milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use CA bundle when using rama proxy

Browse source
This commit is contained in:
Sander Declerck 2026-02-12 10:18:37 +01:00
parent 9a7c054a3f
commit ba604eaeaa
No known key found for this signature in database
12 changed files with 267 additions and 421 deletions
Download patch file Download diff file Expand all files Collapse all files

37
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -1,6 +1,7 @@
import { ui } from "../environment/userInteraction.js";
import { createRamaProxy, getRamaPath } from "./ramaProxy/createRamaProxy.js";
import { createBuiltInProxyServer } from "./builtInProxy/createBuiltInProxyServer.js";
import { getCombinedCaBundlePath } from "./certBundle.js";
/**
* @typedef {Object} SafeChainProxy
@ -9,7 +10,11 @@ import { createBuiltInProxyServer } from "./builtInProxy/createBuiltInProxyServe
* @prop {() => boolean} verifyNoMaliciousPackages
* @prop {() => boolean} hasSuppressedVersions
* @prop {() => Number | null} getServerPort
* @prop {() => string} getCombinedCaBundlePath
* @prop {() => string | null} getCaCert
*
* @typedef {Object} ProxySettings
* @prop {string | null} proxyUrl
* @prop {string} caCertBundlePath
*/
/** @type {SafeChainProxy} */
@ -31,6 +36,27 @@ export function createSafeChainProxy() {
return server;
}
/**
* @returns {ProxySettings}
*/
export function getProxySettings() {
if (!server || !server.getServerPort()) {
return {
proxyUrl: null,
caCertBundlePath: getCombinedCaBundlePath(null),
};
}
const proxyUrl = `http://localhost:${server.getServerPort()}`;
const caCert = server.getCaCert();
const caCertBundlePath = getCombinedCaBundlePath(caCert);
return {
proxyUrl,
caCertBundlePath,
};
}
/**
* @returns {Record<string, string>}
*/
@ -39,13 +65,12 @@ function getSafeChainProxyEnvironmentVariables() {
return {};
}
const proxyUrl = `http://localhost:${server.getServerPort()}`;
const caCertPath = server.getCombinedCaBundlePath();
const proxySettings = getProxySettings();
return {
HTTPS_PROXY: proxyUrl,
GLOBAL_AGENT_HTTP_PROXY: proxyUrl,
NODE_EXTRA_CA_CERTS: caCertPath,
HTTPS_PROXY: proxySettings.proxyUrl ?? "",
GLOBAL_AGENT_HTTP_PROXY: proxySettings.proxyUrl ?? "",
NODE_EXTRA_CA_CERTS: proxySettings.caCertBundlePath,
};
}