Skip to content

Engines don't have network access while analyzing #480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pbrisbin opened this issue Aug 17, 2016 · 2 comments
Closed

Engines don't have network access while analyzing #480

pbrisbin opened this issue Aug 17, 2016 · 2 comments

Comments

@pbrisbin
Copy link
Contributor

Along with other restrictions, we run analysis engines with no network access (via the --net none option to docker run).

We do this (primarily) because engines have access to customer source code and so a malicious actor could use an engine to access and transmit sensitive data via a network request. Because we aim to produce and maintain many engines together with the open source community, we restrict network access in this way to ensure our customers' source code is kept as safe as possible.

Unfortunately, this restriction prevents a number of real use cases and features. For example, the Rubocop engine can't install custom cops as gems or inherit a remote configuration. Similarly, ESLint can't install shared configuration or custom plugins that are distributed as node modules.

We do intend to support these use cases in some way in the future, but our focus is on security and until we can provide a way to do so safely, we're not comfortable providing a timeline on building this feature.

We apologize for this inconvenience and will keep this Issue open to track it and provide any updates from our side.
@qltysh qltysh locked and limited conversation to collaborators Aug 17, 2016
@maxjacobson
Copy link
Contributor

Update:

Since November 10, 2016, we've supported downloading external configuration files as part of a build. You can read more details about that in the changelog post announcing it: https://codeclimate.com/changelog/582495c32c33066f1b00191d

We hope this will address some of the use-cases that require network access, such as sharing one configuration file across multiple repos.

There are still other use-cases that aren't covered by this, so we'll keep this issue open and provide updates when we have them.

@maxjacobson maxjacobson pinned this issue Jun 17, 2019
@davehenton davehenton unpinned this issue Aug 21, 2019
@brynary
Copy link
Member

brynary commented Nov 15, 2024

Hello -- Thank you for this GitHub issue.

We are going to be releasing a new version of our code quality CLI shortly, and so I am in the process of closing all open GitHub issues in preparation for that. We will be in touch soon and would be happy to hear from you on any feedback you have on the new CLI when it is available later this month.

@brynary brynary closed this as not planned Won't fix, can't repro, duplicate, stale Nov 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brynary @pbrisbin @maxjacobson