milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add end-to-end tests for proxy blocking malware packages

Browse source
This commit is contained in:
Sander Declerck 2025-09-30 15:03:49 +02:00
parent a3f91b8b55
commit 6c08c6adce
No known key found for this signature in database
4 changed files with 115 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

22
test/e2e/pnpm.e2e.spec.js
View file

@ -60,6 +60,28 @@ describe("E2E: pnpm coverage", () => {
);
});
it(`safe-chain blocks download of malicious packages already in package.json`, async () => {
const shell = await container.openShell("zsh");
await shell.runCommand(
'echo \'{"name":"test-project","version":"1.0.0","dependencies":{"safe-chain-test":"0.0.1-security"}}\' > package.json'
);
var result = await shell.runCommand("pnpm install");
assert.ok(
result.output.includes("blocked 1 malicious package downloads"),
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("- safe-chain-test"),
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Output did not include expected text. Output was:\n${result.output}`
);
});
it("safe-chain blocks pnpx from executing malicious packages", async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("pnpx safe-chain-test");