Combine certificates

packages/safe-chain/package.json

@@ -32,7 +32,7 @@
   "license": "AGPL-3.0-or-later",
   "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), [pnpx](https://pnpm.io/cli/dlx), [bun](https://bun.sh/), and [bunx](https://bun.sh/docs/cli/bunx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, pnpx, bun, or bunx from downloading or running the malware.",
   "dependencies": {
-    "yargs-parser": "^21.1.1",
+    "certifi": "^14.5.15",
     "chalk": "5.4.1",
     "https-proxy-agent": "7.0.6",
     "make-fetch-happen": "14.0.3",

packages/safe-chain/src/packagemanager/pip/runPipCommand.js

@@ -1,80 +1,22 @@
 import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
-import { getCaCertPath } from "../../registryProxy/certUtils.js";
-import { knownPipRegistries } from "../../registryProxy/parsePackageFromUrl.js";
-import yargsParser from "yargs-parser";
-
-function extractHostsFromPipArgs(args) {
-  function hostFromString(input) {
-    if (typeof input !== "string" || input.length === 0) return undefined;
-    try {
-      const u = new URL(input);
-      return u.hostname || undefined;
-    } catch {
-      // ignore: not a valid absolute URL
-    }
-    // Try adding a scheme if it's a schemeless URL-like value
-    try {
-      const u2 = new URL(`https://${input}`);
-      return u2.hostname || undefined;
-    } catch {
-      // ignore: not a valid schemeless URL either
-    }
-    return undefined;
-  }
-
-  const parsed = yargsParser(args, {
-    configuration: {
-      "short-option-groups": true,
-      "camel-case-expansion": false,
-      "dot-notation": false,
-      "duplicate-arguments-array": true,
-      "flatten-duplicate-arrays": false,
-      "greedy-arrays": false,
-      "unknown-options-as-args": true,
-    },
-  });
-  const toArray = (v) => (v == null ? [] : Array.isArray(v) ? v : [v]);
-  const candidateUrls = [
-    ...toArray(parsed.i),
-    ...toArray(parsed["index-url"]),
-    ...toArray(parsed["extra-index-url"]),
-    ...toArray(parsed["find-links"]),
-    ...toArray(parsed._).filter(
-      (a) => typeof a === "string" && (a.startsWith("https://") || a.startsWith("http://"))
-    ),
-  ];
-  const hosts = new Set();
-  for (const u of candidateUrls) {
-    const h = hostFromString(u);
-    if (h) hosts.add(h);
-  }
-  return Array.from(hosts);
-}
-
+import { getCombinedCaBundlePath } from "./utils/pipCaBundle.js";
+// Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots)
+// so that any network request made by pip, including those outside explicit CLI args,
+// validates correctly under both MITM'd and tunneled HTTPS.
 
 export async function runPip(command, args) {
   try {
     const env = mergeSafeChainProxyEnvironmentVariables(process.env);
-    // Re-introduce conditional --cert injection: only for known registries (MITM).
-    // No global env overrides for Python trust.
-    const hosts = extractHostsFromPipArgs(args);
-    const allKnown = hosts.length === 0
-      ? true // No explicit sources => default PyPI (known) -> MITM
-      : hosts.every((h) => knownPipRegistries.includes(h));
 
-    // Respect user-provided --cert: detect both "--cert <path>" and "--cert=<path>"
-    const hasUserCert = args.some(
-      (a) => a === "--cert" || (typeof a === "string" && a.startsWith("--cert="))
-    );
+  // Always set Python CA env vars to a combined bundle that includes Safe Chain CA,
+  // Mozilla roots (certifi), and Node built-in root CAs.
+    const combinedCaPath = getCombinedCaBundlePath();
+    env.REQUESTS_CA_BUNDLE = combinedCaPath;
+    env.SSL_CERT_FILE = combinedCaPath;
 
-    let finalArgs = [...args];
-    if (allKnown && !hasUserCert) {
-      finalArgs = [...args, "--cert", getCaCertPath()];
-    }
-
-    const result = await safeSpawn(command, finalArgs, {
+    const result = await safeSpawn(command, args, {
       stdio: "inherit",
       env,
     });

packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js

@@ -1,7 +1,7 @@
 import { describe, it, beforeEach, afterEach, mock } from "node:test";
 import assert from "node:assert";
 
