@aikidosec/safe-chain 0.0.1-custom-install-dir

package/src/shell-integration/supported-shells/bash.js

@@ -0,0 +1,222 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+} from "../helpers.js";
+import { getScriptsDir } from "../../config/safeChainDir.js";
+import { execSync, spawnSync } from "child_process";
+import * as os from "os";
+import path from "path";
+
+const shellName = "Bash";
+const executableName = "bash";
+const startupFileCommand = "echo ~/.bashrc";
+const eol = "\n"; // When bash runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}=`),
+      eol
+    );
+  }
+
+  // Remove sourcing line to disable safe-chain shell integration
+  removeLinesMatchingPattern(
+    startupFile,
+    /^source\s+.*init-posix\.sh.*#\s*Safe-chain/,
+    eol
+  );
+
+  return true;
+}
+
+function setup() {
+  const startupFile = getStartupFile();
+  const scriptsDir = getShellScriptsDir();
+
+  addLineToFile(
+    startupFile,
+    `source ${path.posix.join(scriptsDir, "init-posix.sh")} # Safe-chain bash initialization script`,
+    eol
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    var path = execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+
+    return windowsFixPath(path);
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`
+    );
+  }
+}
+
+/**
+ * @param {string} path
+ *
+ * @returns {string}
+ */
+function windowsFixPath(path) {
+  try {
+    if (os.platform() !== "win32") {
+      return path;
+    }
+
+    // On windows cygwin bash, paths are returned in format /c/user/..., but we need it in format C:\user\...
+    // To convert, the cygpath -w command can be used to convert to the desired format.
+    // Cygpath only exists on Cygwin, so we first check if the command is available.
+    // If it is, we use it to convert the path.
+    if (hasCygpath()) {
+      return cygpathw(path);
+    }
+
+    return path;
+  } catch {
+    return path;
+  }
+}
+
+function getShellScriptsDir() {
+  return toBashPath(getScriptsDir());
+}
+
+/**
+ * @param {string} path
+ *
+ * @returns {string}
+ */
+function toBashPath(path) {
+  try {
+    if (os.platform() !== "win32") {
+      return path.replace(/\\/g, "/");
+    }
+
+    const directWindowsPath = windowsPathToBashPath(path);
+    if (directWindowsPath) {
+      return directWindowsPath;
+    }
+
+    if (hasCygpath()) {
+      return convertCygwinPathToUnix(path);
+    }
+
+    return path.replace(/\\/g, "/");
+  } catch {
+    return path.replace(/\\/g, "/");
+  }
+}
+
+/**
+ * @param {string} path
+ *
+ * @returns {string | undefined}
+ */
+function windowsPathToBashPath(path) {
+  const match = /^([A-Za-z]):[\\/](.*)$/.exec(path);
+  if (!match) {
+    return undefined;
+  }
+
+  const [, driveLetter, rest] = match;
+  return `/${driveLetter.toLowerCase()}/${rest.replace(/\\/g, "/")}`;
+}
+
+function hasCygpath() {
+  try {
+    var result = spawnSync("where", ["cygpath"], { shell: executableName });
+    return result.status === 0;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * @param {string} path
+ *
+ * @returns {string}
+ */
+function cygpathw(path) {
+  try {
+    var result = spawnSync("cygpath", ["-w", path], {
+      encoding: "utf8",
+      shell: executableName,
+    });
+    if (result.status === 0) {
+      return result.stdout.trim();
+    }
+    return path;
+  } catch {
+    return path;
+  }
+}
+
+/**
+ * @param {string} path
+ *
+ * @returns {string}
+ */
+function convertCygwinPathToUnix(path) {
+  try {
+    var result = spawnSync("cygpath", ["-u", path], {
+      encoding: "utf8",
+      shell: executableName,
+    });
+    if (result.status === 0) {
+      return result.stdout.trim();
+    }
+    return path.replace(/\\/g, "/");
+  } catch {
+    return path.replace(/\\/g, "/");
+  }
+}
+
+function getManualTeardownInstructions() {
+  const scriptsDir = getShellScriptsDir();
+  return [
+    `Remove the following line from your ~/.bashrc file:`,
+    `  source ${path.posix.join(scriptsDir, "init-posix.sh")}`,
+    `Then restart your terminal or run: source ~/.bashrc`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  const scriptsDir = getShellScriptsDir();
+  return [
+    `Add the following line to your ~/.bashrc file:`,
+    `  source ${path.posix.join(scriptsDir, "init-posix.sh")}`,
+    `Then restart your terminal or run: source ~/.bashrc`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/fish.js

