milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Split up newPackagesDatabse into builder, warnigns, cache

Browse source
This commit is contained in:
bitterpanda 2026-03-27 15:52:07 -07:00
parent f920fc61ac
commit 5b1cd7e8da
10 changed files with 434 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

100
packages/safe-chain/src/scanning/newPackagesDatabaseBuilder.spec.js Normal file
View file

@ -0,0 +1,100 @@
import { describe, it, mock } from "node:test";
import assert from "node:assert";
let minimumPackageAgeHours = 24;
let ecosystem = "js";
mock.module("../config/settings.js", {
namedExports: {
getMinimumPackageAgeHours: () => minimumPackageAgeHours,
getEcoSystem: () => ecosystem,
ECOSYSTEM_JS: "js",
ECOSYSTEM_PY: "py",
},
});
const { buildNewPackagesDatabase } = await import(
"./newPackagesDatabaseBuilder.js"
);
function hoursAgo(hours) {
return Math.floor((Date.now() - hours * 3600 * 1000) / 1000);
}
describe("buildNewPackagesDatabase", () => {
it("returns an object with isNewlyReleasedPackage", () => {
const db = buildNewPackagesDatabase([]);
assert.strictEqual(typeof db.isNewlyReleasedPackage, "function");
});
describe("isNewlyReleasedPackage", () => {
it("returns true for a package released within the age threshold", () => {
const db = buildNewPackagesDatabase([
{ package_name: "foo", version: "1.0.0", released_on: hoursAgo(1) },
]);
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), true);
});
it("returns false for a package released outside the age threshold", () => {
const db = buildNewPackagesDatabase([
{ package_name: "foo", version: "1.0.0", released_on: hoursAgo(48) },
]);
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), false);
});
it("returns false for a package not in the list", () => {
const db = buildNewPackagesDatabase([]);
assert.strictEqual(db.isNewlyReleasedPackage("not-there", "1.0.0"), false);
});
it("returns false for a known package but different version", () => {
const db = buildNewPackagesDatabase([
{ package_name: "foo", version: "2.0.0", released_on: hoursAgo(1) },
]);
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), false);
});
it("filters by source when source metadata is present", () => {
const db = buildNewPackagesDatabase([
{ source: "pypi", package_name: "foo", version: "1.0.0", released_on: hoursAgo(1) },
{ source: "npm", package_name: "bar", version: "1.0.0", released_on: hoursAgo(1) },
]);
// ecosystem is "js" → feed source is "npm"
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), false);
assert.strictEqual(db.isNewlyReleasedPackage("bar", "1.0.0"), true);
});
it("matches regardless of source case", () => {
const db = buildNewPackagesDatabase([
{ source: "NPM", package_name: "foo", version: "1.0.0", released_on: hoursAgo(1) },
]);
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), true);
});
it("matches entries with no source field", () => {
const db = buildNewPackagesDatabase([
{ package_name: "foo", version: "1.0.0", released_on: hoursAgo(1) },
]);
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), true);
});
it("respects a custom minimumPackageAgeHours threshold", () => {
minimumPackageAgeHours = 168; // 7 days
const db = buildNewPackagesDatabase([
{ package_name: "foo", version: "1.0.0", released_on: hoursAgo(100) },
]);
assert.strictEqual(db.isNewlyReleasedPackage("foo", "1.0.0"), true);
minimumPackageAgeHours = 24; // reset
});
});
});