Combine certificates

package-lock.json

@@ -516,6 +516,15 @@
         "node": "^18.17.0 || >=20.5.0"
       }
     },
+    "node_modules/certifi": {
+      "version": "14.5.15",
+      "resolved": "https://registry.npmjs.org/certifi/-/certifi-14.5.15.tgz",
+      "integrity": "sha512-NeLXuKCqSzwQNjpJ+WaSp5m8ntdTKJ8HnBu+eA7DxHfgzU7F1sjwrJFang+4U38+vmWbiFUpPZMV3uwwnHAisQ==",
+      "license": "MPL-2.0",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/chalk": {
       "version": "5.4.1",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.4.1.tgz",
@@ -1717,28 +1726,19 @@
         "node": ">=18"
       }
     },
-    "node_modules/yargs-parser": {
-      "version": "21.1.1",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
-      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
-      "license": "ISC",
-      "engines": {
-        "node": ">=12"
-      }
-    },
     "packages/safe-chain": {
       "name": "@aikidosec/safe-chain",
       "version": "1.0.0",
       "license": "AGPL-3.0-or-later",
       "dependencies": {
+        "certifi": "^14.5.15",
         "chalk": "5.4.1",
         "https-proxy-agent": "7.0.6",
         "make-fetch-happen": "14.0.3",
         "node-forge": "1.3.1",
         "npm-registry-fetch": "18.0.2",
         "ora": "8.2.0",
-        "semver": "7.7.2",
+        "semver": "7.7.2"
-        "yargs-parser": "^21.1.1"
       },
       "bin": {
         "aikido-bun": "bin/aikido-bun.js",

packages/safe-chain/package.json

@@ -32,7 +32,7 @@
   "license": "AGPL-3.0-or-later",
   "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), [pnpx](https://pnpm.io/cli/dlx), [bun](https://bun.sh/), and [bunx](https://bun.sh/docs/cli/bunx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, pnpx, bun, or bunx from downloading or running the malware.",
   "dependencies": {
-    "yargs-parser": "^21.1.1",
+    "certifi": "^14.5.15",
     "chalk": "5.4.1",
     "https-proxy-agent": "7.0.6",
     "make-fetch-happen": "14.0.3",

packages/safe-chain/src/packagemanager/pip/runPipCommand.js

@@ -1,80 +1,22 @@
 import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
-import { getCaCertPath } from "../../registryProxy/certUtils.js";
+import { getCombinedCaBundlePath } from "./utils/pipCaBundle.js";
-import { knownPipRegistries } from "../../registryProxy/parsePackageFromUrl.js";
+// Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots)
-import yargsParser from "yargs-parser";
+// so that any network request made by pip, including those outside explicit CLI args,
-
+// validates correctly under both MITM'd and tunneled HTTPS.
-function extractHostsFromPipArgs(args) {
-  function hostFromString(input) {
-    if (typeof input !== "string" || input.length === 0) return undefined;
-    try {
-      const u = new URL(input);
-      return u.hostname || undefined;
-    } catch {
-      // ignore: not a valid absolute URL
-    }
-    // Try adding a scheme if it's a schemeless URL-like value
-    try {
-      const u2 = new URL(`https://${input}`);
-      return u2.hostname || undefined;
-    } catch {
-      // ignore: not a valid schemeless URL either
-    }
-    return undefined;
-  }
-
-  const parsed = yargsParser(args, {
-    configuration: {
-      "short-option-groups": true,
-      "camel-case-expansion": false,
-      "dot-notation": false,
-      "duplicate-arguments-array": true,
-      "flatten-duplicate-arrays": false,
-      "greedy-arrays": false,
-      "unknown-options-as-args": true,
-    },
-  });
-  const toArray = (v) => (v == null ? [] : Array.isArray(v) ? v : [v]);
-  const candidateUrls = [
-    ...toArray(parsed.i),
-    ...toArray(parsed["index-url"]),
-    ...toArray(parsed["extra-index-url"]),
-    ...toArray(parsed["find-links"]),
-    ...toArray(parsed._).filter(
-      (a) => typeof a === "string" && (a.startsWith("https://") || a.startsWith("http://"))
-    ),
-  ];
-  const hosts = new Set();
-  for (const u of candidateUrls) {
-    const h = hostFromString(u);
-    if (h) hosts.add(h);
-  }
-  return Array.from(hosts);
-}
-
 
 export async function runPip(command, args) {
   try {
     const env = mergeSafeChainProxyEnvironmentVariables(process.env);
-    // Re-introduce conditional --cert injection: only for known registries (MITM).
-    // No global env overrides for Python trust.
-    const hosts = extractHostsFromPipArgs(args);
-    const allKnown = hosts.length === 0
-      ? true // No explicit sources => default PyPI (known) -> MITM
-      : hosts.every((h) => knownPipRegistries.includes(h));
 
