C#: Load Dependabot Proxy certificate in DependabotProxy, and implement IDisposable

Author: mbg

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs

@@ -1,12 +1,13 @@
 using System;
 using System.Diagnostics;
 using System.IO;
+using System.Security.Cryptography.X509Certificates;
 using Semmle.Util;
 using Semmle.Util.Logging;
 
 namespace Semmle.Extraction.CSharp.DependencyFetching
 {
-    public class DependabotProxy
+    public class DependabotProxy : IDisposable
     {
         private readonly string? host;
         private readonly string? port;
@@ -20,6 +21,10 @@ public class DependabotProxy
         /// The path to the temporary file where the certificate is stored.
         /// </summary>
         internal readonly string? CertificatePath;
+        /// <summary>
+        /// The certificate used for the Dependabot proxy.
+        /// </summary>
+        internal readonly X509Certificate2? Certificate;
 
         /// <summary>
         /// Gets a value indicating whether a Dependabot proxy is configured.
@@ -60,6 +65,8 @@ internal DependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory
             writer.Write(cert);
 
             logger.LogInfo($"Stored Dependabot proxy certificate at {this.CertificatePath}");
+
+            this.Certificate = new X509Certificate2(this.CertificatePath);
         }
 
         internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo)
@@ -73,5 +80,13 @@ internal void ApplyProxy(ILogger logger, ProcessStartInfo startInfo)
             startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.Address);
             startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.certFile?.FullName);
         }
+
+        public void Dispose()
+        {
+            if (this.Certificate != null)
+            {
+                this.Certificate.Dispose();
+            }
+        }
     }
 }

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs

@@ -545,6 +545,7 @@ private void AnalyseProject(FileInfo project)
         public void Dispose()
         {
             nugetPackageRestorer?.Dispose();
+            dependabotProxy.Dispose();
             if (cleanupTempWorkingDirectory)
             {
                 tempWorkingDirectory?.Dispose();

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

@@ -600,13 +600,12 @@ private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount,
             {
                 httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address);
 
-                if (!String.IsNullOrEmpty(this.dependabotProxy.CertificatePath))
+                if (this.dependabotProxy.Certificate != null)
                 {
-                    X509Certificate2 proxyCert = new X509Certificate2(this.dependabotProxy.CertificatePath);
                     httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) =>
                     {
                         chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
-                        chain.ChainPolicy.CustomTrustStore.Add(proxyCert);
+                        chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate);
                         return chain.Build(cert);
                     };
                 }