milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix python command returning -1 by selective wrapper interception and explicit bypass

Browse source
This commit is contained in:
Reinier Criel 2025-12-10 15:01:35 -08:00
parent 14bb6899d8
commit 9417be1ac5
8 changed files with 354 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/e2e/DockerTestContainer.js
View file

@ -16,20 +16,22 @@ const yarnVersion = process.env.YARN_VERSION || "latest";
const pnpmVersion = process.env.PNPM_VERSION || "latest";
export class DockerTestContainer {
constructor() {
constructor(profile = "default") {
this.containerName = `safe-chain-test-${Math.random()
.toString(36)
.substring(2, 15)}`;
this.isRunning = false;
this.profile = profile;
}
static buildImage() {
static buildImage(profile = "default") {
try {
const buildArgs = [
`--build-arg NODE_VERSION=${nodeVersion}`,
`--build-arg NPM_VERSION=${npmVersion}`,
`--build-arg YARN_VERSION=${yarnVersion}`,
`--build-arg PNPM_VERSION=${pnpmVersion}`,
profile === "pyenv" ? "--build-arg ENABLE_PYENV=true" : "",
].join(" ");
execSync(

8
test/e2e/Dockerfile
View file

@ -26,6 +26,7 @@ ARG NPM_VERSION=latest
ARG YARN_VERSION=latest
ARG PNPM_VERSION=latest
ARG PYTHON_VERSION=3
ARG ENABLE_PYENV=false
SHELL ["/bin/bash", "-c"]
ENV BASH_ENV=~/.bashrc
@ -84,3 +85,10 @@ RUN npm install -g /pkgs/*.tgz
WORKDIR /testapp
RUN npm init -y
# Optional: install pyenv and set a managed Python version when enabled
RUN if [ "$ENABLE_PYENV" = "true" ]; then \
apt-get update && apt-get install -y git build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev libffi-dev && \
git clone https://github.com/pyenv/pyenv.git /root/.pyenv && \
bash -lc 'export PYENV_ROOT=/root/.pyenv; export PATH="$PYENV_ROOT/bin:$PATH"; eval "$(pyenv init -)"; pyenv install 3.12.3; pyenv global 3.12.3'; \
fi

