milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #220 from AikidoSec/feature/pypi-cleanup-2

Browse source 
[PYPI] Centralize pip/python bypass logic in runPipCommand
This commit is contained in:
bitterpanda 2025-12-05 14:26:17 +01:00 committed by GitHub
commit 2dd215d620
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 450 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

7
packages/safe-chain/bin/aikido-pip.js
View file

@ -3,15 +3,12 @@
import { main } from "../src/main.js";
import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
import { PIP_PACKAGE_MANAGER, PIP_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
// Set eco system
setEcoSystem(ECOSYSTEM_PY);
// Set current invocation
setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
initializePackageManager(PIP_PACKAGE_MANAGER);
initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP_COMMAND, args: process.argv.slice(2) });
(async () => {
// Pass through only user-supplied pip args

8
packages/safe-chain/bin/aikido-pip3.js
View file

@ -3,16 +3,12 @@
import { main } from "../src/main.js";
import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
import { PIP_PACKAGE_MANAGER, PIP3_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
// Set eco system
setEcoSystem(ECOSYSTEM_PY);
// Set current invocation
setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
// Create package manager
initializePackageManager(PIP_PACKAGE_MANAGER);
initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP3_COMMAND, args: process.argv.slice(2) });
(async () => {
// Pass through only user-supplied pip args

21
packages/safe-chain/bin/aikido-python.js
View file

@ -1,7 +1,7 @@
#!/usr/bin/env node
import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
import { PIP_PACKAGE_MANAGER, PYTHON_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
import { main } from "../src/main.js";
@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY);
// Strip nodejs and wrapper script from args
let argv = process.argv.slice(2);
initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON_COMMAND, args: argv });
(async () => {
if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
setEcoSystem(ECOSYSTEM_PY);
setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP);
initializePackageManager(PIP_PACKAGE_MANAGER);
// Strip off the '-m pip' or '-m pip3' from the args
argv = argv.slice(2);
var exitCode = await main(argv);
process.exit(exitCode);
} else {
// Forward to real python binary for non-pip flows
const { spawn } = await import('child_process');
spawn('python', argv, { stdio: 'inherit' });
}
var exitCode = await main(argv);
process.exit(exitCode);
})();

21
packages/safe-chain/bin/aikido-python3.js
View file

@ -1,7 +1,7 @@
#!/usr/bin/env node
import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
import { PIP_PACKAGE_MANAGER, PYTHON3_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
import { main } from "../src/main.js";
@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY);
// Strip nodejs and wrapper script from args
let argv = process.argv.slice(2);
initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON3_COMMAND, args: argv });
(async () => {
if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
setEcoSystem(ECOSYSTEM_PY);
setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP);
initializePackageManager(PIP_PACKAGE_MANAGER);
// Strip off the '-m pip' or '-m pip3' from the args
argv = argv.slice(2);
var exitCode = await main(argv);
process.exit(exitCode);
} else {
// Forward to real python3 binary for non-pip flows
const { spawn } = await import('child_process');
spawn('python3', argv, { stdio: 'inherit' });
}
var exitCode = await main(argv);
process.exit(exitCode);
})();