-describe("runPipCommand --cert handling", () => {
+describe("runPipCommand environment variable handling", () => {
   let runPip;
   let capturedArgs = null;
 
@@ -28,10 +28,10 @@ describe("runPipCommand --cert handling", () => {
       },
     });
 
-    // Mock certUtils to point to a test CA path
-    mock.module("../../registryProxy/certUtils.js", {
+    // Mock pipCaBundle to return a test combined bundle path
+    mock.module("./utils/pipCaBundle.js", {
       namedExports: {
-        getCaCertPath: () => "/tmp/test-ca.pem",
+        getCombinedCaBundlePath: () => "/tmp/test-combined-ca.pem",
       },
     });
 
@@ -43,66 +43,29 @@ describe("runPipCommand --cert handling", () => {
     mock.reset();
   });
 
-  it("should append --cert with our CA path to pip args by default (PyPI)", async () => {
+  it("should set REQUESTS_CA_BUNDLE and SSL_CERT_FILE for default PyPI (no explicit index)", async () => {
     const res = await runPip("pip3", ["install", "requests"]);
     assert.strictEqual(res.status, 0);
 
-    // safeSpawn should be called with --cert flag
     assert.ok(capturedArgs, "safeSpawn should have been called");
     
-    const idx = capturedArgs.args.indexOf("--cert");
-    assert.ok(idx >= 0, "--cert flag should be present in pip args");
+    // Check environment variables are set
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem",
+      "REQUESTS_CA_BUNDLE should be set to combined bundle path"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem",
+      "SSL_CERT_FILE should be set to combined bundle path"
+    );
     
-    const certPath = capturedArgs.args[idx + 1];
-    assert.strictEqual(certPath, "/tmp/test-ca.pem", "CA path should match getCaCertPath()");
-    
-    // Original args should be preserved before --cert
-    assert.strictEqual(capturedArgs.args[0], "install");
-    assert.strictEqual(capturedArgs.args[1], "requests");
-
-  // No Python CA env overrides expected
-  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
-  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
+    // Args should be unchanged (no arg injection)
+    assert.deepStrictEqual(capturedArgs.args, ["install", "requests"]);
   });
 
-  it("should not override user-provided --cert <path>", async () => {
-    const res = await runPip("pip3", ["install", "requests", "--cert", "/tmp/user-ca.pem"]);
-    assert.strictEqual(res.status, 0);
-
-    // Ensure only the user-provided --cert is present
-    const certIndices = capturedArgs.args
-      .map((a, i) => (a === "--cert" ? i : -1))
-      .filter((i) => i >= 0);
-    assert.strictEqual(certIndices.length, 1, "should not inject an extra --cert");
-    const userPath = capturedArgs.args[certIndices[0] + 1];
-    assert.strictEqual(userPath, "/tmp/user-ca.pem", "should preserve user-provided cert path");
-  // No Python CA env overrides expected
-  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
-  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
-  });
-
-  it("should not override user-provided --cert=<path>", async () => {
-    const res = await runPip("pip3", ["install", "requests", "--cert=/tmp/user-ca.pem"]);
-    assert.strictEqual(res.status, 0);
-
-    // Ensure args contain the inline --cert=<path> and no extra --cert token
-    const hasInline = capturedArgs.args.some((a) => typeof a === "string" && a.startsWith("--cert="));
-    assert.ok(hasInline, "should keep inline --cert=<path>");
-    const injectedIndex = capturedArgs.args.indexOf("--cert");
-    assert.strictEqual(injectedIndex, -1, "should not inject separate --cert when inline is provided");
-  // No Python CA env overrides expected
-  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
-  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
-  });
-
-  it("should inject --cert when explicit index is a known PyPI host", async () => {
-    const res = await runPip("pip3", ["install", "requests", "--index-url", "https://pypi.org/simple"]);
-    assert.strictEqual(res.status, 0);
-    const idx = capturedArgs.args.indexOf("--cert");
-    assert.ok(idx >= 0, "--cert should be present for known registries");
-  });
-
-  it("should NOT inject --cert when index points to an unknown external mirror (tunneled)", async () => {
+  it("should set CA environment variables even for external/test PyPI mirror (covers non-CLI traffic)", async () => {
     const res = await runPip("pip3", [
       "install",
       "certifi",
@@ -110,17 +73,41 @@ describe("runPipCommand --cert handling", () => {
       "https://test.pypi.org/simple",
     ]);
     assert.strictEqual(res.status, 0);
-    const idx = capturedArgs.args.indexOf("--cert");
-    assert.strictEqual(idx, -1, "--cert should be omitted for tunneled external hosts");
+    // Env vars should be set unconditionally
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem"
+    );
   });
 