-    // Respect user-provided --cert: detect both "--cert <path>" and "--cert=<path>"
+  // Always set Python CA env vars to a combined bundle that includes Safe Chain CA,
-    const hasUserCert = args.some(
+  // Mozilla roots (certifi), and Node built-in root CAs.
-      (a) => a === "--cert" || (typeof a === "string" && a.startsWith("--cert="))
+    const combinedCaPath = getCombinedCaBundlePath();
-    );
+    env.REQUESTS_CA_BUNDLE = combinedCaPath;
+    env.SSL_CERT_FILE = combinedCaPath;
 
-    let finalArgs = [...args];
+    const result = await safeSpawn(command, args, {
-    if (allKnown && !hasUserCert) {
-      finalArgs = [...args, "--cert", getCaCertPath()];
-    }
-
-    const result = await safeSpawn(command, finalArgs, {
       stdio: "inherit",
       env,
     });

packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js

@@ -1,7 +1,7 @@
 import { describe, it, beforeEach, afterEach, mock } from "node:test";
 import assert from "node:assert";
 
-describe("runPipCommand --cert handling", () => {
+describe("runPipCommand environment variable handling", () => {
   let runPip;
   let capturedArgs = null;
 
@@ -28,10 +28,10 @@ describe("runPipCommand --cert handling", () => {
       },
     });
 
-    // Mock certUtils to point to a test CA path
+    // Mock pipCaBundle to return a test combined bundle path
-    mock.module("../../registryProxy/certUtils.js", {
+    mock.module("./utils/pipCaBundle.js", {
       namedExports: {
-        getCaCertPath: () => "/tmp/test-ca.pem",
+        getCombinedCaBundlePath: () => "/tmp/test-combined-ca.pem",
       },
     });
 
@@ -43,66 +43,29 @@ describe("runPipCommand --cert handling", () => {
     mock.reset();
   });
 
-  it("should append --cert with our CA path to pip args by default (PyPI)", async () => {
+  it("should set REQUESTS_CA_BUNDLE and SSL_CERT_FILE for default PyPI (no explicit index)", async () => {
     const res = await runPip("pip3", ["install", "requests"]);
     assert.strictEqual(res.status, 0);
 
-    // safeSpawn should be called with --cert flag
     assert.ok(capturedArgs, "safeSpawn should have been called");
     
-    const idx = capturedArgs.args.indexOf("--cert");
+    // Check environment variables are set
-    assert.ok(idx >= 0, "--cert flag should be present in pip args");
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem",
+      "REQUESTS_CA_BUNDLE should be set to combined bundle path"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem",
+      "SSL_CERT_FILE should be set to combined bundle path"
+    );
     
-    const certPath = capturedArgs.args[idx + 1];
+    // Args should be unchanged (no arg injection)
-    assert.strictEqual(certPath, "/tmp/test-ca.pem", "CA path should match getCaCertPath()");
+    assert.deepStrictEqual(capturedArgs.args, ["install", "requests"]);
-    
-    // Original args should be preserved before --cert
-    assert.strictEqual(capturedArgs.args[0], "install");
-    assert.strictEqual(capturedArgs.args[1], "requests");
-
-  // No Python CA env overrides expected
-  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
-  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
   });
 