150
test/e2e/pip.e2e.spec.js
View file

@ -569,6 +569,137 @@ describe("E2E: pip coverage", () => {
);
});
it(`python3 --version completes quickly (no recursion/loop)`, async () => {
const shell = await container.openShell("zsh");
const start = Date.now();
const result = await shell.runCommand("python3 --version");
const durationMs = Date.now() - start;
assert.ok(
durationMs < 3000,
`Command should complete quickly. Took ${durationMs}ms. Output was:\n${result.output}`
);
assert.ok(
result.output.match(/Python 3\.\d+\.\d+/),
`Should output Python version. Output was:\n${result.output}`
);
});
it(`alias python=python3 still bypasses and is fast`, async () => {
const shell = await container.openShell("zsh");
await shell.runCommand("alias python=python3");
const start = Date.now();
const result = await shell.runCommand("python --version");
const durationMs = Date.now() - start;
assert.ok(
durationMs < 3000,
`Command should complete quickly. Took ${durationMs}ms. Output was:\n${result.output}`
);
assert.ok(
result.output.match(/Python 3\.\d+\.\d+/),
`Should output Python 3 version via alias. Output was:\n${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
`Non-pip alias should bypass safe-chain. Output was:\n${result.output}`
);
});
it(`alias python=python3, python -m pip goes through safe-chain`, async () => {
const shell = await container.openShell("zsh");
await shell.runCommand("alias python=python3");
const start = Date.now();
const result = await shell.runCommand(
"python -m pip install --break-system-packages certifi --safe-chain-logging=verbose"
);
const durationMs = Date.now() - start;
assert.ok(
durationMs < 10000,
`Install should not hang or loop under alias. Took ${durationMs}ms. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Safe-chain") ||
result.output.includes("no malware found"),
`pip flow SHOULD be protected even with alias. Output was:\n${result.output}`
);
});
// Shadowing function tests: user-defined shell function overrides wrapper
it(`function python(){ python3 "$@"; } bypasses non-pip and is fast`, async () => {
const shell = await container.openShell("zsh");
await shell.runCommand('function python(){ python3 "$@"; }');
const start = Date.now();
const result = await shell.runCommand("python --version");
const durationMs = Date.now() - start;
assert.ok(
durationMs < 3000,
`Command should complete quickly under shadowing function. Took ${durationMs}ms. Output was:\n${result.output}`
);
assert.ok(
result.output.match(/Python 3\.\d+\.\d+/),
`Should output Python 3 version via shadowing function. Output was:\n${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
`Non-pip via shadowing function should bypass safe-chain. Output was:\n${result.output}`
);
});
it(`function python(){ python3 "$@"; } with python -m pip is protected`, async () => {
const shell = await container.openShell("zsh");
await shell.runCommand('function python(){ python3 "$@"; }');
const start = Date.now();
const result = await shell.runCommand(
"python -m pip install --break-system-packages certifi --safe-chain-logging=verbose"
);
const durationMs = Date.now() - start;
assert.ok(
durationMs < 10000,
`Install should not hang or loop under shadowing function. Took ${durationMs}ms. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Safe-chain") ||
result.output.includes("no malware found"),
`pip flow SHOULD be protected even with shadowing function. Output was:\n${result.output}`
);
});
it(`shadow function + python -m pip blocks malware`, async () => {
const shell = await container.openShell("zsh");
await shell.runCommand('function python(){ python3 "$@"; }');
const result = await shell.runCommand(
"python -m pip install --break-system-packages safe-chain-pi-test"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads:"),
`Should block malware under shadow function. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("safe_chain_pi_test@0.0.1"),
`Should identify malware package. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Should refuse installation. Output was:\n${result.output}`
);
const listResult = await shell.runCommand("python -m pip list");
assert.ok(
!listResult.output.includes("safe-chain-pi-test"),
`Malicious package should not be installed. Output was:\n${listResult.output}`
);
});
it(`python --version should bypass safe-chain and work normally`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python --version");
@ -817,6 +948,25 @@ describe("E2E: pip coverage", () => {
);
});
it(`python3 -m pip completes quickly and shows protection`, async () => {
const shell = await container.openShell("zsh");
const start = Date.now();
const result = await shell.runCommand(
"python3 -m pip install --break-system-packages certifi --safe-chain-logging=verbose"
);
const durationMs = Date.now() - start;
assert.ok(
durationMs < 10000,
`Install should not hang or loop. Took ${durationMs}ms. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Safe-chain") ||
result.output.includes("no malware found"),
`python3 -m pip SHOULD go through safe-chain. Output was:\n${result.output}`
);
});
it(`python3 -m pip3 DOES go through safe-chain (sanity check)`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand(

