mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
79 lines
1.8 KiB
JavaScript
79 lines
1.8 KiB
JavaScript
// Test-only mirror of the malware list. Injects known-safe packages as malicious
|
|
// to simulate blocking behavior in e2e tests without affecting real data.
|
|
|
|
import * as http from "node:http";
|
|
|
|
const lists = await downloadLists();
|
|
const server = http.createServer(handleRequest);
|
|
server.listen(5555, "127.0.0.1");
|
|
console.log("listening on http://127.0.0.1:5555");
|
|
|
|
function handleRequest(req, res) {
|
|
if (req.method !== "GET" || !req.url) {
|
|
res.writeHead(404);
|
|
res.end();
|
|
return;
|
|
}
|
|
|
|
if (req.url.startsWith("/ready")) {
|
|
res.writeHead(200);
|
|
res.end();
|
|
return;
|
|
}
|
|
|
|
for (const list of lists) {
|
|
if (req.url.startsWith(list.path)) {
|
|
res.writeHead(200, { "Content-Type": "application/json" });
|
|
res.end(JSON.stringify(list.data));
|
|
return;
|
|
}
|
|
}
|
|
|
|
res.writeHead(404);
|
|
res.end();
|
|
}
|
|
|
|
async function downloadLists() {
|
|
const lists = [
|
|
{
|
|
"path": "/malware_predictions.json",
|
|
"patchFunc": (data) => data,
|
|
},
|
|
{
|
|
"path": "/malware_pypi.json",
|
|
"patchFunc": patchPypi,
|
|
},
|
|
{
|
|
"path": "/releases/npm.json",
|
|
"patchFunc": (data) => data,
|
|
},
|
|
{
|
|
"path": "/releases/pypi.json",
|
|
"patchFunc": (data) => data,
|
|
},
|
|
]
|
|
|
|
for (const list of lists) {
|
|
list.data = list.patchFunc(await downloadList(list.path));
|
|
}
|
|
|
|
return lists;
|
|
}
|
|
|
|
async function downloadList(path) {
|
|
const baseUrl = "https://malware-list.aikido.dev";
|
|
const url = `${baseUrl}${path}`;
|
|
const response = await fetch(url);
|
|
return await response.json();
|
|
}
|
|
|
|
function patchPypi(data) {
|
|
|
|
data.push({
|
|
"package_name": "numpy",
|
|
"version": "2.4.4",
|
|
"reason": "MALWARE"
|
|
});
|
|
|
|
return data;
|
|
}
|