-  it("should not override user-provided --cert <path>", async () => {
+  it("should set CA environment variables even for external/test PyPI mirror (covers non-CLI traffic)", async () => {
-    const res = await runPip("pip3", ["install", "requests", "--cert", "/tmp/user-ca.pem"]);
-    assert.strictEqual(res.status, 0);
-
-    // Ensure only the user-provided --cert is present
-    const certIndices = capturedArgs.args
-      .map((a, i) => (a === "--cert" ? i : -1))
-      .filter((i) => i >= 0);
-    assert.strictEqual(certIndices.length, 1, "should not inject an extra --cert");
-    const userPath = capturedArgs.args[certIndices[0] + 1];
-    assert.strictEqual(userPath, "/tmp/user-ca.pem", "should preserve user-provided cert path");
-  // No Python CA env overrides expected
-  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
-  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
-  });
-
-  it("should not override user-provided --cert=<path>", async () => {
-    const res = await runPip("pip3", ["install", "requests", "--cert=/tmp/user-ca.pem"]);
-    assert.strictEqual(res.status, 0);
-
-    // Ensure args contain the inline --cert=<path> and no extra --cert token
-    const hasInline = capturedArgs.args.some((a) => typeof a === "string" && a.startsWith("--cert="));
-    assert.ok(hasInline, "should keep inline --cert=<path>");
-    const injectedIndex = capturedArgs.args.indexOf("--cert");
-    assert.strictEqual(injectedIndex, -1, "should not inject separate --cert when inline is provided");
-  // No Python CA env overrides expected
-  assert.strictEqual(capturedArgs.options.env.REQUESTS_CA_BUNDLE, undefined);
-  assert.strictEqual(capturedArgs.options.env.SSL_CERT_FILE, undefined);
-  });
-
-  it("should inject --cert when explicit index is a known PyPI host", async () => {
-    const res = await runPip("pip3", ["install", "requests", "--index-url", "https://pypi.org/simple"]);
-    assert.strictEqual(res.status, 0);
-    const idx = capturedArgs.args.indexOf("--cert");
-    assert.ok(idx >= 0, "--cert should be present for known registries");
-  });
-
-  it("should NOT inject --cert when index points to an unknown external mirror (tunneled)", async () => {
     const res = await runPip("pip3", [
       "install",
       "certifi",
@@ -110,17 +73,41 @@ describe("runPipCommand --cert handling", () => {
       "https://test.pypi.org/simple",
     ]);
     assert.strictEqual(res.status, 0);
-    const idx = capturedArgs.args.indexOf("--cert");
+    // Env vars should be set unconditionally
-    assert.strictEqual(idx, -1, "--cert should be omitted for tunneled external hosts");
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem"
+    );
   });
 
-  it("should NOT inject --cert when installing from a direct external URL", async () => {
+  it("should still set CA env vars for PyPI even with user --cert flag", async () => {
-    const res = await runPip("pip3", [
+    // For default PyPI, we still set env vars; pip CLI --cert takes precedence
-      "install",
+    const res = await runPip("pip3", ["install", "requests"]);
-      "https://example.com/pkg-1.0.0-py3-none-any.whl",
-    ]);
     assert.strictEqual(res.status, 0);
-    const idx = capturedArgs.args.indexOf("--cert");
+    
-    assert.strictEqual(idx, -1, "--cert should be omitted for direct external URLs");
+    // Environment variables still set (pip CLI --cert takes precedence)
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem"
+    );
+  });
+
+  it("should preserve HTTPS_PROXY from proxy merge", async () => {
+    const res = await runPip("pip3", ["install", "requests"]);
+    assert.strictEqual(res.status, 0);
+    
+    assert.strictEqual(
+      capturedArgs.options.env.HTTPS_PROXY,
+      "http://localhost:8080",
+      "HTTPS_PROXY should be set by proxy merge"
+    );
   });
 });

