milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Keep track of amount of malware packages blocked

Browse source
This commit is contained in:
Sander Declerck 2025-11-07 11:39:41 +01:00
parent f4694ba119
commit 1f570a9f39
No known key found for this signature in database
5 changed files with 65 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -6,6 +6,7 @@ import { getCaCertPath } from "./certUtils.js";
import { ui } from "../environment/userInteraction.js";
import chalk from "chalk";
import { createInterceptorForUrl } from "./interceptors/createInterceptorForEcoSystem.js";
import { on } from "events";
const SERVER_STOP_TIMEOUT_MS = 1000;
/**
@ -133,6 +134,11 @@ function handleConnect(req, clientSocket, head) {
const interceptor = createInterceptorForUrl(req.url || "");
if (interceptor) {
// Subscribe to malware blocked events
interceptor.on("malwareBlocked", (event) => {
onMalwareBlocked(event.packageName, event.version, event.url);
});
mitmConnect(req, clientSocket, interceptor);
} else {
// For other hosts, just tunnel the request to the destination tcp socket
@ -141,6 +147,16 @@ function handleConnect(req, clientSocket, head) {
}
}
/**
*
* @param {string} packageName
* @param {string} version
* @param {string} url
*/
function onMalwareBlocked(packageName, version, url) {
state.blockedRequests.push({ packageName, version, url });
}
function verifyNoMaliciousPackages() {
if (state.blockedRequests.length === 0) {
// No malicious packages were blocked, so nothing to block