol(0,1,GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL))
 
-        val prismaURLLabel = JLabel("Prisma URL ( Required if using Prisma Cloud Access Token)")
+        val prismaURLLabel = JLabel("Prisma URL (Required if using Prisma Cloud Access Token)")
         prismaURLLabel.labelFor = prismaURLField
         settingsPanel.add(prismaURLLabel, createGridRowCol(1,0,GridConstraints.ANCHOR_WEST))
         settingsPanel.add(prismaURLField, createGridRowCol(1,1,GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL))
@@ -33,6 +35,14 @@ class CheckovSettingsComponent () {
         settingsPanel.add(certificateLabel, createGridRowCol(2,0,GridConstraints.ANCHOR_WEST))
         settingsPanel.add(certificateField, createGridRowCol(2,1,GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL))
 
+        val noCertVerifyLabel = JLabel("Skip SSL certificate verification")
+        noCertVerifyLabel.labelFor = noCertVerifyField
+        settingsPanel.add(noCertVerifyLabel, createGridRowCol(3,0,GridConstraints.ANCHOR_WEST))
+        settingsPanel.add(noCertVerifyField, createGridRowCol(3,1,GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL))
+
+        val noCertVerifyWarning = JLabel("Warning: this is risky and prevents detecting invalid certificates - use for testing only")
+        settingsPanel.add(noCertVerifyWarning, createGridRowCol(4,0,GridConstraints.ANCHOR_WEST))
+
         rootPanel.add(settingsPanel, GridConstraints(
             0,
             0,