-  it("should NOT inject --cert when installing from a direct external URL", async () => {
-    const res = await runPip("pip3", [
-      "install",
-      "https://example.com/pkg-1.0.0-py3-none-any.whl",
-    ]);
+  it("should still set CA env vars for PyPI even with user --cert flag", async () => {
+    // For default PyPI, we still set env vars; pip CLI --cert takes precedence
+    const res = await runPip("pip3", ["install", "requests"]);
     assert.strictEqual(res.status, 0);
-    const idx = capturedArgs.args.indexOf("--cert");
-    assert.strictEqual(idx, -1, "--cert should be omitted for direct external URLs");
+    
+    // Environment variables still set (pip CLI --cert takes precedence)
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem"
+    );
+  });
+
+  it("should preserve HTTPS_PROXY from proxy merge", async () => {
+    const res = await runPip("pip3", ["install", "requests"]);
+    assert.strictEqual(res.status, 0);
+    
+    assert.strictEqual(
+      capturedArgs.options.env.HTTPS_PROXY,
+      "http://localhost:8080",
+      "HTTPS_PROXY should be set by proxy merge"
+    );
   });
 });

packages/safe-chain/src/packagemanager/pip/utils/pipCaBundle.js

@@ -0,0 +1,90 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import certifi from "certifi";
+import tls from "node:tls";
+import { X509Certificate } from "node:crypto";
+import { getCaCertPath } from "../../../registryProxy/certUtils.js";
+
+/**
+ * Check if a PEM string contains only parsable cert blocks.
+ */
+function isParsable(pem) {
+  if (!pem || typeof pem !== "string") return false;
+  const begin = "-----BEGIN CERTIFICATE-----";
+  const end = "-----END CERTIFICATE-----";
+  const blocks = [];
+
+  let idx = 0;
+  while (idx < pem.length) {
+    const start = pem.indexOf(begin, idx);
+    if (start === -1) break;
+    const stop = pem.indexOf(end, start + begin.length);
+    if (stop === -1) break;
+    const blockEnd = stop + end.length;
+    blocks.push(pem.slice(start, blockEnd));
+    idx = blockEnd;
+  }
+
+  if (blocks.length === 0) return false;
+  try {
+    for (const b of blocks) {
+      // throw if invalid
+      new X509Certificate(b);
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+let cachedPath = null;
+
+/**
+ * Build a combined CA bundle specifically for pip flows.
+ * - Includes Safe Chain CA (for MITM of known registries)
+ * - Includes Mozilla roots via npm `certifi` (public HTTPS)
+ * - Includes Node's built-in root certificates as a portable fallback
+ * */
+export function getCombinedCaBundlePath() {
+  if (cachedPath && fs.existsSync(cachedPath)) return cachedPath;
+
+  // Concatenate PEM files
+  const parts = [];
+
+  // 1) Safe Chain CA (for MITM'd registries)
+  const safeChainPath = getCaCertPath();
+  try {
+    const safeChainPem = fs.readFileSync(safeChainPath, "utf8");
+    if (isParsable(safeChainPem)) parts.push(safeChainPem.trim());
+  } catch {
+    // Ignore if Safe Chain CA is not available
+  }
+
+  // 2) certifi (Mozilla CA bundle for all public HTTPS)
+  try {
+    const certifiPem = fs.readFileSync(certifi, "utf8");
+    if (isParsable(certifiPem)) parts.push(certifiPem.trim());
+  } catch {
+    // Ignore if certifi bundle is not available
+  }
+
+  // 3) Node's built-in root certificates
+  try {
+    const nodeRoots = tls.rootCertificates;
+    if (Array.isArray(nodeRoots) && nodeRoots.length) {
+      for (const rootPem of nodeRoots) {
+        if (typeof rootPem !== "string") continue;
+        if (isParsable(rootPem)) parts.push(rootPem.trim());
+      }
+    }
+  } catch {
+    // Ignore if unavailable
+  }
+
+  const combined = parts.filter(Boolean).join("\n");
+  const target = path.join(os.tmpdir(), "safe-chain-python-ca-bundle.pem");
+  fs.writeFileSync(target, combined, { encoding: "utf8" });
+  cachedPath = target;
+  return cachedPath;
+}

