milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add a unit test for shouldBypassSafeChain

Browse source
This commit is contained in:
Uriel Corfa 2025-12-11 13:58:46 +01:00
parent 64d87ae1e1
commit db2c272aea
No known key found for this signature in database
2 changed files with 32 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/safe-chain/src/packagemanager/pip/runPipCommand.js
View file

@ -16,7 +16,7 @@ import ini from "ini";
* @param {string[]} args - The arguments
* @returns {boolean}
*/
function shouldBypassSafeChain(command, args) {
export function shouldBypassSafeChain(command, args) {
if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) {
// Check if args start with -m pip
if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) {

19
packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js
View file

@ -7,6 +7,7 @@ import ini from "ini";
describe("runPipCommand environment variable handling", () => {
let runPip;
let shouldBypassSafeChain;
let capturedArgs = null;
let customEnv = null;
let capturedConfigContent = null; // Capture config file content before cleanup
@ -56,6 +57,7 @@ describe("runPipCommand environment variable handling", () => {
const mod = await import("./runPipCommand.js");
runPip = mod.runPip;
shouldBypassSafeChain = mod.shouldBypassSafeChain;
});
afterEach(() => {
@ -397,4 +399,21 @@ describe("runPipCommand environment variable handling", () => {
assert.ok(output.includes("proxy found in PIP_CONFIG_FILE"), "Should warn about proxy overwrite in output");
customEnv = null;
});
it("should bypass safe-chain for python correctly", async () => {
assert.strictEqual(shouldBypassSafeChain("python", []), true);
assert.strictEqual(shouldBypassSafeChain("python3", []), true);
assert.strictEqual(shouldBypassSafeChain("python", ["--version"]), true);
assert.strictEqual(shouldBypassSafeChain("python3", ["--version"]), true);
assert.strictEqual(shouldBypassSafeChain("python", ["-m", "http.server"]), true);
assert.strictEqual(shouldBypassSafeChain("python3", ["-m", "http.server"]), true);
assert.strictEqual(shouldBypassSafeChain("python", ["-m", "pip"]), false);
assert.strictEqual(shouldBypassSafeChain("python3", ["-m", "pip"]), false);
assert.strictEqual(shouldBypassSafeChain("python", ["-m", "pip3"]), false);
assert.strictEqual(shouldBypassSafeChain("python3", ["-m", "pip3"]), false);
});
});