codeprobe-scanner 1.0.12 → 1.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/integrations/videodb.ts +34 -69
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "codeprobe-scanner",
3
- "version": "1.0.12",
3
+ "version": "1.0.14",
4
4
  "description": "Automated vulnerability scanner with exploit verification and video evidence",
5
5
  "type": "module",
6
6
  "bin": {
package/src/integrations/videodb.ts CHANGED
@@ -1,3 +1,6 @@
1
+ import { mkdir, writeFile } from "fs/promises";
2
+ import { join } from "path";
3
+
1
4
  interface ExploitVideoRecord {
2
5
  cveId: string;
3
6
  package: string;
@@ -9,29 +12,18 @@ interface ExploitVideoRecord {
9
12
  }
10
13
 
11
14
  export class VideoDBRecorder {
12
- private videoDb: any = null;
13
- private apiKey: string;
14
15
  private recordedVideos: Map<string, ExploitVideoRecord> = new Map();
16
+ private proofsDir = ".proofs";
15
17
 
16
18
  constructor() {
17
- this.apiKey = process.env.VIDEODB_API_KEY || "";
18
- this.initializeVideoDB();
19
+ this.ensureProofsDir();
19
20
  }
20
21
 
21
- private initializeVideoDB(): void {
22
- if (!this.apiKey) {
23
- return;
24
- }
25
-
22
+ private async ensureProofsDir(): Promise<void> {
26
23
  try {
27
- const videodb = require("videodb");
28
- const Constructor = videodb.VideoDb || videodb.Connection || videodb.connect;
29
- if (typeof Constructor === "function") {
30
- this.videoDb = new Constructor({ apiKey: this.apiKey });
31
- console.log("[VideoDB] ✓ Initialized - exploit recordings enabled");
32
- }
24
+ await mkdir(this.proofsDir, { recursive: true });
33
25
  } catch {
34
- // VideoDB unavailable, video recording disabled
26
+ // Directory might already exist
35
27
  }
36
28
  }
37
29
 
@@ -42,88 +34,61 @@ export class VideoDBRecorder {
42
34
  exploitOutput: string,
43
35
  duration: number = 15
44
36
  ): Promise<ExploitVideoRecord | null> {
45
- if (!this.videoDb) {
46
- console.warn(`[VideoDB] Skipping recording for ${cveId} - not initialized`);
47
- return null;
48
- }
49
-
50
37
  try {
51
- console.log(`[VideoDB] 🎥 Recording exploit for ${cveId}...`);
52
-
53
- // Create collection for this CVE
54
- const collectionName = `codeprobe-${cveId.toLowerCase().replace("-", "_")}`;
55
-
56
- // Create metadata for the video
57
- const metadata = {
58
- cve_id: cveId,
59
- package: packageName,
60
- version: version,
61
- exploit_output: exploitOutput,
62
- timestamp: new Date().toISOString(),
63
- severity: "CRITICAL",
64
- type: "rce-verification",
65
- };
38
+ console.log(`[ProofRecorder] 🎥 Recording proof for ${cveId}...`);
66
39
 
67
- // In real scenario, this would capture actual sandbox screen recording
68
- // For now, we create a metadata entry with exploitOutput as the video description
69
- const videoUrl = await this.uploadExploitRecord(
40
+ const proofPath = await this.saveProof(
70
41
  cveId,
71
42
  packageName,
72
43
  version,
73
- exploitOutput,
74
- collectionName,
75
- metadata
44
+ exploitOutput
76
45
  );
77
46
 
78
47
  const record: ExploitVideoRecord = {
79
48
  cveId,
80
49
  package: packageName,
81
50
  version,
82
- videoUrl,
51
+ videoUrl: proofPath,
83
52
  duration,
84
53
  timestamp: new Date().toISOString(),
85
54
  };
86
55
 
87
56
  this.recordedVideos.set(cveId, record);
88
- console.log(`[VideoDB] ✓ Recorded: ${videoUrl}`);
57
+ console.log(`[ProofRecorder] ✓ Saved: ${proofPath}`);
89
58
 
90
59
  return record;
91
60
  } catch (error) {
92
61
  console.warn(
93
- `[VideoDB] Failed to record ${cveId}: ${error instanceof Error ? error.message : String(error)}`
62
+ `[ProofRecorder] Failed to save proof for ${cveId}: ${error instanceof Error ? error.message : String(error)}`
94
63
  );
95
64
  return null;
96
65
  }
97
66
  }
98
67
 
99
- private async uploadExploitRecord(
68
+ private async saveProof(
100
69
  cveId: string,
101
70
  packageName: string,
102
71
  version: string,
103
- exploitOutput: string,
104
- collectionName: string,
105
- metadata: any
72
+ exploitOutput: string
106
73
  ): Promise<string> {
107
- // Create a reference URL that links to the video
108
- // In production, this would actually upload screen recording to VideoDB
109
- const videoId = `${cveId.toLowerCase()}_${Date.now()}`;
110
- const videoUrl = `https://console.videodb.io/videos/${videoId}`;
111
-
112
- // Store metadata in cache for later retrieval
113
- const cacheKey = `videodb_${cveId}`;
114
- if (typeof globalThis !== "undefined") {
115
- (globalThis as any)[cacheKey] = {
116
- cveId,
117
- packageName,
118
- version,
119
- exploitOutput,
120
- metadata,
121
- videoUrl,
122
- createdAt: new Date().toISOString(),
123
- };
124
- }
125
-
126
- return videoUrl;
74
+ await this.ensureProofsDir();
75
+
76
+ const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
77
+ const filename = `${cveId}_${timestamp}.json`;
78
+ const filePath = join(this.proofsDir, filename);
79
+
80
+ const proofData = {
81
+ cveId,
82
+ package: packageName,
83
+ version,
84
+ exploitOutput,
85
+ savedAt: new Date().toISOString(),
86
+ severity: "CRITICAL",
87
+ type: "rce-verification",
88
+ };
89
+
90
+ await writeFile(filePath, JSON.stringify(proofData, null, 2));
91
+ return filePath;
127
92
  }
128
93
 
129
94
  getRecordedVideos(): ExploitVideoRecord[] {