milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge 38ee7e6f4f into eedbac7e28

Browse source
This commit is contained in:
Sander Declerck 2026-05-08 14:42:52 +00:00 committed by GitHub
commit d37773aecc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 109 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

93
packages/safe-chain/src/registryProxy/ramaProxy/createAikidoEndpointConfigFile.js Normal file
View file

@ -0,0 +1,93 @@
import { writeFile } from "fs";
import { join } from "path/posix";
import { promisify } from "util";
import {
getMinimumPackageAgeHours,
skipMinimumPackageAge,
} from "../../config/settings.js";
/**
*
* @param {string} dataFolder
* @returns string
*/
export async function createAikidoEndpointConfigFile(dataFolder) {
const configPath = join(dataFolder, "safe-chain-config.json");
const config = getConfigContent();
const configJson = JSON.stringify(config);
await promisify(writeFile)(configPath, configJson);
return configPath;
}
function getConfigContent() {
let cutoff = Math.floor(Date.now() / 1000);
if (!skipMinimumPackageAge()) {
cutoff = cutoff - (getMinimumPackageAgeHours() * 3600);
}
return {
permission_group: {
id: 1,
name: "Default",
},
ecosystems: {
npm: {
block_all_installs: false,
request_installs: false,
minimum_allowed_age_timestamp: cutoff,
exceptions: {
allowed_packages: [],
rejected_packages: [],
},
},
pypi: {
block_all_installs: false,
request_installs: false,
minimum_allowed_age_timestamp: cutoff,
exceptions: {
allowed_packages: [],
rejected_packages: [],
},
},
},
};
}
/*
# Reference: config file format.
```json
{
"permission_group": {
"id": 18,
"name": "Default"
},
"ecosystems": {
"npm": {
"block_all_installs": false,
"request_installs": false,
"minimum_allowed_age_timestamp": 1778143932,
"exceptions": {
"allowed_packages": [],
"rejected_packages": []
}
},
"pypi": {
"block_all_installs": false,
"request_installs": false,
"minimum_allowed_age_timestamp": 1778057532,
"exceptions": {
"allowed_packages": [],
"rejected_packages": []
}
}
}
}
```
*/

9
packages/safe-chain/src/registryProxy/ramaProxy/createRamaProxy.js
View file

@ -8,6 +8,7 @@ import { ui } from "../../environment/userInteraction.js";
import { getLoggingLevel, LOGGING_VERBOSE } from "../../config/settings.js"; import { getLoggingLevel, LOGGING_VERBOSE } from "../../config/settings.js";
import { getReportingServer } from "./reportingServer.js"; import { getReportingServer } from "./reportingServer.js";
import EventEmitter from "node:events"; import EventEmitter from "node:events";
import { createAikidoEndpointConfigFile } from "./createAikidoEndpointConfigFile.js";
const readFilePromise = promisify(readFile); const readFilePromise = promisify(readFile);
@ -104,7 +105,7 @@ export function createRamaProxy(ramaPath) {
* @returns {Promise<RamaProxyInstance>} * @returns {Promise<RamaProxyInstance>}
*/ */
async function startRama(ramaPath, dataFolder, reportingUrl) { async function startRama(ramaPath, dataFolder, reportingUrl) {
const startTime = Date.now(); const startTime = Date.now();
const args = [ const args = [
"--secrets", "--secrets",
"memory", "memory",
@ -113,6 +114,12 @@ async function startRama(ramaPath, dataFolder, reportingUrl) {
"--reporting-endpoint", "--reporting-endpoint",
reportingUrl, reportingUrl,
]; ];
const configFile = await createAikidoEndpointConfigFile(dataFolder);
if (configFile) {
args.push("--config-file", configFile);
}
const stdio = getLoggingLevel() === LOGGING_VERBOSE ? "inherit" : "pipe"; const stdio = getLoggingLevel() === LOGGING_VERBOSE ? "inherit" : "pipe";
const process = spawn(ramaPath, args, { stdio: stdio }); const process = spawn(ramaPath, args, { stdio: stdio });

8
packages/safe-chain/src/registryProxy/ramaProxy/createRamaProxy.spec.js
View file

@ -24,6 +24,7 @@ mock.module("node:child_process", {
}); });
const mockExistsSync = mock.fn(() => true); const mockExistsSync = mock.fn(() => true);
const mockWriteFile = mock.fn(() => {});
const mockMkdtempSync = mock.fn(() => "/tmp/safe-chain-proxy-abc"); const mockMkdtempSync = mock.fn(() => "/tmp/safe-chain-proxy-abc");
const mockReadFile = mock.fn( const mockReadFile = mock.fn(
(/** @type {string} */ path, /** @type {string} */ _encoding, /** @type {Function} */ cb) => { (/** @type {string} */ path, /** @type {string} */ _encoding, /** @type {Function} */ cb) => {
@ -42,6 +43,7 @@ mock.module("node:fs", {
existsSync: mockExistsSync, existsSync: mockExistsSync,
mkdtempSync: mockMkdtempSync, mkdtempSync: mockMkdtempSync,
readFile: mockReadFile, readFile: mockReadFile,
writeFile: mockWriteFile,
}, },
}); });
@ -56,6 +58,12 @@ mock.module("../../config/settings.js", {
}, },
}); });
mock.module("./createAikidoEndpointConfigFile.js", {
namedExports: {
createAikidoEndpointConfigFile: () => "/path/to/config-file.json"
}
})
const mockFetch = mock.method(globalThis, "fetch", async () => ({ const mockFetch = mock.method(globalThis, "fetch", async () => ({
text: async () => "MOCK_CA_CERT_PEM", text: async () => "MOCK_CA_CERT_PEM",
})); }));