npm - @keygraph/shannon - Versions diffs - 1.3.0 → 1.5.0 - Mend

@keygraph/shannon 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +67 -0
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -150,6 +150,72 @@ function addHostFlag() {
 	return [];
 }
 /**
+* Names whose standard IPs aren't covered by `shouldSkipHostsIp`. Loopback names
+* stay because their IPs (127.x, ::1) get rewritten — not skipped. Others like
+* `broadcasthost` and `ip6-mcastprefix` are intentionally omitted: their IPs
+* (255.255.255.255, ff00::/8) are already dropped at the IP filter.
+*/
+const HOSTS_SKIP_NAMES = new Set([
+	"localhost",
+	"ip6-localhost",
+	"ip6-loopback",
+	"ip6-localnet",
+	"host.docker.internal",
+	"gateway.docker.internal",
+	"kubernetes.docker.internal"
+]);
+function isLoopbackIp(ip) {
+	return ip.startsWith("127.") || ip === "::1";
+}
+function shouldSkipHostsIp(ip) {
+	if (ip === "0.0.0.0" || ip === "255.255.255.255") return true;
+	if (ip.startsWith("169.254.")) return true;
+	const lower = ip.toLowerCase();
+	if (lower.startsWith("fe80:") || lower.startsWith("ff")) return true;
+	return false;
+}
+function shouldSkipHostsName(name, hostname) {
+	const lower = name.toLowerCase();
+	if (HOSTS_SKIP_NAMES.has(lower)) return true;
+	if (lower === hostname.toLowerCase()) return true;
+	if (lower.endsWith(".localhost")) return true;
+	return false;
+}
+/**
+* Read the host's /etc/hosts and emit --add-host flags so the worker resolves
+* user-added entries the same way. Loopback IPs (127.x, ::1) are rewritten to
+* `host-gateway` so they target the host's loopback instead of the container's.
+*/
+function forwardEtcHostsFlags() {
+	if (process.env.SHANNON_FORWARD_HOSTS === "false") return [];
+	if (os.platform() === "win32") return [];
+	let content;
+	try {
+		content = fs.readFileSync("/etc/hosts", "utf-8");
+	} catch {
+		return [];
+	}
+	const hostname = os.hostname();
+	const flags = [];
+	for (const rawLine of content.split("\n")) {
+		const hashIdx = rawLine.indexOf("#");
+		const line = (hashIdx >= 0 ? rawLine.slice(0, hashIdx) : rawLine).trim();
+		if (!line) continue;
+		const tokens = line.split(" ").flatMap((t) => t.split("	")).filter(Boolean);
+		const ip = tokens[0];
+		const names = tokens.slice(1);
+		if (!ip || names.length === 0) continue;
+		if (shouldSkipHostsIp(ip)) continue;
+		const targetIp = isLoopbackIp(ip) ? "host-gateway" : ip;
+		const formattedIp = targetIp.includes(":") ? `[${targetIp}]` : targetIp;
+		for (const name of names) {
+			if (shouldSkipHostsName(name, hostname)) continue;
+			flags.push("--add-host", `${name}:${formattedIp}`);
+		}
+	}
+	return flags;
+}
+/**
 * Spawn the worker container in detached mode and return the process.
 * When `opts.debug` is true, omits `--rm` so the container persists for log inspection.
 */
@@ -158,6 +224,7 @@ function spawnWorker(opts) {
 	if (!opts.debug) args.push("--rm");
 	args.push("--name", opts.containerName, "--network", "shannon-net");
 	args.push(...addHostFlag());
+	args.push(...forwardEtcHostsFlags());
 	if (os.platform() === "linux" && process.getuid && process.getgid) args.push("-e", `SHANNON_HOST_UID=${process.getuid()}`, "-e", `SHANNON_HOST_GID=${process.getgid()}`);
 	args.push("-v", `${opts.workspacesDir}:/app/workspaces`);
 	args.push("-v", `${opts.repo.hostPath}:${opts.repo.containerPath}:ro`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@keygraph/shannon",
-  "version": "1.3.0",
+  "version": "1.5.0",
   "description": "Shannon - Autonomous white-box AI pentester for web applications and APIs by Keygraph",
   "type": "module",
   "main": "dist/index.mjs",