64
packages/safe-chain/bin/safe-chain.js
View file

@ -13,11 +13,6 @@ import path from "path";
import { fileURLToPath } from "url";
import fs from "fs";
import { knownAikidoTools } from "../src/shell-integration/helpers.js";
import {
PIP_INVOCATIONS,
PIP_PACKAGE_MANAGER,
setCurrentPipInvocation,
} from "../src/packagemanager/pip/pipSettings.js";
/** @type {string} */
// This checks the current file's dirname in a way that's compatible with:
@ -46,15 +41,14 @@ const command = process.argv[2];
const tool = knownAikidoTools.find((tool) => tool.tool === command);
if (tool && tool.internalPackageManagerName === PIP_PACKAGE_MANAGER) {
(async function () {
await executePip(tool);
})();
} else if (tool) {
if (tool) {
const args = process.argv.slice(3);
setEcoSystem(tool.ecoSystem);
initializePackageManager(tool.internalPackageManagerName);
// Provide tool context to PM (pip uses this; others ignore)
const toolContext = { tool: tool.tool, args };
initializePackageManager(tool.internalPackageManagerName, toolContext);
(async () => {
var exitCode = await main(args);
@ -140,51 +134,3 @@ async function getVersion() {
return "0.0.0";
}
/**
* @param {import("../src/shell-integration/helpers.js").AikidoTool} tool
*/
async function executePip(tool) {
// Scanners for pip / pip3 / python / python3 use a slightly different approach:
// - They all use the same PIP_PACKAGE_MANAGER internally, but need some setup to be able to do so
// - It needs to set which tool to run (pip / pip3 / python / python3)
// - For python and python3, the -m pip/pip3 args are removed and later added again by the package manager
// - Python / python3 skips safe-chain if not being run with -m pip or -m pip3
let args = process.argv.slice(3);
setEcoSystem(tool.ecoSystem);
initializePackageManager(PIP_PACKAGE_MANAGER);
let shouldSkip = false;
if (tool.tool === "pip") {
setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
} else if (tool.tool === "pip3") {
setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
} else if (tool.tool === "python") {
if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
setCurrentPipInvocation(
args[1] === "pip3" ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP
);
args = args.slice(2);
} else {
shouldSkip = true;
}
} else if (tool.tool === "python3") {
if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
setCurrentPipInvocation(
args[1] === "pip3" ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP
);
args = args.slice(2);
} else {
shouldSkip = true;
}
}
if (shouldSkip) {
const { spawn } = await import("child_process");
spawn(tool.tool, args, { stdio: "inherit" });
} else {
var exitCode = await main(args);
process.exit(exitCode);
}
}

5
packages/safe-chain/src/packagemanager/currentPackageManager.js
View file

@ -35,10 +35,11 @@ const state = {
/**
* @param {string} packageManagerName
* @param {{ tool: string, args: string[] }} [context] - Optional tool context for package managers like pip
*
* @return {PackageManager}
*/
export function initializePackageManager(packageManagerName) {
export function initializePackageManager(packageManagerName, context) {
if (packageManagerName === "npm") {
state.packageManagerName = createNpmPackageManager();
} else if (packageManagerName === "npx") {
@ -54,7 +55,7 @@ export function initializePackageManager(packageManagerName) {
} else if (packageManagerName === "bunx") {
state.packageManagerName = createBunxPackageManager();
} else if (packageManagerName === "pip") {
state.packageManagerName = createPipPackageManager();
state.packageManagerName = createPipPackageManager(context);
} else if (packageManagerName === "uv") {
state.packageManagerName = createUvPackageManager();
} else {

14
packages/safe-chain/src/packagemanager/pip/createPackageManager.js
View file

@ -1,17 +1,21 @@
import { runPip } from "./runPipCommand.js";
import { getCurrentPipInvocation } from "./pipSettings.js";
import { PIP_COMMAND } from "./pipSettings.js";
/**
* @param {{ tool: string, args: string[] }} [context] - Optional context with tool name and args
* @returns {import("../currentPackageManager.js").PackageManager}
*/
export function createPipPackageManager() {
export function createPipPackageManager(context) {
const tool = context?.tool || PIP_COMMAND;
return {
/**
* @param {string[]} args
*/
runCommand: (args) => {
const invocation = getCurrentPipInvocation();
const fullArgs = [...invocation.args, ...args];
return runPip(invocation.command, fullArgs);
// Args from main.js are already stripped of --safe-chain-* flags
// We just pass the tool (e.g. "python3") and the args (e.g. ["-m", "pip", "install", ...])
return runPip(tool, args);
},
// For pip, rely solely on MITM proxy to detect/deny downloads from known registries.
isSupportedCommand: () => false,