packages/safe-chain/src/packagemanager/pip/utils/pipCaBundle.spec.js

@@ -0,0 +1,71 @@
+import { describe, it, beforeEach, mock } from "node:test";
+import assert from "node:assert";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import tls from "node:tls";
+
+// Utility to remove the generated bundle so the module rebuilds it on demand
+function removeBundleIfExists() {
+  const target = path.join(os.tmpdir(), "safe-chain-python-ca-bundle.pem");
+  try {
+    if (fs.existsSync(target)) fs.unlinkSync(target);
+  } catch {
+    // ignore
+  }
+}
+
+describe("pipCaBundle.getCombinedCaBundlePath", () => {
+  beforeEach(() => {
+    mock.restoreAll();
+    removeBundleIfExists();
+  });
+
+  it("includes Safe Chain CA when parsable and produces a PEM bundle", async () => {
+    // Prepare a temporary Safe Chain CA file with a recognizable marker and a valid cert block
+    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "pipcabundle-"));
+    const safeChainPath = path.join(tmpDir, "safechain-ca.pem");
+    const marker = "# SAFE_CHAIN_TEST_MARKER";
+    const rootPem = typeof tls.rootCertificates?.[0] === "string" ? tls.rootCertificates[0] : "";
+    assert.ok(rootPem.includes("BEGIN CERTIFICATE"), "Environment lacks Node root certificates for test");
+    fs.writeFileSync(safeChainPath, `${marker}\n${rootPem}`, "utf8");
+
+    // Mock the certUtils.getCaCertPath to return our temp file
+    mock.module("../../../registryProxy/certUtils.js", {
+      namedExports: {
+        getCaCertPath: () => safeChainPath,
+      },
+    });
+
+    const { getCombinedCaBundlePath } = await import("./pipCaBundle.js");
+    const bundlePath = getCombinedCaBundlePath();
+    assert.ok(fs.existsSync(bundlePath), "Bundle path should exist");
+    const contents = fs.readFileSync(bundlePath, "utf8");
+    assert.match(contents, /-----BEGIN CERTIFICATE-----/);
+    assert.ok(contents.includes(marker), "Bundle should include Safe Chain CA content when parsable");
+  });
+
+  it("ignores invalid Safe Chain CA but still builds from other sources", async () => {
+    // Write an invalid file (no cert blocks)
+    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "pipcabundle-"));
+    const safeChainPath = path.join(tmpDir, "safechain-invalid.pem");
+    const invalidMarker = "INVALID_SAFE_CHAIN_CONTENT";
+    fs.writeFileSync(safeChainPath, invalidMarker, "utf8");
+
+    // Mock the certUtils.getCaCertPath to return our invalid file
+    mock.module("../../../registryProxy/certUtils.js", {
+      namedExports: {
+        getCaCertPath: () => safeChainPath,
+      },
+    });
+
+    // Ensure fresh build
+    removeBundleIfExists();
+    const { getCombinedCaBundlePath } = await import("./pipCaBundle.js");
+    const bundlePath = getCombinedCaBundlePath();
+    assert.ok(fs.existsSync(bundlePath), "Bundle path should exist");
+    const contents = fs.readFileSync(bundlePath, "utf8");
+    assert.match(contents, /-----BEGIN CERTIFICATE-----/, "Bundle should contain certificate blocks from certifi/Node roots");
+    assert.ok(!contents.includes(invalidMarker), "Bundle should not include invalid Safe Chain content");
+  });
+});

packages/safe-chain/src/registryProxy/registryProxy.mitm.spec.js

@@ -145,7 +145,7 @@ describe("registryProxy.mitm", () => {
   });
 
   // --- Pip registry MITM and env var tests ---
-  it("should NOT set global Python CA environment variables", () => {
+  it("should NOT set Python CA environment variables in proxy merge (handled by runPipCommand)", () => {
     const envVars = mergeSafeChainProxyEnvironmentVariables([]);
     assert.strictEqual(envVars.PIP_CERT, undefined);
     assert.strictEqual(envVars.REQUESTS_CA_BUNDLE, undefined);