mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
37 lines
1.3 KiB
JavaScript
37 lines
1.3 KiB
JavaScript
import { ui } from "../../environment/userInteraction.js";
|
|
import { safeSpawn } from "../../utils/safeSpawn.js";
|
|
import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
|
|
import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
|
|
|
|
/**
|
|
* @param {string} command
|
|
* @param {string[]} args
|
|
*
|
|
* @returns {Promise<{status: number}>}
|
|
*/
|
|
export async function runPip(command, args) {
|
|
try {
|
|
const env = mergeSafeChainProxyEnvironmentVariables(process.env);
|
|
|
|
// Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots)
|
|
// so that any network request made by pip, including those outside explicit CLI args,
|
|
// validates correctly under both MITM'd and tunneled HTTPS.
|
|
const combinedCaPath = getCombinedCaBundlePath();
|
|
env.REQUESTS_CA_BUNDLE = combinedCaPath;
|
|
env.SSL_CERT_FILE = combinedCaPath;
|
|
|
|
const result = await safeSpawn(command, args, {
|
|
stdio: "inherit",
|
|
env,
|
|
});
|
|
return { status: result.status };
|
|
} catch (/** @type any */ error) {
|
|
if (error.status) {
|
|
return { status: error.status };
|
|
} else {
|
|
ui.writeError(`Error executing command: ${error.message}`);
|
|
ui.writeError(`Is '${command}' installed and available on your system?`);
|
|
return { status: 1 };
|
|
}
|
|
}
|
|
}
|