32
packages/safe-chain/src/packagemanager/pip/pipSettings.js
View file

@ -1,30 +1,6 @@
export const PIP_PACKAGE_MANAGER = "pip";
// All supported python/pip invocations for Safe Chain interception
export const PIP_INVOCATIONS = {
PIP: { command: "pip", args: [] },
PIP3: { command: "pip3", args: [] },
PY_PIP: { command: "python", args: ["-m", "pip"] },
PY3_PIP: { command: "python3", args: ["-m", "pip"] },
PY_PIP3: { command: "python", args: ["-m", "pip3"] },
PY3_PIP3: { command: "python3", args: ["-m", "pip3"] }
};
/**
* @type {{ command: string, args: string[] }}
*/
let currentInvocation = PIP_INVOCATIONS.PY3_PIP; // Default to python3 -m pip
/**
* @param {{ command: string, args: string[] }} invocation
*/
export function setCurrentPipInvocation(invocation) {
currentInvocation = invocation;
}
/**
* @returns {{ command: string, args: string[] }}
*/
export function getCurrentPipInvocation() {
return currentInvocation;
}
export const PIP_COMMAND = "pip";
export const PIP3_COMMAND = "pip3";
export const PYTHON_COMMAND = "python";
export const PYTHON3_COMMAND = "python3";

38
packages/safe-chain/src/packagemanager/pip/runPipCommand.js
View file

@ -2,12 +2,31 @@ import { ui } from "../../environment/userInteraction.js";
import { safeSpawn } from "../../utils/safeSpawn.js";
import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
import { PIP_COMMAND, PIP3_COMMAND, PYTHON_COMMAND, PYTHON3_COMMAND } from "./pipSettings.js";
import fs from "node:fs/promises";
import fsSync from "node:fs";
import os from "node:os";
import path from "node:path";
import ini from "ini";
/**
* Checks if this pip invocation should bypass safe-chain and spawn directly.
* Returns true if the tool is python/python3 but NOT being run with -m pip/pip3.
* @param {string} command - The command executable
* @param {string[]} args - The arguments
* @returns {boolean}
*/
function shouldBypassSafeChain(command, args) {
if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) {
// Check if args start with -m pip
if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) {
return false;
}
return true;
}
return false;
}
/**
* Sets fallback CA bundle environment variables used by Python libraries.
* These are applied in addition to the PIP_CONFIG_FILE to ensure all Python
@ -49,11 +68,28 @@ function setFallbackCaBundleEnvironmentVariables(env, combinedCaPath) {
* Special handling for commands that modify config/cache/state: PIP_CONFIG_FILE is NOT overridden to allow
* users to read/write persistent config. Only CA environment variables are set for these commands.
*
* @param {string} command - The pip command to execute (e.g., 'pip3')
* @param {string} command - The pip command executable (e.g., 'pip3' or 'python3')
* @param {string[]} args - Command line arguments to pass to pip
* @returns {Promise<{status: number}>} Exit status of the pip command
*/
export async function runPip(command, args) {
// Check if we should bypass safe-chain (python/python3 without -m pip)
if (shouldBypassSafeChain(command, args)) {
ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`);
// Spawn the ORIGINAL command with ORIGINAL args
const { spawn } = await import("child_process");
return new Promise((_resolve) => {
const proc = spawn(command, args, { stdio: "inherit" });
proc.on("exit", (/** @type {number | null} */ code) => {
process.exit(code ?? 0);
});
proc.on("error", (/** @type {Error} */ err) => {
ui.writeError(`Error executing command: ${err.message}`);
process.exit(1);
});
});
}
try {
const env = mergeSafeChainProxyEnvironmentVariables(process.env);

