diff --git a/.github/workflows/test-on-pr.yml b/.github/workflows/test-on-pr.yml index f8087ef..f754931 100644 --- a/.github/workflows/test-on-pr.yml +++ b/.github/workflows/test-on-pr.yml @@ -6,7 +6,12 @@ jobs: unit-test: name: Run unit tests and linting - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Checkout code @@ -23,7 +28,7 @@ jobs: safe-chain setup-ci - name: Install dependencies - run: npm ci + run: npm ci --ignore-scripts - name: Run unit tests run: npm test @@ -35,10 +40,12 @@ jobs: run: npm run typecheck --workspace=packages/safe-chain - name: Create package tarball + if: matrix.os == 'ubuntu-latest' run: npm pack --workspace=packages/safe-chain - name: Upload package tarball uses: actions/upload-artifact@v4 + if: matrix.os == 'ubuntu-latest' with: name: safe-chain-package path: aikidosec-safe-chain-*.tgz diff --git a/packages/safe-chain/src/main.js b/packages/safe-chain/src/main.js index c46fc61..38bb8ff 100644 --- a/packages/safe-chain/src/main.js +++ b/packages/safe-chain/src/main.js @@ -64,8 +64,7 @@ export async function main(args) { const auditStats = getAuditStats(); if (auditStats.totalPackages > 0) { - ui.emptyLine(); - ui.writeInformation( + ui.writeVerbose( `${chalk.green("✔")} Safe-chain: Scanned ${ auditStats.totalPackages } packages, no malware found.` diff --git a/packages/safe-chain/src/registryProxy/interceptors/interceptorBuilder.js b/packages/safe-chain/src/registryProxy/interceptors/interceptorBuilder.js index e25e641..7a844e9 100644 --- a/packages/safe-chain/src/registryProxy/interceptors/interceptorBuilder.js +++ b/packages/safe-chain/src/registryProxy/interceptors/interceptorBuilder.js @@ -20,6 +20,12 @@ import { EventEmitter } from "events"; * @property {(headers: NodeJS.Dict | undefined) => NodeJS.Dict | undefined} modifyRequestHeaders * @property {() => boolean} modifiesResponse * @property {(body: Buffer, headers: NodeJS.Dict | undefined) => Buffer} modifyBody + * + * @typedef {Object} MalwareBlockedEvent + * @property {string} packageName + * @property {string} version + * @property {string} targetUrl + * @property {number} timestamp */ /** diff --git a/packages/safe-chain/src/registryProxy/registryProxy.js b/packages/safe-chain/src/registryProxy/registryProxy.js index ae7a47e..9402830 100644 --- a/packages/safe-chain/src/registryProxy/registryProxy.js +++ b/packages/safe-chain/src/registryProxy/registryProxy.js @@ -140,9 +140,14 @@ function handleConnect(req, clientSocket, head) { if (interceptor) { // Subscribe to malware blocked events - interceptor.on("malwareBlocked", (event) => { - onMalwareBlocked(event.packageName, event.version, event.url); - }); + interceptor.on( + "malwareBlocked", + ( + /** @type {import("./interceptors/interceptorBuilder.js").MalwareBlockedEvent} */ event + ) => { + onMalwareBlocked(event.packageName, event.version, event.targetUrl); + } + ); mitmConnect(req, clientSocket, interceptor); } else { diff --git a/test/e2e/bun.e2e.spec.js b/test/e2e/bun.e2e.spec.js index 4f24b7d..044b300 100644 --- a/test/e2e/bun.e2e.spec.js +++ b/test/e2e/bun.e2e.spec.js @@ -28,7 +28,9 @@ describe("E2E: bun coverage", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("bash"); - const result = await shell.runCommand("bun i axios"); + const result = await shell.runCommand( + "bun i axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), diff --git a/test/e2e/npm-ci.e2e.spec.js b/test/e2e/npm-ci.e2e.spec.js index 18ee789..b78b7ab 100644 --- a/test/e2e/npm-ci.e2e.spec.js +++ b/test/e2e/npm-ci.e2e.spec.js @@ -33,7 +33,9 @@ describe("E2E: npm coverage using PATH", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("npm i axios"); + const result = await shell.runCommand( + "npm i axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), diff --git a/test/e2e/npm.e2e.spec.js b/test/e2e/npm.e2e.spec.js index b2b7211..02bd6ca 100644 --- a/test/e2e/npm.e2e.spec.js +++ b/test/e2e/npm.e2e.spec.js @@ -28,7 +28,9 @@ describe("E2E: npm coverage", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("npm i axios"); + const result = await shell.runCommand( + "npm i axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), diff --git a/test/e2e/pip-ci.e2e.spec.js b/test/e2e/pip-ci.e2e.spec.js index a99b8d0..85a4a46 100644 --- a/test/e2e/pip-ci.e2e.spec.js +++ b/test/e2e/pip-ci.e2e.spec.js @@ -12,7 +12,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { beforeEach(async () => { container = new DockerTestContainer(); await container.start(); - + // Clear pip cache before each test to ensure fresh downloads through proxy const shell = await container.openShell("zsh"); await shell.runCommand("pip3 cache purge"); @@ -100,7 +100,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { const projectShell = await container.openShell(shell); // Use --break-system-packages to avoid Debian/Ubuntu external management restrictions const result = await projectShell.runCommand( - "pip3 install --break-system-packages certifi" + "pip3 install --break-system-packages certifi --safe-chain-logging=verbose" ); const hasExpectedOutput = result.output.includes("no malware found."); @@ -126,7 +126,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { const projectShell = await container.openShell(shell); const result = await projectShell.runCommand( - "python -m pip install --break-system-packages certifi" + "python -m pip install --break-system-packages certifi --safe-chain-logging=verbose" ); assert.ok( @@ -149,7 +149,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { const projectShell = await container.openShell(shell); const result = await projectShell.runCommand( - "python3 -m pip install --break-system-packages certifi" + "python3 -m pip install --break-system-packages certifi --safe-chain-logging=verbose" ); assert.ok( @@ -172,7 +172,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { const projectShell = await container.openShell(shell); const result = await projectShell.runCommand( - "pip install --break-system-packages certifi" + "pip install --break-system-packages certifi --safe-chain-logging=verbose" ); assert.ok( @@ -195,7 +195,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { const projectShell = await