milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Don't continue if safe-chain wasn't found

Browse source 
Unless --safe-chain-malware-action=prompt is used
This commit is contained in:
Hans Ott 2025-10-13 16:56:01 +02:00
parent 5eedbfb57f
commit 12fd751baa
2 changed files with 50 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

45
packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
View file

@ -2,9 +2,26 @@
function printSafeChainWarning() {
# \033[43;30m is used to set the background color to yellow and text color to black
# \033[0m is used to reset the text formatting
printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1" >&2
# \033[36m is used to set the text color to cyan
printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n" >&2
}
function getMalwareAction() {
# Parse --safe-chain-malware-action flag from arguments
local action=""
for arg in "$@"; do
if [[ "$arg" =~ ^--safe-chain-malware-action=(.+)$ ]]; then
action="${BASH_REMATCH[1]}"
fi
done
# Default to block if not specified
if [[ -z "$action" ]]; then
echo "block"
else
echo "$action"
fi
}
function wrapSafeChainCommand() {
@ -19,10 +36,30 @@ function wrapSafeChainCommand() {
# If the aikido command is available, just run it with the provided arguments
"$aikido_cmd" "$@"
else
# If the aikido command is not available, print a warning and run the original command
# If the aikido command is not available, handle based on --safe-chain-malware-action flag
printSafeChainWarning "$original_cmd"
command "$original_cmd" "$@"
local action=$(getMalwareAction "$@")
case "$action" in
prompt)
# Ask user if they want to continue
printf "Do you want to continue without safe-chain protection? [y/N] " >&2
read -r response
if [[ "$response" =~ ^[Yy]$ ]]; then
command "$original_cmd" "$@"
else
printf "Aborted.\n" >&2
return 1
fi
;;
block|*)
# Block by default (safest option)
printf "Refusing to execute %s without safe-chain protection.\n" "$original_cmd" >&2
printf "To continue anyway, add: \033[36m--safe-chain-malware-action=prompt\033[0m\n" >&2
return 1
;;
esac
fi
}