@trailofbits/vsix-audit 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +23 -30
- package/dist/scanner/checks/ioc.test.js +1 -0
- package/dist/scanner/checks/ioc.test.js.map +1 -1
- package/dist/scanner/checks/package.test.js +1 -0
- package/dist/scanner/checks/package.test.js.map +1 -1
- package/dist/scanner/checks/telemetry.d.ts +6 -0
- package/dist/scanner/checks/telemetry.d.ts.map +1 -0
- package/dist/scanner/checks/telemetry.js +487 -0
- package/dist/scanner/checks/telemetry.js.map +1 -0
- package/dist/scanner/checks/telemetry.test.d.ts +2 -0
- package/dist/scanner/checks/telemetry.test.d.ts.map +1 -0
- package/dist/scanner/checks/telemetry.test.js +583 -0
- package/dist/scanner/checks/telemetry.test.js.map +1 -0
- package/dist/scanner/index.d.ts +1 -1
- package/dist/scanner/index.d.ts.map +1 -1
- package/dist/scanner/index.js +14 -1
- package/dist/scanner/index.js.map +1 -1
- package/dist/scanner/loaders/zoo.d.ts.map +1 -1
- package/dist/scanner/loaders/zoo.js +35 -1
- package/dist/scanner/loaders/zoo.js.map +1 -1
- package/dist/scanner/types.d.ts +8 -0
- package/dist/scanner/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/zoo/signatures/yara/README.md +7 -4
- package/zoo/telemetry/known-services.txt +27 -0
package/dist/scanner/index.js
CHANGED
|
@@ -3,11 +3,12 @@ import { checkAST } from "./checks/ast.js";
|
|
|
3
3
|
import { checkIocs } from "./checks/ioc.js";
|
|
4
4
|
import { checkObfuscation } from "./checks/obfuscation.js";
|
|
5
5
|
import { checkPackage } from "./checks/package.js";
|
|
6
|
+
import { checkTelemetry } from "./checks/telemetry.js";
|
|
6
7
|
import { checkYara, DEFAULT_YARA_RULES_DIR, isYaraAvailable, listYaraRules, } from "./checks/yara.js";
|
|
7
8
|
import { isScannable, SCANNABLE_EXTENSIONS_PATTERN, SCANNABLE_EXTENSIONS_UNICODE, } from "./constants.js";
|
|
8
9
|
import { loadZooData } from "./loaders/zoo.js";
|
|
9
10
|
import { loadExtension } from "./vsix.js";
|
|
10
|
-
export const MODULE_NAMES = ["package", "obfuscation", "ast", "ioc", "yara"];
|
|
11
|
+
export const MODULE_NAMES = ["package", "obfuscation", "ast", "ioc", "yara", "telemetry"];
|
|
11
12
|
export { findVsixFiles, scanDirectory } from "./batch.js";
|
|
12
13
|
const SEVERITY_ORDER = {
|
|
13
14
|
low: 0,
|
|
@@ -144,6 +145,18 @@ export async function scanExtension(target, options) {
|
|
|
144
145
|
});
|
|
145
146
|
}
|
|
146
147
|
}
|
|
148
|
+
// Telemetry check
|
|
149
|
+
if (shouldRunModule("telemetry", options)) {
|
|
150
|
+
const moduleStart = performance.now();
|
|
151
|
+
findings.push(...checkTelemetry(contents, zooData));
|
|
152
|
+
timings.telemetry = performance.now() - moduleStart;
|
|
153
|
+
inventory.push({
|
|
154
|
+
name: "Telemetry",
|
|
155
|
+
enabled: true,
|
|
156
|
+
description: "Analytics and data collection detection",
|
|
157
|
+
filesExamined: codeFileCount,
|
|
158
|
+
});
|
|
159
|
+
}
|
|
147
160
|
findings = deduplicateFindings(findings);
|
|
148
161
|
findings = filterBySeverity(findings, options.severity);
|
|
149
162
|
findings = sortFindings(findings);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EACL,SAAS,EACT,sBAAsB,EACtB,eAAe,EACf,aAAa,GACd,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,4BAA4B,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAW/C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EACL,SAAS,EACT,sBAAsB,EACtB,eAAe,EACf,aAAa,GACd,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,4BAA4B,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAW/C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAU,CAAC;AAanG,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,cAAc,GAA6B;IAC/C,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,SAAS,gBAAgB,CAAC,QAAmB,EAAE,WAAqB;IAClE,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAC7C,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAmB;IAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAc,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,EAAE,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,EAAE,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;QAC5F,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,QAAmB;IACvC,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC7E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAsB,EAAE,UAAuB;IAC1E,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,QAAQ,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7C,IAAI,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACtC,KAAK,EAAE,CAAC;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB,EAAE,OAAoB;IAC7D,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,OAAoB;IACtE,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,OAAO,GAAkB,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAErD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;IACtF,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE7C,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;IAC9B,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE7D,IAAI,QAAQ,GAAc,EAAE,CAAC;IAC7B,MAAM,SAAS,GAAmB,EAAE,CAAC;IAErC,kCAAkC;IAClC,MAAM,aAAa,GAAG,MAAM,eAAe,EAAE,CAAC;IAC9C,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnF,oCAAoC;IACpC,MAAM,aAAa,GAAG,mBAAmB,CAAC,QAAQ,EAAE,4BAA4B,CAAC,CAAC;IAClF,MAAM,aAAa,GAAG,mBAAmB,CAAC,QAAQ,EAAE,4BAA4B,CAAC,CAAC;IAElF,sDAAsD;IACtD,IAAI,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAClD,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,mEAAmE;SACjF,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,IAAI,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC7C,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QACtD,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,uCAAuC,aAAa,QAAQ;YACzE,YAAY,EAAE,CAAC;YACf,aAAa,EAAE,aAAa;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,eAAe;IACf,IAAI,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC9C,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,mCAAmC,aAAa,aAAa;YAC1E,YAAY,EAAE,CAAC;YACf,aAAa,EAAE,aAAa;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,YAAY;IACZ,IAAI,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC9C,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,2CAA2C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,aAAa;IACb,IAAI,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QACrC,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;YAC/C,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,GAAG,SAAS,CAAC,MAAM,0BAA0B;gBAC1D,YAAY,EAAE,SAAS,CAAC,MAAM;gBAC9B,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI;aACnC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,KAAK;gBACd,WAAW,EAAE,mCAAmC;gBAChD,UAAU,EAAE,oBAAoB;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,eAAe,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC;QAC1C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QACpD,OAAO,CAAC,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QACpD,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,yCAAyC;YACtD,aAAa,EAAE,aAAa;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACzC,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IACxD,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE9C,OAAO;QACL,SAAS,EAAE;YACT,EAAE,EAAE,WAAW;YACf,IAAI,EAAE,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,IAAI;YAC3C,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B;QACD,QAAQ;QACR,SAAS;QACT,QAAQ,EAAE;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YACvC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"zoo.d.ts","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"zoo.d.ts","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAA2D,OAAO,EAAE,MAAM,aAAa,CAAC;AAuIpG,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CA2CpD"}
|
|
@@ -82,13 +82,45 @@ function parseWalletFile(content) {
|
|
|
82
82
|
}
|
|
83
83
|
return result;
|
|
84
84
|
}
|
|
85
|
+
/**
|
|
86
|
+
* Parse telemetry services file format: SERVICE_NAME CATEGORY DOMAIN1,DOMAIN2,...
|
|
87
|
+
* Returns a map from domain to service info for fast lookup.
|
|
88
|
+
*/
|
|
89
|
+
function parseTelemetryServices(content) {
|
|
90
|
+
const result = new Map();
|
|
91
|
+
const validCategories = new Set(["analytics", "crash-reporting", "apm"]);
|
|
92
|
+
for (const line of content.split("\n")) {
|
|
93
|
+
const trimmed = line.trim();
|
|
94
|
+
if (!trimmed || trimmed.startsWith("#"))
|
|
95
|
+
continue;
|
|
96
|
+
// Format: SERVICE_NAME CATEGORY DOMAIN1,DOMAIN2,...