container.openShell(shell); const result = await projectShell.runCommand( - "pip3 install --break-system-packages certifi" + "pip3 install --break-system-packages certifi --safe-chain-logging=verbose" ); assert.ok( diff --git a/test/e2e/pip.e2e.spec.js b/test/e2e/pip.e2e.spec.js index 5d8a372..e02d1b3 100644 --- a/test/e2e/pip.e2e.spec.js +++ b/test/e2e/pip.e2e.spec.js @@ -16,7 +16,7 @@ describe("E2E: pip coverage", () => { const installationShell = await container.openShell("zsh"); await installationShell.runCommand("safe-chain setup --include-python"); - + // Clear pip cache before each test to ensure fresh downloads through proxy await installationShell.runCommand("pip3 cache purge"); }); @@ -32,7 +32,7 @@ describe("E2E: pip coverage", () => { it(`successfully installs known safe packages with pip3`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "pip3 install --break-system-packages requests" + "pip3 install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -43,7 +43,9 @@ describe("E2E: pip coverage", () => { it(`pip3 download`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("pip3 download requests"); + const result = await shell.runCommand( + "pip3 download requests --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), @@ -53,7 +55,9 @@ describe("E2E: pip coverage", () => { it(`pip3 .whl`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("pip3 wheel requests"); + const result = await shell.runCommand( + "pip3 wheel requests --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), @@ -64,7 +68,7 @@ describe("E2E: pip coverage", () => { it(`pip3 install --dry-run is respected by scanner`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "pip3 install --dry-run --break-system-packages requests" + "pip3 install --dry-run --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -76,7 +80,7 @@ describe("E2E: pip coverage", () => { it(`pip3 install with extras such as requests[socks]`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - 'pip3 install --break-system-packages "requests[socks]==2.32.3"' + 'pip3 install --break-system-packages "requests[socks]==2.32.3" --safe-chain-logging=verbose' ); assert.ok( @@ -88,7 +92,7 @@ describe("E2E: pip coverage", () => { it(`pip3 install with range version specifier`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - 'pip3 install --break-system-packages "Jinja2>=3.1,<3.2"' + 'pip3 install --break-system-packages "Jinja2>=3.1,<3.2" --safe-chain-logging=verbose' ); assert.ok( @@ -100,7 +104,7 @@ describe("E2E: pip coverage", () => { it(`python3 -m pip install routes through safe-chain`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python3 -m pip install --break-system-packages requests" + "python3 -m pip install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -111,7 +115,9 @@ describe("E2E: pip coverage", () => { it(`python3 -m pip download routes through safe-chain`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("python3 -m pip download requests"); + const result = await shell.runCommand( + "python3 -m pip download requests --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), @@ -148,7 +154,7 @@ describe("E2E: pip coverage", () => { it(`python -m pip routes to aikido-pip (uses pip command)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python -m pip install --break-system-packages requests" + "python -m pip install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -166,7 +172,7 @@ describe("E2E: pip coverage", () => { it(`python -m pip3 routes to aikido-pip3 (uses pip3 command)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python -m pip3 install --break-system-packages requests" + "python -m pip3 install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -184,7 +190,7 @@ describe("E2E: pip coverage", () => { it(`python3 -m pip routes to aikido-pip3 (uses pip3 command)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python3 -m pip install --break-system-packages requests" + "python3 -m pip install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -202,7 +208,7 @@ describe("E2E: pip coverage", () => { it(`python3 -m pip3 routes to aikido-pip3 (uses pip3 command)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python3 -m pip3 install --break-system-packages requests" + "python3 -m pip3 install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -222,7 +228,7 @@ describe("E2E: pip coverage", () => { // Install a simple package from GitHub - this should use TCP tunnel, not MITM // Using a popular, small package for testing const result = await shell.runCommand( - "pip3 install --break-system-packages git+https://github.com/psf/requests.git@v2.32.3" + "pip3 install --break-system-packages git+https://github.com/psf/requests.git@v2.32.3 --safe-chain-logging=verbose" ); assert.ok( @@ -248,7 +254,7 @@ describe("E2E: pip coverage", () => { it(`pip3 successfully validates certificates for HTTPS downloads`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "pip3 install --break-system-packages certifi" + "pip3 install --break-system-packages certifi --safe-chain-logging=verbose" ); assert.ok( @@ -276,7 +282,7 @@ describe("E2E: pip coverage", () => { // Test installing from a direct HTTPS URL (not a registry) // This validates that non-registry HTTPS traffic works with our env-provided CA bundle const result = await shell.runCommand( - "pip3 install --break-system-packages https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl" + "pip3 install --break-system-packages https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl --safe-chain-logging=verbose" ); assert.ok( @@ -299,7 +305,7 @@ describe("E2E: pip coverage", () => { // This tests tunneled HTTPS with our env-provided CA bundle (Safe Chain CA + Mozilla + Node roots) // If the CA bundle doesn't include public roots, this will fail with CERTIFICATE_VERIFY_FAILED const result = await shell.runCommand( - "pip3 install --break-system-packages --index-url https://test.pypi.org/simple certifi" + "pip3 install --break-system-packages --index-url https://test.pypi.org/simple certifi --safe-chain-logging=verbose" ); assert.ok( @@ -336,22 +342,20 @@ describe("E2E: pip coverage", () => { it(`pip3 config