milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
302 commits 61 branches 106 tags 3.3 MiB
Commit graph

123 commits

Author SHA1 Message Date
Sander Declerck
1e7cd74364
Mock filesystem in configFile.spec.js 2025-11-03 14:49:44 +01:00
Sander Declerck
5304a7744a
Add better error handling, tests and type checks for configFile.js 2025-11-03 14:41:29 +01:00
Hans Ott
855f6a417f Use original notation 2025-11-03 11:31:04 +01:00
Hans Ott
910276deeb Fix type 2025-11-03 11:30:21 +01:00
Hans Ott
c3a62826d4 Make prop optional 2025-11-03 11:28:24 +01:00
Hans Ott
ad9551ca6d Improve types and remove async 2025-11-03 11:26:10 +01:00
Hans Ott
49d31049ac Revert code 
Let's do it in a separate PR
 2025-11-03 11:04:20 +01:00
Hans Ott
e8e7c85c62 Revert "Introduce mistake that passes linter" 
This reverts commit 1724e0b199.
 2025-11-02 15:31:23 +01:00
Hans Ott
1724e0b199 Introduce mistake that passes linter 2025-11-02 15:31:02 +01:00
Hans Ott
0cfce2d436 Revert "Example of mistake" 
This reverts commit b489fe822c.
 2025-11-02 15:29:36 +01:00
Hans Ott
b489fe822c Example of mistake 2025-11-02 15:29:23 +01:00
Hans Ott
e164eb8b95 Reduce diff 2025-11-01 13:47:13 +01:00
Hans Ott
86a2b8c2a7 Fix lint 2025-11-01 13:44:48 +01:00
Hans Ott
484cbcd960 Use @typedef {Object} X 
When you write @typedef {Object} ScanResult, you’re telling both JSDoc and TypeScript’s parser that this typedef represents an object type, not just an abstract name. This is important because it makes tools like IDEs, linters, and TypeScript’s JSDoc inference more reliable. It avoids ambiguity, especially in cases where the typedef might later be confused with something like a primitive, union, or function type. The official TypeScript documentation and the JSDoc spec both show this form as the canonical one for object shapes.
 2025-11-01 13:28:11 +01:00
Hans Ott
29dd63d1eb Reduce diff 2025-11-01 13:26:15 +01:00
Hans Ott
4f14859351 Fix check 2025-11-01 13:24:57 +01:00
Hans Ott
6f962a9299 Use Node.js 18 types 2025-11-01 13:09:08 +01:00
Hans Ott
c88b1a624f Type check safe-chain package 2025-11-01 13:06:06 +01:00
Sander Declerck
3721ca9113
Fix linter issues 2025-10-31 13:56:35 +01:00
Sander Declerck
78fd93b72a
End clientsocket without 502 in case of proxySocket error 2025-10-31 11:41:39 +01:00
Sander Declerck
4dc14397ad
Use correct event name in comment (error) 2025-10-31 11:40:01 +01:00
Sander Declerck
df5c424a42
Add missing import (ui) in mitmRequestHandler.js 2025-10-31 11:38:39 +01:00
Sander Declerck
bae43d0dcd
MITM handler: Close the response on server error 2025-10-31 11:38:16 +01:00
Sander Declerck
efb0044419
Add global exception handlers 2025-10-31 10:26:56 +01:00
Sander Declerck
65c9ca62de
Subscribe to more error events to prevent the process from crashing 2025-10-31 09:39:16 +01:00
Sander Declerck
ab3319a310
Remove --safe-chain-malware-action flag 2025-10-27 11:51:19 +01:00
Sander Declerck
95d9cefcc9
Merge pull request #123 from AikidoSec/logging-silent-mode 
Introduce silent mode to disable logging
 2025-10-27 11:29:26 +01:00
Sander Declerck
23c8a2e324
Merge pull request #91 from AikidoSec/escape-special-chars-in-shell 
Escape special chars in shell scripts
 2025-10-27 11:29:09 +01:00
Sander Declerck
0029a7e1c1
Add extra comments for regex clarification 2025-10-27 10:49:26 +01:00
Sander Declerck
f5f3b91b40
Test if command is safe to execute 2025-10-24 17:36:51 +02:00
Sander Declerck
0f164d055f
Fix mocking in tests 2025-10-23 17:48:26 +02:00
Sander Declerck
9a78cafbfd
Introduce silent mode to disable logging 2025-10-23 17:45:03 +02:00
Sander Declerck
7a55be49f4
Fix linting error 2025-10-23 13:29:14 +02:00
Sander Declerck
08c1328b52
Cleanup code, add some tests 2025-10-23 13:23:08 +02:00
Sander Declerck
c74c23b0ff
Fix unit tests 2025-10-23 10:52:03 +02:00
Sander Declerck
8447d3cac5
Merge branch 'main' into escape-special-chars-in-shell 2025-10-23 09:52:38 +02:00
Hans Ott
7e72ae7d3d
On Unix/macOS, pass args to spawn to avoid escaping issues 2025-10-23 09:46:15 +02:00
Sander Declerck
2e1ee0dfa4
Merge pull request #119 from AikidoSec/proxy-unit-tests 
Add tests for the proxy
 2025-10-22 15:47:16 +02:00
Sander Declerck
f4cdf91fc9
Add tests for the proxy 2025-10-22 15:41:33 +02:00
Sander Declerck
1ded3899b0
Commit new tests 2025-10-21 14:56:46 +02:00
Sander Declerck
da865f855d
Fix crash when a package does not contain a version (retracted packages) 2025-10-21 14:29:17 +02:00
Sander Declerck
b935f8d4f4
Merge pull request #105 from AikidoSec/kill-dry-run 
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead
 2025-10-15 12:04:26 +02:00
bitterpanda
e123c0e019
Merge pull request #106 from AikidoSec/remove-abbrev-package 
Remove abbrev package
 2025-10-15 12:03:07 +02:00
Sander Declerck
05354ba2f0
Add some more comments on why http / https is handled in different code paths 2025-10-15 11:56:03 +02:00
Sander Declerck
3e8ce13db5
Move generated abbrevs to a separate file 2025-10-15 11:51:56 +02:00
Sander Declerck
37ef3e187b
Further cleanup 2025-10-15 09:25:24 +02:00
Sander Declerck
fce7550609
Cleanup debugging code from test again 2025-10-15 09:21:23 +02:00
Sander Declerck
ee82134c19
Proxyres on close and end 2025-10-14 14:54:58 +02:00
Sander Declerck
a2d05b0cf0
More logs 2025-10-14 14:18:33 +02:00
Sander Declerck
2968960b41
Cleanup registryProxy, increase timeout on DockerTestContainer 2025-10-14 13:22:58 +02:00