@aikidosec/safe-chain 0.0.4-connect-timeout-beta

package/src/shell-integration/setup-ci.js

@@ -0,0 +1,170 @@
+import chalk from "chalk";
+import { ui } from "../environment/userInteraction.js";
+import { getPackageManagerList, knownAikidoTools } from "./helpers.js";
+import fs from "fs";
+import os from "os";
+import path from "path";
+import { fileURLToPath } from "url";
+import { includePython } from "../config/cliArguments.js";
+import { ECOSYSTEM_PY } from "../config/settings.js";
+
+/** @type {string} */
+// This checks the current file's dirname in a way that's compatible with:
+//  - Modulejs (import.meta.url)
+//  - ES modules (__dirname)
+// This is needed because safe-chain's npm package is built using ES modules,
+// but building the binaries requires commonjs.
+let dirname;
+if (import.meta.url) {
+  const filename = fileURLToPath(import.meta.url);
+  dirname = path.dirname(filename);
+} else {
+  dirname = __dirname;
+}
+
+/**
+ * Loops over the detected shells and calls the setup function for each.
+ */
+export async function setupCi() {
+  ui.writeInformation(
+    chalk.bold("Setting up shell aliases.") +
+      ` This will wrap safe-chain around ${getPackageManagerList()}.`
+  );
+  ui.emptyLine();
+
+  const shimsDir = path.join(os.homedir(), ".safe-chain", "shims");
+  const binDir = path.join(os.homedir(), ".safe-chain", "bin");
+  // Create the shims directory if it doesn't exist
+  if (!fs.existsSync(shimsDir)) {
+    fs.mkdirSync(shimsDir, { recursive: true });
+  }
+
+  createShims(shimsDir);
+  ui.writeInformation(`Created shims in ${shimsDir}`);
+  modifyPathForCi(shimsDir, binDir);
+  ui.writeInformation(`Added shims directory to PATH for CI environments.`);
+}
+
+/**
+ * @param {string} shimsDir
+ *
+ * @returns {void}
+ */
+function createUnixShims(shimsDir) {
+  // Read the template file
+  const templatePath = path.resolve(
+    dirname,
+    "path-wrappers",
+    "templates",
+    "unix-wrapper.template.sh"
+  );
+
+  if (!fs.existsSync(templatePath)) {
+    ui.writeError(`Template file not found: ${templatePath}`);
+    return;
+  }
+
+  const template = fs.readFileSync(templatePath, "utf-8");
+
+  // Create a shim for each tool
+  let created = 0;
+  for (const toolInfo of getToolsToSetup()) {
+    const shimContent = template
+      .replaceAll("{{PACKAGE_MANAGER}}", toolInfo.tool)
+      .replaceAll("{{AIKIDO_COMMAND}}", toolInfo.aikidoCommand);
+
+    const shimPath = path.join(shimsDir, toolInfo.tool);
+    fs.writeFileSync(shimPath, shimContent, "utf-8");
+
+    // Make the shim executable on Unix systems
+    fs.chmodSync(shimPath, 0o755);
+    created++;
+  }
+
+  ui.writeInformation(`Created ${created} Unix shim(s) in ${shimsDir}`);
+}
+
+/**
+ * @param {string} shimsDir
+ *
+ * @returns {void}
+ */
+function createWindowsShims(shimsDir) {
+  // Read the template file
+  const templatePath = path.resolve(
+    dirname,
+    "path-wrappers",
+    "templates",
+    "windows-wrapper.template.cmd"
+  );
+
+  if (!fs.existsSync(templatePath)) {
+    ui.writeError(`Windows template file not found: ${templatePath}`);
+    return;
+  }
+
+  const template = fs.readFileSync(templatePath, "utf-8");
+
+  // Create a shim for each tool
+  let created = 0;
+  for (const toolInfo of getToolsToSetup()) {
+    const shimContent = template
+      .replaceAll("{{PACKAGE_MANAGER}}", toolInfo.tool)
+      .replaceAll("{{AIKIDO_COMMAND}}", toolInfo.aikidoCommand);
+
+    const shimPath = `${shimsDir}/${toolInfo.tool}.cmd`;
+    fs.writeFileSync(shimPath, shimContent, "utf-8");
+    created++;
+  }
+
+  ui.writeInformation(`Created ${created} Windows shim(s) in ${shimsDir}`);
+}
+
+/**
+ * @param {string} shimsDir
+ *
+ * @returns {void}
+ */
+function createShims(shimsDir) {
+  if (os.platform() === "win32") {
+    createWindowsShims(shimsDir);
+  } else {
+    createUnixShims(shimsDir);
+  }
+}
+
+/**
+ * @param {string} shimsDir
+ * @param {string} binDir
+ *
+ * @returns {void}
+ */
+function modifyPathForCi(shimsDir, binDir) {
+  if (process.env.GITHUB_PATH) {
+    // In GitHub Actions, append the shims directory to GITHUB_PATH
+    fs.appendFileSync(
+      process.env.GITHUB_PATH,
+      shimsDir + os.EOL + binDir + os.EOL,
+      "utf-8"
+    );
+    ui.writeInformation(
+      `Added shims directory to GITHUB_PATH for GitHub Actions.`
+    );
+  }
+
+  if (process.env.TF_BUILD) {
+    // In Azure Pipelines, prepending the path is done via a logging command:
+    //  ##vso[task.prependpath]/path/to/add
+    // Logging this to stdout will cause the Azure Pipelines agent to pick it up
+    ui.writeInformation("##vso[task.prependpath]" + shimsDir);
+    ui.writeInformation("##vso[task.prependpath]" + binDir);
+  }
+}
+
+function getToolsToSetup() {
+  if (includePython()) {
+    return knownAikidoTools;
+  } else {
+    return knownAikidoTools.filter((tool) => tool.ecoSystem !== ECOSYSTEM_PY);
+  }
+}

