milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Create verifyNoMaliciousPackages function in proxy

Browse source
This commit is contained in:
Sander Declerck 2025-09-30 15:11:00 +02:00
parent 6c08c6adce
commit 3b145a4695
No known key found for this signature in database
2 changed files with 28 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

22
packages/safe-chain/src/main.js
View file

@ -5,7 +5,6 @@ import { ui } from "./environment/userInteraction.js";
import { getPackageManager } from "./packagemanager/currentPackageManager.js"; import { getPackageManager } from "./packagemanager/currentPackageManager.js";
import { initializeCliArguments } from "./config/cliArguments.js"; import { initializeCliArguments } from "./config/cliArguments.js";
import { createSafeChainProxy } from "./registryProxy/registryProxy.js"; import { createSafeChainProxy } from "./registryProxy/registryProxy.js";
import chalk from "chalk";
export async function main(args) { export async function main(args) {
const proxy = createSafeChainProxy(); const proxy = createSafeChainProxy();
@ -26,26 +25,7 @@ export async function main(args) {
var result = await getPackageManager().runCommand(args); var result = await getPackageManager().runCommand(args);
await proxy.stopServer(); await proxy.stopServer();
const blockedRequests = proxy.getBlockedRequests(); proxy.verifyNoMaliciousPackages();
if (blockedRequests.length > 0) {
ui.emptyLine();
ui.writeInformation(
`Safe-chain: ${chalk.bold(
`blocked ${blockedRequests.length} malicious package downloads`
)}:`
);
for (const req of blockedRequests) {
ui.writeInformation(` - ${req.packageName}@${req.version} (${req.url})`);
}
ui.emptyLine();
ui.writeError("Exiting without installing malicious packages.");
ui.emptyLine();
process.exit(1);
}
process.exit(result.status); process.exit(result.status);
} }

27
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -4,6 +4,8 @@ import { mitmConnect } from "./mitmRequestHandler.js";
import { getCaCertPath } from "./certUtils.js"; import { getCaCertPath } from "./certUtils.js";
import { auditChanges } from "../scanning/audit/index.js"; import { auditChanges } from "../scanning/audit/index.js";
import { knownRegistries, parsePackageFromUrl } from "./parsePackageFromUrl.js"; import { knownRegistries, parsePackageFromUrl } from "./parsePackageFromUrl.js";
import { ui } from "../environment/userInteraction.js";
import chalk from "chalk";
const state = { const state = {
port: null, port: null,
@ -18,6 +20,7 @@ export function createSafeChainProxy() {
startServer: () => startServer(server), startServer: () => startServer(server),
stopServer: () => stopServer(server), stopServer: () => stopServer(server),
getBlockedRequests: () => state.blockedRequests, getBlockedRequests: () => state.blockedRequests,
verifyNoMaliciousPackages,
}; };
} }
@ -117,3 +120,27 @@ async function isAllowedUrl(url) {
return true; return true;
} }
function verifyNoMaliciousPackages() {
if (state.blockedRequests.length === 0) {
return;
}
ui.emptyLine();
ui.writeInformation(
`Safe-chain: ${chalk.bold(
`blocked ${state.blockedRequests.length} malicious package downloads`
)}:`
);
for (const req of state.blockedRequests) {
ui.writeInformation(` - ${req.packageName}@${req.version} (${req.url})`);
}
ui.emptyLine();
ui.writeError("Exiting without installing malicious packages.");
ui.emptyLine();
process.exit(1);
}