vtk 1.2.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +54 -7
- data/lib/vtk/cli.rb +1 -1
- data/lib/vtk/commands/scan/actions.rb +103 -0
- data/lib/vtk/commands/scan.rb +31 -0
- data/lib/vtk/commands/socks/setup.rb +1 -1
- data/lib/vtk/version.rb +1 -1
- data/scripts/gh-action-trace.sh +1317 -0
- data/scripts/shai-hulud-repo-check.ps1 +2 -2
- data/scripts/shai-hulud-repo-check.sh +2 -2
- metadata +4 -2
|
@@ -91,7 +91,7 @@ $CacheDir = Join-Path $env:LOCALAPPDATA "vtk"
|
|
|
91
91
|
$CacheFile = Join-Path $CacheDir "compromised-packages.txt"
|
|
92
92
|
$CacheTTL = 86400 # 24 hours in seconds
|
|
93
93
|
$MinExpectedPackages = 500
|
|
94
|
-
$ExpectedHeader = "Shai-Hulud
|
|
94
|
+
$ExpectedHeader = "Shai-Hulud.*Supply Chain Attack"
|
|
95
95
|
$PlaybookUrl = "https://department-of-veterans-affairs.github.io/eert/shai-hulud-dev-machine-cleanup-playbook"
|
|
96
96
|
|
|
97
97
|
# Resolve path
|
|
@@ -151,7 +151,7 @@ function Test-PackageListValid {
|
|
|
151
151
|
param([string]$Content)
|
|
152
152
|
|
|
153
153
|
# Check for expected header
|
|
154
|
-
if ($Content -notmatch
|
|
154
|
+
if ($Content -notmatch $ExpectedHeader) {
|
|
155
155
|
Write-Warning "Downloaded file missing expected header - possible MITM or corrupted file"
|
|
156
156
|
return $false
|
|
157
157
|
}
|
|
@@ -50,7 +50,7 @@ CACHE_DIR="${XDG_CACHE_HOME:-$HOME/.cache}/vtk"
|
|
|
50
50
|
CACHE_FILE="$CACHE_DIR/compromised-packages.txt"
|
|
51
51
|
CACHE_TTL=86400 # 24 hours
|
|
52
52
|
MIN_EXPECTED_PACKAGES=500
|
|
53
|
-
EXPECTED_HEADER="Shai-Hulud
|
|
53
|
+
EXPECTED_HEADER="Shai-Hulud.*Supply Chain Attack"
|
|
54
54
|
PLAYBOOK_URL="https://department-of-veterans-affairs.github.io/eert/shai-hulud-dev-machine-cleanup-playbook"
|
|
55
55
|
|
|
56
56
|
# Parse arguments
|
|
@@ -172,7 +172,7 @@ validate_package_list() {
|
|
|
172
172
|
local content="$1"
|
|
173
173
|
|
|
174
174
|
# Check for expected header
|
|
175
|
-
if ! echo "$content" | grep -
|
|
175
|
+
if ! echo "$content" | grep -Eq "$EXPECTED_HEADER"; then
|
|
176
176
|
echo "Downloaded file missing expected header - possible MITM or corrupted file" >&2
|
|
177
177
|
return 1
|
|
178
178
|
fi
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vtk
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Boehs
|
|
@@ -92,6 +92,7 @@ files:
|
|
|
92
92
|
- lib/vtk/commands/module/service.rb
|
|
93
93
|
- lib/vtk/commands/scan.rb
|
|
94
94
|
- lib/vtk/commands/scan/README.md
|
|
95
|
+
- lib/vtk/commands/scan/actions.rb
|
|
95
96
|
- lib/vtk/commands/scan/credentials.rb
|
|
96
97
|
- lib/vtk/commands/scan/machine.rb
|
|
97
98
|
- lib/vtk/commands/scan/repo.rb
|
|
@@ -107,6 +108,7 @@ files:
|
|
|
107
108
|
- lib/vtk/version.rb
|
|
108
109
|
- scripts/credential-audit.ps1
|
|
109
110
|
- scripts/credential-audit.sh
|
|
111
|
+
- scripts/gh-action-trace.sh
|
|
110
112
|
- scripts/shai-hulud-machine-check.ps1
|
|
111
113
|
- scripts/shai-hulud-machine-check.sh
|
|
112
114
|
- scripts/shai-hulud-repo-check.ps1
|
|
@@ -135,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
135
137
|
- !ruby/object:Gem::Version
|
|
136
138
|
version: '0'
|
|
137
139
|
requirements: []
|
|
138
|
-
rubygems_version:
|
|
140
|
+
rubygems_version: 3.6.9
|
|
139
141
|
specification_version: 4
|
|
140
142
|
summary: A CLI for the platform
|
|
141
143
|
test_files: []
|