@abtnode/router-provider 1.16.45 → 1.16.46-beta-20250703-050038-4ba2582f

package/lib/nginx/includes/security/crs4/rules/unix-shell-builtins.data

@@ -0,0 +1,20 @@
+# Unix Shell Builtins
+alias
+builtin
+chdir
+done
+endif
+endsw
+esac
+eval
+export
+fg
+fi
+foreach
+function
+history
+hup
+repeat
+set
+setenv
+zmodload

package/lib/nginx/includes/security/crs4/rules/unix-shell.data

@@ -41,7 +41,6 @@ bin/ab
 bin/addgroup
 bin/adduser
 bin/agetty
-bin/alias
 bin/alpine
 bin/ansible
 bin/apt
@@ -51,6 +50,8 @@ bin/ar
 bin/arch
 bin/aria2c
 bin/arj
+bin/arjdisp
+bin/arj-register
 bin/arp
 bin/as
 bin/ascii-xfr
@@ -75,7 +76,6 @@ bin/bridge
 bin/bsdcat
 bin/bsdiff
 bin/bsdtar
-bin/builtin
 bin/bundler
 bin/bunzip2
 bin/busctl
@@ -95,14 +95,15 @@ bin/bzless
 bin/bzmore
 bin/bzz
 bin/c89
+bin/c89-gcc
 bin/c99
+bin/c99-gcc
 bin/cancel
 bin/capsh
 bin/cat
 bin/cc
 bin/certbot
 bin/chattr
-bin/chdir
 bin/check_by_ssh
 bin/check_cups
 bin/check_log
@@ -111,6 +112,7 @@ bin/check_raid
 bin/check_ssl_cert
 bin/check_statusfile
 bin/chef
+bin/chef-
 bin/chflags
 bin/chgrp
 bin/chmod
@@ -124,6 +126,7 @@ bin/clang
 bin/clang++
 bin/cmp
 bin/cobc
+bin/cobcrun
 bin/column
 bin/comm
 bin/command
@@ -162,9 +165,9 @@ bin/dmsetup
 bin/dnf
 bin/doas
 bin/docker
-bin/done
 bin/dosbox
 bin/dpkg
+bin/dpkg-
 bin/du
 bin/dvips
 bin/e2fsck
@@ -175,28 +178,25 @@ bin/ed
 bin/efax
 bin/egrep
 bin/emacs
-bin/endif
-bin/endsw
 bin/env
 bin/env-update
 bin/eqn
 bin/es
-bin/esac
 bin/esh
-bin/eval
 bin/ex
 bin/exec
 bin/exiftool
 bin/expand
 bin/expect
-bin/export
 bin/expr
 bin/facter
 bin/fc
+bin/fdfind
+bin/fdisk
+bin/fdmount
+bin/fdumount
 bin/fetch
-bin/fg
 bin/fgrep
-bin/fi
 bin/file
 bin/filetest
 bin/find
@@ -205,12 +205,11 @@ bin/fish
 bin/flock
 bin/fmt
 bin/fold
-bin/foreach
 bin/fping
+bin/fping6
 bin/ftp
 bin/ftpstats
 bin/ftpwho
-bin/function
 bin/gawk
 bin/gcc
 bin/gcore
@@ -223,13 +222,16 @@ bin/HEAD
 bin/POST
 bin/getfacl
 bin/ghc
+bin/ghc-
 bin/ghci
+bin/ghci-
 bin/gimp
 bin/ginsh
 bin/git
 bin/go
 bin/gpg
 bin/grc
+bin/grcat
 bin/grep
 bin/groupmod
 bin/gtester
@@ -242,14 +244,12 @@ bin/hd
 bin/head
 bin/hexdump
 bin/highlight
-bin/history
 bin/hostid
 bin/hostname
 bin/hping3
 bin/htdigest
 bin/htop
 bin/htpasswd
-bin/hup
 bin/iconv
 bin/id
 bin/ifconfig
@@ -259,6 +259,9 @@ bin/ionice
 bin/ip
 bin/ip6tables
 bin/ipconfig
+bin/ippeveprinter
+bin/ippfind
+bin/ipptool
 bin/iptables
 bin/irb
 bin/ispell
@@ -400,6 +403,9 @@ bin/paste
 bin/patch
 bin/pax
 bin/pdb
+bin/pdb2mb
+bin/pdb3
+bin/pdb3.
 bin/pdflatex
 bin/pdftex
 bin/pdksh
@@ -457,10 +463,10 @@ bin/rc
 bin/rcp
 bin/readelf
 bin/realpath
+bin/reboot
 bin/red
 bin/redcarpet
 bin/rename
-bin/repeat
 bin/replace
 bin/restic
 bin/rev
@@ -476,6 +482,7 @@ bin/rpmdb
 bin/rpmquery
 bin/rpmverify
 bin/rsync
+bin/rsync-ssl
 bin/ruby
 bin/run-mailcap
 bin/run-parts
@@ -490,9 +497,7 @@ bin/sdiff
 bin/sed
 bin/sendmail
 bin/service
-bin/set
 bin/setarch
-bin/setenv
 bin/setfacl
 bin/setsid
 bin/sftp
@@ -522,7 +527,22 @@ bin/strace
 bin/strings
 bin/su
 bin/sudo
+bin/sudoedit
+bin/sudoreplay
+bin/sudo-rs
+bin/sudo_
 bin/svn
+bin/svnadmin
+bin/svnauthz
+bin/svnbench
+bin/svndumpfilter
+bin/svnfsfs
+bin/svnlook
+bin/svnmucc
+bin/svnrdump
+bin/svnserve
+bin/svnsync
+bin/svnversion
 bin/sysctl
 bin/systemctl
 bin/systemd-resolve
@@ -585,6 +605,7 @@ bin/vimdiff
 bin/vipw
 bin/virsh
 bin/visudo
+bin/visudo-rs
 bin/volatility
 bin/w
 bin/w3m

