milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add feature flag in setup for python support.

Browse source
This commit is contained in:
Sander Declerck 2025-11-14 14:12:44 +01:00
parent 6b208a8730
commit c6bcd6f646
No known key found for this signature in database
13 changed files with 413 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

64
test/e2e/pip-ci.e2e.spec.js
View file

@ -25,31 +25,55 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
it("does not intercept python3 --version", async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 --version");
assert.ok(result.output.match(/Python \d+\.\d+\.\d+/), `Output was: ${result.output}`);
assert.ok(!result.output.includes("Safe-chain"), "Safe Chain should not intercept generic python3 command");
assert.ok(
result.output.match(/Python \d+\.\d+\.\d+/),
`Output was: ${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
"Safe Chain should not intercept generic python3 command"
);
});
it("does not intercept python3 -c 'print(\"hello\")'", async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 -c 'print(\"hello\")'");
assert.ok(result.output.includes("hello"), `Output was: ${result.output}`);
assert.ok(!result.output.includes("Safe-chain"), "Safe Chain should not intercept generic python3 -c command");
assert.ok(
result.output.includes("hello"),
`Output was: ${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
"Safe Chain should not intercept generic python3 -c command"
);
});
it("does not intercept python3 test.py", async () => {
const shell = await container.openShell("zsh");
await shell.runCommand("echo 'print(\"Hello from test.py!\")' > test.py");
const result = await shell.runCommand("python3 test.py");
assert.ok(result.output.includes("Hello from test.py!"), `Output was: ${result.output}`);
assert.ok(!result.output.includes("Safe-chain"), "Safe Chain should not intercept generic python3 script execution");
assert.ok(
result.output.includes("Hello from test.py!"),
`Output was: ${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
"Safe Chain should not intercept generic python3 script execution"
);
});
it("does not intercept python test.py", async () => {
const shell = await container.openShell("zsh");
await shell.runCommand("echo 'print(\"Hello from test.py!\")' > test.py");
const result = await shell.runCommand("python test.py");
assert.ok(result.output.includes("Hello from test.py!"), `Output was: ${result.output}`);
assert.ok(!result.output.includes("Safe-chain"), "Safe Chain should not intercept generic python script execution");
assert.ok(
result.output.includes("Hello from test.py!"),
`Output was: ${result.output}`
);
assert.ok(
!result.output.includes("Safe-chain"),
"Safe Chain should not intercept generic python script execution"
);
});
});
@ -57,7 +81,9 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
it(`safe-chain setup-ci wraps pip3 command with PATH shim after installation for ${shell}`, async () => {
// Setup safe-chain CI shims
const installationShell = await container.openShell(shell);
await installationShell.runCommand("safe-chain setup-ci");
await installationShell.runCommand(
"safe-chain setup-ci --include-python"
);
// Add $HOME/.safe-chain/shims to PATH for subsequent shells
await installationShell.runCommand(
@ -73,9 +99,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
"pip3 install --break-system-packages certifi"
);
const hasExpectedOutput = result.output.includes(
"no malware found."
);
const hasExpectedOutput = result.output.includes("no malware found.");
assert.ok(
hasExpectedOutput,
hasExpectedOutput
@ -86,7 +110,9 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
it(`setup-ci routes python -m pip through safe-chain for ${shell}`, async () => {
const installationShell = await container.openShell(shell);
await installationShell.runCommand("safe-chain setup-ci");
await installationShell.runCommand(
"safe-chain setup-ci --include-python"
);
await installationShell.runCommand(
"echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc"
);
@ -107,7 +133,9 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
it(`setup-ci routes python3 -m pip through safe-chain for ${shell}`, async () => {
const installationShell = await container.openShell(shell);
await installationShell.runCommand("safe-chain setup-ci");
await installationShell.runCommand(
"safe-chain setup-ci --include-python"
);
await installationShell.runCommand(
"echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc"
);
@ -128,7 +156,9 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
it(`setup-ci routes pip through safe-chain for ${shell}`, async () => {
const installationShell = await container.openShell(shell);
await installationShell.runCommand("safe-chain setup-ci");
await installationShell.runCommand(
"safe-chain setup-ci --include-python"
);
await installationShell.runCommand(
"echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc"
);
@ -149,7 +179,9 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => {
it(`setup-ci routes pip3 through safe-chain for ${shell}`, async () => {
const installationShell = await container.openShell(shell);
await installationShell.runCommand("safe-chain setup-ci");
await installationShell.runCommand(
"safe-chain setup-ci --include-python"
);
await installationShell.runCommand(
"echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc"
);

11
test/e2e/pip.e2e.spec.js
View file

@ -15,7 +15,7 @@ describe("E2E: pip coverage", () => {
await container.start();
const installationShell = await container.openShell("zsh");
await installationShell.runCommand("safe-chain setup");
await installationShell.runCommand("safe-chain setup --include-python");
});
afterEach(async () => {
@ -96,7 +96,9 @@ describe("E2E: pip coverage", () => {
it(`python3 -m pip install routes through safe-chain`, async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("python3 -m pip install --break-system-packages requests");
const result = await shell.runCommand(
"python3 -m pip install --break-system-packages requests"
);
assert.ok(
result.output.includes("no malware found."),
@ -329,6 +331,9 @@ describe("E2E: pip coverage", () => {
const result = await shell.runCommand(
"pip3 install --break-system-packages requests --safe-chain-logging=verbose"
);
assert.ok(result.output.includes("no malware found."), `Output did not include expected text. Output was:\n${result.output}`);
assert.ok(
result.output.includes("no malware found."),
`Output did not include expected text. Output was:\n${result.output}`
);
});
});