packages/safe-chain/src/packagemanager/pip/utils/pipCaBundle.js

@@ -0,0 +1,90 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import certifi from "certifi";
+import tls from "node:tls";
+import { X509Certificate } from "node:crypto";
+import { getCaCertPath } from "../../../registryProxy/certUtils.js";
+
+/**
+ * Check if a PEM string contains only parsable cert blocks.
+ */
+function isParsable(pem) {
+  if (!pem || typeof pem !== "string") return false;
+  const begin = "-----BEGIN CERTIFICATE-----";
+  const end = "-----END CERTIFICATE-----";
+  const blocks = [];
+
+  let idx = 0;
+  while (idx < pem.length) {
+    const start = pem.indexOf(begin, idx);
+    if (start === -1) break;
+    const stop = pem.indexOf(end, start + begin.length);
+    if (stop === -1) break;
+    const blockEnd = stop + end.length;
+    blocks.push(pem.slice(start, blockEnd));
+    idx = blockEnd;
+  }
+
+  if (blocks.length === 0) return false;
+  try {
+    for (const b of blocks) {
+      // throw if invalid
+      new X509Certificate(b);
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+let cachedPath = null;
+
+/**
+ * Build a combined CA bundle specifically for pip flows.
+ * - Includes Safe Chain CA (for MITM of known registries)
+ * - Includes Mozilla roots via npm `certifi` (public HTTPS)
+ * - Includes Node's built-in root certificates as a portable fallback
+ * */
+export function getCombinedCaBundlePath() {
+  if (cachedPath && fs.existsSync(cachedPath)) return cachedPath;
+
+  // Concatenate PEM files
+  const parts = [];
+
+  // 1) Safe Chain CA (for MITM'd registries)
+  const safeChainPath = getCaCertPath();
+  try {
+    const safeChainPem = fs.readFileSync(safeChainPath, "utf8");
+    if (isParsable(safeChainPem)) parts.push(safeChainPem.trim());
+  } catch {
+    // Ignore if Safe Chain CA is not available
+  }
+
+  // 2) certifi (Mozilla CA bundle for all public HTTPS)
+  try {
+    const certifiPem = fs.readFileSync(certifi, "utf8");
+    if (isParsable(certifiPem)) parts.push(certifiPem.trim());
+  } catch {
+    // Ignore if certifi bundle is not available
+  }
+
+  // 3) Node's built-in root certificates
+  try {
+    const nodeRoots = tls.rootCertificates;
+    if (Array.isArray(nodeRoots) && nodeRoots.length) {
+      for (const rootPem of nodeRoots) {
+        if (typeof rootPem !== "string") continue;
+        if (isParsable(rootPem)) parts.push(rootPem.trim());
+      }
+    }
+  } catch {
+    // Ignore if unavailable
+  }
+
+  const combined = parts.filter(Boolean).join("\n");
+  const target = path.join(os.tmpdir(), "safe-chain-python-ca-bundle.pem");
+  fs.writeFileSync(target, combined, { encoding: "utf8" });
+  cachedPath = target;
+  return cachedPath;
+}

packages/safe-chain/src/packagemanager/pip/utils/pipCaBundle.spec.js

@@ -0,0 +1,71 @@
+import { describe, it, beforeEach, mock } from "node:test";
+import assert from "node:assert";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import tls from "node:tls";
+
+// Utility to remove the generated bundle so the module rebuilds it on demand
+function removeBundleIfExists() {
+  const target = path.join(os.tmpdir(), "safe-chain-python-ca-bundle.pem");
+  try {
+    if (fs.existsSync(target)) fs.unlinkSync(target);
+  } catch {
+    // ignore
+  }
+}
+
+describe("pipCaBundle.getCombinedCaBundlePath", () => {
+  beforeEach(() => {
+    mock.restoreAll();
+    removeBundleIfExists();
+  });
+
+  it("includes Safe Chain CA when parsable and produces a PEM bundle", async () => {
+    // Prepare a temporary Safe Chain CA file with a recognizable marker and a valid cert block
+    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "pipcabundle-"));
+    const safeChainPath = path.join(tmpDir, "safechain-ca.pem");
+    const marker = "# SAFE_CHAIN_TEST_MARKER";
+    const rootPem = typeof tls.rootCertificates?.[0] === "string" ? tls.rootCertificates[0] : "";
+    assert.ok(rootPem.includes("BEGIN CERTIFICATE"), "Environment lacks Node root certificates for test");
+    fs.writeFileSync(safeChainPath, `${marker}\n${rootPem}`, "utf8");
+
+    // Mock the certUtils.getCaCertPath to return our temp file
+    mock.module("../../../registryProxy/certUtils.js", {
+      namedExports: {
+        getCaCertPath: () => safeChainPath,
+      },
+    });
+
+    const { getCombinedCaBundlePath } = await import("./pipCaBundle.js");
+    const bundlePath = getCombinedCaBundlePath();
+    assert.ok(fs.existsSync(bundlePath), "Bundle path should exist");
+    const contents = fs.readFileSync(bundlePath, "utf8");
+    assert.match(contents, /-----BEGIN CERTIFICATE-----/);
+    assert.ok(contents.includes(marker), "Bundle should include Safe Chain CA content when parsable");
+  });
+
+  it("ignores invalid Safe Chain CA but still builds from other sources", async () => {
+    // Write an invalid file (no cert blocks)
+    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "pipcabundle-"));
+    const safeChainPath = path.join(tmpDir, "safechain-invalid.pem");
+    const invalidMarker = "INVALID_SAFE_CHAIN_CONTENT";
+    fs.writeFileSync(safeChainPath, invalidMarker, "utf8");
+
+    // Mock the certUtils.getCaCertPath to return our invalid file
+    mock.module("../../../registryProxy/certUtils.js", {
+      namedExports: {
+        getCaCertPath: () => safeChainPath,
+      },
+    });
+
+    // Ensure fresh build
+    removeBundleIfExists();
+    const { getCombinedCaBundlePath } = await import("./pipCaBundle.js");
+    const bundlePath = getCombinedCaBundlePath();
+    assert.ok(fs.existsSync(bundlePath), "Bundle path should exist");
+    const contents = fs.readFileSync(bundlePath, "utf8");
+    assert.match(contents, /-----BEGIN CERTIFICATE-----/, "Bundle should contain certificate blocks from certifi/Node roots");
+    assert.ok(!contents.includes(invalidMarker), "Bundle should not include invalid Safe Chain content");
+  });
+});

packages/safe-chain/src/registryProxy/registryProxy.mitm.spec.js

@@ -145,7 +145,7 @@ describe("registryProxy.mitm", () => {
   });
 
