milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into setup-check-if-dir-exists

Browse source
This commit is contained in:
Sander Declerck 2025-09-18 10:27:00 +02:00
commit 91473838d2
No known key found for this signature in database
8 changed files with 68 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

17
package-lock.json generated
View file

@ -4875,12 +4875,12 @@
"version": "1.0.0", "version": "1.0.0",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"abbrev": "^3.0.1", "abbrev": "3.0.1",
"chalk": "^5.4.1", "chalk": "5.4.1",
"make-fetch-happen": "^14.0.3", "make-fetch-happen": "14.0.3",
"npm-registry-fetch": "^18.0.2", "npm-registry-fetch": "18.0.2",
"ora": "^8.2.0", "ora": "8.2.0",
"semver": "^7.7.2" "semver": "7.7.2"
}, },
"bin": { "bin": {
"aikido-npm": "bin/aikido-npm.js", "aikido-npm": "bin/aikido-npm.js",
@ -4896,8 +4896,7 @@
"version": "1.0.0", "version": "1.0.0",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@aikidosec/safe-chain": "file:../safe-chain", "@aikidosec/safe-chain": "file:../safe-chain"
"make-fetch-happen": "^14.0.3"
}, },
"peerDependencies": { "peerDependencies": {
"bun": ">=1.2.21" "bun": ">=1.2.21"
@ -4908,8 +4907,6 @@
"version": "1.0.0", "version": "1.0.0",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@aikidosec/safe-chain": "file:../../packages/safe-chain",
"make-fetch-happen": "^14.0.3",
"node-pty": "^1.0.0" "node-pty": "^1.0.0"
} }
} }

12
packages/safe-chain/package.json
View file

@ -28,12 +28,12 @@
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, or pnpx from downloading or running the malware.", "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, or pnpx from downloading or running the malware.",
"dependencies": { "dependencies": {
"abbrev": "^3.0.1", "abbrev": "3.0.1",
"chalk": "^5.4.1", "chalk": "5.4.1",
"make-fetch-happen": "^14.0.3", "make-fetch-happen": "14.0.3",
"npm-registry-fetch": "^18.0.2", "npm-registry-fetch": "18.0.2",
"ora": "^8.2.0", "ora": "8.2.0",
"semver": "^7.7.2" "semver": "7.7.2"
}, },
"main": "src/main.js", "main": "src/main.js",
"bugs": { "bugs": {

14
packages/safe-chain/src/shell-integration/helpers.js
View file

@ -23,15 +23,17 @@ export function doesExecutableExistOnSystem(executableName) {
} }
} }
export function removeLinesMatchingPattern(filePath, pattern) { export function removeLinesMatchingPattern(filePath, pattern, eol) {
if (!fs.existsSync(filePath)) { if (!fs.existsSync(filePath)) {
return; return;
} }
eol = eol || os.EOL;
const fileContent = fs.readFileSync(filePath, "utf-8"); const fileContent = fs.readFileSync(filePath, "utf-8");
const lines = fileContent.split(/[\r\n\u2028\u2029]+/); const lines = fileContent.split(/[\r\n\u2028\u2029]/);
const updatedLines = lines.filter((line) => !shouldRemoveLine(line, pattern)); const updatedLines = lines.filter((line) => !shouldRemoveLine(line, pattern));
fs.writeFileSync(filePath, updatedLines.join(os.EOL), "utf-8"); fs.writeFileSync(filePath, updatedLines.join(eol), "utf-8");
} }
const maxLineLength = 100; const maxLineLength = 100;
@ -63,11 +65,13 @@ function shouldRemoveLine(line, pattern) {
return true; return true;
} }
export function addLineToFile(filePath, line) { export function addLineToFile(filePath, line, eol) {
createFileIfNotExists(filePath); createFileIfNotExists(filePath);
eol = eol || os.EOL;
const fileContent = fs.readFileSync(filePath, "utf-8"); const fileContent = fs.readFileSync(filePath, "utf-8");
const updatedContent = fileContent + os.EOL + line + os.EOL; const updatedContent = fileContent + eol + line + eol;
fs.writeFileSync(filePath, updatedContent, "utf-8"); fs.writeFileSync(filePath, updatedContent, "utf-8");
} }

13
packages/safe-chain/src/shell-integration/supported-shells/bash.js
View file

@ -9,6 +9,7 @@ import * as os from "os";
const shellName = "Bash"; const shellName = "Bash";
const executableName = "bash"; const executableName = "bash";
const startupFileCommand = "echo ~/.bashrc"; const startupFileCommand = "echo ~/.bashrc";
const eol = "\n"; // When bash runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
function isInstalled() { function isInstalled() {
return doesExecutableExistOnSystem(executableName); return doesExecutableExistOnSystem(executableName);
@ -19,13 +20,18 @@ function teardown(tools) {
for (const { tool } of tools) { for (const { tool } of tools) {
// Remove any existing alias for the tool // Remove any existing alias for the tool
removeLinesMatchingPattern(startupFile, new RegExp(`^alias\\s+${tool}=`)); removeLinesMatchingPattern(
startupFile,
new RegExp(`^alias\\s+${tool}=`),
eol
);
} }
// Removes the line that sources the safe-chain bash initialization script (~/.aikido/scripts/init-posix.sh) // Removes the line that sources the safe-chain bash initialization script (~/.aikido/scripts/init-posix.sh)
removeLinesMatchingPattern( removeLinesMatchingPattern(
startupFile, startupFile,
/^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/ /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/,
eol
); );
return true; return true;
@ -36,7 +42,8 @@ function setup() {
addLineToFile( addLineToFile(
startupFile, startupFile,
`source ~/.safe-chain/scripts/init-posix.sh # Safe-chain bash initialization script` `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain bash initialization script`,
eol
); );
return true; return true;

