From e211f531c526b4c15f5581001637c73913969c61 Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Thu, 4 Dec 2025 12:37:59 -0800 Subject: [PATCH] Refactor PyPI logic and cleanup --- packages/safe-chain/bin/aikido-pip.js | 7 +- packages/safe-chain/bin/aikido-pip3.js | 8 +- packages/safe-chain/bin/aikido-python.js | 21 +- packages/safe-chain/bin/aikido-python3.js | 21 +- packages/safe-chain/bin/safe-chain.js | 64 +--- .../packagemanager/currentPackageManager.js | 5 +- .../pip/createPackageManager.js | 14 +- .../src/packagemanager/pip/pipSettings.js | 32 +- .../src/packagemanager/pip/runPipCommand.js | 38 ++- test/e2e/pip.e2e.spec.js | 274 ++++++++++++++++++ test/e2e/safe-chain-cli-python.e2e.spec.js | 104 +++++++ 11 files changed, 450 insertions(+), 138 deletions(-) create mode 100644 test/e2e/safe-chain-cli-python.e2e.spec.js diff --git a/packages/safe-chain/bin/aikido-pip.js b/packages/safe-chain/bin/aikido-pip.js index 006e661..6eb3e4e 100755 --- a/packages/safe-chain/bin/aikido-pip.js +++ b/packages/safe-chain/bin/aikido-pip.js @@ -3,15 +3,12 @@ import { main } from "../src/main.js"; import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js"; import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js"; -import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js"; +import { PIP_PACKAGE_MANAGER, PIP_COMMAND } from "../src/packagemanager/pip/pipSettings.js"; // Set eco system setEcoSystem(ECOSYSTEM_PY); -// Set current invocation -setCurrentPipInvocation(PIP_INVOCATIONS.PIP); - -initializePackageManager(PIP_PACKAGE_MANAGER); +initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP_COMMAND, args: process.argv.slice(2) }); (async () => { // Pass through only user-supplied pip args diff --git a/packages/safe-chain/bin/aikido-pip3.js b/packages/safe-chain/bin/aikido-pip3.js index e831afe..510b688 100755 --- a/packages/safe-chain/bin/aikido-pip3.js +++ b/packages/safe-chain/bin/aikido-pip3.js @@ -3,16 +3,12 @@ import { main } from "../src/main.js"; import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js"; import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js"; -import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js"; +import { PIP_PACKAGE_MANAGER, PIP3_COMMAND } from "../src/packagemanager/pip/pipSettings.js"; // Set eco system setEcoSystem(ECOSYSTEM_PY); -// Set current invocation -setCurrentPipInvocation(PIP_INVOCATIONS.PIP3); - -// Create package manager -initializePackageManager(PIP_PACKAGE_MANAGER); +initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP3_COMMAND, args: process.argv.slice(2) }); (async () => { // Pass through only user-supplied pip args diff --git a/packages/safe-chain/bin/aikido-python.js b/packages/safe-chain/bin/aikido-python.js index 29c38e6..b769b4a 100755 --- a/packages/safe-chain/bin/aikido-python.js +++ b/packages/safe-chain/bin/aikido-python.js @@ -1,7 +1,7 @@ #!/usr/bin/env node import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js"; -import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js"; +import { PIP_PACKAGE_MANAGER, PYTHON_COMMAND } from "../src/packagemanager/pip/pipSettings.js"; import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js"; import { main } from "../src/main.js"; @@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY); // Strip nodejs and wrapper script from args let argv = process.argv.slice(2); +initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON_COMMAND, args: argv }); + (async () => { - if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) { - setEcoSystem(ECOSYSTEM_PY); - setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP); - initializePackageManager(PIP_PACKAGE_MANAGER); - - // Strip off the '-m pip' or '-m pip3' from the args - argv = argv.slice(2); - - var exitCode = await main(argv); - process.exit(exitCode); - } else { - // Forward to real python binary for non-pip flows - const { spawn } = await import('child_process'); - spawn('python', argv, { stdio: 'inherit' }); - } + var exitCode = await main(argv); + process.exit(exitCode); })(); diff --git a/packages/safe-chain/bin/aikido-python3.js b/packages/safe-chain/bin/aikido-python3.js index 997a88d..c572a7b 100755 --- a/packages/safe-chain/bin/aikido-python3.js +++ b/packages/safe-chain/bin/aikido-python3.js @@ -1,7 +1,7 @@ #!