milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add tests

Browse source
This commit is contained in:
Reinier Criel 2025-10-22 14:51:44 -07:00
parent 1f707c1e13
commit fbb7e0f95f
10 changed files with 1934 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

53
packages/safe-chain/src/registryProxy/registryProxy.mitm.spec.js
View file

@ -140,6 +140,59 @@ describe("registryProxy.mitm", () => {
// Same hostname should get the same certificate (fingerprint)
assert.strictEqual(cert1.fingerprint, cert2.fingerprint);
});
// --- Pip registry MITM and env var tests ---
it("should set pip CA trust environment variables", () => {
const envVars = mergeSafeChainProxyEnvironmentVariables([]);
const caPath = getCaCertPath();
assert.strictEqual(envVars.PIP_CERT, caPath);
assert.strictEqual(envVars.REQUESTS_CA_BUNDLE, caPath);
assert.strictEqual(envVars.SSL_CERT_FILE, caPath);
});
it("should intercept HTTPS requests to pypi.org for pip package", async () => {
const response = await makeRegistryRequest(
proxyHost,
proxyPort,
"pypi.org",
"/packages/source/f/foo_bar/foo_bar-2.0.0.tar.gz"
);
assert.notStrictEqual(response.statusCode, 403);
assert.ok(typeof response.body === "string");
});
it("should intercept HTTPS requests to files.pythonhosted.org for pip wheel", async () => {
const response = await makeRegistryRequest(
proxyHost,
proxyPort,
"files.pythonhosted.org",
"/packages/xx/yy/foo_bar-2.0.0-py3-none-any.whl"
);
assert.notStrictEqual(response.statusCode, 403);
assert.ok(typeof response.body === "string");
});
it("should handle pip package with a1 version", async () => {
const response = await makeRegistryRequest(
proxyHost,
proxyPort,
"pypi.org",
"/packages/source/f/foo_bar/foo_bar-2.0.0a1.tar.gz"
);
assert.notStrictEqual(response.statusCode, 403);
assert.ok(typeof response.body === "string");
});
it("should handle pip package with latest version (should not block)", async () => {
const response = await makeRegistryRequest(
proxyHost,
proxyPort,
"pypi.org",
"/packages/source/f/foo_bar/foo_bar-latest.tar.gz"
);
assert.notStrictEqual(response.statusCode, 403);
assert.ok(typeof response.body === "string");
});
});
async function makeRegistryRequest(proxyHost, proxyPort, targetHost, path) {