mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
Add tests
This commit is contained in:
Reinier Criel
parent
1f707c1e13
commit
fbb7e0f95f
10 changed files with 1934 additions and 22 deletions
|
|
@ -1,15 +1,41 @@
|
|||
export const knownRegistries = ["registry.npmjs.org", "registry.yarnpkg.com"];
|
||||
import { parse } from "semver";
|
||||
|
||||
export const knownNpmRegistries = ["registry.npmjs.org"];
|
||||
export const knownYarnRegistries = ["registry.yarnpkg.com"];
|
||||
export const knownPipRegistries = ["files.pythonhosted.org", "pypi.org", "pypi.python.org", "pythonhosted.org"];
|
||||
|
||||
export function parsePackageFromUrl(url) {
|
||||
let packageName, version, registry;
|
||||
let registry;
|
||||
|
||||
for (const knownRegistry of knownRegistries) {
|
||||
for (const knownRegistry of knownNpmRegistries) {
|
||||
if (url.includes(knownRegistry)) {
|
||||
registry = knownRegistry;
|
||||
break;
|
||||
return parseNpmYarnPackageFromUrl(url, registry);
|
||||
}
|
||||
}
|
||||
|
||||
for (const knownRegistry of knownPipRegistries) {
|
||||
console.log("**parsePackageFromUrl.js** Checking pip registry:", knownRegistry);
|
||||
if (url.includes(knownRegistry)) {
|
||||
console.log("**parsePackageFromUrl.js** Matched pip registry:", knownRegistry);
|
||||
registry = knownRegistry;
|
||||
return parsePipPackageFromUrl(url, registry);
|
||||
}
|
||||
}
|
||||
|
||||
for (const knownRegistry of knownYarnRegistries) {
|
||||
if (url.includes(knownRegistry)) {
|
||||
registry = knownRegistry;
|
||||
return parseNpmYarnPackageFromUrl(url, registry);
|
||||
}
|
||||
}
|
||||
|
||||
// If no known registry matched, return { packageName: undefined, version: undefined }
|
||||
return { packageName: undefined, version: undefined };
|
||||
}
|
||||
|
||||
function parseNpmYarnPackageFromUrl(url, registry) {
|
||||
let packageName, version;
|
||||
if (!registry || !url.endsWith(".tgz")) {
|
||||
return { packageName, version };
|
||||
}
|
||||
|
|
@ -44,5 +70,73 @@ export function parsePackageFromUrl(url) {
|
|||
}
|
||||
}
|
||||
|
||||
console.log("**parsePackageFromUrl.js** Parsed package:", { packageName, version });
|
||||
return { packageName, version };
|
||||
}
|
||||
|
||||
function parsePipPackageFromUrl(url, registry) {
|
||||
let packageName, version
|
||||
|
||||
// Basic validation
|
||||
if (!registry || typeof url !== "string") {
|
||||
console.log("**parsePackageFromUrl.js** Invalid registry or URL");
|
||||
return { packageName, version};
|
||||
}
|
||||
|
||||
// Quick sanity check on the URL + parse
|
||||
let u;
|
||||
try {
|
||||
u = new URL(url);
|
||||
} catch {
|
||||
console.log("**parsePackageFromUrl.js** Malformed URL:", url);
|
||||
return { packageName, version};
|
||||
}
|
||||
|
||||
// Get the last path segment (filename) and decode it (strip query & fragment automatically)
|
||||
const lastSegment = u.pathname.split("/").filter(Boolean).pop();
|
||||
if (!lastSegment){
|
||||
console.log("**parsePackageFromUrl.js** No filename in URL path:", url);
|
||||
return { packageName, version};
|
||||
}
|
||||
|
||||
const filename = decodeURIComponent(lastSegment);
|
||||
|
||||
// Wheel (.whl)
|
||||
if (filename.endsWith(".whl")) {
|
||||
const base = filename.slice(0, -4); // remove ".whl"
|
||||
const firstDash = base.indexOf("-");
|
||||
if (firstDash > 0) {
|
||||
const dist = base.slice(0, firstDash); // may contain underscores
|
||||
const rest = base.slice(firstDash + 1); // version + the rest of tags
|
||||
const secondDash = rest.indexOf("-");
|
||||
const rawVersion = secondDash >= 0 ? rest.slice(0, secondDash) : rest;
|
||||
packageName = dist; // preserve underscores
|
||||
version = rawVersion;
|
||||
if (version === "latest" || !packageName || !version) {
|
||||
return { packageName: undefined, version: undefined };
|
||||
}
|
||||
console.log("**parsePackageFromUrl.js** Parsed package:", { packageName, version });
|
||||
return { packageName, version };
|
||||
}
|
||||
}
|
||||
|
||||
// Source dist (sdist)
|
||||
const sdistExtMatch = filename.match(/\.(tar\.gz|zip|tar\.bz2|tar\.xz)$/i);
|
||||
if (sdistExtMatch) {
|
||||
const base = filename.slice(0, -sdistExtMatch[0].length);
|
||||
const lastDash = base.lastIndexOf("-");
|
||||
if (lastDash > 0 && lastDash < base.length - 1) {
|
||||
packageName = base.slice(0, lastDash);
|
||||
version = base.slice(lastDash + 1);
|
||||
if (version === "latest" || !packageName || !version) {
|
||||
return { packageName: undefined, version: undefined };
|
||||
}
|
||||
console.log("**parsePackageFromUrl.js** Parsed package:", { packageName, version });
|
||||
return { packageName, version };
|
||||
}
|
||||
}
|
||||
|
||||
// Unknown file type or invalid
|
||||
console.log("**parsePackageFromUrl.js** Unknown file type for URL:", url);
|
||||
return { packageName: undefined, version: undefined };
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue