50c 3.9.3 → 3.9.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of 50c might be problematic. Click here for more details.
- package/README.md +201 -175
- package/bin/50c.js +2278 -2226
- package/lib/backdoor-checker.js +3 -7
- package/lib/ip-utils.js +47 -0
- package/lib/pre-publish.js +1361 -812
- package/lib/team.js +714 -691
- package/lib/tools-registry.js +226 -223
- package/package.json +1 -1
package/lib/backdoor-checker.js
CHANGED
|
@@ -18,6 +18,7 @@ const { exec, execSync } = require('child_process');
|
|
|
18
18
|
const os = require('os');
|
|
19
19
|
const fs = require('fs');
|
|
20
20
|
const path = require('path');
|
|
21
|
+
const { isPrivateIP, isValidIPv4, extractPublicIPs } = require('./ip-utils');
|
|
21
22
|
|
|
22
23
|
const PLATFORM = os.platform(); // win32, linux, darwin
|
|
23
24
|
const HOME = os.homedir();
|
|
@@ -664,13 +665,8 @@ async function runAudit(options = {}) {
|
|
|
664
665
|
const allIPs = new Set();
|
|
665
666
|
for (const f of result.findings) {
|
|
666
667
|
if (typeof f.data === 'string') {
|
|
667
|
-
const
|
|
668
|
-
|
|
669
|
-
if (!ip.startsWith('127.') && !ip.startsWith('0.') && !ip.startsWith('10.') &&
|
|
670
|
-
!ip.startsWith('192.168.') && !ip.startsWith('169.254.') &&
|
|
671
|
-
!ip.match(/^172\.(1[6-9]|2\d|3[01])\./)) {
|
|
672
|
-
allIPs.add(ip);
|
|
673
|
-
}
|
|
668
|
+
for (const ip of extractPublicIPs(f.data)) {
|
|
669
|
+
allIPs.add(ip);
|
|
674
670
|
}
|
|
675
671
|
}
|
|
676
672
|
}
|
package/lib/ip-utils.js
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 50c IP Utilities — shared by backdoor-checker and pre-publish
|
|
3
|
+
* Classifies IPs as private/public, validates format, extracts from text
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
function isPrivateIP(ip) {
|
|
7
|
+
if (!ip || typeof ip !== 'string') return true;
|
|
8
|
+
// IPv6 private
|
|
9
|
+
if (ip === '::1' || ip.startsWith('fe80:') || ip.startsWith('fc') || ip.startsWith('fd')) return true;
|
|
10
|
+
// IPv4 private/reserved ranges
|
|
11
|
+
if (ip.startsWith('127.')) return true;
|
|
12
|
+
if (ip.startsWith('0.')) return true;
|
|
13
|
+
if (ip.startsWith('10.')) return true;
|
|
14
|
+
if (ip.startsWith('192.168.')) return true;
|
|
15
|
+
if (ip.startsWith('169.254.')) return true;
|
|
16
|
+
if (ip.match(/^172\.(1[6-9]|2\d|3[01])\./)) return true;
|
|
17
|
+
// Multicast and broadcast
|
|
18
|
+
if (ip.startsWith('224.') || ip.startsWith('255.')) return true;
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
function isValidIPv4(ip) {
|
|
23
|
+
if (!ip || typeof ip !== 'string') return false;
|
|
24
|
+
const parts = ip.split('.');
|
|
25
|
+
if (parts.length !== 4) return false;
|
|
26
|
+
return parts.every(p => {
|
|
27
|
+
const n = parseInt(p, 10);
|
|
28
|
+
return !isNaN(n) && n >= 0 && n <= 255 && String(n) === p;
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
function extractPublicIPs(text) {
|
|
33
|
+
if (!text || typeof text !== 'string') return [];
|
|
34
|
+
const ipPattern = /\b(?:\d{1,3}\.){3}\d{1,3}\b/g;
|
|
35
|
+
const matches = text.match(ipPattern) || [];
|
|
36
|
+
const publicIPs = [];
|
|
37
|
+
const seen = new Set();
|
|
38
|
+
for (const ip of matches) {
|
|
39
|
+
if (!seen.has(ip) && isValidIPv4(ip) && !isPrivateIP(ip)) {
|
|
40
|
+
seen.add(ip);
|
|
41
|
+
publicIPs.push(ip);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
return publicIPs;
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
module.exports = { isPrivateIP, isValidIPv4, extractPublicIPs };
|