package/src/shell-integration/setup.js

@@ -0,0 +1,127 @@
+import chalk from "chalk";
+import { ui } from "../environment/userInteraction.js";
+import { detectShells } from "./shellDetection.js";
+import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
+import fs from "fs";
+import os from "os";
+import path from "path";
+import { includePython } from "../config/cliArguments.js";
+import { fileURLToPath } from "url";
+
+/** @type {string} */
+// This checks the current file's dirname in a way that's compatible with:
+//  - Modulejs (import.meta.url)
+//  - ES modules (__dirname)
+// This is needed because safe-chain's npm package is built using ES modules,
+// but building the binaries requires commonjs.
+let dirname;
+if (import.meta.url) {
+  const filename = fileURLToPath(import.meta.url);
+  dirname = path.dirname(filename);
+} else {
+  dirname = __dirname;
+}
+
+/**
+ * Loops over the detected shells and calls the setup function for each.
+ */
+export async function setup() {
+  ui.writeInformation(
+    chalk.bold("Setting up shell aliases.") +
+      ` This will wrap safe-chain around ${getPackageManagerList()}.`
+  );
+  ui.emptyLine();
+
+  copyStartupFiles();
+
+  try {
+    const shells = detectShells();
+    if (shells.length === 0) {
+      ui.writeError("No supported shells detected. Cannot set up aliases.");
+      return;
+    }
+
+    ui.writeInformation(
+      `Detected ${shells.length} supported shell(s): ${shells
+        .map((shell) => chalk.bold(shell.name))
+        .join(", ")}.`
+    );
+
+    let updatedCount = 0;
+    for (const shell of shells) {
+      if (setupShell(shell)) {
+        updatedCount++;
+      }
+    }
+
+    if (updatedCount > 0) {
+      ui.emptyLine();
+      ui.writeInformation(`Please restart your terminal to apply the changes.`);
+    }
+  } catch (/** @type {any} */ error) {
+    ui.writeError(
+      `Failed to set up shell aliases: ${error.message}. Please check your shell configuration.`
+    );
+    return;
+  }
+}
+
+/**
+ * Calls the setup function for the given shell and reports the result.
+ * @param {import("./shellDetection.js").Shell} shell
+ */
+function setupShell(shell) {
+  let success = false;
+  let error;
+  try {
+    shell.teardown(knownAikidoTools); // First, tear down to prevent duplicate aliases
+    success = shell.setup(knownAikidoTools);
+  } catch (/** @type {any} */ err) {
+    success = false;
+    error = err;
+  }
+
+  if (success) {
+    ui.writeInformation(
+      `${chalk.bold("- " + shell.name + ":")} ${chalk.green(
+        "Setup successful"
+      )}`
+    );
+  } else {
+    ui.writeError(
+      `${chalk.bold("- " + shell.name + ":")} ${chalk.red(
+        "Setup failed"
+      )}. Please check your ${shell.name} configuration.`
+    );
+    if (error) {
+      let message = `  Error: ${error.message}`;
+      if (error.code) {
+        message += ` (code: ${error.code})`;
+      }
+      ui.writeError(message);
+    }
+  }
+
+  return success;
+}
+
+function copyStartupFiles() {
+  const startupFiles = ["init-posix.sh", "init-pwsh.ps1", "init-fish.fish"];
+
+  for (const file of startupFiles) {
+    const targetDir = path.join(os.homedir(), ".safe-chain", "scripts");
+    const targetPath = path.join(os.homedir(), ".safe-chain", "scripts", file);
+
+    if (!fs.existsSync(targetDir)) {
+      fs.mkdirSync(targetDir, { recursive: true });
+    }
+
+    // Use absolute path for source
+    const sourcePath = path.join(
+      dirname,
+      includePython() ? "startup-scripts/include-python" : "startup-scripts",
+      file
+    );
+    fs.copyFileSync(sourcePath, targetPath);
+  }
+}