10
packages/safe-chain/src/shell-integration/supported-shells/fish.js
View file

@ -8,6 +8,7 @@ import { execSync } from "child_process";
const shellName = "Fish"; const shellName = "Fish";
const executableName = "fish"; const executableName = "fish";
const startupFileCommand = "echo ~/.config/fish/config.fish"; const startupFileCommand = "echo ~/.config/fish/config.fish";
const eol = "\n"; // When fish runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
function isInstalled() { function isInstalled() {
return doesExecutableExistOnSystem(executableName); return doesExecutableExistOnSystem(executableName);
@ -20,14 +21,16 @@ function teardown(tools) {
// Remove any existing alias for the tool // Remove any existing alias for the tool
removeLinesMatchingPattern( removeLinesMatchingPattern(
startupFile, startupFile,
new RegExp(`^alias\\s+${tool}\\s+`) new RegExp(`^alias\\s+${tool}\\s+`),
eol
); );
} }
// Removes the line that sources the safe-chain fish initialization script (~/.safe-chain/scripts/init-fish.fish) // Removes the line that sources the safe-chain fish initialization script (~/.safe-chain/scripts/init-fish.fish)
removeLinesMatchingPattern( removeLinesMatchingPattern(
startupFile, startupFile,
/^source\s+~\/\.safe-chain\/scripts\/init-fish\.fish/ /^source\s+~\/\.safe-chain\/scripts\/init-fish\.fish/,
eol
); );
return true; return true;
@ -38,7 +41,8 @@ function setup() {
addLineToFile( addLineToFile(
startupFile, startupFile,
`source ~/.safe-chain/scripts/init-fish.fish # Safe-chain Fish initialization script` `source ~/.safe-chain/scripts/init-fish.fish # Safe-chain Fish initialization script`,
eol
); );
return true; return true;

13
packages/safe-chain/src/shell-integration/supported-shells/zsh.js
View file

@ -8,6 +8,7 @@ import { execSync } from "child_process";
const shellName = "Zsh"; const shellName = "Zsh";
const executableName = "zsh"; const executableName = "zsh";
const startupFileCommand = "echo ${ZDOTDIR:-$HOME}/.zshrc"; const startupFileCommand = "echo ${ZDOTDIR:-$HOME}/.zshrc";
const eol = "\n"; // When zsh runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
function isInstalled() { function isInstalled() {
return doesExecutableExistOnSystem(executableName); return doesExecutableExistOnSystem(executableName);
@ -18,13 +19,18 @@ function teardown(tools) {
for (const { tool } of tools) { for (const { tool } of tools) {
// Remove any existing alias for the tool // Remove any existing alias for the tool
removeLinesMatchingPattern(startupFile, new RegExp(`^alias\\s+${tool}=`)); removeLinesMatchingPattern(
startupFile,
new RegExp(`^alias\\s+${tool}=`),
eol
);
} }
// Removes the line that sources the safe-chain zsh initialization script (~/.aikido/scripts/init-posix.sh) // Removes the line that sources the safe-chain zsh initialization script (~/.aikido/scripts/init-posix.sh)
removeLinesMatchingPattern( removeLinesMatchingPattern(
startupFile, startupFile,
/^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/ /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/,
eol
); );
return true; return true;
@ -35,7 +41,8 @@ function setup() {
addLineToFile( addLineToFile(
startupFile, startupFile,
`source ~/.safe-chain/scripts/init-posix.sh # Safe-chain Zsh initialization script` `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain Zsh initialization script`,
eol
); );
return true; return true;

19
packages/safe-chain/src/shell-integration/supported-shells/zsh.spec.js
View file

@ -222,5 +222,24 @@ describe("Zsh shell integration", () => {
); );
assert.ok(content.includes("alias ls=")); assert.ok(content.includes("alias ls="));
}); });
it("should respect empty lines and comments", () => {
const initialContent = [
"#!/bin/zsh",
"",
"# Some comment",
"",
"",
"",
"# Another comment",
].join("\n");
fs.writeFileSync(mockStartupFile, initialContent, "utf-8");
zsh.teardown(knownAikidoTools);
const content = fs.readFileSync(mockStartupFile, "utf-8");
assert.strictEqual(content, initialContent);
});
}); });
}); });

32
test/e2e/package-lock.json generated
View file

@ -1,32 +0,0 @@
{
"name": "@aikidosec/safe-chain-e2e-tests",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@aikidosec/safe-chain-e2e-tests",
"version": "1.0.0",
"license": "AGPL-3.0-or-later",
"dependencies": {
"node-pty": "^1.0.0"
}
},
"node_modules/nan": {
"version": "2.23.0",
"resolved": "https://registry.npmjs.org/nan/-/nan-2.23.0.tgz",
"integrity": "sha512-1UxuyYGdoQHcGg87Lkqm3FzefucTa0NAiOcuRsDmysep3c1LVCRK2krrUDafMWtjSG04htvAmvg96+SDknOmgQ==",
"license": "MIT"
},
"node_modules/node-pty": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/node-pty/-/node-pty-1.0.0.tgz",
"integrity": "sha512-wtBMWWS7dFZm/VgqElrTvtfMq4GzJ6+edFI0Y0zyzygUSZMgZdraDUMUhCIvkjhJjme15qWmbyJbtAx4ot4uZA==",
"hasInstallScript": true,
"license": "MIT",
"dependencies": {
"nan": "^2.17.0"
}
}
}
}