milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1292 commits 61 branches 106 tags 3.3 MiB
Commit graph

205 commits

Author SHA1 Message Date
Sander Declerck
f2479ad866
Listen to blocks with reason new_package 2026-05-05 13:10:42 +02:00
Sander Declerck
6442c4cf53
Fix linting 2026-05-05 11:01:49 +02:00
Sander Declerck
24127792d4
Add package name again 2026-05-05 10:55:22 +02:00
Sander Declerck
dc1bbea56b
Undo merge issue 2026-05-05 09:46:51 +02:00
Sander Declerck
c7ec7fcf37
Fix linting and type errors 2026-05-04 16:07:50 +02:00
Sander Declerck
5f82e45b2b
Merge branch 'rama-integration-beta' into rama-min-package-age-reporting 2026-05-04 16:07:20 +02:00
Sander Declerck
9f0e1aeab0
Merge branch 'main' into rama-integration-beta 2026-05-04 14:10:34 +02:00
Sander Declerck
64a825f43a
Merge branch 'main' into rama-integration-beta 2026-05-04 12:40:20 +02:00
Xander Van Raemdonck
19d2dee5c9
Bind registry proxy to loopback only 
Without an explicit host, `server.listen(0)` binds to every interface,
turning safe-chain's unauthenticated forward proxy into an open relay
while `aikido-*` commands are running. Anyone reachable on the network
can use it to hit the victim's localhost, intranet, or cloud metadata
endpoints. The advertised HTTPS_PROXY URL already used `localhost`
(loopback), but the listener itself was wide open.

Bind to 127.0.0.1 explicitly and update the advertised URL to match.
Add a regression test that verifies the listener refuses connections
on non-loopback interfaces.
 2026-04-30 20:37:41 +02:00
Reinier Criel
33c3bec43d Fix PyPI minimum-age fallback when cached metadata bypasses rewrite 2026-04-17 09:37:40 -07:00
Reinier Criel
6ff2ee3367 Adapt per review 2026-04-14 11:30:29 -07:00
Reinier Criel
d064d46668 Cleanup 2026-04-13 11:01:45 -07:00
Reinier Criel
32c95dbb9d Fix WIndows shell + unit tests 2026-04-10 14:27:55 -07:00
Reinier Criel
1a2805ba56 Adapt per review 2026-04-02 13:00:01 -07:00
Reinier Criel
0aabba668e Adapt per review 2026-04-02 08:56:20 -07:00
Reinier Criel
06ef0c3990 Adapt per review 2026-04-01 20:08:56 -07:00
Reinier Criel
c696386825 Some more cleanup 2026-04-01 15:38:42 -07:00
Reinier Criel
2b1247cf36 Code Quality 2026-04-01 15:23:25 -07:00
Reinier Criel
27e77d9b0b Fix regex 2026-04-01 15:19:39 -07:00
Reinier Criel
1a811edc95 More cleanup 2026-04-01 14:57:24 -07:00
Reinier Criel
4564b7f607 Initial 2026-04-01 14:32:36 -07:00
Reinier Criel
2ba6aaa46e Adapt per review 2026-03-30 07:58:14 -07:00
Reinier Criel
d84270be8d Adapt per review 2026-03-28 16:51:33 -07:00
Reinier Criel
aa7bbbd4e9 Code Quality 2026-03-28 11:39:02 -07:00
Reinier Criel
fd6fb456b4 Add minimum package age check for pypi 2026-03-28 10:15:13 -07:00
bitterpanda
5b1cd7e8da Split up newPackagesDatabse into builder, warnigns, cache 2026-03-27 15:52:07 -07:00
Reinier Criel
3a01a92f03 Code Quality 2026-03-27 15:14:13 -07:00
Reinier Criel
8133f0c970 Some more cleanup 2026-03-27 14:38:41 -07:00
Reinier Criel
8a4f759a78 Some cleanup 2026-03-27 14:25:58 -07:00
Reinier Criel
2df8ce463c Adapt per review 2026-03-27 13:17:58 -07:00
Reinier Criel
a53fc736e9 Fix yarn URL issue 2026-03-27 11:45:26 -07:00
Reinier Criel
db31fa9f41 Fix unit test 2026-03-27 10:37:47 -07:00
Reinier Criel
edf6a1694f Some cleanups 2026-03-27 10:35:41 -07:00
Reinier Criel
07e315a382 Adapt doc 2026-03-19 16:07:31 -07:00
Reinier Criel
2f4268f1af Add extra check 2026-03-19 15:58:42 -07:00
Sander Declerck
d9e6b89918
Undo dot in comment 2026-03-19 15:42:09 +01:00
Sander Declerck
47377711b8
Write log when certbundle could not be deleted 2026-03-19 11:11:34 +01:00
Sander Declerck
527e3cd70a
Cleanup generated cert bundles 2026-03-19 11:08:38 +01:00
Sander Declerck
983f26ea20
Adapt to modified contract with rama proxy 2026-03-11 16:24:06 +01:00
Sander Declerck
1b32be6c58
Fix tests 2026-03-10 12:58:22 +01:00
Sander Declerck
ceefaabe57
Consume the safe chain proxy min package age reporting webhook 2026-03-10 11:46:27 +01:00
Sander Declerck
127447d425
Code quality comments 2026-03-09 11:08:35 +01:00
Sander Declerck
e3fc6654db
Merge branch 'rama-integration-beta' into rama-blocked-events 2026-03-09 10:01:38 +01:00
Sander Declerck
8086f6e7d7
Fix verbose logging 2026-03-09 09:24:55 +01:00
Sander Declerck
261aca9701
Clean up rama proxy process start 2026-03-09 09:22:54 +01:00
Sander Declerck
f480d224b2
Add missing await 2026-03-09 09:18:31 +01:00
Sander Declerck
48221196be
Cleanup reportingServer code 2026-03-03 14:30:18 +01:00
Sander Declerck
8c38c0e35c
Add tests 2026-03-03 14:23:50 +01:00
Sander Declerck
68352d9ca4
Use proxy reporting endpoint to subscribe to blocked events 2026-03-03 13:53:38 +01:00
Sander Declerck
b03c1f6817
Cleanup pt2 2026-03-02 16:06:10 +01:00