muaddib-scanner 2.11.124 → 2.11.128
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/{self-scan-v2.11.124.json → self-scan-v2.11.128.json} +340 -4
- package/src/ml/model-trees-shadow.js +4 -4
- package/src/monitor/ingestion.js +2 -2
- package/src/monitor/queue.js +6 -2
- package/src/monitor/scan-queue.js +45 -2
- package/src/monitor/webhook.js +41 -36
- package/src/pipeline/executor.js +11 -4
- package/src/response/playbooks.js +18 -0
- package/src/rules/index.js +60 -0
- package/src/scanner/anti-scanner-injection.js +180 -0
- package/src/scanner/npm-registry.js +24 -2
- package/src/shared/http-limiter.js +14 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"target": "node_modules",
|
|
3
|
-
"timestamp": "2026-06-
|
|
3
|
+
"timestamp": "2026-06-20T10:44:00.296Z",
|
|
4
4
|
"threats": [
|
|
5
5
|
{
|
|
6
6
|
"type": "string_mutation_obfuscation",
|
|
@@ -1068,6 +1068,94 @@
|
|
|
1068
1068
|
"playbook": "SharedArrayBuffer + Worker Thread detectes. Canal IPC memoire partagee qui contourne la surveillance. Verifier si les workers manipulent des donnees sensibles. Isoler si combine avec eval/exec.",
|
|
1069
1069
|
"points": 3
|
|
1070
1070
|
},
|
|
1071
|
+
{
|
|
1072
|
+
"type": "dangerous_exec",
|
|
1073
|
+
"severity": "MEDIUM",
|
|
1074
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1075
|
+
"file": "eslint/lib/rules/eol-last.js",
|
|
1076
|
+
"degraded": true,
|
|
1077
|
+
"quickScan": true,
|
|
1078
|
+
"count": 1,
|
|
1079
|
+
"reductions": [],
|
|
1080
|
+
"originalSeverity": "MEDIUM",
|
|
1081
|
+
"confidenceTier": "low",
|
|
1082
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1083
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1084
|
+
"confidence": "high",
|
|
1085
|
+
"domain": "malware",
|
|
1086
|
+
"references": [
|
|
1087
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1088
|
+
],
|
|
1089
|
+
"mitre": "T1059.004",
|
|
1090
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1091
|
+
"points": 3
|
|
1092
|
+
},
|
|
1093
|
+
{
|
|
1094
|
+
"type": "dangerous_exec",
|
|
1095
|
+
"severity": "MEDIUM",
|
|
1096
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1097
|
+
"file": "eslint/lib/rules/indent-legacy.js",
|
|
1098
|
+
"degraded": true,
|
|
1099
|
+
"quickScan": true,
|
|
1100
|
+
"count": 1,
|
|
1101
|
+
"reductions": [],
|
|
1102
|
+
"originalSeverity": "MEDIUM",
|
|
1103
|
+
"confidenceTier": "low",
|
|
1104
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1105
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1106
|
+
"confidence": "high",
|
|
1107
|
+
"domain": "malware",
|
|
1108
|
+
"references": [
|
|
1109
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1110
|
+
],
|
|
1111
|
+
"mitre": "T1059.004",
|
|
1112
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1113
|
+
"points": 3
|
|
1114
|
+
},
|
|
1115
|
+
{
|
|
1116
|
+
"type": "dangerous_exec",
|
|
1117
|
+
"severity": "MEDIUM",
|
|
1118
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1119
|
+
"file": "eslint/lib/rules/key-spacing.js",
|
|
1120
|
+
"degraded": true,
|
|
1121
|
+
"quickScan": true,
|
|
1122
|
+
"count": 1,
|
|
1123
|
+
"reductions": [],
|
|
1124
|
+
"originalSeverity": "MEDIUM",
|
|
1125
|
+
"confidenceTier": "low",
|
|
1126
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1127
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1128
|
+
"confidence": "high",
|
|
1129
|
+
"domain": "malware",
|
|
1130
|
+
"references": [
|
|
1131
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1132
|
+
],
|
|
1133
|
+
"mitre": "T1059.004",
|
|
1134
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1135
|
+
"points": 3
|
|
1136
|
+
},
|
|
1137
|
+
{
|
|
1138
|
+
"type": "dangerous_exec",
|
|
1139
|
+
"severity": "MEDIUM",
|
|
1140
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1141
