Omly pass --cert when using known registry

packages/safe-chain/src/packagemanager/pip/runPipCommand.js

@@ -2,21 +2,77 @@ import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 import { getCaCertPath } from "../../registryProxy/certUtils.js";
+import { knownPipRegistries } from "../../registryProxy/parsePackageFromUrl.js";
+import yargsParser from "yargs-parser";
+
+function extractHostsFromPipArgs(args) {
+  function hostFromString(input) {
+    if (typeof input !== "string" || input.length === 0) return undefined;
+    try {
+      const u = new URL(input);
+      return u.hostname || undefined;
+    } catch {
+      // ignore: not a valid absolute URL
+    }
+    // Try adding a scheme if it's a schemeless URL-like value
+    try {
+      const u2 = new URL(`https://${input}`);
+      return u2.hostname || undefined;
+    } catch {
+      // ignore: not a valid schemeless URL either
+    }
+    return undefined;
+  }
+
+  const parsed = yargsParser(args, {
+    configuration: {
+      "short-option-groups": true,
+      "camel-case-expansion": false,
+      "dot-notation": false,
+      "duplicate-arguments-array": true,
+      "flatten-duplicate-arrays": false,
+      "greedy-arrays": false,
+      "unknown-options-as-args": true,
+    },
+  });
+  const toArray = (v) => (v == null ? [] : Array.isArray(v) ? v : [v]);
+  const candidateUrls = [
+    ...toArray(parsed.i),
+    ...toArray(parsed["index-url"]),
+    ...toArray(parsed["extra-index-url"]),
+    ...toArray(parsed["find-links"]),
+    ...toArray(parsed._).filter(
+      (a) => typeof a === "string" && (a.startsWith("https://") || a.startsWith("http://"))
+    ),
+  ];
+  const hosts = new Set();
+  for (const u of candidateUrls) {
+    const h = hostFromString(u);
+    if (h) hosts.add(h);
+  }
+  return Array.from(hosts);
+}
+
 
 export async function runPip(command, args) {
   try {
     const env = mergeSafeChainProxyEnvironmentVariables(process.env);
+    // Re-introduce conditional --cert injection: only for known registries (MITM).
+    // No global env overrides for Python trust.
+    const hosts = extractHostsFromPipArgs(args);
+    const allKnown = hosts.length === 0
+      ? true // No explicit sources => default PyPI (known) -> MITM
+      : hosts.every((h) => knownPipRegistries.includes(h));
 
-    // If the user already provided --cert, respect their choice and do not override.
-    // Support both "--cert <path>" and "--cert=<path>" forms.
-    const hasUserCert = args.some((a) => {
-      if (a === "--cert") return true;
-      return typeof a === "string" && a.startsWith("--cert=");
-    });
+    // Respect user-provided --cert: detect both "--cert <path>" and "--cert=<path>"
+    const hasUserCert = args.some(
+      (a) => a === "--cert" || (typeof a === "string" && a.startsWith("--cert="))
+    );
 
-    // By default, pass --cert with our CA so pip trusts our MITM for known registries.
-    // Note: pip treats --cert as the CA bundle to use for TLS (it does not merge with system CAs).
-    const finalArgs = hasUserCert ? [...args] : [...args, "--cert", getCaCertPath()];
+    let finalArgs = [...args];
+    if (allKnown && !hasUserCert) {
+      finalArgs = [...args, "--cert", getCaCertPath()];
+    }
 
     const result = await safeSpawn(command, finalArgs, {
       stdio: "inherit",

packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js

@@ -43,7 +43,7 @@ describe("runPipCommand --cert handling", () => {
     mock.reset();
   });
 
-  it("should append --cert with our CA path to pip args", async () => {
+  it("should append --cert with our CA path to pip args by default (PyPI)", async () => {
     const res = await runPip("pip3", ["install", "requests"]);
     assert.strictEqual(res.status, 0);
 
@@ -59,6 +59,10 @@ describe("runPipCommand --cert handling", () => {
     // Original args should be preserved before --cert
     assert.strictEqual(capturedArgs.args[0], "install");
     assert.strictEqual(capturedArgs.args[1], "requests");
+
+  // No Python CA env overrides expected
+  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
+  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
   });
 
   it("should not override user-provided --cert <path>", async () => {
@@ -72,6 +76,9 @@ describe("runPipCommand --cert handling", () => {
     assert.strictEqual(certIndices.length, 1, "should not inject an extra --cert");
     const userPath = capturedArgs.args[certIndices[0] + 1];
     assert.strictEqual(userPath, "/tmp/user-ca.pem", "should preserve user-provided cert path");
+  // No Python CA env overrides expected
+  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
+  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
   });
 
   it("should not override user-provided --cert=<path>", async () => {
@@ -83,5 +90,37 @@ describe("runPipCommand --cert handling", () => {
     assert.ok(hasInline, "should keep inline --cert=<path>");
     const injectedIndex = capturedArgs.args.indexOf("--cert");
     assert.strictEqual(injectedIndex, -1, "should not inject separate --cert when inline is provided");
+  // No Python CA env overrides expected
+  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
+  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
+  });
+
+  it("should inject --cert when explicit index is a known PyPI host", async () => {
+    const res = await runPip("pip3", ["install", "requests", "--index-url", "https://pypi.org/simple"]);
+    assert.strictEqual(res.status, 0);
+    const idx = capturedArgs.args.indexOf("--cert");
+    assert.ok(idx >= 0, "--cert should be present for known registries");
+  });
+
+  it("should NOT inject --cert when index points to an unknown external mirror (tunneled)", async () => {
+    const res = await runPip("pip3", [
+      "install",
+      "certifi",
+      "--index-url",
+      "https://pypi.tuna.tsinghua.edu.cn/simple",
+    ]);
+    assert.strictEqual(res.status, 0);
+    const idx = capturedArgs.args.indexOf("--cert");
+    assert.strictEqual(idx, -1, "--cert should be omitted for tunneled external hosts");
+  });
+
+  it("should NOT inject --cert when installing from a direct external URL", async () => {
+    const res = await runPip("pip3", [
+      "install",
+      "https://example.com/pkg-1.0.0-py3-none-any.whl",
+    ]);
+    assert.strictEqual(res.status, 0);
+    const idx = capturedArgs.args.indexOf("--cert");
+    assert.strictEqual(idx, -1, "--cert should be omitted for direct external URLs");
   });
 });