set should work and persist configuration`, async () => { const shell = await container.openShell("zsh"); - + // Set a config value const setResult = await shell.runCommand( "pip3 config set global.timeout 60" ); - + assert.ok( setResult.output.includes("Writing to"), `pip3 config set should write config. Output was:\n${setResult.output}` ); - + // Verify it was persisted by reading it back - const getResult = await shell.runCommand( - "pip3 config get global.timeout" - ); - + const getResult = await shell.runCommand("pip3 config get global.timeout"); + assert.ok( getResult.output.includes("60"), `Config value should be 60. Output was:\n${getResult.output}` @@ -360,13 +364,13 @@ describe("E2E: pip coverage", () => { it(`pip3 config list should show user configuration`, async () => { const shell = await container.openShell("zsh"); - + // Set a value first await shell.runCommand("pip3 config set global.timeout 90"); - + // List config const listResult = await shell.runCommand("pip3 config list"); - + assert.ok( listResult.output.includes("timeout") && listResult.output.includes("90"), `Config list should show timeout=90. Output was:\n${listResult.output}` @@ -375,16 +379,18 @@ describe("E2E: pip coverage", () => { it(`pip3 config unset should remove configuration`, async () => { const shell = await container.openShell("zsh"); - + // Set a value await shell.runCommand("pip3 config set global.timeout 120"); - + // Verify it exists const getResult = await shell.runCommand("pip3 config get global.timeout"); assert.ok(getResult.output.includes("120")); - + // Unset it - const unsetResult = await shell.runCommand("pip3 config unset global.timeout"); + const unsetResult = await shell.runCommand( + "pip3 config unset global.timeout" + ); assert.ok( unsetResult.output.includes("Writing to"), `pip3 config unset should write config. Output was:\n${unsetResult.output}` @@ -393,9 +399,9 @@ describe("E2E: pip coverage", () => { it(`pip3 cache dir should return cache directory path`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand("pip3 cache dir"); - + // Should output a directory path assert.ok( result.output.includes("/") && result.output.includes("cache"), @@ -405,12 +411,12 @@ describe("E2E: pip coverage", () => { it(`pip3 cache info should show cache information`, async () => { const shell = await container.openShell("zsh"); - + // Install something first to populate cache await shell.runCommand("pip3 install --break-system-packages certifi"); - + const result = await shell.runCommand("pip3 cache info"); - + // Output should contain cache-related information assert.ok( result.output.match(/cache|wheel|http/i), @@ -420,30 +426,31 @@ describe("E2E: pip coverage", () => { it(`pip3 cache list should list cached packages`, async () => { const shell = await container.openShell("zsh"); - + // Download a package to ensure something is in cache await shell.runCommand("pip3 download certifi"); - + const result = await shell.runCommand("pip3 cache list certifi"); - + // Should show either cached wheels or "No locally built wheels" assert.ok( - result.output.includes("certifi") || result.output.includes("No locally built"), + result.output.includes("certifi") || + result.output.includes("No locally built"), `Should output cache list information. Output was:\n${result.output}` ); }); it(`pip3 debug should output debug information`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand("pip3 debug"); - + // Should contain debug information about pip environment assert.ok( result.output.match(/pip version|sys\.version|sys\.executable/i), `Should output debug information. Output was:\n${result.output}` ); - + // Should NOT show safe-chain's temporary config file in the debug output assert.ok( !result.output.includes("safe-chain-pip-"), @@ -453,34 +460,36 @@ describe("E2E: pip coverage", () => { it(`pip3 completion should generate shell completion script`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand("pip3 completion --zsh"); - + // Should output shell completion code assert.ok( - result.output.includes("compdef") || result.output.includes("_pip") || result.output.includes("pip completion"), + result.output.includes("compdef") || + result.output.includes("_pip") || + result.output.includes("pip completion"), `Should output completion code. Output was:\n${result.output}` ); }); it(`pip3 install still works after config operations`, async () => { const shell = await container.openShell("zsh"); - + // Perform config operations await shell.runCommand("pip3 config set global.timeout 60"); await shell.runCommand("pip3 cache dir"); - + // Now install should still work with malware protection const result = await shell.runCommand( - "pip3 install --break-system-packages certifi" + "pip3 install --break-system-packages certifi --safe-chain-logging=verbose" ); - + assert.ok( result.output.includes("Successfully installed") || result.output.includes("Requirement already satisfied"), `Install should succeed after config operations. Output was:\n${result.output}` ); - + assert.ok( result.output.includes("no malware found."), `Should still scan for malware. Output was:\n${result.output}` @@ -489,14 +498,16 @@ describe("E2E: pip coverage", () => { it(`pip3 download works after configuring pip settings`, async () => { const shell = await container.openShell("zsh"); - + // Configure pip with timeout and extra index URL - const configTimeout = await shell.runCommand("pip3 config set global.timeout 60"); + const configTimeout = await shell.runCommand( + "pip3 config set global.timeout 60" + ); assert.ok( configTimeout.output.includes("Writing to"), `Config set should succeed. Output was:\n${configTimeout.output}` ); - + const configIndex = await shell.runCommand( "pip3 config set global.extra-index-url https://pypi.org/simple" ); @@ -504,7 +515,7 @@ describe("E2E: pip coverage", () => { configIndex.output.includes("Writing to"), `Config set should succeed. Output was:\n${configIndex.output}` ); - + // Verify config persisted const listConfig = await shell.runCommand("pip3 config list"); assert.ok( @@ -512,23 +523,25 @@ describe("E2E: pip coverage", () => { `Config should show timeout=60. Output was:\n${listConfig.output}` ); assert.ok( - listConfig.output.includes("extra-index-url") && listConfig.output.includes("pypi.org"), + listConfig.output.includes("extra-index-url") && + listConfig.output.includes("pypi.org"), `Config should show extra-index-url. Output was:\n${listConfig.output}` ); - + // Now download packages with the configured settings const downloadResult = await shell.runCommand( - "pip3 download -d /tmp/packages requests certifi" + "pip3 download -d /tmp/packages requests certifi --safe-chain-logging=verbose" ); - + assert.ok( downloadResult.output.includes("no malware found."), `Should scan for malware. Output was:\n${downloadResult.output}` ); - + // Verify downloads succeeded assert.ok( - downloadResult.output.includes("Saved") || downloadResult.output.includes("requests"), + downloadResult.output.includes("Saved") || + downloadResult.output.includes("requests"), `Download should succeed with configured settings. Output was:\n${downloadResult.output}` ); assert.ok( @@ -538,17 +551,17 @@ describe("E2E: pip coverage", () => { }); // Tests for python/python3 bypass (non-pip invocations should go directly without safe-chain) - + it(`python3 --version should bypass safe-chain and work normally`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand("python3 --version"); - + // Should output Python version assert.ok( result.output.match(/Python 3\.\d+\.\d+/), `Should output Python version. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain proxy assert.ok( !result.output.includes("Safe-chain"), @@ -559,13 +572,13 @@ describe("E2E: pip coverage", () => { it(`python --version should bypass safe-chain and work normally`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand("python --version"); - + // Should output Python version assert.ok( result.output.match(/Python \d+\.\d+\.\d+/), `Should output Python version. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -575,14 +588,16 @@ describe("E2E: pip coverage", () => { it(`python3 -c "print('hello')" should bypass safe-chain and execute code`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("python3 -c \"print('hello world')\""); - + const result = await shell.runCommand( + "python3 -c \"print('hello world')\"" + ); + // Should execute Python code assert.ok( result.output.includes("hello world"), `Should execute Python code. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -592,14 +607,16 @@ describe("E2E: pip coverage", () => { it(`python -c should bypass safe-chain and execute code`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("python -c \"import sys; print(sys.version)\""); - + const result = await shell.runCommand( + 'python -c "import sys; print(sys.version)"' + ); + // Should execute Python code and print version assert.ok( result.output.match(/\d+\.\d+\.\d+/), `Should execute Python code. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -609,18 +626,20 @@ describe("E2E: pip coverage", () => { it(`python3 script.py should bypass safe-chain and execute script`, async () => { const shell = await container.openShell("zsh"); - + // Create a simple Python script - await shell.runCommand("echo \"print('script executed')\" > /tmp/test_script.py"); - + await shell.runCommand( + "echo \"print('script executed')\" > /tmp/test_script.py" + ); + const result = await shell.runCommand("python3 /tmp/test_script.py"); - + // Should execute the script assert.ok( result.output.includes("script executed"), `Should execute Python script. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -630,18 +649,20 @@ describe("E2E: pip coverage", () => { it(`python script.py should bypass safe-chain and execute script`, async () => { const shell = await container.openShell("zsh"); - + // Create a simple Python script - await shell.runCommand("echo \"print('python2/3 compatible')\" > /tmp/test_script2.py"); - + await shell.runCommand( + "echo \"print('python2/3 compatible')\" > /tmp/test_script2.py" + ); + const result = await shell.runCommand("python /tmp/test_script2.py"); - + // Should execute the script assert.ok( result.output.includes("python2/3 compatible"), `Should execute Python script. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -651,16 +672,18 @@ describe("E2E: pip coverage", () => { it(`python3 -m json.tool should bypass safe-chain (module other than pip)`, async () => { const shell = await container.openShell("zsh"); - + // json.tool is a built-in Python module for formatting JSON - const result = await shell.runCommand("echo '{\"test\": 123}' | python3 -m json.tool"); - + const result = await shell.runCommand( + "echo '{\"test\": 123}' | python3 -m json.tool" + ); + // Should format JSON assert.ok( - result.output.includes('"test"') && result.output.includes('123'), + result.output.includes('"test"') && result.output.includes("123"), `Should format JSON. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -670,36 +693,40 @@ describe("E2E: pip coverage", () => { it(`python3 -m http.server should bypass safe-chain (module other than pip)`, async () => { const shell = await container.openShell("zsh"); - + // Start http.server in background and kill it immediately // We just want to verify it starts without safe-chain interference - const result = await shell.runCommand("timeout 1 python3 -m http.server 8999 || true"); - + const result = await shell.runCommand( + "timeout 1 python3 -m http.server 8999 || true" + ); + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), `python3 -m http.server should not go through safe-chain. Output was:\n${result.output}` ); - + // Should either start the server or timeout (both are success for bypass test) assert.ok( - result.output.includes("Serving HTTP") || result.output === "" || result.exitCode !== undefined, + result.output.includes("Serving HTTP") || + result.output === "" || + result.exitCode !== undefined, `Should attempt to start server. Output was:\n${result.output}` ); }); it(`python3 interactive mode should bypass safe-chain`, async () => { const shell = await container.openShell("zsh"); - + // Run python3 with a command piped to stdin to simulate interactive mode const result = await shell.runCommand("echo 'print(2+2)' | python3"); - + // Should execute the command assert.ok( result.output.includes("4"), `Should execute Python interactively. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -709,10 +736,10 @@ describe("E2E: pip coverage", () => { it(`python3 with no arguments should bypass safe-chain`, async () => { const shell = await container.openShell("zsh"); - + // Python with no args goes to interactive REPL, pipe exit command const result = await shell.runCommand("echo 'exit()' | python3"); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -722,17 +749,19 @@ describe("E2E: pip coverage", () => { it(`python3 -m venv should bypass safe-chain (venv module)`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand("python3 -m venv /tmp/test_venv"); - + // Should create venv without safe-chain assert.ok( !result.output.includes("Safe-chain"), `python3 -m venv should not go through safe-chain. Output was:\n${result.output}` ); - + // Verify venv was created - const checkVenv = await shell.runCommand("test -f /tmp/test_venv/bin/python3 && echo 'exists'"); + const checkVenv = await shell.runCommand( + "test -f /tmp/test_venv/bin/python3 && echo 'exists'" + ); assert.ok( checkVenv.output.includes("exists"), `venv should be created. Output was:\n${checkVenv.output}` @@ -741,10 +770,12 @@ describe("E2E: pip coverage", () => { it(`python3 -m pytest should bypass safe-chain (pytest module)`, async () => { const shell = await container.openShell("zsh"); - + // pytest may not be installed, but the bypass should work regardless - const result = await shell.runCommand("python3 -m pytest --version 2>&1 || true"); - + const result = await shell.runCommand( + "python3 -m pytest --version 2>&1 || true" + ); + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -754,15 +785,15 @@ describe("E2E: pip coverage", () => { it(`python3 -m site should bypass safe-chain (site module)`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand("python3 -m site"); - + // Should output site information assert.ok( result.output.includes("sys.path") || result.output.includes("USER_BASE"), `Should output site information. Output was:\n${result.output}` ); - + // Should NOT go through safe-chain assert.ok( !result.output.includes("Safe-chain"), @@ -771,16 +802,17 @@ describe("E2E: pip coverage", () => { }); // Verify that -m pip* still goes through safe-chain (sanity check) - + it(`python3 -m pip DOES go through safe-chain (sanity check)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python3 -m pip install --break-system-packages certifi" + "python3 -m pip install --break-system-packages certifi --safe-chain-logging=verbose" ); - + // SHOULD go through safe-chain assert.ok( - result.output.includes("Safe-chain") || result.output.includes("no malware found"), + result.output.includes("Safe-chain") || + result.output.includes("no malware found"), `python3 -m pip SHOULD go through safe-chain. Output was:\n${result.output}` ); }); @@ -788,12 +820,13 @@ describe("E2E: pip coverage", () => { it(`python3 -m pip3 DOES go through safe-chain (sanity check)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python3 -m pip3 install --break-system-packages certifi" + "python3 -m pip3 install --break-system-packages certifi --safe-chain-logging=verbose" ); - + // SHOULD go through safe-chain assert.ok( - result.output.includes("Safe-chain") || result.output.includes("no malware found"), + result.output.includes("Safe-chain") || + result.output.includes("no malware found"), `python3 -m pip3 SHOULD go through safe-chain. Output was:\n${result.output}` ); }); @@ -801,12 +834,13 @@ describe("E2E: pip coverage", () => { it(`python -m pip DOES go through safe-chain (sanity check)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "python -m pip install --break-system-packages certifi" + "python -m pip install --break-system-packages certifi --safe-chain-logging=verbose" ); - + // SHOULD go through safe-chain assert.ok( - result.output.includes("Safe-chain") || result.output.includes("no malware found"), + result.output.includes("Safe-chain") || + result.output.includes("no malware found"), `python -m pip SHOULD go through safe-chain. Output was:\n${result.output}` ); }); diff --git a/test/e2e/pnpm-ci.e2e.spec.js b/test/e2e/pnpm-ci.e2e.spec.js index 6b92399..29b9d0f 100644 --- a/test/e2e/pnpm-ci.e2e.spec.js +++ b/test/e2e/pnpm-ci.e2e.spec.js @@ -33,7 +33,9 @@ describe("E2E: pnpm coverage", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("pnpm add axios"); + const result = await shell.runCommand( + "pnpm add axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), diff --git a/test/e2e/pnpm.e2e.spec.js b/test/e2e/pnpm.e2e.spec.js index 944530c..a15250a 100644 --- a/test/e2e/pnpm.e2e.spec.js +++ b/test/e2e/pnpm.e2e.spec.js @@ -28,7 +28,9 @@ describe("E2E: pnpm coverage", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("pnpm add axios"); + const result = await shell.runCommand( + "pnpm add axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), diff --git a/test/e2e/poetry.e2e.spec.js b/test/e2e/poetry.e2e.spec.js index 9836e18..3d19783 100644 --- a/test/e2e/poetry.e2e.spec.js +++ b/test/e2e/poetry.e2e.spec.js @@ -16,6 +16,9 @@ describe("E2E: poetry coverage", () => { const installationShell = await container.openShell("zsh"); await installationShell.runCommand("safe-chain setup --include-python"); + + // Clear poetry cache + await installationShell.runCommand("command poetry cache clear pypi --all -n"); }); afterEach(async () => { @@ -29,9 +32,6 @@ describe("E2E: poetry coverage", () => { it(`successfully installs known safe packages with poetry add`, async () => { const shell = await container.openShell("zsh"); - // Clear poetry cache using command to bypass safe-chain wrapper - await shell.runCommand("command poetry cache clear pypi --all -n"); - // Initialize a new poetry project await shell.runCommand("mkdir /tmp/test-poetry-project && cd /tmp/test-poetry-project"); await shell.runCommand("cd /tmp/test-poetry-project && poetry init --no-interaction"); diff --git a/test/e2e/safe-chain-cli-python.e2e.spec.js b/test/e2e/safe-chain-cli-python.e2e.spec.js index 