mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
108 lines
3.4 KiB
JavaScript
108 lines
3.4 KiB
JavaScript
import { describe, it, before, beforeEach, afterEach } from "node:test";
|
|
import { DockerTestContainer } from "./DockerTestContainer.js";
|
|
import assert from "node:assert";
|
|
|
|
describe("E2E: safe-chain CLI python/pip support", () => {
|
|
let container;
|
|
|
|
before(async () => {
|
|
DockerTestContainer.buildImage();
|
|
});
|
|
|
|
beforeEach(async () => {
|
|
container = new DockerTestContainer();
|
|
await container.start();
|
|
// Note: We do NOT run 'safe-chain setup' here.
|
|
// We want to test the 'safe-chain' CLI command directly.
|
|
|
|
// Clear pip cache before each test to ensure fresh downloads through proxy
|
|
const shell = await container.openShell("zsh");
|
|
await shell.runCommand("pip3 cache purge");
|
|
});
|
|
|
|
afterEach(async () => {
|
|
if (container) {
|
|
await container.stop();
|
|
container = null;
|
|
}
|
|
});
|
|
|
|
it("safe-chain pip3 install routes through proxy", async () => {
|
|
const shell = await container.openShell("zsh");
|
|
// Invoke safe-chain directly with pip3 command
|
|
const result = await shell.runCommand(
|
|
"safe-chain pip3 install --break-system-packages requests"
|
|
);
|
|
|
|
assert.ok(
|
|
result.output.includes("no malware found."),
|
|
`Output did not include expected text. Output was:\n${result.output}`
|
|
);
|
|
assert.ok(
|
|
result.output.includes("Successfully installed") ||
|
|
result.output.includes("Requirement already satisfied"),
|
|
`Installation failed. Output was:\n${result.output}`
|
|
);
|
|
});
|
|
|
|
it("safe-chain python3 -m pip install routes through proxy", async () => {
|
|
const shell = await container.openShell("zsh");
|
|
const result = await shell.runCommand(
|
|
"safe-chain python3 -m pip install --break-system-packages requests"
|
|
);
|
|
|
|
assert.ok(
|
|
result.output.includes("no malware found."),
|
|
`Output did not include expected text. Output was:\n${result.output}`
|
|
);
|
|
});
|
|
|
|
it("safe-chain python3 script.py bypasses proxy", async () => {
|
|
const shell = await container.openShell("zsh");
|
|
|
|
// Create a simple script
|
|
await shell.runCommand("echo \"print('direct execution')\" > /tmp/test.py");
|
|
|
|
const result = await shell.runCommand("safe-chain python3 /tmp/test.py");
|
|
|
|
// Should execute the script
|
|
assert.ok(
|
|
result.output.includes("direct execution"),
|
|
`Script execution failed. Output was:\n${result.output}`
|
|
);
|
|
|
|
// Should NOT show safe-chain logs
|
|
assert.ok(
|
|
!result.output.includes("Safe-chain"),
|
|
`Should have bypassed safe-chain. Output was:\n${result.output}`
|
|
);
|
|
});
|
|
|
|
it("safe-chain python3 --version bypasses proxy", async () => {
|
|
const shell = await container.openShell("zsh");
|
|
const result = await shell.runCommand("safe-chain python3 --version");
|
|
|
|
assert.ok(
|
|
result.output.match(/Python 3\.\d+\.\d+/),
|
|
`Should show python version. Output was:\n${result.output}`
|
|
);
|
|
assert.ok(
|
|
!result.output.includes("Safe-chain"),
|
|
`Should have bypassed safe-chain. Output was:\n${result.output}`
|
|
);
|
|
});
|
|
|
|
it("safe-chain blocks malicious package via pip3", async () => {
|
|
const shell = await container.openShell("zsh");
|
|
await shell.runCommand("pip3 cache purge");
|
|
|
|
const result = await shell.runCommand(
|
|
"safe-chain pip3 install --break-system-packages safe-chain-pi-test"
|
|
);
|
|
|
|
assert.ok(
|
|
result.output.includes("blocked 1 malicious package downloads"),
|
|
`Should have blocked malware. Output was:\n${result.output}`
|
|
);
|
|
});
|
|
});
|