milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some more cleanup

Browse source
This commit is contained in:
Reinier Criel 2026-03-27 14:38:41 -07:00
parent 8a4f759a78
commit 8133f0c970
2 changed files with 21 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

19
packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js
View file

@ -178,6 +178,25 @@ export function getHasSuppressedVersions() {
return state.hasSuppressedVersions; return state.hasSuppressedVersions;
} }
/**
* @param {Buffer} body
* @param {NodeJS.Dict<string | string[]> | undefined} headers
* @returns {string | undefined}
*/
export function getPackageNameFromMetadataResponse(body, headers) {
try {
const contentType = getHeaderValueAsString(headers, "content-type");
if (!contentType?.toLowerCase().includes("application/json")) {
return undefined;
}
const bodyJson = JSON.parse(body.toString("utf8"));
return typeof bodyJson.name === "string" ? bodyJson.name : undefined;
} catch {
return undefined;
}
}
/** /**
* Checks if a package name matches an exclusion pattern. * Checks if a package name matches an exclusion pattern.
* Supports trailing wildcard (*) for prefix matching. * Supports trailing wildcard (*) for prefix matching.

28
packages/safe-chain/src/registryProxy/interceptors/npm/npmInterceptor.js
View file

@ -6,6 +6,7 @@ import {
import { isMalwarePackage } from "../../../scanning/audit/index.js"; import { isMalwarePackage } from "../../../scanning/audit/index.js";
import { interceptRequests } from "../interceptorBuilder.js"; import { interceptRequests } from "../interceptorBuilder.js";
import { import {
getPackageNameFromMetadataResponse,
isPackageInfoUrl, isPackageInfoUrl,
matchesExclusionPattern, matchesExclusionPattern,
modifyNpmInfoRequestHeaders, modifyNpmInfoRequestHeaders,
@ -47,8 +48,6 @@ function buildNpmInterceptor(registry) {
registry registry
); );
const minimumAgeChecksEnabled = !skipMinimumPackageAge(); const minimumAgeChecksEnabled = !skipMinimumPackageAge();
const packageIsExcludedFromMinimumAgeChecks =
packageName && isExcludedFromMinimumPackageAge(packageName);
if (await isMalwarePackage(packageName, version)) { if (await isMalwarePackage(packageName, version)) {
reqContext.blockMalware(packageName, version); reqContext.blockMalware(packageName, version);
@ -81,7 +80,7 @@ function buildNpmInterceptor(registry) {
minimumAgeChecksEnabled && minimumAgeChecksEnabled &&
packageName && packageName &&
version && version &&
!packageIsExcludedFromMinimumAgeChecks !isExcludedFromMinimumPackageAge(packageName)
) { ) {
const newPackagesDatabase = await openNewPackagesDatabase(); const newPackagesDatabase = await openNewPackagesDatabase();
@ -106,26 +105,3 @@ function isExcludedFromMinimumPackageAge(packageName) {
matchesExclusionPattern(packageName, pattern) matchesExclusionPattern(packageName, pattern)
); );
} }
/**
* @param {Buffer} body
* @param {NodeJS.Dict<string | string[]> | undefined} headers
* @returns {string | undefined}
*/
function getPackageNameFromMetadataResponse(body, headers) {
try {
const contentType = headers?.["content-type"];
const normalizedContentType = Array.isArray(contentType)
? contentType.join(",")
: contentType;
if (!normalizedContentType?.toLowerCase().includes("application/json")) {
return undefined;
}
const bodyJson = JSON.parse(body.toString("utf8"));
return typeof bodyJson.name === "string" ? bodyJson.name : undefined;
} catch {
return undefined;
}
}