milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Create config file and pass minimum package age to l7 proxy

Browse source
This commit is contained in:
Sander Declerck 2026-05-08 16:18:29 +02:00
parent 9f0e1aeab0
commit 023deff926
No known key found for this signature in database
2 changed files with 97 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

93
packages/safe-chain/src/registryProxy/ramaProxy/createAikidoEndpointConfigFile.js Normal file
View file

@ -0,0 +1,93 @@
import { writeFile } from "fs";
import { join } from "path/posix";
import { promisify } from "util";
import {
getMinimumPackageAgeHours,
skipMinimumPackageAge,
} from "../../config/settings.js";
/**
*
* @param {string} dataFolder
* @returns string
*/
export async function createAikidoEndpointConfigFile(dataFolder) {
const configPath = join(dataFolder, "safe-chain-config.json");
const config = getConfigContent();
const configJson = JSON.stringify(config);
await promisify(writeFile)(configPath, configJson);
return configPath;
}
function getConfigContent() {
let cutoff = Math.floor(Date.now() / 1000);
if (!skipMinimumPackageAge()) {
cutoff = cutoff - (getMinimumPackageAgeHours() * 3600);
}
return {
permission_group: {
id: 1,
name: "Default",
},
ecosystems: {
npm: {
block_all_installs: false,
request_installs: false,
minimum_allowed_age_timestamp: cutoff,
exceptions: {
allowed_packages: [],
rejected_packages: [],
},
},
pypi: {
block_all_installs: false,
request_installs: false,
minimum_allowed_age_timestamp: cutoff,
exceptions: {
allowed_packages: [],
rejected_packages: [],
},
},
},
};
}
/*
# Reference: config file format.
```json
{
"permission_group": {
"id": 18,
"name": "Default"
},
"ecosystems": {
"npm": {
"block_all_installs": false,
"request_installs": false,
"minimum_allowed_age_timestamp": 1778143932,
"exceptions": {
"allowed_packages": [],
"rejected_packages": []
}
},
"pypi": {
"block_all_installs": false,
"request_installs": false,
"minimum_allowed_age_timestamp": 1778057532,
"exceptions": {
"allowed_packages": [],
"rejected_packages": []
}
}
}
}
```
*/

3
packages/safe-chain/src/registryProxy/ramaProxy/createRamaProxy.js
View file

@ -8,6 +8,7 @@ import { ui } from "../../environment/userInteraction.js";
import { getLoggingLevel, LOGGING_VERBOSE } from "../../config/settings.js"; import { getLoggingLevel, LOGGING_VERBOSE } from "../../config/settings.js";
import { getReportingServer } from "./reportingServer.js"; import { getReportingServer } from "./reportingServer.js";
import EventEmitter from "node:events"; import EventEmitter from "node:events";
import { createAikidoEndpointConfigFile } from "./createAikidoEndpointConfigFile.js";
const readFilePromise = promisify(readFile); const readFilePromise = promisify(readFile);
@ -98,6 +99,8 @@ async function startRama(ramaPath, dataFolder, reportingUrl) {
dataFolder, dataFolder,
"--reporting-endpoint", "--reporting-endpoint",
reportingUrl, reportingUrl,
"--config-file",
await createAikidoEndpointConfigFile(dataFolder),
]; ];
const stdio = getLoggingLevel() === LOGGING_VERBOSE ? "inherit" : "pipe"; const stdio = getLoggingLevel() === LOGGING_VERBOSE ? "inherit" : "pipe";
const process = spawn(ramaPath, args, { stdio: stdio }); const process = spawn(ramaPath, args, { stdio: stdio });