milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1288 commits 61 branches 106 tags 3.3 MiB
Commit graph

702 commits

Author SHA1 Message Date
Sander Declerck
c7ec7fcf37
Fix linting and type errors 2026-05-04 16:07:50 +02:00
Sander Declerck
5f82e45b2b
Merge branch 'rama-integration-beta' into rama-min-package-age-reporting 2026-05-04 16:07:20 +02:00
Sander Declerck
9f0e1aeab0
Merge branch 'main' into rama-integration-beta 2026-05-04 14:10:34 +02:00
Sander Declerck
64a825f43a
Merge branch 'main' into rama-integration-beta 2026-05-04 12:40:20 +02:00
Xander Van Raemdonck
19d2dee5c9
Bind registry proxy to loopback only 
Without an explicit host, `server.listen(0)` binds to every interface,
turning safe-chain's unauthenticated forward proxy into an open relay
while `aikido-*` commands are running. Anyone reachable on the network
can use it to hit the victim's localhost, intranet, or cloud metadata
endpoints. The advertised HTTPS_PROXY URL already used `localhost`
(loopback), but the listener itself was wide open.

Bind to 127.0.0.1 explicitly and update the advertised URL to match.
Add a regression test that verifies the listener refuses connections
on non-loopback interfaces.
 2026-04-30 20:37:41 +02:00
Sander Declerck
9fae225277
Make sure rejected promise is not cached in malware list / new packages cache 2026-04-21 09:31:26 +02:00
Sander Declerck
2930894624
Fix concurrency bug leading to multiple fetches of the malware database 2026-04-21 09:26:07 +02:00
Reinier Criel
33c3bec43d Fix PyPI minimum-age fallback when cached metadata bypasses rewrite 2026-04-17 09:37:40 -07:00
Reinier Criel
782af8e789
Merge pull request #411 from AikidoSec/feat/dynamic-install-dir 
Add support for custom install directory
 2026-04-16 10:04:25 -07:00
Reinier Criel
b3372cc50e Rename function 2026-04-15 15:33:37 -07:00
Reinier Criel
7ed943d46f Fix Windows bash 2026-04-15 09:19:20 -07:00
Reinier Criel
a68cf97f89 One more fix 2026-04-14 16:14:05 -07:00
Reinier Criel
bafa997a70 Some fixes 2026-04-14 16:02:46 -07:00
Reinier Criel
6ff2ee3367 Adapt per review 2026-04-14 11:30:29 -07:00
Stephen Benjamin
14c8abffea Add uvx support 
Add uvx as a supported package manager so that `uvx` commands are
routed through safe-chain's MITM proxy for malware detection, just
like `uv`. Previously, `uvx` bypassed all safe-chain protections.

The uvx package manager reuses the existing uv command runner since
uvx is functionally equivalent to `uv tool run`.

Fixes #268

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-14 10:04:10 -04:00
Reinier Criel
e54869ddd0 Code Quality 2026-04-13 14:40:42 -07:00
Reinier Criel
38a8130f4a Some fixes 2026-04-13 13:32:55 -07:00
Reinier Criel
f7324ccfc0 Merge branch 'feat/dynamic-install-dir' of github.com:AikidoSec/safe-chain into feat/dynamic-install-dir 2026-04-13 12:22:03 -07:00
Reinier Criel
60732c5b6a Test 2026-04-13 12:21:31 -07:00
Reinier Criel
56a54b8683
Update packages/safe-chain/src/shell-integration/supported-shells/zsh.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-13 11:17:51 -07:00
Reinier Criel
32408c6583
Update packages/safe-chain/src/shell-integration/supported-shells/windowsPowershell.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-13 11:17:39 -07:00
Reinier Criel
f2bdd28ae6
Update packages/safe-chain/src/shell-integration/supported-shells/powershell.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-13 11:17:27 -07:00
Reinier Criel
5bbf3da576
Update packages/safe-chain/src/shell-integration/supported-shells/fish.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-13 11:17:15 -07:00
Reinier Criel
f07d0ea888
Update packages/safe-chain/src/shell-integration/supported-shells/bash.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-13 11:17:02 -07:00
Reinier Criel
031c9683b1 Some more cleanup 2026-04-13 11:10:16 -07:00
Reinier Criel
d064d46668 Cleanup 2026-04-13 11:01:45 -07:00
Reinier Criel
98dcda78da Some more cleanup 2026-04-10 15:33:30 -07:00
Reinier Criel
e5c79e5bd6
Update packages/safe-chain/src/shell-integration/supported-shells/windowsPowershell.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-10 15:21:05 -07:00
Reinier Criel
8cf41dc4a6
Update packages/safe-chain/src/shell-integration/supported-shells/bash.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-10 15:20:53 -07:00
Reinier Criel
d7400a0bc0
Update packages/safe-chain/src/shell-integration/supported-shells/zsh.js 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-10 15:20:37 -07:00
Reinier Criel
eb9d0bba3e Code Quality 2026-04-10 15:16:33 -07:00
Reinier Criel
6628e1d4fd Some cleanup 2026-04-10 14:57:45 -07:00
Reinier Criel
32c95dbb9d Fix WIndows shell + unit tests 2026-04-10 14:27:55 -07:00
Reinier Criel
b0f392522b Some cleanup 2026-04-10 14:08:59 -07:00
Reinier Criel
24af6f21eb Add regular setup support 2026-04-10 12:09:40 -07:00
Reinier Criel
1635bee387 Add support for setup-ci with custom install dir 2026-04-10 10:18:49 -07:00
Reinier Criel
422963b38a Do not hardcode path in setup-ci 2026-04-10 09:05:29 -07:00
Reinier Criel
a0fb8d6b3d Add env var support for home dir 2026-04-10 08:57:08 -07:00
Sander Declerck
070afb9364
Remove archiver dependency and safe-chain ultimate troubleshooting 2026-04-07 17:19:45 +02:00
Reinier Criel
aeb3a47cab Change log level 2026-04-03 14:32:10 -07:00
bitterpanda
da9e3d475e
Merge pull request #365 from 123Haynes/main 
add a configuration option for custom malwaredb and newpackagelist urls.
 2026-04-03 02:26:34 +02:00
123Haynes
edc708f8ff log which url was used to fetch the malware lists and why 2026-04-02 21:02:05 +00:00
Reinier Criel
1a2805ba56 Adapt per review 2026-04-02 13:00:01 -07:00
Reinier Criel
0aabba668e Adapt per review 2026-04-02 08:56:20 -07:00
Reinier Criel
06ef0c3990 Adapt per review 2026-04-01 20:08:56 -07:00
Reinier Criel
c696386825 Some more cleanup 2026-04-01 15:38:42 -07:00
Reinier Criel
2b1247cf36 Code Quality 2026-04-01 15:23:25 -07:00
Reinier Criel
27e77d9b0b Fix regex 2026-04-01 15:19:39 -07:00
Reinier Criel
1a811edc95 More cleanup 2026-04-01 14:57:24 -07:00
Reinier Criel
e29c11546c Some cleanup 2026-04-01 14:43:00 -07:00