From 05f0355596e7cd64395ccddcc7ec0ee918efc39d Mon Sep 17 00:00:00 2001
From: Amir Moualem <amoualem@gmail.com>
Date: Tue, 16 Apr 2019 14:27:16 +0300
Subject: [PATCH] feat: use the new flag to allow ignore unknown CAs when
 requesting snapshots

---
 lib/snapshot/reader.js |  1 +
 test/snapshot.test.js  | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/lib/snapshot/reader.js b/lib/snapshot/reader.js
index ebaac73..55aa955 100644
--- a/lib/snapshot/reader.js
+++ b/lib/snapshot/reader.js
@@ -49,6 +49,7 @@ async function loadFromUpstream() {
     debug(`attempting to retrieve latest snapshot from ${url}`);
     const requestOptions = {
       json: true,
+      rejectUnauthorized: !config['allowUnknownCA'],
       headers: {'If-Modified-Since': lastModified.toUTCString()},
     };
     const response = await needle('get', url, requestOptions);
diff --git a/test/snapshot.test.js b/test/snapshot.test.js
index d0e1152..e163b0e 100644
--- a/test/snapshot.test.js
+++ b/test/snapshot.test.js
@@ -1,7 +1,9 @@
 const fs = require('fs');
 const test = require('tap').test;
+const nock = require('nock');
 const sinon = require('sinon');
 const path = require('path');
+const needle = require('needle');
 
 const config = require('../lib/config');
 const snapshotReader = require('../lib/snapshot/reader');
@@ -92,3 +94,32 @@ test('snapshot reader favours bundled snapshot when possible', async (t) => {
   existsStub.restore();
   t.end();
 });
+
+test('reader loading snapshot from upstream', async (t) => {
+  nock('https://homebase.snyk.io')
+    .get('/api/v2/snapshot/whatever/node')
+    .reply(200, []);
+  nock('https://homebase.snyk.io')
+    .get('/api/v2/snapshot/whatever/node')
+    .reply(200, []);
+
+  const needleSpy = sinon.spy(needle, 'request');
+
+  snapshotReader.loadFromUpstream();
+  t.equal(needleSpy.args[0][0], 'get', 'snapshots retrieved with get');
+  t.equal(needleSpy.args[0][1], 'https://homebase.snyk.io/api/v2/snapshot/whatever/node', 'url is correct');
+  const expectedRequestOptions = {
+    json: true,
+    rejectUnauthorized: true,
+    headers: {"If-Modified-Since": "Thu, 06 Dec 2018 14:02:33 GMT"},
+  };
+  t.deepEqual(needleSpy.args[0][3], expectedRequestOptions, 'request options are correct');
+
+  config['allowUnknownCA'] = true;
+  snapshotReader.loadFromUpstream();
+  expectedRequestOptions.rejectUnauthorized = false;
+  t.deepEqual(needleSpy.args[1][3], expectedRequestOptions, 'request options are correct');
+
+  t.ok(nock.isDone(), 'snapshot requests made');
+  nock.cleanAll();
+});