milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
874 commits 61 branches 106 tags 3.3 MiB
Commit graph

452 commits

Author SHA1 Message Date
Sander Declerck
0e7cce750d
Improve output 2026-01-19 14:30:09 +01:00
Sander Declerck
2784dfd34e
Check if the agents service is running before starting it 2026-01-19 14:23:15 +01:00
Sander Declerck
3958fcfcef
Parse cli args in ultimate installation 2026-01-19 14:06:43 +01:00
Sander Declerck
673783ceab
Uninstall safe-chain agent if it's there, before re-installing 2026-01-19 14:00:09 +01:00
Sander Declerck
c4941e25ed
Fix linting 2026-01-19 13:55:41 +01:00
Sander Declerck
4851e582f6
Improve updating existing agent install 2026-01-19 13:54:32 +01:00
Sander Declerck
6a3c7b938b
Overwrite the agent if it's already installed. 2026-01-19 13:48:33 +01:00
Sander Declerck
2c0245b020
Start and stop safe-chain agent's Windows service. 2026-01-19 13:28:16 +01:00
Sander Declerck
879b37e164
Add ultimate installer for Windows 2026-01-19 12:47:57 +01:00
Reinier Criel
f358709ab2
Merge pull request #282 from uriel-ecosia/command-not-found 
Propagate command-not-found errors when invoking wrapped commands
 2026-01-15 18:38:30 +01:00
Sander Declerck
05f7c8f877
Merge pull request #293 from AikidoSec/min-package-age-exclusion 
Min package age exclusion
 2026-01-15 16:08:33 +01:00
Sander Declerck
6c814ff82f
Only allow wildcards for scoped packages (@scope/*) 2026-01-15 15:13:00 +01:00
Reinier Criel
b6b880d21a
Merge pull request #287 from AikidoSec/bug/win32-command-parsing-beta 
Fix double dash argument forwarding on Win32 PowerShell
 2026-01-14 20:09:56 +01:00
Sander Declerck
884cb6e026
Allow trailing * for wildcard matching 2026-01-14 17:51:41 +01:00
Sander Declerck
6815b62019
Allow to exclude packages from the minimum package age 2026-01-14 17:41:23 +01:00
bitterpanda
9d55afbf85
Update packages/safe-chain/src/api/aikido.js 2026-01-14 15:33:09 +01:00
Sander Declerck
6f4eaf5234
Don't swallow error on retry 2026-01-14 15:31:37 +01:00
Sander Declerck
a5d545f29b
Handle pr comments 2026-01-14 14:55:11 +01:00
Sander Declerck
8d2655a4bf
Add tests for malware db retry 2026-01-14 14:41:06 +01:00
Sander Declerck
d83a381231
Retry downloading the malware database 3 times 2026-01-14 14:02:27 +01:00
bitterpanda
c38f1bcb3e
Update packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js 2026-01-13 19:33:00 +01:00
Reinier Criel
f678ff8dd1 Include package name in logging when minimum package age is not met 2026-01-13 10:09:59 -08:00
Reinier Criel
340e9a90a5 Remove comment 2026-01-12 15:13:34 -08:00
Reinier Criel
9a902af917 Fix some logic 2026-01-12 15:12:19 -08:00
Reinier Criel
19652c49c9 Attempted fix for powershell swallowing '--' 2026-01-12 14:53:23 -08:00
Sander Declerck
595f269f62
Add comment about backwards compat. 2026-01-12 11:20:25 +01:00
Sander Declerck
3573ef2bc5
Allow to configure loglevel through an env variable 2026-01-12 10:50:06 +01:00
Uriel Corfa
0ce0a87557
Add the same handler for fish 2026-01-08 10:01:13 +01:00
Uriel Corfa
4e894dd0fd
init-posix: preserve arguments when exec'ing the original_cmd 2026-01-08 09:56:59 +01:00
Uriel Corfa
3bfca9e296
Propagate command-not-found errors when invoking wrapped commands 
Before this change, if a package manager was not installed, safe-chain still
sets the function and when invoked, the wrapper will invoke safe-chain, which
will exit with error code 127 when it fails to invoke the wrapped command. As an
example (with a shell prompt that shows $? when non-zero):

```
$ type -f pip
bash: type: pip: not found
1$ pip
127$
```

With this patch, the wrapper first checks for the existence of the wrapped
command (ignoring functions), and if no such command exists, it instructs the
shell to invoke it anyway. This results in the shell failing to find the
command, and reporting an error as if the wrapper function wasn't there:

```
$ source init-posix.sh
$ type -f pip
bash: type: pip: not found
1$ pip
Command 'pip' not found, but can be installed with:
sudo apt install python3-pip
127$
```
 2026-01-07 17:18:48 +01:00
Sander Declerck
094d1416ca
Merge pull request #272 from graemechapman/patch-1 
fix: Allow running commands if safe-chain npm package is not installed
 2026-01-07 12:03:19 +01:00
Sander Declerck
8bfbe1c77d
Merge pull request #232 from galargh/pip-custom-registries 
feat: allow python custom registries configuration
 2026-01-05 14:01:51 +01:00
Sander Declerck
74c57cd86a
Merge pull request #262 from AikidoSec/safe-chain-verify-command 
Add command to verify safe-chain is intercepting the package managers commands
 2026-01-05 09:10:05 +01:00
galargh
b23ba9d9c4 chore: update test parametrization 2026-01-02 10:39:15 +01:00
Graeme Chapman
c510d886a9
Simplify command execution in init-posix.sh 2025-12-31 10:57:08 +00:00
Graeme Chapman
a0e19818a0
fix: Allow running commands if safe-chain npm package is not installed 2025-12-31 10:18:58 +00:00
galargh
c53a7347e2 feat: allow python custom registries configuration through config file 2025-12-22 13:49:45 +01:00
galargh
39e2001d97 Merge remote-tracking branch 'origin/main' into pip-custom-registries 2025-12-22 13:27:04 +01:00
jassanw
3b6beb7f16 default to port 443 if port is null or empty 2025-12-19 18:49:58 -08:00
cherryace
bd19f477f7 Using port from req url when creating proxy request instead of hardcoded port 443 2025-12-19 17:57:33 -08:00
Sander Declerck
b571aad6a0
Add command to verify safe-chain is intercepting the package managers commands 2025-12-19 16:18:21 +01:00
Sander Declerck
53c59e35e9
Merge pull request #258 from thomasbecker/fix/connection-timeout-issue-228 
fix: use true connection timeout instead of idle timeout
 2025-12-19 11:05:53 +01:00
Sander Declerck
120e12fd34
Merge pull request #259 from AikidoSec/configure-custom-npm-registries 
Allow to configure custom/private npm registries
 2025-12-19 10:42:51 +01:00
Reinier Criel
bbf5f8189b
Merge pull request #256 from AikidoSec/feature/pipx-2 
Add PIPX support
 2025-12-19 09:41:00 +01:00
Sander Declerck
9f93763b98
Handle code quality comments 2025-12-18 18:18:45 +01:00
Sander Declerck
deb0ad5428
Create a single emptyConfig object 2025-12-18 18:03:09 +01:00
Sander Declerck
e3aa2e15cb
Add npmjs.com to known registries too. 2025-12-18 17:59:15 +01:00
Sander Declerck
41cc24d1f5
Allow to configure custom/prinvate npm registries 2025-12-18 13:52:49 +01:00
Reinier Criel
287bd7a41f Remove redundant comment 2025-12-18 13:41:18 +01:00
Reinier Criel
6ce3791140 Fix check 2025-12-18 13:37:29 +01:00