155
test/e2e/pyenv.e2e.spec.js Normal file
View file

@ -0,0 +1,155 @@
import { describe, it, before, after } from "node:test";
import assert from "node:assert";
import { DockerTestContainer } from "./DockerTestContainer.js";
let hasPyenv = false;
describe("E2E: pyenv wrappers only intercept -m pip", () => {
let c;
before(async () => {
DockerTestContainer.buildImage("pyenv");
c = new DockerTestContainer("pyenv");
await c.start();
const sh = await c.openShell("bash");
// Ensure pyenv is on PATH and shims initialized for this shell
await sh.runCommand(
'export PYENV_ROOT=/root/.pyenv; export PATH="$PYENV_ROOT/bin:$PATH"; eval "$(pyenv init -)" || true'
);
await sh.runCommand("pip3 cache purge >/dev/null 2>&1 || true");
// Assert pyenv is installed and active
const v = await sh.runCommand("pyenv --version || echo MISSING");
hasPyenv = /pyenv [0-9]/.test(v);
if (hasPyenv) {
const versions = await sh.runCommand("pyenv versions || true");
// Non-fatal check: ensure at least one version appears
assert.match(versions, /(system|\d+\.\d+)/, "pyenv versions should list entries");
const whichPy = await sh.runCommand("pyenv which python || true");
assert.match(whichPy, /\.pyenv\/versions\//, "pyenv which python should point to pyenv version dir");
}
});
it("pyenv local sets project-specific version", async () => {
if (!hasPyenv) return;
const sh = await c.openShell("bash");
await sh.runCommand("mkdir -p /work/localtest && cd /work/localtest && pyenv local 3.12.3");
const inside = await sh.runCommand("cd /work/localtest && python --version 2>&1");
assert.match(inside, /Python 3\.12\./);
const outside = await sh.runCommand("cd / && pyenv version && python --version 2>&1");
assert.notMatch(outside, /3\.12\./, "outside dir should not be forced to 3.12 by local file");
});
it("pyenv shell overrides version for current session", async () => {
if (!hasPyenv) return;
const sh = await c.openShell("bash");
// Set shell-specific version
await sh.runCommand("pyenv shell 3.12.3");
const v1 = await sh.runCommand("pyenv version");
assert.match(v1, /3\.12\.3 \(set by PYENV_VERSION/);
const p1 = await sh.runCommand("python --version 2>&1");
assert.match(p1, /Python 3\.12\./);
// Unset and verify it reverts
await sh.runCommand("pyenv shell --unset");
const v2 = await sh.runCommand("pyenv version");
assert.match(v2, /system \(set by .*\.pyenv\/version\)/);
});
after(async () => {
await c.stop();
});
it("python --version bypasses and succeeds", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("safe-chain setup --include-python >/dev/null 2>&1 || true");
const res = await sh.runCommand("python --version 2>&1; echo EXIT:$?\n");
assert.ok(/Python\s+\d+\.\d+\.\d+/.test(res.output), `version missing: ${res.output}`);
assert.ok(res.output.includes("EXIT:0"), `exit not 0: ${res.output}`);
});
it("python3 --version bypasses and succeeds", async () => {
const sh = await c.openShell("bash");
const res = await sh.runCommand("python3 --version 2>&1; echo EXIT:$?\n");
assert.ok(/Python\s+3\./.test(res.output), `version missing: ${res.output}`);
assert.ok(res.output.includes("EXIT:0"), `exit not 0: ${res.output}`);
});
it("shadowing function: command python succeeds (explicit bypass)", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("python() { return 1; }; export -f python");
const res = await sh.runCommand("type -a python; command python --version 2>&1; echo EXIT:$?\n");
assert.ok(/Python\s+\d+\.\d+\.\d+/.test(res.output), `version missing: ${res.output}`);
assert.ok(res.output.includes("EXIT:0"), `exit not 0: ${res.output}`);
});
it("python -m pip install succeeds under wrappers", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("pip3 cache purge >/dev/null 2>&1 || true");
const res = await sh.runCommand("python3 -m pip install --break-system-packages certifi 2>&1\n");
assert.ok(res.output.match(/Successfully installed|Requirement already satisfied/), `pip install did not succeed: ${res.output}`);
});
it("python -m pip blocks malware under pyenv-style shadow", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("safe-chain setup --include-python >/dev/null 2>&1 || true");
await sh.runCommand("pip3 cache purge >/dev/null 2>&1 || true");
// Emulate pyenv-style function forwarding
await sh.runCommand('python() { python3 "$@"; }; export -f python');
const res = await sh.runCommand("python -m pip install --break-system-packages safe-chain-pi-test 2>&1\n");
assert.ok(
res.output.includes("blocked 1 malicious package downloads:"),
`Should block malware. Output:\n${res.output}`
);
assert.ok(
res.output.includes("safe_chain_pi_test@0.0.1"),
`Should identify malware package. Output:\n${res.output}`
);
assert.ok(
res.output.includes("Exiting without installing malicious packages."),
`Should refuse installation. Output:\n${res.output}`
);
const list = await sh.runCommand("python -m pip list 2>&1\n");
assert.ok(
!list.output.includes("safe-chain-pi-test"),
`Malicious package should not be installed. Output:\n${list.output}`
);
});
it("python -m pip works and installs (no shadow)", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("safe-chain setup --include-python >/dev/null 2>&1 || true");
await sh.runCommand("pip3 cache purge >/dev/null 2>&1 || true");
const res = await sh.runCommand("python -m pip install --break-system-packages certifi --safe-chain-logging=verbose 2>&1\n");
assert.ok(
res.output.match(/Successfully installed|Requirement already satisfied/),
`pip install should succeed. Output:\n${res.output}`
);
});
it("pip3 download works and scans (no shadow)", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("safe-chain setup --include-python >/dev/null 2>&1 || true");
await sh.runCommand("pip3 cache purge >/dev/null 2>&1 || true");
const res = await sh.runCommand("pip3 download requests --safe-chain-logging=verbose 2>&1\n");
assert.ok(
res.output.includes("no malware found."),
`Download should be scanned. Output:\n${res.output}`
);
});
it("pip3 wheel works and proxies registry (no shadow)", async () => {
const sh = await c.openShell("bash");
await sh.runCommand("safe-chain setup --include-python >/dev/null 2>&1 || true");
await sh.runCommand("pip3 cache purge >/dev/null 2>&1 || true");
const res = await sh.runCommand("pip3 wheel requests --safe-chain-logging=verbose 2>&1\n");
assert.ok(
res.output.includes("Safe-chain: Set up MITM tunnel") ||
res.output.includes("Finished proxying request"),
`Wheel should route via proxy. Output:\n${res.output}`
);
});
});