@@ -0,0 +1,97 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+} from "../helpers.js";
+import { getScriptsDir } from "../../config/safeChainDir.js";
+import { execSync } from "child_process";
+import path from "path";
+
+const shellName = "Fish";
+const executableName = "fish";
+const startupFileCommand = "echo ~/.config/fish/config.fish";
+const eol = "\n"; // When fish runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}\\s+`),
+      eol
+    );
+  }
+
+  // Remove sourcing line to prevent safe-chain initialization in future shell sessions
+  removeLinesMatchingPattern(
+    startupFile,
+    /^source\s+.*init-fish\.fish.*#\s*Safe-chain/,
+    eol
+  );
+
+  return true;
+}
+
+function setup() {
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `source ${path.join(getScriptsDir(), "init-fish.fish")} # Safe-chain Fish initialization script`,
+    eol
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your ~/.config/fish/config.fish file:`,
+    `  source ${path.join(getScriptsDir(), "init-fish.fish")}`,
+    `Then restart your terminal or run: source ~/.config/fish/config.fish`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your ~/.config/fish/config.fish file:`,
+    `  source ${path.join(getScriptsDir(), "init-fish.fish")}`,
+    `Then restart your terminal or run: source ~/.config/fish/config.fish`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/powershell.js

@@ -0,0 +1,102 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+  validatePowerShellExecutionPolicy,
+} from "../helpers.js";
+import { getScriptsDir } from "../../config/safeChainDir.js";
+import { execSync } from "child_process";
+import path from "path";
+
+const shellName = "PowerShell Core";
+const executableName = "pwsh";
+const startupFileCommand = "echo $PROFILE";
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^Set-Alias\\s+${tool}\\s+`),
+    );
+  }
+
+  // Remove sourcing line to prevent shell from loading safe-chain after uninstallation
+  removeLinesMatchingPattern(
+    startupFile,
+    /^\.\s+["']?.*init-pwsh\.ps1["']?.*#\s*Safe-chain/,
+  );
+
+  return true;
+}
+
+async function setup() {
+  const { isValid, policy } =
+    await validatePowerShellExecutionPolicy(executableName);
+  if (!isValid) {
+    throw new Error(
+      `PowerShell execution policy is set to '${policy}', which prevents safe-chain from running.\n  -> To fix this, open PowerShell as Administrator and run: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.\n     For more information, see: https://help.aikido.dev/code-scanning/aikido-malware-scanning/safe-chain-troubleshooting#powershell-execution-policy-blocks-scripts-windows`,
+    );
+  }
+
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `. "${path.join(getScriptsDir(), "init-pwsh.ps1")}" # Safe-chain PowerShell initialization script`,
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`,
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "${path.join(getScriptsDir(), "init-pwsh.ps1")}"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "${path.join(getScriptsDir(), "init-pwsh.ps1")}"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/windowsPowershell.js

@@ -0,0 +1,102 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+  validatePowerShellExecutionPolicy,
+} from "../helpers.js";
+import { getScriptsDir } from "../../config/safeChainDir.js";
+import { execSync } from "child_process";
+import path from "path";
+
+const shellName = "Windows PowerShell";
+const executableName = "powershell";
+const startupFileCommand = "echo $PROFILE";
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^Set-Alias\\s+${tool}\\s+`),
+    );
+  }
+
+  // Remove sourcing line to clean up safe-chain integration from the shell profile
+  removeLinesMatchingPattern(
+    startupFile,
+    /^\.\s+["']?.*init-pwsh\.ps1["']?.*#\s*Safe-chain/,
+  );
+
+  return true;
+}
+
+async function setup() {
+  const { isValid, policy } =
+    await validatePowerShellExecutionPolicy(executableName);
+  if (!isValid) {
+    throw new Error(
+      `PowerShell execution policy is set to '${policy}', which prevents safe-chain from running.\n  -> To fix this, open PowerShell as Administrator and run: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.\n     For more information, see: https://help.aikido.dev/code-scanning/aikido-malware-scanning/safe-chain-troubleshooting#powershell-execution-policy-blocks-scripts-windows`,
+    );
+  }
+
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `. "${path.join(getScriptsDir(), "init-pwsh.ps1")}" # Safe-chain PowerShell initialization script`,
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`,
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "${path.join(getScriptsDir(), "init-pwsh.ps1")}"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "${path.join(getScriptsDir(), "init-pwsh.ps1")}"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/zsh.js

@@ -0,0 +1,94 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+} from "../helpers.js";
+import { getScriptsDir } from "../../config/safeChainDir.js";
+import { execSync } from "child_process";
+import path from "path";
+
+const shellName = "Zsh";
+const executableName = "zsh";
+const startupFileCommand = "echo ${ZDOTDIR:-$HOME}/.zshrc";
+const eol = "\n"; // When zsh runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}=`),
+      eol
+    );
+  }
+
+  // Remove sourcing line to complete shell integration cleanup
+  removeLinesMatchingPattern(
+    startupFile,
+    /^source\s+.*init-posix\.sh.*#\s*Safe-chain/,
+    eol
+  );
+
+  return true;
+}
+
+function setup() {
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `source ${path.join(getScriptsDir(), "init-posix.sh")} # Safe-chain Zsh initialization script`,
+    eol
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your ~/.zshrc file:`,
+    `  source ${path.join(getScriptsDir(), "init-posix.sh")}`,
+    `Then restart your terminal or run: source ~/.zshrc`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your ~/.zshrc file:`,
+    `  source ${path.join(getScriptsDir(), "init-posix.sh")}`,
+    `Then restart your terminal or run: source ~/.zshrc`,
+  ];
+}
+
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};