milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ensure that --cert parameters do not get overriden

Browse source
This commit is contained in:
Reinier Criel 2025-10-28 15:02:59 -07:00
parent 70dc89c3e8
commit a17e14c988
3 changed files with 103 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

24
packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js
View file

@ -60,4 +60,28 @@ describe("runPipCommand --cert handling", () => {
assert.strictEqual(capturedArgs.args[0], "install");
assert.strictEqual(capturedArgs.args[1], "requests");
});
it("should not override user-provided --cert <path>", async () => {
const res = await runPip("pip3", ["install", "requests", "--cert", "/tmp/user-ca.pem"]);
assert.strictEqual(res.status, 0);
// Ensure only the user-provided --cert is present
const certIndices = capturedArgs.args
.map((a, i) => (a === "--cert" ? i : -1))
.filter((i) => i >= 0);
assert.strictEqual(certIndices.length, 1, "should not inject an extra --cert");
const userPath = capturedArgs.args[certIndices[0] + 1];
assert.strictEqual(userPath, "/tmp/user-ca.pem", "should preserve user-provided cert path");
});
it("should not override user-provided --cert=<path>", async () => {
const res = await runPip("pip3", ["install", "requests", "--cert=/tmp/user-ca.pem"]);
assert.strictEqual(res.status, 0);
// Ensure args contain the inline --cert=<path> and no extra --cert token
const hasInline = capturedArgs.args.some((a) => typeof a === "string" && a.startsWith("--cert="));
assert.ok(hasInline, "should keep inline --cert=<path>");
const injectedIndex = capturedArgs.args.indexOf("--cert");
assert.strictEqual(injectedIndex, -1, "should not inject separate --cert when inline is provided");
});
});