milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'powershell-safe-chain-detection' into fish-safe-chain-detection

Browse source
This commit is contained in:
Sander Declerck 2025-07-28 10:38:36 +02:00
commit 6a8d56dfec
No known key found for this signature in database
3 changed files with 43 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

3
package.json
View file

@ -42,5 +42,6 @@
"bugs": { "bugs": {
"url": "https://github.com/AikidoSec/safe-chain/issues" "url": "https://github.com/AikidoSec/safe-chain/issues"
}, },
"homepage": "https://github.com/AikidoSec/safe-chain#readme" "homepage": "https://github.com/AikidoSec/safe-chain#readme",
"packageManager": "npm@11.4.1+sha512.fcee43884166b6f9c5d04535fb95650e9708b6948a1f797eddf40e9778646778a518dfa32651b1c62ff36f4ac42becf177ca46ca27d53f24b539190c8d91802b"
} }

73
src/shell-integration/startup-scripts/init-posix.sh
View file

@ -1,50 +1,13 @@
function installIfCommandNotFound() { function printSafeChainWarning() {
local cmd="$1" # \033[43;30m is used to set the background color to yellow and text color to black
# \033[0m is used to reset the text formatting
# Check if the command already exists printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will be run directly.\n" "$1"
if command -v "$cmd" > /dev/null 2>&1; then # \033[36m is used to set the text color to cyan
return 0 printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
fi
# Check if Node.js version is below 18
# Safe-chain requires Node.js 18 or higher
local node_version=$(node -v | sed 's/v//' | cut -d'.' -f1)
if [ "$node_version" -lt 18 ]; then
return 2
fi
# Command not found, ask user if they want to install safe-chain
printf "The command '%s' is not available. Do you want to install safe-chain to provide it? (y/N): " "$cmd"
read -r response
if [[ "$response" =~ ^[Yy]$ ]]; then
printf "Installing safe-chain...\n"
installSafeChain
if [ $? -ne 0 ]; then
printf "\nFailed to install safe-chain. Exiting.\n"
return 1
fi
return 0
else
printf "Skipping safe-chain installation. Using original command instead.\n"
return 2
fi
} }
function installSafeChain() { function wrapSafeChainCommand() {
command npm install -g @aikidosec/safe-chain
if [ $? -ne 0 ]; then
return 1
fi
printf "------\n"
}
function wrapCommand() {
local original_cmd="$1" local original_cmd="$1"
local aikido_cmd="$2" local aikido_cmd="$2"
@ -52,29 +15,31 @@ function wrapCommand() {
# so that "$@" now contains only the arguments passed to the original command # so that "$@" now contains only the arguments passed to the original command
shift 2 shift 2
installIfCommandNotFound "$aikido_cmd" if command -v "$aikido_cmd" > /dev/null 2>&1; then
local install_result=$? # If the aikido command is available, just run it with the provided arguments
if [ $install_result -eq 2 ]; then
command "$original_cmd" "$@"
else
"$aikido_cmd" "$@" "$aikido_cmd" "$@"
else
# If the aikido command is not available, print a warning and run the original command
printSafeChainWarning "$original_cmd"
command "$original_cmd" "$@"
fi fi
} }
function npx() { function npx() {
wrapCommand "npx" "aikido-npx" "$@" wrapSafeChainCommand "npx" "aikido-npx" "$@"
} }
function yarn() { function yarn() {
wrapCommand "yarn" "aikido-yarn" "$@" wrapSafeChainCommand "yarn" "aikido-yarn" "$@"
} }
function pnpm() { function pnpm() {
wrapCommand "pnpm" "aikido-pnpm" "$@" wrapSafeChainCommand "pnpm" "aikido-pnpm" "$@"
} }
function pnpx() { function pnpx() {
wrapCommand "pnpx" "aikido-pnpx" "$@" wrapSafeChainCommand "pnpx" "aikido-pnpx" "$@"
} }
function npm() { function npm() {
@ -85,5 +50,5 @@ function npm() {
return return
fi fi
wrapCommand "npm" "aikido-npm" "$@" wrapSafeChainCommand "npm" "aikido-npm" "$@"
} }

82
src/shell-integration/startup-scripts/init-pwsh.ps1
View file

@ -1,10 +1,24 @@
function Write-SafeChainWarning {
param([string]$Command)
# PowerShell equivalent of ANSI color codes: yellow background, black text for "Warning:"
Write-Host "Warning:" -BackgroundColor Yellow -ForegroundColor Black -NoNewline
Write-Host " safe-chain is not available to protect you from installing malware. $Command will be run directly."
# Cyan text for the install command
Write-Host "Install safe-chain by using " -NoNewline
Write-Host "npm install -g @aikidosec/safe-chain" -ForegroundColor Cyan -NoNewline
Write-Host "."
}
function Test-CommandAvailable { function Test-CommandAvailable {
param([string]$Command) param([string]$Command)
try { try {
Get-Command $Command -ErrorAction Stop | Out-Null Get-Command $Command -ErrorAction Stop | Out-Null
return $true return $true
} catch { }
catch {
return $false return $false
} }
} }
@ -19,62 +33,6 @@ function Invoke-RealCommand {
$realCommand = Get-Command -Name $Command -CommandType Application | Select-Object -First 1 $realCommand = Get-Command -Name $Command -CommandType Application | Select-Object -First 1
if ($realCommand) { if ($realCommand) {
& $realCommand.Source @Arguments & $realCommand.Source @Arguments
} else {
# Fallback: try to call the .cmd version directly
& "$Command.cmd" @Arguments
}
}
function Install-IfCommandNotFound {
param([string]$Command)
# Check if the command already exists
if (Test-CommandAvailable $Command) {
return 0
}
# Check if Node.js version is below 18
# Safe-chain requires Node.js 18 or higher
try {
$nodeVersion = (node -v) -replace 'v', '' | ForEach-Object { $_.Split('.')[0] }
if ([int]$nodeVersion -lt 18) {
return 2
}
} catch {
return 2
}
# Command not found, ask user if they want to install safe-chain
$response = Read-Host "The command '$Command' is not available. Do you want to install safe-chain to provide it? (y/N)"
if ($response -match '^[Yy]$') {
Write-Host "Installing safe-chain..."
$installResult = Install-SafeChain
if ($installResult -ne 0) {
Write-Host "`nFailed to install safe-chain. Exiting."
return 1
}
return 0
} else {
Write-Host "Skipping safe-chain installation. Using original command instead."
return 2
}
}
function Install-SafeChain {
try {
Invoke-RealCommand "npm" @("install", "-g", "@aikidosec/safe-chain") | Out-Null
if ($LASTEXITCODE -ne 0) {
return 1
}
Write-Host "------"
return 0
} catch {
return 1
} }
} }
@ -85,13 +43,13 @@ function Invoke-WrappedCommand {
[string[]]$Arguments [string[]]$Arguments
) )
$installResult = Install-IfCommandNotFound $AikidoCmd if (Test-CommandAvailable $AikidoCmd) {
if ($installResult -eq 2) {
Invoke-RealCommand $OriginalCmd $Arguments
} else {
& $AikidoCmd @Arguments & $AikidoCmd @Arguments
} }
else {
Write-SafeChainWarning $OriginalCmd
Invoke-RealCommand $OriginalCmd $Arguments
}
} }
function npx { function npx {