milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add e2e test for UVX

Browse source
This commit is contained in:
Stephen Benjamin 2026-04-08 15:52:35 -04:00
parent 14c8abffea
commit 8e4f036ce9
1 changed files with 132 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

132
test/e2e/uvx.e2e.spec.js Normal file
View file

@ -0,0 +1,132 @@
import { describe, it, before, beforeEach, afterEach } from "node:test";
import { DockerTestContainer } from "./DockerTestContainer.js";
import assert from "node:assert";
describe("E2E: uvx coverage", () => {
let container;
before(async () => {
DockerTestContainer.buildImage();
});
beforeEach(async () => {
container = new DockerTestContainer();
await container.start();
const installationShell = await container.openShell("zsh");
await installationShell.runCommand("safe-chain setup");
// Clear uv cache
await installationShell.runCommand("uv cache clean");
});
afterEach(async () => {
if (container) {
await container.stop();
container = null;
}
});
it(`successfully runs a known safe tool with uvx`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx ruff --version --safe-chain-logging=verbose"
);
assert.ok(
result.output.includes("no malware found.") || /ruff/i.test(result.output),
`Expected safe tool to run successfully. Output was:\n${result.output}`
);
});
it(`safe-chain blocks malicious packages via uvx`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx safe-chain-pi-test"
);
assert.ok(
result.output.includes("blocked by safe-chain"),
`Expected malicious package to be blocked. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Expected exit message. Output was:\n${result.output}`
);
});
it(`uvx with --from flag runs a safe tool`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx --from ruff ruff --version --safe-chain-logging=verbose"
);
assert.ok(
result.output.includes("no malware found.") || /ruff/i.test(result.output),
`Expected safe tool to run successfully with --from. Output was:\n${result.output}`
);
});
it(`uvx with --from flag blocks malicious packages`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx --from safe-chain-pi-test some-command"
);
assert.ok(
result.output.includes("blocked by safe-chain"),
`Expected malicious package to be blocked with --from. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Expected exit message. Output was:\n${result.output}`
);
});
it(`uvx with specific version runs successfully`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx ruff@0.4.0 --version --safe-chain-logging=verbose"
);
assert.ok(
result.output.includes("no malware found.") || /ruff/i.test(result.output),
`Expected safe tool with version to run. Output was:\n${result.output}`
);
});
it(`uvx with --with flag for additional dependencies`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx --with requests ruff --version --safe-chain-logging=verbose"
);
assert.ok(
result.output.includes("no malware found.") || /ruff/i.test(result.output),
`Expected safe tool with --with dependency to run. Output was:\n${result.output}`
);
});
it(`uvx with --with flag blocks malicious additional dependencies`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(
"uvx --with safe-chain-pi-test ruff --version"
);
assert.ok(
result.output.includes("blocked by safe-chain"),
`Expected malicious --with dependency to be blocked. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Expected exit message. Output was:\n${result.output}`
);
});
});