   // --- Pip registry MITM and env var tests ---
-  it("should NOT set global Python CA environment variables", () => {
+  it("should NOT set Python CA environment variables in proxy merge (handled by runPipCommand)", () => {
     const envVars = mergeSafeChainProxyEnvironmentVariables([]);
     assert.strictEqual(envVars.PIP_CERT, undefined);
     assert.strictEqual(envVars.REQUESTS_CA_BUNDLE, undefined);

test/e2e/pip.e2e.spec.js

@@ -193,7 +193,7 @@ describe("E2E: pip coverage", () => {
     );
   });
 
-  it(`pip3 can install from GitHub URL using system CAs`, async () => {
+  it(`pip3 can install from GitHub URL using the CA bundle`, async () => {
     const shell = await container.openShell("zsh");
     // Install a simple package from GitHub - this should use TCP tunnel, not MITM
     // Using a popular, small package for testing
@@ -204,10 +204,10 @@ describe("E2E: pip coverage", () => {
       `Output did not include expected text. Output was:\n${result.output}`
     );
 
-    // Verify installation succeeded (would fail if certificate validation broke)
+  // Verify installation succeeded (would fail if certificate validation via env CA bundle broke)
     assert.ok(
       result.output.includes("Successfully installed") || result.output.includes("Requirement already satisfied"),
-      `Installation from GitHub failed - system CAs may not be working. Output was:\n${result.output}`
+  `Installation from GitHub failed - CA bundle may not be working. Output was:\n${result.output}`
     );
 
     // Verify package was actually installed
@@ -230,7 +230,7 @@ describe("E2E: pip coverage", () => {
       `Output did not include expected text. Output was:\n${result.output}`
     );
 
-    // Verify successful installation (would fail with SSL/certificate errors if --cert wasn't working)
+    // Verify successful installation (would fail with SSL/certificate errors if the env CA bundle wasn't working)
     assert.ok(
       result.output.includes("Successfully installed"),
       `Installation should succeed with proper certificate validation. Output was:\n${result.output}`
@@ -246,7 +246,7 @@ describe("E2E: pip coverage", () => {
   it(`pip3 handles external HTTPS correctly (e.g., downloading from CDN)`, async () => {
     const shell = await container.openShell("zsh");
     // Test installing from a direct HTTPS URL (not a registry)
-    // This validates that non-registry HTTPS traffic works with system CAs
+    // This validates that non-registry HTTPS traffic works with our env-provided CA bundle
     const result = await shell.runCommand('pip3 install --break-system-packages https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl');
 
     assert.ok(
@@ -265,7 +265,7 @@ describe("E2E: pip coverage", () => {
   it(`pip3 can install from alternate PyPI mirror (tunneled, not MITM)`, async () => {
     const shell = await container.openShell("zsh");
     // Use Tsinghua PyPI mirror which is NOT in knownPipRegistries
-    // This tests tunneled HTTPS with --cert containing only Safe Chain CA
+    // This tests tunneled HTTPS with our env-provided CA bundle (Safe Chain CA + Mozilla + Node roots)
     // If the CA bundle doesn't include public roots, this will fail with CERTIFICATE_VERIFY_FAILED
     const result = await shell.runCommand('pip3 install --break-system-packages --index-url https://pypi.tuna.tsinghua.edu.cn/simple certifi');
 
@@ -277,7 +277,7 @@ describe("E2E: pip coverage", () => {
     // Should succeed if CA bundle properly handles tunneled hosts
     assert.ok(
       result.output.includes("Successfully installed") || result.output.includes("Requirement already satisfied"),
-      `Installation from PyPI mirror failed. This may indicate --cert CA bundle lacks public roots. Output was:\n${result.output}`
+  `Installation from PyPI mirror failed. This may indicate the CA bundle lacks public roots. Output was:\n${result.output}`
     );
 
     // Should NOT contain certificate verification errors