milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #338 from AikidoSec/cleanup-cert-bundle

Browse source 
Cleanup generated cert bundles
This commit is contained in:
bitterpanda 2026-03-19 18:38:18 +01:00 committed by GitHub
commit a7a94d9211
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 31 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

28
packages/safe-chain/src/registryProxy/certBundle.js
View file

@ -8,6 +8,9 @@ import { X509Certificate } from "node:crypto";
import { getCaCertPath } from "./certUtils.js"; import { getCaCertPath } from "./certUtils.js";
import { ui } from "../environment/userInteraction.js"; import { ui } from "../environment/userInteraction.js";
/** @type {string | null} */
let bundlePath = null;
/** /**
* Check if a PEM string contains only parsable cert blocks. * Check if a PEM string contains only parsable cert blocks.
* @param {string} pem - PEM-encoded certificate string * @param {string} pem - PEM-encoded certificate string
@ -54,6 +57,11 @@ function isParsable(pem) {
* @returns {string} Path to the combined CA bundle PEM file * @returns {string} Path to the combined CA bundle PEM file
*/ */
export function getCombinedCaBundlePath() { export function getCombinedCaBundlePath() {
if (bundlePath)
{
return bundlePath;
}
const parts = []; const parts = [];
// 1) Safe Chain CA (for MITM'd registries) // 1) Safe Chain CA (for MITM'd registries)
@ -99,9 +107,23 @@ export function getCombinedCaBundlePath() {
} }
const combined = parts.filter(Boolean).join("\n"); const combined = parts.filter(Boolean).join("\n");
const target = path.join(os.tmpdir(), `safe-chain-ca-bundle-${Date.now()}.pem`); bundlePath = path.join(os.tmpdir(), `safe-chain-ca-bundle-${Date.now()}.pem`);
fs.writeFileSync(target, combined, { encoding: "utf8" }); fs.writeFileSync(bundlePath, combined, { encoding: "utf8" });
return target; return bundlePath;
}
/**
* Remove the generated CA bundle file from disk.
*/
export function cleanupCertBundle() {
if (bundlePath) {
try {
fs.unlinkSync(bundlePath);
} catch (err) {
ui.writeVerbose(`Failed to cleanup the create bundle at ${bundlePath}`, err)
}
bundlePath = null;
}
} }
/** /**

8
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -2,7 +2,7 @@ import * as http from "http";
import { tunnelRequest } from "./tunnelRequestHandler.js"; import { tunnelRequest } from "./tunnelRequestHandler.js";
import { mitmConnect } from "./mitmRequestHandler.js"; import { mitmConnect } from "./mitmRequestHandler.js";
import { handleHttpProxyRequest } from "./plainHttpProxy.js"; import { handleHttpProxyRequest } from "./plainHttpProxy.js";
import { getCombinedCaBundlePath } from "./certBundle.js"; import { getCombinedCaBundlePath, cleanupCertBundle } from "./certBundle.js";
import { ui } from "../environment/userInteraction.js"; import { ui } from "../environment/userInteraction.js";
import chalk from "chalk"; import chalk from "chalk";
import { createInterceptorForUrl } from "./interceptors/createInterceptorForEcoSystem.js"; import { createInterceptorForUrl } from "./interceptors/createInterceptorForEcoSystem.js";
@ -115,12 +115,16 @@ function stopServer(server) {
return new Promise((resolve) => { return new Promise((resolve) => {
try { try {
server.close(() => { server.close(() => {
cleanupCertBundle();
resolve(); resolve();
}); });
} catch { } catch {
resolve(); resolve();
} }
setTimeout(() => resolve(), SERVER_STOP_TIMEOUT_MS); setTimeout(() => {
cleanupCertBundle();
resolve();
}, SERVER_STOP_TIMEOUT_MS);
}); });
} }