package/src/shell-integration/shellDetection.js

@@ -0,0 +1,37 @@
+import zsh from "./supported-shells/zsh.js";
+import bash from "./supported-shells/bash.js";
+import powershell from "./supported-shells/powershell.js";
+import windowsPowershell from "./supported-shells/windowsPowershell.js";
+import fish from "./supported-shells/fish.js";
+import { ui } from "../environment/userInteraction.js";
+
+/**
+ * @typedef {Object} Shell
+ * @property {string} name
+ * @property {() => boolean} isInstalled
+ * @property {(tools: import("./helpers.js").AikidoTool[]) => boolean} setup
+ * @property {(tools: import("./helpers.js").AikidoTool[]) => boolean} teardown
+ */
+
+/**
+ * @returns {Shell[]}
+ */
+export function detectShells() {
+  let possibleShells = [zsh, bash, powershell, windowsPowershell, fish];
+  let availableShells = [];
+
+  try {
+    for (const shell of possibleShells) {
+      if (shell.isInstalled()) {
+        availableShells.push(shell);
+      }
+    }
+  } catch (/** @type {any} */ error) {
+    ui.writeError(
+      `We were not able to detect which shells are installed on your system. Please check your shell configuration. Error: ${error.message}`
+    );
+    return [];
+  }
+
+  return availableShells;
+}