274
test/e2e/pip.e2e.spec.js
View file

@ -539,4 +539,278 @@ describe("E2E: pip coverage", () => {
`Should download certifi. Output was:\n${downloadResult.output}`
);
});
// Tests for python/python3 bypass (non-pip invocations should go directly without safe-chain)
it(`python3 --version should bypass safe-chain and work normally`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 --version");
// Should output Python version
assert.ok(
result.output.match(/Python 3\.\d+\.\d+/),
`Should output Python version. Output was:\n${result.output}`
);
// Should NOT go through safe-chain proxy
assert.ok(
!result.output.includes("Safe-chain"),
`python3 --version should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python --version should bypass safe-chain and work normally`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python --version");
// Should output Python version
assert.ok(
result.output.match(/Python \d+\.\d+\.\d+/),
`Should output Python version. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python --version should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -c "print('hello')" should bypass safe-chain and execute code`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 -c \"print('hello world')\"");
// Should execute Python code
assert.ok(
result.output.includes("hello world"),
`Should execute Python code. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 -c should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python -c should bypass safe-chain and execute code`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python -c \"import sys; print(sys.version)\"");
// Should execute Python code and print version
assert.ok(
result.output.match(/\d+\.\d+\.\d+/),
`Should execute Python code. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python -c should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 script.py should bypass safe-chain and execute script`, async () => {
const shell = await container.openShell("zsh");
// Create a simple Python script
await shell.runCommand("echo \"print('script executed')\" > /tmp/test_script.py");
const result = await shell.runCommand("python3 /tmp/test_script.py");
// Should execute the script
assert.ok(
result.output.includes("script executed"),
`Should execute Python script. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 script.py should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python script.py should bypass safe-chain and execute script`, async () => {
const shell = await container.openShell("zsh");
// Create a simple Python script
await shell.runCommand("echo \"print('python2/3 compatible')\" > /tmp/test_script2.py");
const result = await shell.runCommand("python /tmp/test_script2.py");
// Should execute the script
assert.ok(
result.output.includes("python2/3 compatible"),
`Should execute Python script. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python script.py should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -m json.tool should bypass safe-chain (module other than pip)`, async () => {
const shell = await container.openShell("zsh");
// json.tool is a built-in Python module for formatting JSON
const result = await shell.runCommand("echo '{\"test\": 123}' | python3 -m json.tool");
// Should format JSON
assert.ok(
result.output.includes('"test"') && result.output.includes('123'),
`Should format JSON. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 -m json.tool should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -m http.server should bypass safe-chain (module other than pip)`, async () => {
const shell = await container.openShell("zsh");
// Start http.server in background and kill it immediately
// We just want to verify it starts without safe-chain interference
const result = await shell.runCommand("timeout 1 python3 -m http.server 8999 || true");
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 -m http.server should not go through safe-chain. Output was:\n${result.output}`
);
// Should either start the server or timeout (both are success for bypass test)
assert.ok(
result.output.includes("Serving HTTP") || result.output === "" || result.exitCode !== undefined,
`Should attempt to start server. Output was:\n${result.output}`
);
});
it(`python3 interactive mode should bypass safe-chain`, async () => {
const shell = await container.openShell("zsh");
// Run python3 with a command piped to stdin to simulate interactive mode
const result = await shell.runCommand("echo 'print(2+2)' | python3");
// Should execute the command
assert.ok(
result.output.includes("4"),
`Should execute Python interactively. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 interactive should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 with no arguments should bypass safe-chain`, async () => {
const shell = await container.openShell("zsh");
// Python with no args goes to interactive REPL, pipe exit command
const result = await shell.runCommand("echo 'exit()' | python3");
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 with no args should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -m venv should bypass safe-chain (venv module)`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 -m venv /tmp/test_venv");
// Should create venv without safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 -m venv should not go through safe-chain. Output was:\n${result.output}`
);
// Verify venv was created
const checkVenv = await shell.runCommand("test -f /tmp/test_venv/bin/python3 && echo 'exists'");
assert.ok(
checkVenv.output.includes("exists"),
`venv should be created. Output was:\n${checkVenv.output}`
);
});
it(`python3 -m pytest should bypass safe-chain (pytest module)`, async () => {
const shell = await container.openShell("zsh");
// pytest may not be installed, but the bypass should work regardless
const result = await shell.runCommand("python3 -m pytest --version 2>&1 || true");
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 -m pytest should not go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -m site should bypass safe-chain (site module)`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 -m site");
// Should output site information
assert.ok(
result.output.includes("sys.path") || result.output.includes("USER_BASE"),
`Should output site information. Output was:\n${result.output}`
);
// Should NOT go through safe-chain
assert.ok(
!result.output.includes("Safe-chain"),
`python3 -m site should not go through safe-chain. Output was:\n${result.output}`
);
});
// Verify that -m pip* still goes through safe-chain (sanity check)
it(`python3 -m pip DOES go through safe-chain (sanity check)`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"python3 -m pip install --break-system-packages certifi"
);
// SHOULD go through safe-chain
assert.ok(
result.output.includes("Safe-chain") || result.output.includes("no malware found"),
`python3 -m pip SHOULD go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -m pip3 DOES go through safe-chain (sanity check)`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"python3 -m pip3 install --break-system-packages certifi"
);
// SHOULD go through safe-chain
assert.ok(
result.output.includes("Safe-chain") || result.output.includes("no malware found"),
`python3 -m pip3 SHOULD go through safe-chain. Output was:\n${result.output}`
);
});
it(`python -m pip DOES go through safe-chain (sanity check)`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"python -m pip install --break-system-packages certifi"
);
// SHOULD go through safe-chain
assert.ok(
result.output.includes("Safe-chain") || result.output.includes("no malware found"),
`python -m pip SHOULD go through safe-chain. Output was:\n${result.output}`
);
});
});

104
test/e2e/safe-chain-cli-python.e2e.spec.js Normal file
View file

@ -0,0 +1,104 @@
import { describe, it, before, beforeEach, afterEach } from "node:test";
import { DockerTestContainer } from "./DockerTestContainer.js";
import assert from "node:assert";
describe("E2E: safe-chain CLI python/pip support", () => {
let container;
before(async () => {
DockerTestContainer.buildImage();
});
beforeEach(async () => {
container = new DockerTestContainer();
await container.start();
// Note: We do NOT run 'safe-chain setup' here.
// We want to test the 'safe-chain' CLI command directly.
});
afterEach(async () => {
if (container) {
await container.stop();
container = null;
}
});
it("safe-chain pip3 install routes through proxy", async () => {
const shell = await container.openShell("zsh");
// Invoke safe-chain directly with pip3 command
const result = await shell.runCommand(
"safe-chain pip3 install --break-system-packages requests"
);
assert.ok(
result.output.includes("no malware found."),
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Successfully installed") ||
result.output.includes("Requirement already satisfied"),
`Installation failed. Output was:\n${result.output}`
);
});
it("safe-chain python3 -m pip install routes through proxy", async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"safe-chain python3 -m pip install --break-system-packages requests"
);
assert.ok(
result.output.includes("no malware found."),
`Output did not include expected text. Output was:\n${result.output}`
);
});
it("safe-chain python3 script.py bypasses proxy", async () => {
const shell = await container.openShell("zsh");
// Create a simple script
await shell.runCommand("echo \"print('direct execution')\" > /tmp/test.py");
const result = await shell.runCommand("safe-chain python3 /tmp/test.py");
// Should execute the script
assert.ok(
result.output.includes("direct execution"),
`Script execution failed. Output was:\n${result.output}`
);
// Should NOT show safe-chain logs
assert.ok(
!result.output.includes("Safe-chain"),
`Should have bypassed safe-chain. Output was:\n${result.output}`
);
});
it("safe-chain python3 --version bypasses proxy", async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("safe-chain python3 --version");
assert.ok(
result.output.match(/Python 3\.\d+\.\d+/),
`Should show python version. Output was:\n${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
`Should have bypassed safe-chain. Output was:\n${result.output}`
);
});
it("safe-chain blocks malicious package via pip3", async () => {
const shell = await container.openShell("zsh");
await shell.runCommand("pip3 cache purge");
const result = await shell.runCommand(
"safe-chain pip3 install --break-system-packages safe-chain-pi-test"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads"),
`Should have blocked malware. Output was:\n${result.output}`
);
});
});