SOCKS proxy settings are not respected

[bradlarsen]

Describe the bug
Nosey Parker doesn't observe proxy settings as expected.

To Reproduce

1. Set a SOCKS proxy like export ALL_PROXY=socks5h://<proxy_host>:<proxy_port>
2. Scan a GitHub organization, e.g., noseyparker scan --github-org praetorian-inc

Expected behavior
Nosey Parker enumerates the repositories in the praetorian-inc organization on GitHub, clones them all, and scans them successfully.

Actual behavior
Nosey Parker fails to successfully clone the enumerated repositories, even though regular command-line git succeeds.

Output of noseyparker --version

noseyparker 0.21.0-dev

Build Configuration:

    Build Timestamp:    2024-11-06T15:27:31.263704000Z

    Commit Timestamp:   2024-11-05T16:32:04.000000000-05:00
    Commit Branch:      main
    Commit SHA:         d006eb0d2288e71b8a4121d70f5bf3a1fc0d6195

    Cargo Features:     color_backtrace,default,disable_trace,github,log,mimalloc,release
    Debug:              true
    Optimization:       3
    Target Triple:      aarch64-apple-darwin

Build System:

    OS:                 Darwin
    OS Version:         MacOS 14.7

    CPU Vendor:         Apple
    CPU Brand:          Apple M3 Max
    CPU Cores:          14

    rustc Version:      1.82.0
    rustc Channel:      stable
    rustc Host Triple:  aarch64-apple-darwin
    rustc Commit Date:  2024-10-15
    rustc Commit SHA:   f6e511eec7342f59a25f7c0534f1dbea00d01b14
    rustc LLVM Version: 19.1

Additional context
I'm reporting this issue second-hand, and have not actually reproduced it myself yet.

An open question: Are SOCKS proxy settings observed as expected for Nosey Parker's github enumeration phase? Or are things broken there too?

[bradlarsen]

Two kinds of network traffic occur when using Nosey Parker's --git-organization=ORG option:

1. HTTPS traffic against GitHub's REST API to list the repositories to clone and scan
2. HTTPS traffic from command-line git to actually clone the repositories.

Nosey Parker shells out to git to actually clone repositories. Nosey Parker goes out of its way to explicitly use a very vanilla git configuration for this process. In particular, proxy-relevant Git configuration environment variables (all_proxy, http_proxy, and https_proxy) are not propagated to the git process. This is very likely related to this bug.

See git's documentation for a bit more information on proxy-relevant settings.

(Why does Nosey Parker use command-line git instead of a library? When I last tried a couple years ago, neither libgit2 nor gix could reliably do bare or mirror clones with behavior matching CLI git.)

[bradlarsen]

Maybe relevant — a list of the various ways to configure proxies: https://gist.github.com/yougg/5d2b3353fc5e197a0917aae0b3287d64