package/src/shell-integration/startup-scripts/include-python/init-fish.fish

@@ -0,0 +1,94 @@
+set -gx PATH $PATH $HOME/.safe-chain/bin
+
+function npx
+    wrapSafeChainCommand "npx" $argv
+end
+
+function yarn
+    wrapSafeChainCommand "yarn" $argv
+end
+
+function pnpm
+    wrapSafeChainCommand "pnpm" $argv
+end
+
+function pnpx
+    wrapSafeChainCommand "pnpx" $argv
+end
+
+function bun
+    wrapSafeChainCommand "bun" $argv
+end
+
+function bunx
+    wrapSafeChainCommand "bunx" $argv
+end
+
+function npm
+    # If args is just -v or --version and nothing else, just run the `npm -v` command
+    # This is because nvm uses this to check the version of npm
+    set argc (count $argv)
+    if test $argc -eq 1
+        switch $argv[1]
+            case "-v" "--version"
+                command npm $argv
+                return
+        end
+    end
+
+    wrapSafeChainCommand "npm" $argv
+end
+
+
+function pip
+    wrapSafeChainCommand "pip" $argv
+end
+
+function pip3
+    wrapSafeChainCommand "pip3" $argv
+end
+
+function uv
+    wrapSafeChainCommand "uv" $argv
+end
+
+# `python -m pip`, `python -m pip3`.
+function python
+    wrapSafeChainCommand "python" $argv
+end
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3
+    wrapSafeChainCommand "python3" $argv
+end
+
+function printSafeChainWarning
+    set original_cmd $argv[1]
+    
+    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
+    set_color -b yellow black
+    printf "Warning:"
+    set_color normal
+    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
+    
+    # Cyan text for the install command
+    printf "Install safe-chain by using "
+    set_color cyan
+    printf "npm install -g @aikidosec/safe-chain"
+    set_color normal
+    printf ".\n"
+end
+
+function wrapSafeChainCommand
+    set original_cmd $argv[1]
+    set cmd_args $argv[2..-1]
+
+    if type -q safe-chain
+        # If the safe-chain command is available, just run it with the provided arguments
+        safe-chain $original_cmd $cmd_args
+    else
+        # If the safe-chain command is not available, print a warning and run the original command
+        printSafeChainWarning $original_cmd
+        command $original_cmd $cmd_args
+    end
+end

package/src/shell-integration/startup-scripts/include-python/init-posix.sh

@@ -0,0 +1,81 @@
+export PATH="$PATH:$HOME/.safe-chain/bin"
+
+function npx() {
+  wrapSafeChainCommand "npx" "$@"
+}
+
+function yarn() {
+  wrapSafeChainCommand "yarn" "$@"
+}
+
+function pnpm() {
+  wrapSafeChainCommand "pnpm" "$@"
+}
+
+function pnpx() {
+  wrapSafeChainCommand "pnpx" "$@"
+}
+
+function bun() {
+  wrapSafeChainCommand "bun" "$@"
+}
+
+function bunx() {
+  wrapSafeChainCommand "bunx" "$@"
+}
+
+function npm() {
+  if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    command npm "$@"
+    return
+  fi
+
+  wrapSafeChainCommand "npm" "$@"
+}
+
+
+function pip() {
+  wrapSafeChainCommand "pip" "$@"
+}
+
+function pip3() {
+  wrapSafeChainCommand "pip3" "$@"
+}
+
+function uv() {
+  wrapSafeChainCommand "uv" "$@"
+}
+
+# `python -m pip`, `python -m pip3`.
+function python() {
+  wrapSafeChainCommand "python" "$@"
+}
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3() {
+  wrapSafeChainCommand "python3" "$@"
+}
+
+function printSafeChainWarning() {
+  # \033[43;30m is used to set the background color to yellow and text color to black
+  # \033[0m is used to reset the text formatting
+  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
+  # \033[36m is used to set the text color to cyan
+  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
+}
+
+function wrapSafeChainCommand() {
+  local original_cmd="$1"
+
+  if command -v safe-chain > /dev/null 2>&1; then
+    # If the aikido command is available, just run it with the provided arguments
+    safe-chain "$@"
+  else
+    # If the aikido command is not available, print a warning and run the original command
+    printSafeChainWarning "$original_cmd"
+
+    command "$original_cmd" "$@"
+  fi
+}