|
+
"file": "eslint/lib/rules/linebreak-style.js",
|
|
1142
|
+
"degraded": true,
|
|
1143
|
+
"quickScan": true,
|
|
1144
|
+
"count": 1,
|
|
1145
|
+
"reductions": [],
|
|
1146
|
+
"originalSeverity": "MEDIUM",
|
|
1147
|
+
"confidenceTier": "low",
|
|
1148
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1149
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1150
|
+
"confidence": "high",
|
|
1151
|
+
"domain": "malware",
|
|
1152
|
+
"references": [
|
|
1153
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1154
|
+
],
|
|
1155
|
+
"mitre": "T1059.004",
|
|
1156
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1157
|
+
"points": 3
|
|
1158
|
+
},
|
|
1071
1159
|
{
|
|
1072
1160
|
"type": "dangerous_exec",
|
|
1073
1161
|
"severity": "MEDIUM",
|
|
@@ -1398,6 +1486,50 @@
|
|
|
1398
1486
|
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1399
1487
|
"points": 3
|
|
1400
1488
|
},
|
|
1489
|
+
{
|
|
1490
|
+
"type": "dangerous_exec",
|
|
1491
|
+
"severity": "MEDIUM",
|
|
1492
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1493
|
+
"file": "@eslint/plugin-kit/dist/cjs/index.cjs",
|
|
1494
|
+
"degraded": true,
|
|
1495
|
+
"quickScan": true,
|
|
1496
|
+
"count": 1,
|
|
1497
|
+
"reductions": [],
|
|
1498
|
+
"originalSeverity": "MEDIUM",
|
|
1499
|
+
"confidenceTier": "low",
|
|
1500
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1501
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1502
|
+
"confidence": "high",
|
|
1503
|
+
"domain": "malware",
|
|
1504
|
+
"references": [
|
|
1505
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1506
|
+
],
|
|
1507
|
+
"mitre": "T1059.004",
|
|
1508
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1509
|
+
"points": 3
|
|
1510
|
+
},
|
|
1511
|
+
{
|
|
1512
|
+
"type": "dangerous_exec",
|
|
1513
|
+
"severity": "MEDIUM",
|
|
1514
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1515
|
+
"file": "@eslint/plugin-kit/dist/esm/index.js",
|
|
1516
|
+
"degraded": true,
|
|
1517
|
+
"quickScan": true,
|
|
1518
|
+
"count": 1,
|
|
1519
|
+
"reductions": [],
|
|
1520
|
+
"originalSeverity": "MEDIUM",
|
|
1521
|
+
"confidenceTier": "low",
|
|
1522
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1523
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1524
|
+
"confidence": "high",
|
|
1525
|
+
"domain": "malware",
|
|
1526
|
+
"references": [
|
|
1527
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1528
|
+
],
|
|
1529
|
+
"mitre": "T1059.004",
|
|
1530
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1531
|
+
"points": 3
|
|
1532
|
+
},
|
|
1401
1533
|
{
|
|
1402
1534
|
"type": "dangerous_exec",
|
|
1403
1535
|
"severity": "MEDIUM",
|
|
@@ -1442,6 +1574,138 @@
|
|
|
1442
1574
|
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1443
1575
|
"points": 3
|
|
1444
1576
|
},
|
|
1577
|
+
{
|
|
1578
|
+
"type": "dangerous_exec",
|
|
1579
|
+
"severity": "MEDIUM",
|
|
1580
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1581
|
+
"file": "regexp-tree/dist/compat-transpiler/runtime/index.js",
|
|
1582
|
+
"degraded": true,
|
|
1583
|
+
"quickScan": true,
|
|
1584
|
+
"count": 1,
|
|
1585
|
+
"reductions": [],
|
|
1586
|
+
"originalSeverity": "MEDIUM",
|
|
1587
|
+
"confidenceTier": "low",
|
|
1588
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1589
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1590
|
+
"confidence": "high",
|
|
1591
|
+
"domain": "malware",
|
|
1592
|
+
"references": [
|
|
1593
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1594
|
+
],
|
|
1595
|
+
"mitre": "T1059.004",
|
|
1596
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1597
|
+
"points": 3
|
|
1598
|
+
},
|
|
1599
|
+
{
|
|
1600
|
+
"type": "dangerous_exec",
|
|
1601
|
+
"severity": "MEDIUM",
