milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Simplify setting certificates

Browse source
This commit is contained in:
Reinier Criel 2025-10-28 13:56:27 -07:00
parent b886bb1cfe
commit 70dc89c3e8
4 changed files with 77 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

8
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -34,14 +34,6 @@ function getSafeChainProxyEnvironmentVariables() {
HTTPS_PROXY: `http://localhost:${state.port}`,
GLOBAL_AGENT_HTTP_PROXY: `http://localhost:${state.port}`,
NODE_EXTRA_CA_CERTS: getCaCertPath(),
// Following env vars point pip and Python's requests/urllib at a CA Cert file.
// pip checks PIP_CERT first
// If pip uses requests library internally, it needs REQUESTS_CA_BUNDLE
// Other Python packages or pip's fallback SSL code may use SSL_CERT_FILE
PIP_CERT: getCaCertPath(),
REQUESTS_CA_BUNDLE: getCaCertPath(),
SSL_CERT_FILE: getCaCertPath(),
};
}

9
packages/safe-chain/src/registryProxy/registryProxy.mitm.spec.js
View file

@ -145,12 +145,11 @@ describe("registryProxy.mitm", () => {
});
// --- Pip registry MITM and env var tests ---
it("should set pip CA trust environment variables", () => {
it("should NOT set global Python CA environment variables", () => {
const envVars = mergeSafeChainProxyEnvironmentVariables([]);
const caPath = getCaCertPath();
assert.strictEqual(envVars.PIP_CERT, caPath);
assert.strictEqual(envVars.REQUESTS_CA_BUNDLE, caPath);
assert.strictEqual(envVars.SSL_CERT_FILE, caPath);
assert.strictEqual(envVars.PIP_CERT, undefined);
assert.strictEqual(envVars.REQUESTS_CA_BUNDLE, undefined);
assert.strictEqual(envVars.SSL_CERT_FILE, undefined);
});
it("should intercept HTTPS requests to pypi.org for pip package", async () => {