milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
737 commits 61 branches 106 tags 3.3 MiB
Commit graph

100 commits

Author SHA1 Message Date
Uriel Corfa
cb9f3ee145
Do not rely on asynchronous import of child_process. 
Importing child_process asynchronously causes loader errors when running the
binary dist:

$ ./dist/safe-chain python --safe-chain-logging=verbose
Safe-chain: Bypassing safe-chain for non-pip invocation: python
Failed to check for malicious packages: A dynamic import callback was not specified.
$

Relying on a regular import does not cause this issue. There is no obvious
reason for this import to be dynamic (in particular, there are no tests using
this to mock the spawn function), so let's simplify.
 2025-12-12 09:09:52 +01:00
Uriel Corfa
db2c272aea
Add a unit test for shouldBypassSafeChain 2025-12-12 09:09:52 +01:00
Uriel Corfa
64d87ae1e1
Flush buffered logs before exiting 2025-12-12 09:09:50 +01:00
Reinier Criel
d9fe775d11 Fix some issues 2025-12-08 15:18:06 -08:00
bitterpanda
15cc6ff7fe
Merge pull request #178 from AikidoSec/feature/poetry-2 
Add Poetry support
 2025-12-05 15:56:20 +01:00
Reinier Criel
e211f531c5 Refactor PyPI logic and cleanup 2025-12-04 12:37:59 -08:00
Reinier Criel
c1a12c9573 Merge branch 'main' into feature/poetry-2 2025-12-03 07:41:52 -08:00
Reinier Criel
795e7af23e Clean up comments 2025-12-02 08:44:43 -08:00
Reinier Criel
a4f9f590a4 Don't modify config for config related commands 2025-12-02 08:31:47 -08:00
Reinier Criel
292345f709 Fix some comments 2025-12-01 12:45:06 -08:00
Reinier Criel
4bfc315b57 Skeleton 2025-11-26 14:13:49 -08:00
Reinier Criel
023bccec11 Some more cleanup 2025-11-25 19:55:36 -08:00
Reinier Criel
5cb1bb935b More cleanup' 2025-11-25 15:03:33 -08:00
Reinier Criel
e03bceba88 Some cleanup 2025-11-25 14:37:31 -08:00
Reinier Criel
cab3a0aba3 Add uv (Astral Python package manager) support 
- Add uv package manager implementation following pip pattern
- Configure MITM proxy with CA bundle for PyPI packages
- Add shell integration (bash/zsh/fish/PowerShell)
- Conditional on --include-python flag
- Add 33 comprehensive E2E tests covering:
  - uv pip install/sync/compile commands
  - uv add for project dependencies
  - uv tool install for global tools
  - uv run --with for ephemeral dependencies
  - uv sync for project syncing
  - Malware blocking verification for all methods
- Update documentation and package.json
- Install uv in Docker test environment
 2025-11-25 14:10:20 -08:00
Reinier Criel
72bf44cb6d Fix linting issue 2025-11-21 10:31:57 -08:00
Reinier Criel
ab1aa0dce9 Little cleanup 2025-11-21 09:58:43 -08:00
Reinier Criel
0a0ac85542 Adapt per review 2025-11-21 09:41:07 -08:00
bitterpanda
f030b16adf
rm obvious comments 2025-11-21 13:33:33 +01:00
Reinier Criel
0e5b9b23f1 Fix tests 2025-11-17 10:18:47 -08:00
Reinier Criel
87fcb7239a Adapt per review 2025-11-17 10:03:38 -08:00
Reinier Criel
7039961d4c Bugfix 2025-11-13 15:50:37 -08:00
Reinier Criel
0b3cc1c175 Some more cleanup 2025-11-13 15:50:14 -08:00
Reinier Criel
4ee18973de Fix unit test 2025-11-13 12:48:04 -08:00
Reinier Criel
a0e24b1722 Update comments 2025-11-13 11:21:53 -08:00
Reinier Criel
61c9f1a1ef Merge config file if it exists 2025-11-13 11:14:45 -08:00
Reinier Criel
fbd11c6d44 Update 2025-11-12 14:01:06 -08:00
Reinier Criel
285906ea9d Update doc 2025-11-12 13:39:58 -08:00
Reinier Criel
f215368c4a Some small fixes 2025-11-12 13:30:22 -08:00
Reinier Criel
fdef9e0766 Some tweaks 2025-11-12 13:11:02 -08:00
Reinier Criel
f2bf5869ba Fix linting issue 2025-11-11 15:49:25 -08:00
Reinier Criel
a3d57cbd24 Cleanup 2025-11-11 15:24:59 -08:00
Reinier Criel
6bcd3d3b8f Make sure we don't override any environments 2025-11-11 15:22:06 -08:00
Reinier Criel
f9d241e474 Fix unused import 2025-11-11 14:32:12 -08:00
Reinier Criel
6a94271a10 Do not add list of trusted hosts, is security risk 2025-11-11 14:28:31 -08:00
Reinier Criel
9b102412af Add extra ENV vars 2025-11-11 10:37:39 -08:00
Reinier Criel
d3a4f81b3c More cleanup 2025-11-06 13:44:34 -08:00
Reinier Criel
61a53b24fd Some cleanup 2025-11-06 13:24:00 -08:00
Reinier Criel
a293c76ed9 Add better logging 2025-11-06 12:53:24 -08:00
Reinier Criel
e88aede939 Remove some debug logging 2025-11-06 12:25:55 -08:00
Reinier Criel
032fc3847f Fix args 2025-11-06 11:09:28 -08:00
Reinier Criel
28d24bb6ea Another iteration 2025-11-06 10:26:26 -08:00
Reinier Criel
87606def48 Fix comments 2025-11-05 09:18:18 -08:00
Reinier Criel
f0a3ae51db Only use mitm for pip packages 2025-11-05 08:34:40 -08:00
Reinier Criel
2b6b9b6737 Cleanup comments 2025-11-04 06:59:45 -08:00
Reinier Criel
d789491561 Merge branch 'main' into feature/pypi 2025-11-04 06:54:00 -08:00
Sander Declerck
497401e8e0
Remove yarn version check 2025-11-04 13:18:36 +01:00
Reinier Criel
f7e08bbea8 Fix more documentation issues 2025-11-03 10:44:12 -08:00
Reinier Criel
2accf954ca Fix more documentation issues 2025-11-03 10:20:05 -08:00
Reinier Criel
dadb1a3fba Adapt runPipCommand.js documentation 2025-11-03 09:55:39 -08:00