Add grpc-ssl-target option to CLI to override SSL target name for gRPC connections

Author: matiasdaloia

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.25.0] - 2025-06-04
+### Added
+- Add `grpc-ssl-target` option to CLI to override SSL target name for gRPC connections
+
 ## [1.24.0] - 2025-05-28
 ### Added
 - Add `crypto` subcommand to retrieve cryptographic algorithms for the given components
@@ -522,4 +526,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.21.0]: https://github.com/scanoss/scanoss.py/compare/v1.20.6...v1.21.0
 [1.22.0]: https://github.com/scanoss/scanoss.py/compare/v1.21.0...v1.22.0
 [1.23.0]: https://github.com/scanoss/scanoss.py/compare/v1.22.0...v1.23.0
-[1.24.0]: https://github.com/scanoss/scanoss.py/compare/v1.23.0...v1.24.0
+[1.24.0]: https://github.com/scanoss/scanoss.py/compare/v1.23.0...v1.24.0
+[1.25.0]: https://github.com/scanoss/scanoss.py/compare/v1.24.0...v1.25.0

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = '1.24.0'
+__version__ = '1.25.0'

src/scanoss/cli.py

@@ -761,6 +761,12 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
             '"REQUESTS_CA_BUNDLE=/path/to/cacert.pem" and '
             '"GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=/path/to/cacert.pem" for gRPC',
         )
+        p.add_argument(
+            '--grpc-ssl-target',
+            type=str,
+            help='Override SSL target name for gRPC connections (optional). '
+            'Useful when connecting to localhost with a certificate issued for a different domain.',
+        )
 
     # Global GRPC options
     for p in [
@@ -1138,6 +1144,7 @@ def scan(parser, args):  # noqa: PLR0912, PLR0915
         ignore_cert_errors=args.ignore_cert_errors,
         proxy=args.proxy,
         grpc_proxy=args.grpc_proxy,
+        grpc_ssl_target=args.grpc_ssl_target,
         pac=pac_file,
         ca_cert=args.ca_cert,
         retry=args.retry,
@@ -1617,6 +1624,7 @@ def comp_vulns(parser, args):
         ca_cert=args.ca_cert,
         proxy=args.proxy,
         grpc_proxy=args.grpc_proxy,
+        grpc_ssl_target=args.grpc_ssl_target,
         pac=pac_file,
         timeout=args.timeout,
         req_headers=process_req_headers(args.header),
@@ -1652,6 +1660,7 @@ def comp_semgrep(parser, args):
         ca_cert=args.ca_cert,
         proxy=args.proxy,
         grpc_proxy=args.grpc_proxy,
+        grpc_ssl_target=args.grpc_ssl_target,
         pac=pac_file,
         timeout=args.timeout,
         req_headers=process_req_headers(args.header),
@@ -1690,6 +1699,7 @@ def comp_search(parser, args):
         ca_cert=args.ca_cert,
         proxy=args.proxy,
         grpc_proxy=args.grpc_proxy,
+        grpc_ssl_target=args.grpc_ssl_target,
         pac=pac_file,
         timeout=args.timeout,
         req_headers=process_req_headers(args.header),
@@ -1735,6 +1745,7 @@ def comp_versions(parser, args):
         ca_cert=args.ca_cert,
         proxy=args.proxy,
         grpc_proxy=args.grpc_proxy,
+        grpc_ssl_target=args.grpc_ssl_target,
         pac=pac_file,
         timeout=args.timeout,
         req_headers=process_req_headers(args.header),
@@ -1770,6 +1781,7 @@ def comp_provenance(parser, args):
         ca_cert=args.ca_cert,
         proxy=args.proxy,
         grpc_proxy=args.grpc_proxy,
+        grpc_ssl_target=args.grpc_ssl_target,
         pac=pac_file,
         timeout=args.timeout,
         req_headers=process_req_headers(args.header),

src/scanoss/components.py

@@ -50,6 +50,7 @@ def __init__(  # noqa: PLR0913, PLR0915
         proxy: str = None,
         grpc_proxy: str = None,
         ca_cert: str = None,
+        grpc_ssl_target: str = None,
         pac: PACFile = None,
         req_headers: dict = None,
     ):
@@ -77,6 +78,7 @@ def __init__(  # noqa: PLR0913, PLR0915
             api_key=api_key,
             ver_details=ver_details,
             ca_cert=ca_cert,
+            grpc_ssl_target=grpc_ssl_target,
             proxy=proxy,
             pac=pac,
             grpc_proxy=grpc_proxy,

src/scanoss/scanner.py

@@ -96,6 +96,7 @@ def __init__( # noqa: PLR0913, PLR0915
         proxy: str = None,
         grpc_proxy: str = None,
         ca_cert: str = None,
+        grpc_ssl_target: str = None,
         pac: PACFile = None,
         retry: int = 5,
         hpsm: bool = False,
@@ -169,6 +170,7 @@ def __init__( # noqa: PLR0913, PLR0915
             api_key=api_key,
             ver_details=ver_details,
             ca_cert=ca_cert,
+            grpc_ssl_target=grpc_ssl_target,
             proxy=proxy,
             pac=pac,
             grpc_proxy=grpc_proxy,