/usr/bin/env node import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js"; -import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js"; +import { PIP_PACKAGE_MANAGER, PYTHON3_COMMAND } from "../src/packagemanager/pip/pipSettings.js"; import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js"; import { main } from "../src/main.js"; @@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY); // Strip nodejs and wrapper script from args let argv = process.argv.slice(2); +initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON3_COMMAND, args: argv }); + (async () => { - if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) { - setEcoSystem(ECOSYSTEM_PY); - setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP); - initializePackageManager(PIP_PACKAGE_MANAGER); - - // Strip off the '-m pip' or '-m pip3' from the args - argv = argv.slice(2); - - var exitCode = await main(argv); - process.exit(exitCode); - } else { - // Forward to real python3 binary for non-pip flows - const { spawn } = await import('child_process'); - spawn('python3', argv, { stdio: 'inherit' }); - } + var exitCode = await main(argv); + process.exit(exitCode); })(); diff --git a/packages/safe-chain/bin/safe-chain.js b/packages/safe-chain/bin/safe-chain.js index 7a1d6ab..2793987 100755 --- a/packages/safe-chain/bin/safe-chain.js +++ b/packages/safe-chain/bin/safe-chain.js @@ -13,11 +13,6 @@ import path from "path"; import { fileURLToPath } from "url"; import fs from "fs"; import { knownAikidoTools } from "../src/shell-integration/helpers.js"; -import { - PIP_INVOCATIONS, - PIP_PACKAGE_MANAGER, - setCurrentPipInvocation, -} from "../src/packagemanager/pip/pipSettings.js"; /** @type {string} */ // This checks the current file's dirname in a way that's compatible with: @@ -46,15 +41,14 @@ const command = process.argv[2]; const tool = knownAikidoTools.find((tool) => tool.tool === command); -if (tool && tool.internalPackageManagerName === PIP_PACKAGE_MANAGER) { - (async function () { - await executePip(tool); - })(); -} else if (tool) { +if (tool) { const args = process.argv.slice(3); setEcoSystem(tool.ecoSystem); - initializePackageManager(tool.internalPackageManagerName); + + // Provide tool context to PM (pip uses this; others ignore) + const toolContext = { tool: tool.tool, args }; + initializePackageManager(tool.internalPackageManagerName, toolContext); (async () => { var exitCode = await main(args); @@ -140,51 +134,3 @@ async function getVersion() { return "0.0.0"; } - -/** - * @param {import("../src/shell-integration/helpers.js").AikidoTool} tool - */ -async function executePip(tool) { - // Scanners for pip / pip3 / python / python3 use a slightly different approach: - // - They all use the same PIP_PACKAGE_MANAGER internally, but need some setup to be able to do so - // - It needs to set which tool to run (pip / pip3 / python / python3) - // - For python and python3, the -m pip/pip3 args are removed and later added again by the package manager - // - Python / python3 skips safe-chain if not being run with -m pip or -m pip3 - - let args = process.argv.slice(3); - setEcoSystem(tool.ecoSystem); - initializePackageManager(PIP_PACKAGE_MANAGER); - - let shouldSkip = false; - if (tool.tool === "pip") { - setCurrentPipInvocation(PIP_INVOCATIONS.PIP); - } else if (tool.tool === "pip3") { - setCurrentPipInvocation(PIP_INVOCATIONS.PIP3); - } else if (tool.tool === "python") { - if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) { - setCurrentPipInvocation( - args[1] === "pip3" ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP - ); - args = args.slice(2); - } else { - shouldSkip = true; - } - } else if (tool.tool === "python3") { - if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) { - setCurrentPipInvocation( - args[1] === "pip3" ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP - ); - args = args.slice(2); - } else { - shouldSkip = true; - } - } - - if (shouldSkip) { - const { spawn } = await import("child_process"); - spawn(tool.tool, args, { stdio: "inherit" }); - } else { - var exitCode = await main(args); - process.exit(exitCode); - } -} diff --git a/packages/safe-chain/src/packagemanager/currentPackageManager.js b/packages/safe-chain/src/packagemanager/currentPackageManager.js index c6f4484..a6fad4a 100644 --- a/packages/safe-chain/src/packagemanager/currentPackageManager.js +++ b/packages/safe-chain/src/packagemanager/currentPackageManager.js @@ -35,10 +35,11 @@ const state = { /** * @param {string} packageManagerName + * @param {{ tool: string, args: string[] }} [context] - Optional tool context for package managers like pip * * @return {PackageManager} */ -export function initializePackageManager(packageManagerName) { +export function initializePackageManager(packageManagerName, context) { if (packageManagerName === "npm") { state.packageManagerName = createNpmPackageManager(); } else if (packageManagerName === "npx") { @@ -54,7 +55,7 @@ export function initializePackageManager(packageManagerName) { } else if (packageManagerName === "bunx") { state.packageManagerName = createBunxPackageManager(); } else if (packageManagerName === "pip") { - state.packageManagerName = createPipPackageManager(); + state.packageManagerName = createPipPackageManager(context); } else if (packageManagerName === "uv") { state.packageManagerName = createUvPackageManager(); } else { diff --git a/packages/safe-chain/src/packagemanager/pip/createPackageManager.js b/packages/safe-chain/src/packagemanager/pip/createPackageManager.js index 6ec5d1a..bd78605 100644 --- a/packages/safe-chain/src/packagemanager/pip/createPackageManager.js +++ b/packages/safe-chain/src/packagemanager/pip/createPackageManager.js @@ -1,17 +1,21 @@ import { runPip } from "./runPipCommand.js"; -import { getCurrentPipInvocation } from "./pipSettings.js"; +import { PIP_COMMAND } from "./pipSettings.js"; + /** + * @param {{ tool: string, args: string[] }} [context] - Optional context with tool name and args * @returns {import("../currentPackageManager.js").PackageManager} */ -export function createPipPackageManager() { +export function createPipPackageManager(context) { + const tool = context?.tool || PIP_COMMAND; + return { /** * @param {string[]} args */ runCommand: (args) => { - const invocation = getCurrentPipInvocation(); - const fullArgs = [...invocation.args, ...args]; - return runPip(invocation.command, fullArgs); + // Args from main.js are already stripped of --safe-chain-* flags + // We just pass the tool (e.g. "python3") and the args (e.g. ["-m", "pip", "install", ...]) + return runPip(tool, args); }, // For pip, rely solely on MITM proxy to detect/deny downloads from known registries. isSupportedCommand: () => false, diff --git a/packages/safe-chain/src/packagemanager/pip/pipSettings.js b/packages/safe-chain/src/packagemanager/pip/pipSettings.js index 0316b77..1ef6720 100644 --- a/packages/safe-chain/src/packagemanager/pip/pipSettings.js +++ b/packages/safe-chain/src/packagemanager/pip/pipSettings.js @@ -1,30 +1,6 @@ export const PIP_PACKAGE_MANAGER = "pip"; -// All supported python/pip invocations for Safe Chain interception -export const PIP_INVOCATIONS = { - PIP: { command: "pip", args: [] }, - PIP3: { command: "pip3", args: [] }, - PY_PIP: { command: "python", args: ["-m", "pip"] }, - PY3_PIP: { command: "python3", args: ["-m", "pip"] }, - PY_PIP3: { command: "python", args: ["-m", "pip3"] }, - PY3_PIP3: { command: "python3", args: ["-m", "pip3"] } -}; - -/** - * @type {{ command: string, args: string[] }} - */ -let currentInvocation = PIP_INVOCATIONS.PY3_PIP; // Default to python3 -m pip - -/** - * @param {{ command: string, args: string[] }} invocation - */ -export function setCurrentPipInvocation(invocation) { - currentInvocation = invocation; -} - -/** - * @returns {{ command: string, args: string[] }} - */ -export function getCurrentPipInvocation() { - return currentInvocation; -} +export const PIP_COMMAND = "pip"; +export const PIP3_COMMAND = "pip3"; +export const PYTHON_COMMAND = "python"; +export const PYTHON3_COMMAND = "python3"; diff --git a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js index f7050a5..dc9a1ad 100644 --- a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js +++ b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js @@ -2,12 +2,31 @@ import { ui } from "../../environment/userInteraction.js"; import { safeSpawn } from "../../utils/safeSpawn.js"; import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js"; import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js"; +import { PIP_COMMAND, PIP3_COMMAND, PYTHON_COMMAND, PYTHON3_COMMAND } from "./pipSettings.js"; import fs from "node:fs/promises"; import fsSync from "node:fs"; import os from "node:os"; import path from "node:path"; import ini from "ini"; +/** + * Checks if this pip invocation should bypass safe-chain and spawn directly. + * Returns true if the tool is python/python3 but NOT being run with -m pip/pip3. + * @param {string} command - The command executable + * @param {string[]} args - The arguments + * @returns {boolean} + */ +function