5c84945..15dbf94 100644 --- a/test/e2e/safe-chain-cli-python.e2e.spec.js +++ b/test/e2e/safe-chain-cli-python.e2e.spec.js @@ -14,6 +14,10 @@ describe("E2E: safe-chain CLI python/pip support", () => { await container.start(); // Note: We do NOT run 'safe-chain setup' here. // We want to test the 'safe-chain' CLI command directly. + + // Clear pip cache + const shell = await container.openShell("zsh"); + await shell.runCommand("pip3 cache purge"); }); afterEach(async () => { @@ -27,7 +31,7 @@ describe("E2E: safe-chain CLI python/pip support", () => { const shell = await container.openShell("zsh"); // Invoke safe-chain directly with pip3 command const result = await shell.runCommand( - "safe-chain pip3 install --break-system-packages requests" + "safe-chain pip3 install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -44,7 +48,7 @@ describe("E2E: safe-chain CLI python/pip support", () => { it("safe-chain python3 -m pip install routes through proxy", async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "safe-chain python3 -m pip install --break-system-packages requests" + "safe-chain python3 -m pip install --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -55,7 +59,7 @@ describe("E2E: safe-chain CLI python/pip support", () => { it("safe-chain python3 script.py bypasses proxy", async () => { const shell = await container.openShell("zsh"); - + // Create a simple script await shell.runCommand("echo \"print('direct execution')\" > /tmp/test.py"); diff --git a/test/e2e/setup-ci.e2e.spec.js b/test/e2e/setup-ci.e2e.spec.js index f22f884..70aac68 100644 --- a/test/e2e/setup-ci.e2e.spec.js +++ b/test/e2e/setup-ci.e2e.spec.js @@ -39,7 +39,9 @@ describe("E2E: safe-chain setup-ci command", () => { ); const projectShell = await container.openShell(shell); - const result = await projectShell.runCommand("npm i axios"); + const result = await projectShell.runCommand( + "npm i axios --safe-chain-logging=verbose" + ); const hasExpectedOutput = result.output.includes("Safe-chain: Scanned"); assert.ok( diff --git a/test/e2e/setup.teardown.e2e.spec.js b/test/e2e/setup.teardown.e2e.spec.js index b5c58bb..c6ae337 100644 --- a/test/e2e/setup.teardown.e2e.spec.js +++ b/test/e2e/setup.teardown.e2e.spec.js @@ -29,7 +29,9 @@ describe("E2E: safe-chain setup command", () => { const projectShell = await container.openShell(shell); await projectShell.runCommand("cd /testapp"); - const result = await projectShell.runCommand("npm i axios"); + const result = await projectShell.runCommand( + "npm i axios --safe-chain-logging=verbose" + ); const hasExpectedOutput = result.output.includes("Safe-chain: Scanned"); assert.ok( diff --git a/test/e2e/uv.e2e.spec.js b/test/e2e/uv.e2e.spec.js index eae7c12..7e9daac 100644 --- a/test/e2e/uv.e2e.spec.js +++ b/test/e2e/uv.e2e.spec.js @@ -16,6 +16,9 @@ describe("E2E: uv coverage", () => { const installationShell = await container.openShell("zsh"); await installationShell.runCommand("safe-chain setup --include-python"); + + // Clear uv cache + await installationShell.runCommand("uv cache clean"); }); afterEach(async () => { @@ -29,7 +32,7 @@ describe("E2E: uv coverage", () => { it(`successfully installs known safe packages with uv pip install`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages requests" + "uv pip install --system --break-system-packages requests --safe-chain-logging=verbose" ); assert.ok( @@ -41,7 +44,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install with specific version`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages requests==2.32.3" + "uv pip install --system --break-system-packages requests==2.32.3 --safe-chain-logging=verbose" ); assert.ok( @@ -53,7 +56,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install with version specifiers (>=)`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - 'uv pip install --system --break-system-packages "Jinja2>=3.1"' + 'uv pip install --system --break-system-packages "Jinja2>=3.1" --safe-chain-logging=verbose' ); assert.ok( @@ -65,7 +68,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install with extras such as requests[socks]`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - 'uv pip install --system --break-system-packages "requests[socks]==2.32.3"' + 'uv pip install --system --break-system-packages "requests[socks]==2.32.3" --safe-chain-logging=verbose' ); assert.ok( @@ -77,7 +80,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install multiple packages`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages requests certifi urllib3" + "uv pip install --system --break-system-packages requests certifi urllib3 --safe-chain-logging=verbose" ); assert.ok( @@ -88,13 +91,13 @@ describe("E2E: uv coverage", () => { it(`uv pip install from requirements file`, async () => { const shell = await container.openShell("zsh"); - + // Create a requirements.txt file await shell.runCommand("echo 'requests==2.32.3' > requirements.txt"); await shell.runCommand("echo 'certifi>=2024.0.0' >> requirements.txt"); - + const result = await shell.runCommand( - "uv pip install --system --break-system-packages -r requirements.txt" + "uv pip install --system --break-system-packages -r requirements.txt --safe-chain-logging=verbose" ); assert.ok( @@ -105,12 +108,12 @@ describe("E2E: uv coverage", () => { it(`uv pip sync with requirements file`, async () => { const shell = await container.openShell("zsh"); - + // Create a requirements.txt file await shell.runCommand("echo 'requests==2.32.3' > requirements-sync.txt"); - + const result = await shell.runCommand( - "uv pip sync --system --break-system-packages requirements-sync.txt" + "uv pip sync --system --break-system-packages requirements-sync.txt --safe-chain-logging=verbose" ); assert.ok( @@ -121,7 +124,7 @@ describe("E2E: uv coverage", () => { it(`safe-chain blocks installation of malicious Python packages via uv`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand( "uv pip install --system --break-system-packages safe-chain-pi-test" ); @@ -149,7 +152,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install from GitHub URL using the CA bundle`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages git+https://github.com/psf/requests.git@v2.32.3" + "uv pip install --system --break-system-packages git+https://github.com/psf/requests.git@v2.32.3 --safe-chain-logging=verbose" ); assert.ok( @@ -167,9 +170,9 @@ describe("E2E: uv coverage", () => { it(`uv pip successfully validates certificates for HTTPS downloads`, async () => { const shell = await container.openShell("zsh"); - + const result = await shell.runCommand( - "uv pip install --system --break-system-packages certifi" + "uv pip install --system --break-system-packages certifi --safe-chain-logging=verbose" ); assert.ok( @@ -196,7 +199,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install from direct HTTPS wheel URL`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl" + "uv pip install --system --break-system-packages https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl --safe-chain-logging=verbose" ); assert.ok( @@ -213,13 +216,15 @@ describe("E2E: uv coverage", () => { it(`uv pip install with --upgrade flag`, async () => { const shell = await container.openShell("zsh"); - + // First install a package - await shell.runCommand("uv pip install --system --break-system-packages requests==2.31.0"); - + await shell.runCommand( + "uv pip install --system --break-system-packages requests==2.31.0" + ); + // Then upgrade it const result = await shell.runCommand( - "uv pip install --system --break-system-packages --upgrade requests" + "uv pip install --system --break-system-packages --upgrade requests --safe-chain-logging=verbose" ); assert.ok( @@ -231,7 +236,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install with --no-deps flag`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages --no-deps requests" + "uv pip install --system --break-system-packages --no-deps requests --safe-chain-logging=verbose" ); assert.ok( @@ -242,14 +247,18 @@ describe("E2E: uv coverage", () => { it(`uv pip install with --editable flag from local directory`, async () => { const shell = await container.openShell("zsh"); - + // Create a simple package structure await shell.runCommand("mkdir -p /tmp/test-pkg"); - await shell.runCommand("echo 'from setuptools import setup' > /tmp/test-pkg/setup.py"); - await shell.runCommand("echo \"setup(name='test-pkg', version='0.1.0')\" >> /tmp/test-pkg/setup.py"); - + await shell.runCommand( + "echo 'from setuptools import setup' > /tmp/test-pkg/setup.py" + ); + await shell.runCommand( + "echo \"setup(name='test-pkg', version='0.1.0')\" >> /tmp/test-pkg/setup.py" + ); + const result = await shell.runCommand( - "uv pip install --system --break-system-packages -e /tmp/test-pkg" + "uv pip install --system --break-system-packages -e /tmp/test-pkg --safe-chain-logging=verbose" ); assert.ok( @@ -260,13 +269,11 @@ describe("E2E: uv coverage", () => { it(`uv pip compile creates locked requirements`, async () => { const shell = await container.openShell("zsh"); - + // Create an input requirements file await shell.runCommand("echo 'requests' > requirements.in"); - - const result = await shell.runCommand( - "uv pip compile requirements.in" - ); + + const result = await shell.runCommand("uv pip compile requirements.in"); // uv pip compile doesn't install packages, just resolves dependencies // It should complete successfully and output resolved requirements @@ -279,7 +286,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install with --index-url for alternate registry`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv pip install --system --break-system-packages --index-url https://test.pypi.org/simple certifi" + "uv pip install --system --break-system-packages --index-url https://test.pypi.org/simple certifi --safe-chain-logging=verbose" ); assert.ok( @@ -300,7 +307,7 @@ describe("E2E: uv coverage", () => { const result = await shell.runCommand( "uv pip install --system --break-system-packages requests --safe-chain-logging=verbose" ); - + assert.ok( result.output.includes("no malware found."), `Output did not include expected text. Output was:\n${result.output}` @@ -310,7 +317,7 @@ describe("E2E: uv coverage", () => { it(`uv pip install with version range constraint`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - 'uv pip install --system --break-system-packages "requests>=2.31.0,<2.33.0"' + 'uv pip install --system --break-system-packages "requests>=2.31.0,<2.33.0" --safe-chain-logging=verbose' ); assert.ok( @@ -321,10 +328,12 @@ describe("E2E: uv coverage", () => { it(`uv pip list shows installed packages`, async () => { const shell = await container.openShell("zsh"); - + // Install a package first - await shell.runCommand("uv pip install --system --break-system-packages requests"); - + await shell.runCommand( + "uv pip install --system --break-system-packages requests" + ); + // Then list packages - this shouldn't trigger safe-chain scanning const result = await shell.runCommand("uv pip list --system"); @@ -337,10 +346,10 @@ describe("E2E: uv coverage", () => { it(`uv add installs package and updates project`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project and add package in same command const result = await shell.runCommand( - "uv init test-project && cd test-project && uv add requests" + "uv init test-project && cd test-project && uv add requests --safe-chain-logging=verbose" ); assert.ok( @@ -351,12 +360,12 @@ describe("E2E: uv coverage", () => { it(`uv add with specific version`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project await shell.runCommand("uv init test-project-version"); - + const result = await shell.runCommand( - "cd test-project-version && uv add requests==2.32.3" + "cd test-project-version && uv add requests==2.32.3 --safe-chain-logging=verbose" ); assert.ok( @@ -367,12 +376,12 @@ describe("E2E: uv coverage", () => { it(`uv add --dev for development dependencies`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project await shell.runCommand("uv init test-project-dev"); - + const result = await shell.runCommand( - "cd test-project-dev && uv add --dev pytest" + "cd test-project-dev && uv add --dev pytest --safe-chain-logging=verbose" ); assert.ok( @@ -383,12 +392,12 @@ describe("E2E: uv coverage", () => { it(`uv add multiple