milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some more cleanup

Browse source
This commit is contained in:
Reinier Criel 2025-10-23 13:11:51 -07:00
parent 059cba06bc
commit b5988e19c1
2 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -34,7 +34,10 @@ function getSafeChainProxyEnvironmentVariables() {
GLOBAL_AGENT_HTTP_PROXY: `http://localhost:${state.port}`, GLOBAL_AGENT_HTTP_PROXY: `http://localhost:${state.port}`,
NODE_EXTRA_CA_CERTS: getCaCertPath(), NODE_EXTRA_CA_CERTS: getCaCertPath(),
// Following env vars point pip and Python's requests/urllib at a CA bundle file. // Following env vars point pip and Python's requests/urllib at a CA Cert file.
// pip checks PIP_CERT first
// If pip uses requests library internally, it needs REQUESTS_CA_BUNDLE
// Other Python packages or pip's fallback SSL code may use SSL_CERT_FILE
PIP_CERT: getCaCertPath(), PIP_CERT: getCaCertPath(),
REQUESTS_CA_BUNDLE: getCaCertPath(), REQUESTS_CA_BUNDLE: getCaCertPath(),
SSL_CERT_FILE: getCaCertPath(), SSL_CERT_FILE: getCaCertPath(),

9
test/e2e/pip.e2e.spec.js
View file

@ -2,8 +2,6 @@ import { describe, it, before, beforeEach, afterEach } from "node:test";
import { DockerTestContainer } from "./DockerTestContainer.js"; import { DockerTestContainer } from "./DockerTestContainer.js";
import assert from "node:assert"; import assert from "node:assert";
// Note: These tests require Docker. If Docker isn't available locally,
// they will be skipped by the runner or fail to build the image.
describe("E2E: pip coverage", () => { describe("E2E: pip coverage", () => {
let container; let container;
@ -28,7 +26,7 @@ describe("E2E: pip coverage", () => {
} }
}); });
it(`safe-chain successfully installs safe packages with pip3`, async () => { it(`successfully installs known safe packages with pip3`, async () => {
const shell = await container.openShell("zsh"); const shell = await container.openShell("zsh");
const result = await shell.runCommand("pip3 install requests"); const result = await shell.runCommand("pip3 install requests");
@ -38,7 +36,7 @@ describe("E2E: pip coverage", () => {
); );
}); });
it(`pip3 download works with safe-chain proxy`, async () => { it(`pip3 download`, async () => {
const shell = await container.openShell("zsh"); const shell = await container.openShell("zsh");
const result = await shell.runCommand("pip3 download requests"); const result = await shell.runCommand("pip3 download requests");
@ -48,7 +46,7 @@ describe("E2E: pip coverage", () => {
); );
}); });
it(`pip3 wheel works with safe-chain proxy`, async () => { it(`pip3 .whl`, async () => {
const shell = await container.openShell("zsh"); const shell = await container.openShell("zsh");
const result = await shell.runCommand("pip3 wheel requests"); const result = await shell.runCommand("pip3 wheel requests");
@ -62,7 +60,6 @@ describe("E2E: pip coverage", () => {
const shell = await container.openShell("zsh"); const shell = await container.openShell("zsh");
const result = await shell.runCommand("pip3 install --dry-run requests"); const result = await shell.runCommand("pip3 install --dry-run requests");
// Scanner intentionally skips when --dry-run is present for install
assert.ok( assert.ok(
result.output.includes("no malicious packages found."), result.output.includes("no malicious packages found."),
`Output did not include expected text. Output was:\n${result.output}` `Output did not include expected text. Output was:\n${result.output}`