milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some more cleanup

Browse source
This commit is contained in:
Reinier Criel 2026-04-01 15:38:42 -07:00
parent 2b1247cf36
commit c696386825
3 changed files with 33 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
packages/safe-chain/src/registryProxy/interceptors/pip/modifyPipJsonResponse.js
View file

@ -58,12 +58,16 @@ function filterJsonMetadataFiles(
} }
let modified = false; let modified = false;
const loggedVersions = new Set();
json.files = json.files.filter((/** @type {any} */ file) => { json.files = json.files.filter((/** @type {any} */ file) => {
const version = getPackageVersionFromMetadataFile(file, metadataUrl); const version = getPackageVersionFromMetadataFile(file, metadataUrl);
if (version && isNewlyReleasedPackage(packageName, version)) { if (version && isNewlyReleasedPackage(packageName, version)) {
modified = true; modified = true;
logSuppressedVersion(packageName, version); if (!loggedVersions.has(version)) {
logSuppressedVersion(packageName, version);
loggedVersions.add(version);
}
return false; return false;
} }
@ -118,12 +122,16 @@ function filterJsonMetadataUrls(
} }
let modified = false; let modified = false;
const loggedVersions = new Set();
json.urls = json.urls.filter((/** @type {any} */ file) => { json.urls = json.urls.filter((/** @type {any} */ file) => {
const version = getPackageVersionFromMetadataFile(file, metadataUrl); const version = getPackageVersionFromMetadataFile(file, metadataUrl);
if (version && isNewlyReleasedPackage(packageName, version)) { if (version && isNewlyReleasedPackage(packageName, version)) {
modified = true; modified = true;
logSuppressedVersion(packageName, version); if (!loggedVersions.has(version)) {
logSuppressedVersion(packageName, version);
loggedVersions.add(version);
}
return false; return false;
} }

17
packages/safe-chain/src/registryProxy/interceptors/pip/parsePipPackageUrl.js
View file

@ -1,4 +1,19 @@
/** /**
* Parses a PyPI metadata URL and returns the package name and API type.
*
* @example
* parsePipMetadataUrl("https://pypi.org/simple/requests/")
* // => { packageName: "requests", type: "simple" }
*
* parsePipMetadataUrl("https://pypi.org/pypi/requests/json")
* // => { packageName: "requests", type: "json" }
*
* parsePipMetadataUrl("https://pypi.org/pypi/requests/2.28.1/json")
* // => { packageName: "requests", type: "json" }
*
* parsePipMetadataUrl("https://files.pythonhosted.org/packages/requests-2.28.1.tar.gz")
* // => { packageName: undefined, type: undefined }
*
* @param {string} url * @param {string} url
* @returns {{ packageName: string | undefined, type: "simple" | "json" | undefined }} * @returns {{ packageName: string | undefined, type: "simple" | "json" | undefined }}
*/ */
@ -29,7 +44,7 @@ export function parsePipMetadataUrl(url) {
if ( if (
pathSegments.length >= 3 && pathSegments.length >= 3 &&
pathSegments[0] === "pypi" && pathSegments[0] === "pypi" &&
pathSegments[2] === "json" && pathSegments[pathSegments.length - 1] === "json" &&
pathSegments[1] pathSegments[1]
) { ) {
return { return {

7
packages/safe-chain/src/registryProxy/interceptors/pip/parsePipPackageUrl.spec.js
View file

@ -21,6 +21,13 @@ describe("parsePipPackageUrl", () => {
}); });
}); });
it("parses per-version json metadata URLs", () => {
assert.deepEqual(
parsePipMetadataUrl("https://pypi.org/pypi/requests/2.28.1/json"),
{ packageName: "requests", type: "json" }
);
});
it("decodes encoded metadata package names", () => { it("decodes encoded metadata package names", () => {
assert.deepEqual( assert.deepEqual(
parsePipMetadataUrl("https://pypi.org/simple/foo-bar%5Fbaz/"), parsePipMetadataUrl("https://pypi.org/simple/foo-bar%5Fbaz/"),