packages at once`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project await shell.runCommand("uv init test-project-multi"); - + const result = await shell.runCommand( - "cd test-project-multi && uv add requests certifi urllib3" + "cd test-project-multi && uv add requests certifi urllib3 --safe-chain-logging=verbose" ); assert.ok( @@ -399,10 +408,10 @@ describe("E2E: uv coverage", () => { it(`safe-chain blocks malicious packages via uv add`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project await shell.runCommand("uv init test-project-malware"); - + const result = await shell.runCommand( "cd test-project-malware && uv add safe-chain-pi-test" ); @@ -424,20 +433,19 @@ describe("E2E: uv coverage", () => { it(`uv tool install installs a global tool`, async () => { const shell = await container.openShell("zsh"); const result = await shell.runCommand( - "uv tool install ruff" + "uv tool install ruff --safe-chain-logging=verbose" ); assert.ok( - result.output.includes("no malware found.") || result.output.includes("Installed"), + result.output.includes("no malware found.") || + result.output.includes("Installed"), `Output did not include expected text. Output was:\n${result.output}` ); }); it(`safe-chain blocks malicious packages via uv tool install`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand( - "uv tool install safe-chain-pi-test" - ); + const result = await shell.runCommand("uv tool install safe-chain-pi-test"); assert.ok( result.output.includes("blocked 1 malicious package downloads:"), @@ -451,12 +459,14 @@ describe("E2E: uv coverage", () => { it(`uv run --with installs ephemeral dependency`, async () => { const shell = await container.openShell("zsh"); - + // Create a simple Python script - await shell.runCommand("echo 'import requests; print(requests.__version__)' > test_script.py"); - + await shell.runCommand( + "echo 'import requests; print(requests.__version__)' > test_script.py" + ); + const result = await shell.runCommand( - "uv run --with requests test_script.py" + "uv run --with requests test_script.py --safe-chain-logging=verbose" ); assert.ok( @@ -467,10 +477,10 @@ describe("E2E: uv coverage", () => { it(`safe-chain blocks malicious packages via uv run --with`, async () => { const shell = await container.openShell("zsh"); - + // Create a simple Python script await shell.runCommand("echo 'print(\"test\")' > test_script2.py"); - + const result = await shell.runCommand( "uv run --with safe-chain-pi-test test_script2.py" ); @@ -483,10 +493,10 @@ describe("E2E: uv coverage", () => { it(`uv sync syncs project dependencies`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project, add a dependency, remove venv, and sync in one command chain const result = await shell.runCommand( - "uv init test-sync-project && cd test-sync-project && uv add requests && rm -rf .venv && uv sync" + "uv init test-sync-project && cd test-sync-project && uv add requests --safe-chain-logging=verbose && rm -rf .venv && uv sync --safe-chain-logging=verbose" ); assert.ok( @@ -497,12 +507,12 @@ describe("E2E: uv coverage", () => { it(`uv add from git URL`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project await shell.runCommand("uv init test-git-add"); - + const result = await shell.runCommand( - "cd test-git-add && uv add git+https://github.com/psf/requests.git@v2.32.3" + "cd test-git-add && uv add git+https://github.com/psf/requests.git@v2.32.3 --safe-chain-logging=verbose" ); assert.ok( @@ -513,12 +523,12 @@ describe("E2E: uv coverage", () => { it(`uv add with --optional group`, async () => { const shell = await container.openShell("zsh"); - + // Initialize a new uv project await shell.runCommand("uv init test-optional"); - + const result = await shell.runCommand( - "cd test-optional && uv add --optional dev pytest" + "cd test-optional && uv add --optional dev pytest --safe-chain-logging=verbose" ); assert.ok( @@ -529,13 +539,15 @@ describe("E2E: uv coverage", () => { it(`uv run --with-requirements installs from requirements file`, async () => { const shell = await container.openShell("zsh"); - + // Create requirements file and script await shell.runCommand("echo 'requests' > run_requirements.txt"); - await shell.runCommand("echo 'import requests; print(requests.__version__)' > run_script.py"); - + await shell.runCommand( + "echo 'import requests; print(requests.__version__)' > run_script.py" + ); + const result = await shell.runCommand( - "uv run --with-requirements run_requirements.txt run_script.py" + "uv run --with-requirements run_requirements.txt run_script.py --safe-chain-logging=verbose" ); assert.ok( @@ -546,10 +558,10 @@ describe("E2E: uv coverage", () => { it(`uv sync --all-extras syncs all optional dependencies`, async () => { const shell = await container.openShell("zsh"); - + // Initialize project with optional dependency and sync in one command chain const result = await shell.runCommand( - "uv init test-extras && cd test-extras && uv add --optional dev pytest && uv sync --all-extras" + "uv init test-extras && cd test-extras && uv add --optional dev pytest --safe-chain-logging=verbose && uv sync --all-extras" ); assert.ok( @@ -558,4 +570,3 @@ describe("E2E: uv coverage", () => { ); }); }); - diff --git a/test/e2e/yarn-ci.e2e.spec.js b/test/e2e/yarn-ci.e2e.spec.js index 8aac426..88b768d 100644 --- a/test/e2e/yarn-ci.e2e.spec.js +++ b/test/e2e/yarn-ci.e2e.spec.js @@ -33,7 +33,9 @@ describe("E2E: yarn coverage", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("yarn add axios"); + const result = await shell.runCommand( + "yarn add axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."), diff --git a/test/e2e/yarn.e2e.spec.js b/test/e2e/yarn.e2e.spec.js index 32a8114..726fff2 100644 --- a/test/e2e/yarn.e2e.spec.js +++ b/test/e2e/yarn.e2e.spec.js @@ -28,7 +28,9 @@ describe("E2E: yarn coverage", () => { it(`safe-chain succesfully installs safe packages`, async () => { const shell = await container.openShell("zsh"); - const result = await shell.runCommand("yarn add axios"); + const result = await shell.runCommand( + "yarn add axios --safe-chain-logging=verbose" + ); assert.ok( result.output.includes("no malware found."),