|
|
97
|
+
// Use regex to split on 2+ whitespace to handle multi-word service names
|
|
98
|
+
const parts = trimmed.split(/\s{2,}/);
|
|
99
|
+
if (parts.length < 3)
|
|
100
|
+
continue;
|
|
101
|
+
const name = parts[0];
|
|
102
|
+
const category = parts[1];
|
|
103
|
+
const domainsStr = parts[2];
|
|
104
|
+
if (!name || !validCategories.has(category) || !domainsStr)
|
|
105
|
+
continue;
|
|
106
|
+
const domains = domainsStr.split(",").map((d) => d.trim().toLowerCase());
|
|
107
|
+
const serviceInfo = { name, category, domains };
|
|
108
|
+
// Map each domain to this service for fast lookup
|
|
109
|
+
for (const domain of domains) {
|
|
110
|
+
if (domain) {
|
|
111
|
+
result.set(domain, serviceInfo);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
return result;
|
|
116
|
+
}
|
|
85
117
|
let cachedZooData;
|
|
86
118
|
export async function loadZooData() {
|
|
87
119
|
if (cachedZooData) {
|
|
88
120
|
return cachedZooData;
|
|
89
121
|
}
|
|
90
122
|
const zooRoot = await findZooRoot();
|
|
91
|
-
const [blocklistContent, hashesContent, domainsContent, ipsContent, npmContent, walletsContent, blockchainContent,] = await Promise.all([
|
|
123
|
+
const [blocklistContent, hashesContent, domainsContent, ipsContent, npmContent, walletsContent, blockchainContent, telemetryContent,] = await Promise.all([
|
|
92
124
|
readFile(join(zooRoot, "blocklist", "extensions.json"), "utf8"),
|
|
93
125
|
readFile(join(zooRoot, "iocs", "hashes.txt"), "utf8"),
|
|
94
126
|
readFile(join(zooRoot, "iocs", "c2-domains.txt"), "utf8"),
|
|
@@ -96,6 +128,7 @@ export async function loadZooData() {
|
|
|
96
128
|
readFile(join(zooRoot, "iocs", "malicious-npm.txt"), "utf8"),
|
|
97
129
|
readFile(join(zooRoot, "iocs", "wallets.txt"), "utf8"),
|
|
98
130
|
readFile(join(zooRoot, "iocs", "blockchain-extensions.txt"), "utf8"),
|
|
131
|
+
readFile(join(zooRoot, "telemetry", "known-services.txt"), "utf8").catch(() => ""),
|
|
99
132
|
]);
|
|
100
133
|
const blocklistFile = JSON.parse(blocklistContent);
|
|
101
134
|
cachedZooData = {
|
|
@@ -106,6 +139,7 @@ export async function loadZooData() {
|
|
|
106
139
|
maliciousNpmPackages: parseIOCFile(npmContent, (pkg) => pkg.toLowerCase()),
|
|
107
140
|
wallets: parseWalletFile(walletsContent),
|
|
108
141
|
blockchainAllowlist: parseIOCFile(blockchainContent, (extId) => extId),
|
|
142
|
+
telemetryServices: parseTelemetryServices(telemetryContent),
|
|
109
143
|
};
|
|
110
144
|
return cachedZooData;
|
|
111
145
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"zoo.js","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACxB,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAMD,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,SAA2C;IAChF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sCAAsC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,aAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,CACJ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,
|
|
1
|
+
{"version":3,"file":"zoo.js","sourceRoot":"","sources":["../../../src/scanner/loaders/zoo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACxB,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,8CAA8C;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAMD,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe,EAAE,SAA2C;IAChF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sCAAsC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAgC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAoB,CAAC,WAAW,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;IAE5F,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,sDAAsD;QACtD,yEAAyE;QACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAE/B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAsB,CAAC;QAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5B,IAAI,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU;YAAE,SAAS;QAErE,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACzE,MAAM,WAAW,GAAyB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QAEtE,kDAAkD;QAClD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,aAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,CACJ,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,UAAU,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EACjB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC/D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACzD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,2BAA2B,CAAC,EAAE,MAAM,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,oBAAoB,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;KACnF,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAkB,CAAC;IAEpE,aAAa,GAAG;QACd,SAAS,EAAE,aAAa,CAAC,UAAU;QACnC,MAAM,EAAE,YAAY,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAC3C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD;QACD,OAAO,EAAE,YAAY,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACrF,GAAG,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC/E,oBAAoB,EAAE,YAAY,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC1E,OAAO,EAAE,eAAe,CAAC,cAAc,CAAC;QACxC,mBAAmB,EAAE,YAAY,CAAC,iBAAiB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC;QACtE,iBAAiB,EAAE,sBAAsB,CAAC,gBAAgB,CAAC;KAC5D,CAAC;IAEF,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
