mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
Mirror malware list in e2e tests to mock malware in a harmless way
This commit is contained in:
Sander Declerck
parent
222216e22a
commit
ebebe6d6c1
9 changed files with 114 additions and 24 deletions
79
test/e2e/utils/malwarelistmirror.mjs
Normal file
79
test/e2e/utils/malwarelistmirror.mjs
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
// Test-only mirror of the malware list. Injects known-safe packages as malicious
|
||||
// to simulate blocking behavior in e2e tests without affecting real data.
|
||||
|
||||
import * as http from "node:http";
|
||||
|
||||
const lists = await downloadLists();
|
||||
const server = http.createServer(handleRequest);
|
||||
server.listen(5555, "127.0.0.1");
|
||||
console.log("listening on http://127.0.0.1:5555");
|
||||
|
||||
function handleRequest(req, res) {
|
||||
if (req.method !== "GET" || !req.url) {
|
||||
res.writeHead(404);
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
if (req.url.startsWith("/ready")) {
|
||||
res.writeHead(200);
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
for (const list of lists) {
|
||||
if (req.url.startsWith(list.path)) {
|
||||
res.writeHead(200, { "Content-Type": "application/json" });
|
||||
res.end(JSON.stringify(list.data));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
res.writeHead(404);
|
||||
res.end();
|
||||
}
|
||||
|
||||
async function downloadLists() {
|
||||
const lists = [
|
||||
{
|
||||
"path": "/malware_predictions.json",
|
||||
"patchFunc": (data) => data,
|
||||
},
|
||||
{
|
||||
"path": "/malware_pypi.json",
|
||||
"patchFunc": patchPypi,
|
||||
},
|
||||
{
|
||||
"path": "/releases/npm.json",
|
||||
"patchFunc": (data) => data,
|
||||
},
|
||||
{
|
||||
"path": "/releases/pypi.json",
|
||||
"patchFunc": (data) => data,
|
||||
},
|
||||
]
|
||||
|
||||
for (const list of lists) {
|
||||
list.data = list.patchFunc(await downloadList(list.path));
|
||||
}
|
||||
|
||||
return lists;
|
||||
}
|
||||
|
||||
async function downloadList(path) {
|
||||
const baseUrl = "https://malware-list.aikido.dev";
|
||||
const url = `${baseUrl}${path}`;
|
||||
const response = await fetch(url);
|
||||
return await response.json();
|
||||
}
|
||||
|
||||
function patchPypi(data) {
|
||||
|
||||
data.push({
|
||||
"package_name": "numpy",
|
||||
"version": "2.4.4",
|
||||
"reason": "MALWARE"
|
||||
});
|
||||
|
||||
return data;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue