milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1170 commits 61 branches 106 tags 3.3 MiB
Commit graph

1170 commits

This branch
This branch
All branches
Author SHA1 Message Date
Reinier Criel
cb8db6c7a2
Merge pull request #443 from AikidoSec/vbump-v1.3.3 
Bump Endpoint Protection to latest
 2026-05-01 07:26:31 -07:00
Tudor Timcu
f4aa444cd8
Bump Endpoint Protection to latest 2026-05-01 14:43:41 +03:00
bitterpanda
da419a7785
Merge pull request #442 from AikidoSec/feat/readme-pypi-conf 
Add PIP_CONFIG_FILE section in readme
 2026-05-01 11:53:16 +02:00
Sander Declerck
00be33aa10
Merge pull request #423 from xandervr/security/proxy-loopback-only 
Bind registry proxy to loopback only
 2026-04-30 23:46:02 -07:00
Reinier Criel
a0f0372e15 Add PIP_CONFIG_FILE section in readme 2026-04-30 15:21:51 -07:00
Xander Van Raemdonck
19d2dee5c9
Bind registry proxy to loopback only 
Without an explicit host, `server.listen(0)` binds to every interface,
turning safe-chain's unauthenticated forward proxy into an open relay
while `aikido-*` commands are running. Anyone reachable on the network
can use it to hit the victim's localhost, intranet, or cloud metadata
endpoints. The advertised HTTPS_PROXY URL already used `localhost`
(loopback), but the listener itself was wide open.

Bind to 127.0.0.1 explicitly and update the advertised URL to match.
Add a regression test that verifies the listener refuses connections
on non-loopback interfaces.
 2026-04-30 20:37:41 +02:00
Sander Declerck
cbf830a637
Merge pull request #441 from AikidoSec/vbump-v1.3.2 
Bump Endpoint Protection to v1.3.2
 2026-04-30 08:03:57 -07:00
Tudor Timcu
c8e25f3c21
Bump Endpoint Protection to v1.3.2 2026-04-30 18:02:18 +03:00
Sander Declerck
fe161ba8a4
Merge pull request #438 from AikidoSec/verify-sha256-in-intall-script-beta 
Add binary checksum validation in safe-chain install scripts
 2026-04-29 17:58:41 +02:00
bitterpanda
8571fc6996
Merge pull request #440 from AikidoSec/endpoint-1-3 
Update Aikido Endpoint version to 1.3.1
 2026-04-29 15:30:05 +02:00
Sander Declerck
f3fd003303
Update Aikido Endpoint version to 1.3.1 2026-04-29 15:23:09 +02:00
Sander Declerck
d0fc643f23
Verify sha2356 checksum in install scripts 2026-04-29 12:50:17 +02:00
bitterpanda
bf2bf24343
Merge pull request #436 from AikidoSec/mirror-malware-list-in-e2e-tests 
Mirror malware list in e2e tests to mock malware in a harmless way
 2026-04-28 15:14:08 +02:00
Sander Declerck
ebebe6d6c1
Mirror malware list in e2e tests to mock malware in a harmless way 2026-04-28 14:47:49 +02:00
bitterpanda
222216e22a
Merge pull request #435 from AikidoSec/bitterpanda63-patch-3 
Enhance Aikido Endpoint link with UTM parameters
 2026-04-28 09:03:55 +02:00
bitterpanda
4ef69d337f
Merge pull request #433 from AikidoSec/feat/update-github-actions-example 
Fix Bitbucket Pipelines Example
 2026-04-28 08:51:35 +02:00
bitterpanda
6abad2d37f
Enhance Aikido Endpoint link with UTM parameters 
Updated the Aikido Endpoint link to include UTM parameters for tracking.
 2026-04-28 08:50:54 +02:00
Reinier Criel
ae40140199 Fix Bitbucket Pipelines Example 2026-04-27 12:51:31 -07:00
bitterpanda
725f7c399d
Merge pull request #419 from AikidoSec/concurrency-in-malware-list-fetch 2026-04-27 10:48:31 +02:00
Sander Declerck
dcd926f9d9
Merge pull request #431 from AikidoSec/feat/bump-endpoint-1-2-23 
Bump Endpoint Version to 1.2.23
 2026-04-27 09:52:26 +02:00
Reinier Criel
d04db58a5e Bump Endpoint Version to 1.2.23 2026-04-26 17:19:34 -07:00
Sander Declerck
9b42755502
Merge pull request #429 from AikidoSec/endpoint-1-2-22 
Endpoint 1.2.22
 2026-04-24 17:27:27 +02:00
Sander Declerck
e8fb134136
Endpoint 1.2.22 2026-04-24 17:12:48 +02:00
Sander Declerck
fbb856940f
Merge pull request #428 from AikidoSec/endpoint-uninstall-script-location-update 
Update endpoint uninstall script location
 2026-04-24 12:11:03 +02:00
Sander Declerck
0a230eb64c
Update endpoint uninstall script location 2026-04-24 12:04:31 +02:00
Reinier Criel
dab616163f
Merge pull request #427 from AikidoSec/feat/bump-endpoint-1-2-21 
Bump endpoint
 2026-04-23 11:05:53 -07:00
Reinier Criel
d81b0f5214 Bump endpoint 2026-04-23 10:32:04 -07:00
bitterpanda
c68fb2c7ed
Merge pull request #426 from AikidoSec/readme-aikido-endpoint 2026-04-23 11:59:34 +02:00
Samuel Vandamme
c22f36113c moved endpoint up 2026-04-22 17:42:22 +02:00
bitterpanda
fff1422b51
Merge pull request #425 from AikidoSec/endpoint-v1-2-20 
Endpoint 1.2.20
 2026-04-22 13:03:50 +02:00
Sander Declerck
88c969aee0
Endpoint 1.2.20 2026-04-22 13:02:41 +02:00
bitterpanda
f56edf292b
Merge pull request #422 from AikidoSec/feat/bump-endpoint 2026-04-21 20:28:27 +02:00
Reinier Criel
fbabd4e3c6 Bump endpoint versions 2026-04-21 11:05:06 -07:00
Sander Declerck
8dc5389ac9
Merge pull request #420 from AikidoSec/readme-aikido-endpoint 
Add Aikido Endpoint paragraph to README.md
 2026-04-21 13:35:33 +02:00
Samuel Vandamme
a840a99f1b moved endpoint up 2026-04-21 11:20:43 +02:00
Sander Declerck
21b44eb4a8
Mention cursor, windsurf, ... 2026-04-21 11:13:25 +02:00
Sander Declerck
b8d16c15b9
Add Aikido Endpoint paragraph to README.md 2026-04-21 11:09:18 +02:00
Sander Declerck
9fae225277
Make sure rejected promise is not cached in malware list / new packages cache 2026-04-21 09:31:26 +02:00
Sander Declerck
2930894624
Fix concurrency bug leading to multiple fetches of the malware database 2026-04-21 09:26:07 +02:00
bitterpanda
3e71398430
Merge pull request #418 from AikidoSec/bug/pypi-meta-data-cache-header 
Fix PyPI minimum-age fallback when cached metadata bypasses rewrite
 2026-04-19 15:30:11 +02:00
Reinier Criel
464847a6fc Add e2e test 2026-04-17 10:50:04 -07:00
Reinier Criel
33c3bec43d Fix PyPI minimum-age fallback when cached metadata bypasses rewrite 2026-04-17 09:37:40 -07:00
Reinier Criel
782af8e789
Merge pull request #411 from AikidoSec/feat/dynamic-install-dir 
Add support for custom install directory
 2026-04-16 10:04:25 -07:00
Reinier Criel
b3372cc50e Rename function 2026-04-15 15:33:37 -07:00
Reinier Criel
7ed943d46f Fix Windows bash 2026-04-15 09:19:20 -07:00
Reinier Criel
a68cf97f89 One more fix 2026-04-14 16:14:05 -07:00
Reinier Criel
bafa997a70 Some fixes 2026-04-14 16:02:46 -07:00
Reinier Criel
cdb87792df Merge branch 'feat/dynamic-install-dir' of github.com:AikidoSec/safe-chain into feat/dynamic-install-dir 2026-04-14 13:24:38 -07:00
Reinier Criel
6ff2ee3367 Adapt per review 2026-04-14 11:30:29 -07:00
Reinier Criel
43fe715b08
Update install-scripts/install-safe-chain.sh 
Co-authored-by: aikido-pr-checks[bot] <169896070+aikido-pr-checks[bot]@users.noreply.github.com>
 2026-04-14 11:08:04 -07:00