package/dist/scanner/types.d.ts
CHANGED
|
@@ -7,6 +7,7 @@ export interface ModuleTimings {
|
|
|
7
7
|
ast?: number;
|
|
8
8
|
ioc?: number;
|
|
9
9
|
yara?: number;
|
|
10
|
+
telemetry?: number;
|
|
10
11
|
total: number;
|
|
11
12
|
}
|
|
12
13
|
export interface ScanOptions {
|
|
@@ -91,6 +92,12 @@ export interface BlocklistEntry {
|
|
|
91
92
|
addedDate?: string;
|
|
92
93
|
reference?: string;
|
|
93
94
|
}
|
|
95
|
+
export type TelemetryCategory = "analytics" | "crash-reporting" | "apm";
|
|
96
|
+
export interface TelemetryServiceInfo {
|
|
97
|
+
name: string;
|
|
98
|
+
category: TelemetryCategory;
|
|
99
|
+
domains: string[];
|
|
100
|
+
}
|
|
94
101
|
export interface ZooData {
|
|
95
102
|
blocklist: BlocklistEntry[];
|
|
96
103
|
hashes: Set<string>;
|
|
@@ -99,6 +106,7 @@ export interface ZooData {
|
|
|
99
106
|
maliciousNpmPackages: Set<string>;
|
|
100
107
|
wallets: Set<string>;
|
|
101
108
|
blockchainAllowlist: Set<string>;
|
|
109
|
+
telemetryServices: Map<string, TelemetryServiceInfo>;
|
|
102
110
|
}
|
|
103
111
|
export interface BatchScanResult {
|
|
104
112
|
results: ScanResult[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE;QACT,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,QAAQ,CAAC;QACpB,OAAO,CAAC,EAAE,aAAa,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE;QACT,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,QAAQ,CAAC;QACpB,OAAO,CAAC,EAAE,aAAa,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,iBAAiB,GAAG,WAAW,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAExE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7C,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH"}
|
package/package.json
CHANGED
|
@@ -38,9 +38,12 @@ Example: `tigerjack_keylogger.yar`
|
|
|
38
38
|
## Usage
|
|
39
39
|
|
|
40
40
|
```bash
|
|
41
|
-
# Scan with YARA
|
|
42
|
-
|
|
41
|
+
# Scan with YARA-X
|
|
42
|
+
yr scan -r zoo/signatures/yara/unicode_stealth.yar path/to/extension/
|
|
43
43
|
|
|
44
|
-
#
|
|
45
|
-
|
|
44
|
+
# Or scan all rules in directory
|
|
45
|
+
for f in zoo/signatures/yara/*.yar; do yr scan -r "$f" path/to/extension/; done
|
|
46
|
+
|
|
47
|
+
# With vsix-audit (automatic)
|
|
48
|
+
vsix-audit scan extension.vsix # YARA rules loaded automatically
|
|
46
49
|
```
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# Known telemetry services for VS Code extension analysis
|
|
2
|
+
# Format: SERVICE_NAME CATEGORY DOMAIN1,DOMAIN2,...
|
|
3
|
+
# Categories: analytics, crash-reporting, apm
|
|
4
|
+
|
|
5
|
+
# Analytics
|
|
6
|
+
Google Analytics analytics analytics.google.com,google-analytics.com,www.google-analytics.com
|
|
7
|
+
Mixpanel analytics api.mixpanel.com,mixpanel.com
|
|
8
|
+
Segment analytics api.segment.io,cdn.segment.io,segment.io
|
|
9
|
+
Amplitude analytics api.amplitude.com,amplitude.com,api2.amplitude.com
|
|
10
|
+
PostHog analytics app.posthog.com,us.posthog.com,eu.posthog.com,posthog.com
|
|
11
|
+
Heap analytics heapanalytics.com,cdn.heapanalytics.com
|
|
12
|
+
Plausible analytics plausible.io
|
|
13
|
+
Matomo analytics matomo.cloud
|
|
14
|
+
|
|
15
|
+
# Crash Reporting
|
|
16
|
+
Sentry crash-reporting sentry.io,ingest.sentry.io,o0.ingest.sentry.io
|
|
17
|
+
Bugsnag crash-reporting notify.bugsnag.com,bugsnag.com,sessions.bugsnag.com
|
|
18
|
+
Rollbar crash-reporting api.rollbar.com,rollbar.com
|
|
19
|
+
Raygun crash-reporting api.raygun.io,raygun.io
|
|
20
|
+
|
|
21
|
+
# APM (Application Performance Monitoring)
|
|
22
|
+
Azure App Insights apm applicationinsights.azure.com,dc.services.visualstudio.com,centralus-0.in.applicationinsights.azure.com
|
|
23
|
+
Datadog apm datadoghq.com,browser-intake-datadoghq.com,logs.datadoghq.com
|
|
24
|
+
New Relic apm collector.newrelic.com,newrelic.com,bam.nr-data.net
|
|
25
|
+
|
|
26
|
+
# VS Code Specific
|
|
27
|
+
VS Code Telemetry analytics vortex.data.microsoft.com
|