|
|
1602
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1603
|
+
"file": "regexp-tree/dist/parser/generated/regexp-tree.js",
|
|
1604
|
+
"degraded": true,
|
|
1605
|
+
"quickScan": true,
|
|
1606
|
+
"count": 1,
|
|
1607
|
+
"reductions": [],
|
|
1608
|
+
"originalSeverity": "MEDIUM",
|
|
1609
|
+
"confidenceTier": "low",
|
|
1610
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1611
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1612
|
+
"confidence": "high",
|
|
1613
|
+
"domain": "malware",
|
|
1614
|
+
"references": [
|
|
1615
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1616
|
+
],
|
|
1617
|
+
"mitre": "T1059.004",
|
|
1618
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1619
|
+
"points": 3
|
|
1620
|
+
},
|
|
1621
|
+
{
|
|
1622
|
+
"type": "dangerous_exec",
|
|
1623
|
+
"severity": "MEDIUM",
|
|
1624
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1625
|
+
"file": "@eslint/config-array/dist/cjs/std__path/posix.cjs",
|
|
1626
|
+
"degraded": true,
|
|
1627
|
+
"quickScan": true,
|
|
1628
|
+
"count": 1,
|
|
1629
|
+
"reductions": [],
|
|
1630
|
+
"originalSeverity": "MEDIUM",
|
|
1631
|
+
"confidenceTier": "low",
|
|
1632
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1633
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1634
|
+
"confidence": "high",
|
|
1635
|
+
"domain": "malware",
|
|
1636
|
+
"references": [
|
|
1637
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1638
|
+
],
|
|
1639
|
+
"mitre": "T1059.004",
|
|
1640
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1641
|
+
"points": 3
|
|
1642
|
+
},
|
|
1643
|
+
{
|
|
1644
|
+
"type": "dangerous_exec",
|
|
1645
|
+
"severity": "MEDIUM",
|
|
1646
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1647
|
+
"file": "@eslint/config-array/dist/cjs/std__path/windows.cjs",
|
|
1648
|
+
"degraded": true,
|
|
1649
|
+
"quickScan": true,
|
|
1650
|
+
"count": 1,
|
|
1651
|
+
"reductions": [],
|
|
1652
|
+
"originalSeverity": "MEDIUM",
|
|
1653
|
+
"confidenceTier": "low",
|
|
1654
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1655
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1656
|
+
"confidence": "high",
|
|
1657
|
+
"domain": "malware",
|
|
1658
|
+
"references": [
|
|
1659
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1660
|
+
],
|
|
1661
|
+
"mitre": "T1059.004",
|
|
1662
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1663
|
+
"points": 3
|
|
1664
|
+
},
|
|
1665
|
+
{
|
|
1666
|
+
"type": "dangerous_exec",
|
|
1667
|
+
"severity": "MEDIUM",
|
|
1668
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1669
|
+
"file": "@eslint/config-array/dist/esm/std__path/posix.js",
|
|
1670
|
+
"degraded": true,
|
|
1671
|
+
"quickScan": true,
|
|
1672
|
+
"count": 1,
|
|
1673
|
+
"reductions": [],
|
|
1674
|
+
"originalSeverity": "MEDIUM",
|
|
1675
|
+
"confidenceTier": "low",
|
|
1676
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1677
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1678
|
+
"confidence": "high",
|
|
1679
|
+
"domain": "malware",
|
|
1680
|
+
"references": [
|
|
1681
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1682
|
+
],
|
|
1683
|
+
"mitre": "T1059.004",
|
|
1684
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1685
|
+
"points": 3
|
|
1686
|
+
},
|
|
1687
|
+
{
|
|
1688
|
+
"type": "dangerous_exec",
|
|
1689
|
+
"severity": "MEDIUM",
|
|
1690
|
+
"message": "[quick-scan] exec/spawn call detected in overflow file.",
|
|
1691
|
+
"file": "@eslint/config-array/dist/esm/std__path/windows.js",
|
|
1692
|
+
"degraded": true,
|
|
1693
|
+
"quickScan": true,
|
|
1694
|
+
"count": 1,
|
|
1695
|
+
"reductions": [],
|
|
1696
|
+
"originalSeverity": "MEDIUM",
|
|
1697
|
+
"confidenceTier": "low",
|
|
1698
|
+
"rule_id": "MUADDIB-AST-007",
|
|
1699
|
+
"rule_name": "Dangerous Shell Command Execution",
|
|
1700
|
+
"confidence": "high",
|
|
1701
|
+
"domain": "malware",
|
|
1702
|
+
"references": [
|
|
1703
|
+
"https://owasp.org/www-community/attacks/Command_Injection"
|
|
1704
|
+
],
|
|
1705
|
+
"mitre": "T1059.004",
|
|
1706
|
+
"playbook": "CRITIQUE: Execution de commande shell dangereuse detectee. Isoler la machine. Verifier si la commande a ete executee.",
|
|
1707
|
+
"points": 3
|
|
1708
|
+
},
|
|
1445
1709
|
{
|
|
1446
1710
|
"type": "dangerous_exec",
|
|
1447
1711
|
"severity": "MEDIUM",
|
|
@@ -1826,10 +2090,10 @@
|
|
|
1826
2090
|
],
|
|
1827
2091
|
"python": null,
|
|
1828
2092
|
"summary": {
|
|
1829
|
-
"total":
|
|
2093
|
+
"total": 92,
|
|
1830
2094
|
"critical": 7,
|
|
1831
2095
|
"high": 10,
|
|
1832
|
-
"medium":
|
|
2096
|
+
"medium": 44,
|
|
1833
2097
|
"low": 31,
|
|
1834
2098
|
"riskScore": 35,
|
|
1835
2099
|
"riskLevel": "MEDIUM",
|
|
@@ -2178,6 +2442,78 @@
|
|
|
2178
2442
|
"points": 3,
|
|
2179
2443
|
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2180
2444
|
},
|
|
2445
|
+
{
|
|
2446
|
+
"rule": "MUADDIB-AST-007",
|
|
2447
|
+
"type": "dangerous_exec",
|
|
2448
|
+
"points": 3,
|
|
2449
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2450
|
+
},
|
|
2451
|
+
{
|
|
2452
|
+
"rule": "MUADDIB-AST-007",
|
|
2453
|
+
"type": "dangerous_exec",
|
|
2454
|
+
"points": 3,
|
|
2455
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2456
|
+
},
|
|
2457
|
+
{
|
|
2458
|
+
"rule": "MUADDIB-AST-007",
|
|
2459
|
+
"type": "dangerous_exec",
|
|
2460
|
+
"points": 3,
|
|
2461
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2462
|
+
},
|
|
2463
|
+
{
|
|
2464
|
+
"rule": "MUADDIB-AST-007",
|
|
2465
|
+
"type": "dangerous_exec",
|
|
2466
|
+
"points": 3,
|
|
2467
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2468
|
+
},
|
|
2469
|
+
{
|
|
2470
|
+
"rule": "MUADDIB-AST-007",
|
|
2471
|
+
"type": "dangerous_exec",
|
|
2472
|
+
"points": 3,
|
|
2473
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2474
|
+
},
|
|
2475
|
+
{
|
|
2476
|
+
"rule": "MUADDIB-AST-007",
|
|
2477
|
+
"type": "dangerous_exec",
|
|
2478
|
+
"points": 3,
|
|
2479
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2480
|
+
},
|
|
2481
|
+
{
|
|
2482
|
+
"rule": "MUADDIB-AST-007",
|
|
2483
|
+
"type": "dangerous_exec",
|
|
2484
|
+
"points": 3,
|
|
2485
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2486
|
+
},
|
|
2487
|
+
{
|
|
2488
|
+
"rule": "MUADDIB-AST-007",
|
|
2489
|
+
"type": "dangerous_exec",
|
|
2490
|
+
"points": 3,
|
|
2491
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2492
|
+
},
|
|
2493
|
+
{
|
|
2494
|
+
"rule": "MUADDIB-AST-007",
|
|
2495
|
+
"type": "dangerous_exec",
|
|
2496
|
+
"points": 3,
|
|
2497
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2498
|
+
},
|
|
2499
|
+
{
|
|
2500
|
+
"rule": "MUADDIB-AST-007",
|
|
2501
|
+
"type": "dangerous_exec",
|
|
2502
|
+
"points": 3,
|
|
2503
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2504
|
+
},
|
|
2505
|
+
{
|
|
2506
|
+
"rule": "MUADDIB-AST-007",
|
|
2507
|
+
"type": "dangerous_exec",
|
|
2508
|
+
"points": 3,
|
|
2509
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2510
|
+
},
|
|
2511
|
+
{
|
|
2512
|
+
"rule": "MUADDIB-AST-007",
|
|
2513
|
+
"type": "dangerous_exec",
|
|
2514
|
+
"points": 3,
|
|
2515
|
+
"reason": "[quick-scan] exec/spawn call detected in overflow file."
|
|
2516
|
+
},
|
|
2181
2517
|
{
|
|
2182
2518
|
"rule": "MUADDIB-AST-004",
|
|
2183
2519
|
"type": "dangerous_call_eval",
|
|
@@ -2363,7 +2699,7 @@
|
|
|
2363
2699
|
"verified": 0,
|
|
2364
2700
|
"high": 0,
|
|
2365
2701
|
"medium": 18,
|
|
2366
|
-
"low":
|
|
2702
|
+
"low": 74
|
|
2367
2703
|
},
|
|
2368
2704
|
"perceivedFlagged": 0
|
|
2369
2705
|
},
|