milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Skeleton

Browse source
This commit is contained in:
Reinier Criel 2025-10-22 06:59:32 -07:00
parent d0f2edec0a
commit f086aeb2be
6 changed files with 44 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
package-lock.json generated
View file

@ -1724,6 +1724,7 @@
"aikido-bunx": "bin/aikido-bunx.js", "aikido-bunx": "bin/aikido-bunx.js",
"aikido-npm": "bin/aikido-npm.js", "aikido-npm": "bin/aikido-npm.js",
"aikido-npx": "bin/aikido-npx.js", "aikido-npx": "bin/aikido-npx.js",
"aikido-pip": "bin/aikido-pip.js",
"aikido-pnpm": "bin/aikido-pnpm.js", "aikido-pnpm": "bin/aikido-pnpm.js",
"aikido-pnpx": "bin/aikido-pnpx.js", "aikido-pnpx": "bin/aikido-pnpx.js",
"aikido-yarn": "bin/aikido-yarn.js", "aikido-yarn": "bin/aikido-yarn.js",

29
packages/safe-chain/bin/aikido-pip.js
View file

@ -2,8 +2,33 @@
import { main } from "../src/main.js"; import { main } from "../src/main.js";
import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js"; import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
const packageManagerName = "pip";
// Defaults
let packageManagerName = "pip";
let targetVersionMajor;
// Copy argv so we can mutate while parsing
const argv = process.argv.slice(2);
for (let i = 0; i < argv.length; i++) {
const a = argv[i];
// --target-version-major
if (a === "--target-version-major" && i + 1 < argv.length) {
console.log("Setting targetVersionMajor from CLI arg:", argv[i + 1]);
targetVersionMajor = argv[i + 1];
argv.splice(i, 2);
i -= 1;
continue;
}
}
// If the user explicitly called python3, prefer pip3
if (targetVersionMajor && String(targetVersionMajor).trim() === "3") {
packageManagerName = "pip3";
}
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2)); var exitCode = await main(argv);
process.exit(exitCode); process.exit(exitCode);

1
packages/safe-chain/src/main.js
View file

@ -12,6 +12,7 @@ export async function main(args) {
await proxy.startServer(); await proxy.startServer();
try { try {
console.log(chalk.blueBright.bold("main.js: Scanning for malicious packages..."));
// This parses all the --safe-chain arguments and removes them from the args array // This parses all the --safe-chain arguments and removes them from the args array
args = initializeCliArguments(args); args = initializeCliArguments(args);

5
packages/safe-chain/src/packagemanager/currentPackageManager.js
View file

@ -9,11 +9,14 @@ import {
createPnpxPackageManager, createPnpxPackageManager,
} from "./pnpm/createPackageManager.js"; } from "./pnpm/createPackageManager.js";
import { createYarnPackageManager } from "./yarn/createPackageManager.js"; import { createYarnPackageManager } from "./yarn/createPackageManager.js";
import { createPipPackageManager } from "./pip/createPipPackageManager.js";
const state = { const state = {
packageManagerName: null, packageManagerName: null,
}; };
const PIP_COMMANDS = new Set(["pip", "pip3"]);
export function initializePackageManager(packageManagerName) { export function initializePackageManager(packageManagerName) {
if (packageManagerName === "npm") { if (packageManagerName === "npm") {
state.packageManagerName = createNpmPackageManager(); state.packageManagerName = createNpmPackageManager();
@ -29,6 +32,8 @@ export function initializePackageManager(packageManagerName) {
state.packageManagerName = createBunPackageManager(); state.packageManagerName = createBunPackageManager();
} else if (packageManagerName === "bunx") { } else if (packageManagerName === "bunx") {
state.packageManagerName = createBunxPackageManager(); state.packageManagerName = createBunxPackageManager();
} else if (PIP_COMMANDS.has(packageManagerName)) {
state.packageManagerName = createPipPackageManager(packageManagerName);
} else { } else {
throw new Error("Unsupported package manager: " + packageManagerName); throw new Error("Unsupported package manager: " + packageManagerName);
} }

9
packages/safe-chain/src/packagemanager/pip/createPipPackageManager.js
View file

@ -2,9 +2,14 @@ import { ui } from "../../environment/userInteraction.js";
import { safeSpawn } from "../../utils/safeSpawn.js"; import { safeSpawn } from "../../utils/safeSpawn.js";
import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js"; import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
export function createPipPackageManager() { /**
* Creates a package manager interface for Python's pip package installer
*
* @param {string} [command="pip"] - The pip command to use (e.g., "pip", "pip3") defaults to "pip"
*/
export function createPipPackageManager(command = "pip") {
return { return {
runCommand: (args) => runPipCommand("pip3", args), runCommand: (args) => runPipCommand(command, args),
// For pip, set proxy server // For pip, set proxy server
isSupportedCommand: () => false, isSupportedCommand: () => false,

5
packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
View file

@ -51,13 +51,14 @@ function bunx() {
} }
function pip() { function pip() {
wrapSafeChainCommand "pip" "aikido-pip" "$@" wrapSafeChainCommand "pip" "aikido-pip" --target-version-major "2" "$@"
} }
function pip3() { function pip3() {
wrapSafeChainCommand "pip3" "aikido-pip" "$@" wrapSafeChainCommand "pip3" "aikido-pip" --target-version-major "3" "$@"
} }
function npm() { function npm() {
if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
# If args is just -v or --version and nothing else, just run the npm version command # If args is just -v or --version and nothing else, just run the npm version command