package/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1

@@ -0,0 +1,115 @@
+# Use cross-platform path separator (: on Unix, ; on Windows)
+$pathSeparator = if ($IsWindows) { ';' } else { ':' }
+$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
+$env:PATH = "$env:PATH$pathSeparator$safeChainBin"
+
+function npx {
+    Invoke-WrappedCommand "npx" $args
+}
+
+function yarn {
+    Invoke-WrappedCommand "yarn" $args
+}
+
+function pnpm {
+    Invoke-WrappedCommand "pnpm" $args
+}
+
+function pnpx {
+    Invoke-WrappedCommand "pnpx" $args
+}
+
+function bun {
+    Invoke-WrappedCommand "bun" $args
+}
+
+function bunx {
+    Invoke-WrappedCommand "bunx" $args
+}
+
+function npm {
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
+        Invoke-RealCommand "npm" $args
+        return
+    }
+
+    Invoke-WrappedCommand "npm" $args
+}
+
+function pip {
+    Invoke-WrappedCommand "pip" $args
+}
+
+function pip3 {
+    Invoke-WrappedCommand "pip3" $args
+}
+
+function uv {
+    Invoke-WrappedCommand "uv" $args
+}
+
+# `python -m pip`, `python -m pip3`.
+function python {
+    Invoke-WrappedCommand 'python' $args
+}
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3 {
+    Invoke-WrappedCommand 'python3' $args
+}
+
+
+function Write-SafeChainWarning {
+    param([string]$Command)
+    
+    # PowerShell equivalent of ANSI color codes: yellow background, black text for "Warning:"
+    Write-Host "Warning:" -BackgroundColor Yellow -ForegroundColor Black -NoNewline
+    Write-Host " safe-chain is not available to protect you from installing malware. $Command will run without it."
+    
+    # Cyan text for the install command
+    Write-Host "Install safe-chain by using " -NoNewline
+    Write-Host "npm install -g @aikidosec/safe-chain" -ForegroundColor Cyan -NoNewline
+    Write-Host "."
+}
+
+function Test-CommandAvailable {
+    param([string]$Command)
+    
+    try {
+        Get-Command $Command -ErrorAction Stop | Out-Null
+        return $true
+    }
+    catch {
+        return $false
+    }
+}
+
+function Invoke-RealCommand {
+    param(
+        [string]$Command,
+        [string[]]$Arguments
+    )
+    
+    # Find the real executable to avoid calling our wrapped functions
+    $realCommand = Get-Command -Name $Command -CommandType Application | Select-Object -First 1
+    if ($realCommand) {
+        & $realCommand.Source @Arguments
+    }
+}
+
+function Invoke-WrappedCommand {
+    param(
+        [string]$OriginalCmd,
+        [string[]]$Arguments
+    )
+
+    if (Test-CommandAvailable "safe-chain") {
+        & safe-chain $OriginalCmd @Arguments
+    }
+    else {
+        Write-SafeChainWarning $OriginalCmd
+        Invoke-RealCommand $OriginalCmd $Arguments
+    }
+}

package/src/shell-integration/startup-scripts/init-fish.fish

@@ -0,0 +1,71 @@
+set -gx PATH $PATH $HOME/.safe-chain/bin
+
+function npx
+    wrapSafeChainCommand "npx" $argv
+end
+
+function yarn
+    wrapSafeChainCommand "yarn" $argv
+end
+
+function pnpm
+    wrapSafeChainCommand "pnpm" $argv
+end
+
+function pnpx
+    wrapSafeChainCommand "pnpx" $argv
+end
+
+function bun
+    wrapSafeChainCommand "bun" $argv
+end
+
+function bunx
+    wrapSafeChainCommand "bunx" $argv
+end
+
+function npm
+    # If args is just -v or --version and nothing else, just run the `npm -v` command
+    # This is because nvm uses this to check the version of npm
+    set argc (count $argv)
+    if test $argc -eq 1
+        switch $argv[1]
+            case "-v" "--version"
+                command npm $argv
+                return
+        end
+    end
+
+    wrapSafeChainCommand "npm" $argv
+end
+
+function printSafeChainWarning
+    set original_cmd $argv[1]
+    
+    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
+    set_color -b yellow black
+    printf "Warning:"
+    set_color normal
+    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
+    
+    # Cyan text for the install command
+    printf "Install safe-chain by using "
+    set_color cyan
+    printf "npm install -g @aikidosec/safe-chain"
+    set_color normal
+    printf ".\n"
+end
+
+function wrapSafeChainCommand
+    set original_cmd $argv[1]
+    set cmd_args $argv[2..-1]
+
+    if type -q safe-chain
+        # If the safe-chain command is available, just run it with the provided arguments
+        safe-chain $original_cmd $cmd_args
+    else
+        # If the safe-chain command is not available, print a warning and run the original command
+        printSafeChainWarning $original_cmd
+        command $original_cmd $cmd_args
+    end
+end