mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
Update e2e suite to cover supported package managers
This commit is contained in:
James McMeeking
parent
26f1dfb81a
commit
e891d1a992
1 changed files with 77 additions and 32 deletions
|
|
@ -4,6 +4,11 @@ import assert from "node:assert";
|
||||||
|
|
||||||
describe("E2E: rush coverage", () => {
|
describe("E2E: rush coverage", () => {
|
||||||
let container;
|
let container;
|
||||||
|
const packageManagerConfigs = [
|
||||||
|
{ name: "pnpm", versionField: "pnpmVersion", version: "latest" },
|
||||||
|
{ name: "yarn", versionField: "yarnVersion", version: "latest" },
|
||||||
|
{ name: "npm", versionField: "npmVersion", version: "latest" },
|
||||||
|
];
|
||||||
|
|
||||||
before(async () => {
|
before(async () => {
|
||||||
DockerTestContainer.buildImage();
|
DockerTestContainer.buildImage();
|
||||||
|
|
@ -65,41 +70,81 @@ describe("E2E: rush coverage", () => {
|
||||||
`Malicious package was added despite safe-chain protection. Output was:\n${packageJson.output}`
|
`Malicious package was added despite safe-chain protection. Output was:\n${packageJson.output}`
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
for (const packageManagerConfig of packageManagerConfigs) {
|
||||||
|
it(`safe-chain proxy blocks malicious package downloads during rush update with ${packageManagerConfig.name}`, async () => {
|
||||||
|
const shell = await container.openShell("zsh");
|
||||||
|
await setupRushWorkspace(shell, {
|
||||||
|
packageManagerConfig,
|
||||||
|
packageJson: `{
|
||||||
|
"name": "test-app",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"dependencies": {
|
||||||
|
"safe-chain-test": "0.0.1-security"
|
||||||
|
}
|
||||||
|
}`,
|
||||||
});
|
});
|
||||||
|
|
||||||
async function setupRushWorkspace(shell) {
|
const result = await shell.runCommand("cd /testapp/apps/test-app && rush update");
|
||||||
await shell.runCommand("mkdir -p /testapp/common/config/rush /testapp/apps/test-app");
|
|
||||||
await shell.runCommand(`cat > /testapp/common/config/rush/rush.json <<'EOF'
|
assert.ok(
|
||||||
{
|
result.output.includes("blocked 1 malicious package downloads"),
|
||||||
"$schema": "https://developer.microsoft.com/json-schemas/rush/v5/rush.schema.json",
|
`Output did not include expected text. Output was:\n${result.output}`
|
||||||
"rushVersion": "5.175.1",
|
);
|
||||||
"pnpmVersion": "11.0.6",
|
assert.ok(
|
||||||
"nodeSupportedVersionRange": ">=18.0.0",
|
result.output.includes("- safe-chain-test"),
|
||||||
"projectFolderMinDepth": 1,
|
`Output did not include expected text. Output was:\n${result.output}`
|
||||||
"projectFolderMaxDepth": 2,
|
);
|
||||||
"gitPolicy": {},
|
assert.ok(
|
||||||
"repository": {
|
result.output.includes("Exiting without installing malicious packages."),
|
||||||
"url": "https://example.com/testapp.git",
|
`Output did not include expected text. Output was:\n${result.output}`
|
||||||
"defaultBranch": "main"
|
);
|
||||||
},
|
});
|
||||||
"eventHooks": {
|
|
||||||
"preRushInstall": [],
|
|
||||||
"postRushInstall": [],
|
|
||||||
"preRushBuild": [],
|
|
||||||
"postRushBuild": []
|
|
||||||
},
|
|
||||||
"projects": [
|
|
||||||
{
|
|
||||||
"packageName": "test-app",
|
|
||||||
"projectFolder": "apps/test-app"
|
|
||||||
}
|
}
|
||||||
]
|
});
|
||||||
}
|
|
||||||
EOF`);
|
async function setupRushWorkspace(shell, options = {}) {
|
||||||
await shell.runCommand(`cat > /testapp/apps/test-app/package.json <<'EOF'
|
const packageManagerConfig = options.packageManagerConfig ?? {
|
||||||
{
|
versionField: "pnpmVersion",
|
||||||
|
version: "11.0.6",
|
||||||
|
};
|
||||||
|
const packageJson = options.packageJson ?? `{
|
||||||
"name": "test-app",
|
"name": "test-app",
|
||||||
"version": "1.0.0"
|
"version": "1.0.0"
|
||||||
|
}`;
|
||||||
|
const rushConfig = {
|
||||||
|
$schema: "https://developer.microsoft.com/json-schemas/rush/v5/rush.schema.json",
|
||||||
|
rushVersion: "5.175.1",
|
||||||
|
[packageManagerConfig.versionField]: packageManagerConfig.version,
|
||||||
|
nodeSupportedVersionRange: ">=18.0.0",
|
||||||
|
projectFolderMinDepth: 1,
|
||||||
|
projectFolderMaxDepth: 2,
|
||||||
|
gitPolicy: {},
|
||||||
|
repository: {
|
||||||
|
url: "https://example.com/testapp.git",
|
||||||
|
defaultBranch: "main",
|
||||||
|
},
|
||||||
|
eventHooks: {
|
||||||
|
preRushInstall: [],
|
||||||
|
postRushInstall: [],
|
||||||
|
preRushBuild: [],
|
||||||
|
postRushBuild: [],
|
||||||
|
},
|
||||||
|
projects: [
|
||||||
|
{
|
||||||
|
packageName: "test-app",
|
||||||
|
projectFolder: "apps/test-app",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
};
|
||||||
|
|
||||||
|
await shell.runCommand("rm -rf /testapp/common /testapp/apps/test-app");
|
||||||
|
await shell.runCommand("mkdir -p /testapp/apps/test-app");
|
||||||
|
await writeTextFile(shell, "/testapp/rush.json", JSON.stringify(rushConfig, null, 2));
|
||||||
|
await writeTextFile(shell, "/testapp/apps/test-app/package.json", packageJson);
|
||||||
}
|
}
|
||||||
EOF`);
|
|
||||||
|
async function writeTextFile(shell, filePath, content) {
|
||||||
|
const encoded = Buffer.from(content).toString("base64");
|
||||||
|
await shell.runCommand(`printf '%s' '${encoded}' | base64 -d > ${filePath}`);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue