milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1207 commits 61 branches 106 tags 3.3 MiB
Commit graph

128 commits

Author SHA1 Message Date
Chris Ingram
a1b89a55f8
Make block-count assertions count-agnostic in bun e2e 
Bun retries blocked downloads, so the count in "blocked N malicious
package downloads" can be >1. Match on the surrounding text rather than
a fixed count to keep the assertion robust.

Also drops the brittle "pdm update updates dependencies" case.
 2026-05-14 17:16:57 +01:00
Chris Ingram
8ab5cebd4f
Match actual block output in pdm e2e assertions 
The user-facing message is "Safe-chain: blocked N malicious package
downloads", not "blocked by safe-chain" (which only appears in the
proxy's HTTP response, not the rendered CLI output).
 2026-05-14 16:48:18 +01:00
Chris Ingram
ffe7f8de1f
Use numpy==2.4.4 as test malware in pdm e2e tests 
The safe-chain-pi-test package no longer exists on PyPI. Aikido now
patches numpy==2.4.4 into the malware list for tests, matching the
pattern already used in the poetry e2e suite.
 2026-05-14 16:28:50 +01:00
Chris Ingram
8453012f7b
Merge remote-tracking branch 'aikido/main' into feat/pdm-support 2026-05-14 09:51:31 +01:00
James McMeeking
fde0003a0a
Fix expected format to account for retries 
Count is apparently not deterministic
 2026-05-12 17:33:31 +01:00
James McMeeking
c93f1920fb
Skip min safe age to allow brand new PNPM boostrap 2026-05-12 16:53:51 +01:00
James McMeeking
25d966bfa9
Switch to using the versions from the CI matrix 
Incorporates the actual Rush and PNPM versions instead of pinning an old known-good version of PNPM
 2026-05-12 10:52:38 +01:00
James McMeeking
5f0ad7ecfd
Address e2e suite failures 2026-05-12 10:33:26 +01:00
James McMeeking
e891d1a992
Update e2e suite to cover supported package managers 2026-05-08 13:13:37 +01:00
James McMeeking
26f1dfb81a
Use the standard install command for rush 2026-05-08 13:12:57 +01:00
James McMeeking
5f56114185
Add e2e tests 
Note: rushx only dispatches package.json scripts, so it's probably not necessary to add it as a distinct manager at all.
 2026-05-08 11:24:17 +01:00
Sander Declerck
ebebe6d6c1
Mirror malware list in e2e tests to mock malware in a harmless way 2026-04-28 14:47:49 +02:00
Chris Ingram
abbe0480b6
Merge branch 'main' into feat/pdm-support 2026-04-22 14:25:32 +01:00
Reinier Criel
464847a6fc Add e2e test 2026-04-17 10:50:04 -07:00
Reinier Criel
782af8e789
Merge pull request #411 from AikidoSec/feat/dynamic-install-dir 
Add support for custom install directory
 2026-04-16 10:04:25 -07:00
Stephen Benjamin
8e4f036ce9 Add e2e test for UVX 2026-04-14 10:04:10 -04:00
Reinier Criel
1076d6bea8 Undo timeout change 2026-04-13 14:05:02 -07:00
Reinier Criel
72dc7dcf3a Fix spacing 2026-04-13 11:13:03 -07:00
Reinier Criel
031c9683b1 Some more cleanup 2026-04-13 11:10:16 -07:00
Reinier Criel
2ea5362b07 Increase timeout for tests 2026-04-10 15:47:21 -07:00
Reinier Criel
24af6f21eb Add regular setup support 2026-04-10 12:09:40 -07:00
Reinier Criel
1635bee387 Add support for setup-ci with custom install dir 2026-04-10 10:18:49 -07:00
Chris Ingram
1eb4fe05fd Add pdm package manager support 
PDM is a modern Python package manager using pyproject.toml (PEP 621).
Uses the same MITM-only proxy approach as poetry/uv/pipx — all malware
detection and minimum package age enforcement happens at the proxy layer
by intercepting PyPI requests.
 2026-04-06 13:01:42 +01:00
Sander Declerck
136e66b1d0
Pin axios version in tests 2026-03-31 09:59:08 +02:00
Reinier Criel
d2fc531c81 Fix tests and add command support 2025-12-18 10:33:31 +01:00
Reinier Criel
b9de94f0f1 Merge branch 'main' into feature/pipx-2 2025-12-17 14:28:14 +01:00
Reinier Criel
037a83e1ff Print warning if deprecated --include-python flag is given 2025-12-16 14:47:53 +01:00
Reinier Criel
7e460e50e1 Skeleton 2025-12-15 15:06:00 +01:00
Reinier Criel
dc6fcb9761 Skeleton 2025-12-15 14:42:58 +01:00
Reinier Criel
68180e5b44 Add more tests 2025-12-12 11:26:53 -08:00
Reinier Criel
a405a51706 Also remove script dir 2025-12-12 11:17:17 -08:00
Reinier Criel
7e88490bd1 Merge branch 'main' into feature/cleanup-shims 2025-12-12 08:03:12 -08:00
Reinier Criel
2b0f8d9f0d Skeleton 2025-12-11 15:13:15 -08:00
Reinier Criel
df66863ae5 Some tweaks 2025-12-11 13:08:23 -08:00
Reinier Criel
a9a7a37f6a Fix flag 2025-12-11 10:57:18 -08:00
Reinier Criel
c385f9b371 Adapt DockerFile 2025-12-11 10:45:24 -08:00
Reinier Criel
2daddace31 Pipe output for better logging 2025-12-11 09:32:53 -08:00
Reinier Criel
7a9a6418a5 Better logging for e2e tests + allow buffering of logs 2025-12-11 09:06:50 -08:00
Reinier Criel
23922dfb2d Fix test issue 2025-12-08 16:53:07 -08:00
Reinier Criel
c51956b2db Fix tests 2025-12-08 15:23:44 -08:00
Reinier Criel
091e6ec5f8 Merge branch 'main' into feature/combine-certs 2025-12-08 09:42:10 -08:00
Sander Declerck
a7946377b4
Log audit stats as verbose, not as information 2025-12-08 11:37:37 +01:00
Reinier Criel
8aa0615293 Some improvements 2025-12-05 15:13:12 -08:00
Reinier Criel
fc88120fdc Also for uv and poetry 2025-12-05 10:01:55 -08:00
Reinier Criel
85c4fcc96f Make sure e2e test clears cache 2025-12-05 09:39:51 -08:00
bitterpanda
15cc6ff7fe
Merge pull request #178 from AikidoSec/feature/poetry-2 
Add Poetry support
 2025-12-05 15:56:20 +01:00
Reinier Criel
e211f531c5 Refactor PyPI logic and cleanup 2025-12-04 12:37:59 -08:00
Reinier Criel
b1da6af30b Extend E2E Test 2025-12-03 08:24:37 -08:00
Reinier Criel
c1a12c9573 Merge branch 'main' into feature/poetry-2 2025-12-03 07:41:52 -08:00
Reinier Criel
20e63a58be Add a better e2e test to cover the issue 2025-12-02 09:45:04 -08:00