shouldBypassSafeChain(command, args) { + if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) { + // Check if args start with -m pip + if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) { + return false; + } + return true; + } + return false; +} + /** * Sets fallback CA bundle environment variables used by Python libraries. * These are applied in addition to the PIP_CONFIG_FILE to ensure all Python @@ -49,11 +68,28 @@ function setFallbackCaBundleEnvironmentVariables(env, combinedCaPath) { * Special handling for commands that modify config/cache/state: PIP_CONFIG_FILE is NOT overridden to allow * users to read/write persistent config. Only CA environment variables are set for these commands. * - * @param {string} command - The pip command to execute (e.g., 'pip3') + * @param {string} command - The pip command executable (e.g., 'pip3' or 'python3') * @param {string[]} args - Command line arguments to pass to pip * @returns {Promise<{status: number}>} Exit status of the pip command */ export async function runPip(command, args) { + // Check if we should bypass safe-chain (python/python3 without -m pip) + if (shouldBypassSafeChain(command, args)) { + ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`); + // Spawn the ORIGINAL command with ORIGINAL args + const { spawn } = await import("child_process"); + return new Promise((_resolve) => { + const proc = spawn(command, args, { stdio: "inherit" }); + proc.on("exit", (/** @type {number | null} */ code) => { + process.exit(code ?? 0); + }); + proc.on("error", (/** @type {Error} */ err) => { + ui.writeError(`Error executing command: ${err.message}`); + process.exit(1); + }); + }); + } + try { const env = mergeSafeChainProxyEnvironmentVariables(process.env); diff --git a/test/e2e/pip.e2e.spec.js b/test/e2e/pip.e2e.spec.js index 26ebb78..f4579ab 100644 --- a/test/e2e/pip.e2e.spec.js +++ b/test/e2e/pip.e2e.spec.js @@ -539,4 +539,278 @@ describe("E2E: pip coverage", () => { `Should download certifi. Output was:\n${downloadResult.output}` ); }); + + // Tests for python/python3 bypass (non-pip invocations should go directly without safe-chain) + + it(`python3 --version should bypass safe-chain and work normally`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand("python3 --version"); + + // Should output Python version + assert.ok( + result.output.match(/Python 3\.\d+\.\d+/), + `Should output Python version. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain proxy + assert.ok( + !result.output.includes("Safe-chain"), + `python3 --version should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python --version should bypass safe-chain and work normally`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand("python --version"); + + // Should output Python version + assert.ok( + result.output.match(/Python \d+\.\d+\.\d+/), + `Should output Python version. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python --version should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 -c "print('hello')" should bypass safe-chain and execute code`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand("python3 -c \"print('hello world')\""); + + // Should execute Python code + assert.ok( + result.output.includes("hello world"), + `Should execute Python code. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 -c should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python -c should bypass safe-chain and execute code`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand("python -c \"import sys; print(sys.version)\""); + + // Should execute Python code and print version + assert.ok( + result.output.match(/\d+\.\d+\.\d+/), + `Should execute Python code. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python -c should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 script.py should bypass safe-chain and execute script`, async () => { + const shell = await container.openShell("zsh"); + + // Create a simple Python script + await shell.runCommand("echo \"print('script executed')\" > /tmp/test_script.py"); + + const result = await shell.runCommand("python3 /tmp/test_script.py"); + + // Should execute the script + assert.ok( + result.output.includes("script executed"), + `Should execute Python script. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 script.py should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python script.py should bypass safe-chain and execute script`, async () => { + const shell = await container.openShell("zsh"); + + // Create a simple Python script + await shell.runCommand("echo \"print('python2/3 compatible')\" > /tmp/test_script2.py"); + + const result = await shell.runCommand("python /tmp/test_script2.py"); + + // Should execute the script + assert.ok( + result.output.includes("python2/3 compatible"), + `Should execute Python script. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python script.py should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 -m json.tool should bypass safe-chain (module other than pip)`, async () => { + const shell = await container.openShell("zsh"); + + // json.tool is a built-in Python module for formatting JSON + const result = await shell.runCommand("echo '{\"test\": 123}' | python3 -m json.tool"); + + // Should format JSON + assert.ok( + result.output.includes('"test"') && result.output.includes('123'), + `Should format JSON. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 -m json.tool should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 -m http.server should bypass safe-chain (module other than pip)`, async () => { + const shell = await container.openShell("zsh"); + + // Start http.server in background and kill it immediately + // We just want to verify it starts without safe-chain interference + const result = await shell.runCommand("timeout 1 python3 -m http.server 8999 || true"); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 -m http.server should not go through safe-chain. Output was:\n${result.output}` + ); + + // Should either start the server or timeout (both are success for bypass test) + assert.ok( + result.output.includes("Serving HTTP") || result.output === "" || result.exitCode !== undefined, + `Should attempt to start server. Output was:\n${result.output}` + ); + }); + + it(`python3 interactive mode should bypass safe-chain`, async () => { + const shell = await container.openShell("zsh"); + + // Run python3 with a command piped to stdin to simulate interactive mode + const result = await shell.runCommand("echo 'print(2+2)' | python3"); + + // Should execute the command + assert.ok( + result.output.includes("4"), + `Should execute Python interactively. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 interactive should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 with no arguments should bypass safe-chain`, async () => { + const shell = await container.openShell("zsh"); + + // Python with no args goes to interactive REPL, pipe exit command + const result = await shell.runCommand("echo 'exit()' | python3"); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 with no args should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 -m venv should bypass safe-chain (venv module)`, async () => { + const shell = await container.openShell("zsh"); + + const result = await shell.runCommand("python3 -m venv /tmp/test_venv"); + + // Should create venv without safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 -m venv should not go through safe-chain. Output was:\n${result.output}` + ); + + // Verify venv was created + const checkVenv = await shell.runCommand("test -f /tmp/test_venv/bin/python3 && echo 'exists'"); + assert.ok( + checkVenv.output.includes("exists"), + `venv should be created. Output was:\n${checkVenv.output}` + ); + }); + + it(`python3 -m pytest should bypass safe-chain (pytest module)`, async () => { + const shell = await container.openShell("zsh"); + + // pytest may not be installed, but the bypass should work regardless + const result = await shell.runCommand("python3 -m pytest --version 2>&1 || true"); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 -m pytest should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 -m site should bypass safe-chain (site module)`, async () => { + const shell = await container.openShell("zsh"); + + const result = await shell.runCommand("python3 -m site"); + + // Should output site information + assert.ok( + result.output.includes("sys.path") || result.output.includes("USER_BASE"), + `Should output site information. Output was:\n${result.output}` + ); + + // Should NOT go through safe-chain + assert.ok( + !result.output.includes("Safe-chain"), + `python3 -m site should not go through safe-chain. Output was:\n${result.output}` + ); + }); + + // Verify that -m pip* still goes through safe-chain (sanity check) + + it(`python3 -m pip DOES go through safe-chain (sanity check)`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand( + "python3 -m pip install --break-system-packages certifi" + ); + + // SHOULD go through safe-chain + assert.ok( + result.output.includes("Safe-chain") || result.output.includes("no malware found"), + `python3 -m pip SHOULD go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python3 -m pip3 DOES go through safe-chain (sanity check)`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand( + "python3 -m pip3 install --break-system-packages certifi" + ); + + // SHOULD go through safe-chain + assert.ok( + result.output.includes("Safe-chain") || result.output.includes("no malware found"), + `python3 -m pip3 SHOULD go through safe-chain. Output was:\n${result.output}` + ); + }); + + it(`python -m pip DOES go through safe-chain (sanity check)`, async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand( + "python -m pip install --break-system-packages certifi" + ); + + // SHOULD go through safe-chain + assert.ok( + result.output.includes("Safe-chain") || result.output.includes("no malware found"), + `python -m pip SHOULD go through safe-chain. Output was:\n${result.output}` + ); + }); }); diff --git a/test/e2e/safe-chain-cli-python.e2e.spec.js b/test/e2e/safe-chain-cli-python.e2e.spec.js new file mode 100644 index 0000000..5c84945 --- /dev/null +++ b/test/e2e/safe-chain-cli-python.e2e.spec.js @@ -0,0 +1,104 @@ +import { describe, it, before, beforeEach, afterEach } from "node:test"; +import { DockerTestContainer } from "./DockerTestContainer.js"; +import assert from "node:assert"; + +describe("E2E: safe-chain CLI python/pip support", () => { + let container; + + before(async () => { + DockerTestContainer.buildImage(); + }); + + beforeEach(async () => { + container = new DockerTestContainer(); + await container.start(); + // Note: We do NOT run 'safe-chain setup' here. + // We want to test the 'safe-chain' CLI command directly. + }); + + afterEach(async () => { + if (container) { + await container.stop(); + container = null; + } + }); + + it("safe-chain pip3 install routes through proxy", async () => { + const shell = await container.openShell("zsh"); + // Invoke safe-chain directly with pip3 command + const result = await shell.runCommand( + "safe-chain pip3 install --break-system-packages requests" + ); + + assert.ok( + result.output.includes("no malware found."), + `Output did not include expected text. Output was:\n${result.output}` + ); + assert.ok( + result.output.includes("Successfully installed") || + result.output.includes("Requirement already satisfied"), + `Installation failed. Output was:\n${result.output}` + ); + }); + + it("safe-chain python3 -m pip install routes through proxy", async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand( + "safe-chain python3 -m pip install --break-system-packages requests" + ); + + assert.ok( + result.output.includes("no malware found."), + `Output did not include expected text. Output was:\n${result.output}` + ); + }); + + it("safe-chain python3 script.py bypasses proxy", async () => { + const shell = await container.openShell("zsh"); + + // Create a simple script + await shell.runCommand("echo \"print('direct execution')\" > /tmp/test.py"); + + const result = await shell.runCommand("safe-chain python3 /tmp/test.py"); + + // Should execute the script + assert.ok( + result.output.includes("direct execution"), + `Script execution failed. Output was:\n${result.output}` + ); + + // Should NOT show safe-chain logs + assert.ok( + !result.output.includes("Safe-chain"), + `Should have bypassed safe-chain. Output was:\n${result.output}` + ); + }); + + it("safe-chain python3 --version bypasses proxy", async () => { + const shell = await container.openShell("zsh"); + const result = await shell.runCommand("safe-chain python3 --version"); + + assert.ok( + result.output.match(/Python 3\.\d+\.\d+/), + `Should show python version. Output was:\n${result.output}` + ); + assert.ok( + !result.output.includes("Safe-chain"), + `Should have bypassed safe-chain. Output was:\n${result.output}` + ); + }); + + it("safe-chain blocks malicious package via pip3", async () => { + const shell = await container.openShell("zsh"); + await shell.runCommand("pip3 cache purge"); + + const result = await shell.runCommand( + "safe-chain pip3 install --break-system-packages safe-chain-pi-test" + ); + + assert.ok( + result.output.includes("blocked 1 malicious package downloads"), + `Should have blocked malware. Output was:\n${result.output}` + ); + }); +});