Refactor PyPI logic and cleanup

2026-05-26 12:10:49 +00:00 · 2025-12-04 12:37:59 -08:00 · 2025-12-04 12:37:59 -08:00 · e211f531c5
commit e211f531c5
parent e7cf3488b7
11 changed files with 450 additions and 138 deletions
--- a/test/e2e/safe-chain-cli-python.e2e.spec.js
+++ b/test/e2e/safe-chain-cli-python.e2e.spec.js
@ -0,0 +1,104 @@
+import { describe, it, before, beforeEach, afterEach } from "node:test";
+import { DockerTestContainer } from "./DockerTestContainer.js";
+import assert from "node:assert";
+
+describe("E2E: safe-chain CLI python/pip support", () => {
+  let container;
+
+  before(async () => {
+    DockerTestContainer.buildImage();
+  });
+
+  beforeEach(async () => {
+    container = new DockerTestContainer();
+    await container.start();
+    // Note: We do NOT run 'safe-chain setup' here.
+    // We want to test the 'safe-chain' CLI command directly.
+  });
+
+  afterEach(async () => {
+    if (container) {
+      await container.stop();
+      container = null;
+    }
+  });
+
+  it("safe-chain pip3 install routes through proxy", async () => {
+    const shell = await container.openShell("zsh");
+    // Invoke safe-chain directly with pip3 command
+    const result = await shell.runCommand(
+      "safe-chain pip3 install --break-system-packages requests"
+    );
+
+    assert.ok(
+      result.output.includes("no malware found."),
+      `Output did not include expected text. Output was:\n${result.output}`
+    );
+    assert.ok(
+      result.output.includes("Successfully installed") ||
+        result.output.includes("Requirement already satisfied"),
+      `Installation failed. Output was:\n${result.output}`
+    );
+  });
+
+  it("safe-chain python3 -m pip install routes through proxy", async () => {
+    const shell = await container.openShell("zsh");
+    const result = await shell.runCommand(
+      "safe-chain python3 -m pip install --break-system-packages requests"
+    );
+
+    assert.ok(
+      result.output.includes("no malware found."),
+      `Output did not include expected text. Output was:\n${result.output}`
+    );
+  });
+
+  it("safe-chain python3 script.py bypasses proxy", async () => {
+    const shell = await container.openShell("zsh");
+    
+    // Create a simple script
+    await shell.runCommand("echo \"print('direct execution')\" > /tmp/test.py");
+
+    const result = await shell.runCommand("safe-chain python3 /tmp/test.py");
+
+    // Should execute the script
+    assert.ok(
+      result.output.includes("direct execution"),
+      `Script execution failed. Output was:\n${result.output}`
+    );
+
+    // Should NOT show safe-chain logs
+    assert.ok(
+      !result.output.includes("Safe-chain"),
+      `Should have bypassed safe-chain. Output was:\n${result.output}`
+    );
+  });
+
+  it("safe-chain python3 --version bypasses proxy", async () => {
+    const shell = await container.openShell("zsh");
+    const result = await shell.runCommand("safe-chain python3 --version");
+
+    assert.ok(
+      result.output.match(/Python 3\.\d+\.\d+/),
+      `Should show python version. Output was:\n${result.output}`
+    );
+    assert.ok(
+      !result.output.includes("Safe-chain"),
+      `Should have bypassed safe-chain. Output was:\n${result.output}`
+    );
+  });
+
+  it("safe-chain blocks malicious package via pip3", async () => {
+    const shell = await container.openShell("zsh");
+    await shell.runCommand("pip3 cache purge");
+
+    const result = await shell.runCommand(
+      "safe-chain pip3 install --break-system-packages safe-chain-pi-test"
+    );
+
+    assert.ok(
+      result.output.includes("blocked 1 malicious package downloads"),
+      `Should have blocked malware. Output was:\n${result.output}`
+    );
+  });
+});