src/scanoss/scanners/container_scanner.py

@@ -228,6 +228,7 @@ def __init__(
             url=config.apiurl,
             api_key=config.key,
             ca_cert=config.ca_cert,
+            grpc_ssl_target=config.grpc_ssl_target,
             proxy=config.proxy,
             pac=config.pac,
             grpc_proxy=config.grpc_proxy,

src/scanoss/scanners/scanner_config.py

@@ -51,6 +51,7 @@ class ScannerConfig:
     grpc_proxy: Optional[str] = None
 
     ca_cert: Optional[str] = None
+    grpc_ssl_target: Optional[str] = None
     pac: Optional[PACFile] = None
 
 
@@ -69,5 +70,6 @@ def create_scanner_config_from_args(args) -> ScannerConfig:
         proxy=getattr(args, 'proxy', None),
         grpc_proxy=getattr(args, 'grpc_proxy', None),
         ca_cert=getattr(args, 'ca_cert', None),
+        grpc_ssl_target=getattr(args, 'grpc_ssl_target', None),
         pac=getattr(args, 'pac', None),
     )

src/scanoss/scanossgrpc.py

@@ -103,6 +103,7 @@ def __init__(  # noqa: PLR0913, PLR0915
         trace: bool = False,
         quiet: bool = False,
         ca_cert: str = None,
+        grpc_ssl_target: str = None,
         api_key: str = None,
         ver_details: str = None,
         timeout: int = 600,
@@ -132,6 +133,7 @@ def __init__(  # noqa: PLR0913, PLR0915
         self.timeout = timeout
         self.proxy = proxy
         self.grpc_proxy = grpc_proxy
+        self.grpc_ssl_target = grpc_ssl_target
         self.pac = pac
         self.req_headers = req_headers
         self.metadata = []
@@ -171,17 +173,26 @@ def __init__(  # noqa: PLR0913, PLR0915
             self.provenance_stub = GeoProvenanceStub(grpc.insecure_channel(self.url))
             self.scanning_stub = ScanningStub(grpc.insecure_channel(self.url))
         else:
+            channel_options = []
+            if self.grpc_ssl_target:
+                channel_options.append(('grpc.ssl_target_name_override', self.grpc_ssl_target))
+
             if ca_cert is not None:
                 credentials = grpc.ssl_channel_credentials(cert_data)  # secure with specified certificate
             else:
                 credentials = grpc.ssl_channel_credentials()  # secure connection with default certificate
-            self.comp_search_stub = ComponentsStub(grpc.secure_channel(self.url, credentials))
-            self.crypto_stub = CryptographyStub(grpc.secure_channel(self.url, credentials))
-            self.dependencies_stub = DependenciesStub(grpc.secure_channel(self.url, credentials))
-            self.semgrep_stub = SemgrepStub(grpc.secure_channel(self.url, credentials))
-            self.vuln_stub = VulnerabilitiesStub(grpc.secure_channel(self.url, credentials))
-            self.provenance_stub = GeoProvenanceStub(grpc.secure_channel(self.url, credentials))
-            self.scanning_stub = ScanningStub(grpc.secure_channel(self.url, credentials))
+
+            self.comp_search_stub = ComponentsStub(grpc.secure_channel(self.url, credentials, options=channel_options))
+            self.crypto_stub = CryptographyStub(grpc.secure_channel(self.url, credentials, options=channel_options))
+            self.dependencies_stub = DependenciesStub(
+                grpc.secure_channel(self.url, credentials, options=channel_options)
+            )
+            self.semgrep_stub = SemgrepStub(grpc.secure_channel(self.url, credentials, options=channel_options))
+            self.vuln_stub = VulnerabilitiesStub(grpc.secure_channel(self.url, credentials, options=channel_options))
+            self.provenance_stub = GeoProvenanceStub(
+                grpc.secure_channel(self.url, credentials, options=channel_options)
+            )
+            self.scanning_stub = ScanningStub(grpc.secure_channel(self.url, credentials, options=channel_options))
 
     @classmethod
     def _load_cert(cls, cert_file: str) -> bytes:
@@ -694,6 +705,7 @@ class GrpcConfig:
     timeout: Optional[int] = DEFAULT_TIMEOUT
     proxy: Optional[str] = None
     grpc_proxy: Optional[str] = None
+    grpc_ssl_target: Optional[str] = None
     pac: Optional[PACFile] = None
     req_headers: Optional[dict] = None
 
@@ -710,4 +722,5 @@ def create_grpc_config_from_args(args) -> GrpcConfig:
         timeout=getattr(args, 'timeout', DEFAULT_TIMEOUT),
         proxy=getattr(args, 'proxy', None),
         grpc_proxy=getattr(args, 'grpc_proxy', None),
+        grpc_ssl_target=getattr(args, 'grpc_ssl_target', None),
     )