package/lib/nginx/includes/security/crs4/rules/web-shells-asp.data

@@ -0,0 +1,23 @@
+# This list contains patterns of various web shells, backdoors and similar
+# software written in ASP language. There is no way how to automatically update
+# this list, so it must be done by hand. Here is a recommended way how to add
+# new malicious software:
+# 1.) As patterns are matched against RESPONSE_BODY, you need to run a malicious
+#     software (ideally in an isolated environment) and catch the output.
+# 2.) In the output, search for static pattern unique enough to match only
+#     the software in question and to not do any FPs. The best pick is usually
+#     a part of HTML code with software name.
+# 3.) Include software name and URL (if available) in the comment above
+#     the pattern.
+#
+# Data comes from multiple places of which some doesn't work anymore. Few are
+# listed below:
+# - https://www.localroot.net/
+# - Google search (keywords like webshells, asp backdoor and similar)
+
+# Akmal archtte id ASPX shell
+<title>Webshell Akmal archtte id</title>
+# ASPYDrv shell
+<html><title>ASPYDrvsInfo</title>
+# RHTOOLS shell
+<html><head><title>RHTOOLS

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@abtnode/router-provider",
-  "version": "1.16.45",
+  "version": "1.16.46-beta-20250703-050038-4ba2582f",
   "description": "Routing engine implementations for abt node",
   "author": "polunzh <polunzh@gmail.com>",
   "homepage": "https://github.com/ArcBlock/blocklet-server#readme",
@@ -32,11 +32,11 @@
     "url": "https://github.com/ArcBlock/blocklet-server/issues"
   },
   "dependencies": {
-    "@abtnode/constant": "1.16.45",
-    "@abtnode/db-cache": "1.16.45",
-    "@abtnode/logger": "1.16.45",
-    "@abtnode/router-templates": "1.16.45",
-    "@abtnode/util": "1.16.45",
+    "@abtnode/constant": "1.16.46-beta-20250703-050038-4ba2582f",
+    "@abtnode/db-cache": "1.16.46-beta-20250703-050038-4ba2582f",
+    "@abtnode/logger": "1.16.46-beta-20250703-050038-4ba2582f",
+    "@abtnode/router-templates": "1.16.46-beta-20250703-050038-4ba2582f",
+    "@abtnode/util": "1.16.46-beta-20250703-050038-4ba2582f",
     "@arcblock/http-proxy": "^1.19.1",
     "@arcblock/is-valid-domain": "^1.0.5",
     "@ocap/util": "^1.20.14",
@@ -62,5 +62,5 @@
     "bluebird": "^3.7.2",
     "fs-extra": "^11.2.0"
   },
-  "gitHead": "8e981926c6dd0fc612d5bf716ab6c638791aa5f3"
+  "gitHead": "8d7838277e51ecabae489db51937f6deb51e015f"
 }