typescript-virtual-container 1.1.3 → 1.1.5

package/src/VirtualUserManager/index.ts

@@ -1,4 +1,5 @@
 import { randomBytes, randomUUID, scryptSync } from "node:crypto";
+import { EventEmitter } from "node:events";
 import * as path from "node:path";
 import type VirtualFileSystem from "../VirtualFileSystem";
 
@@ -31,7 +32,7 @@ export interface VirtualActiveSession {
  *
  * Passwords are hashed with scrypt and stored in the backing virtual filesystem.
  */
-export class VirtualUserManager {
+export class VirtualUserManager extends EventEmitter {
 	private readonly usersPath = "/virtual-env-js/.auth/htpasswd";
 	private readonly sudoersPath = "/virtual-env-js/.auth/sudoers";
 	private readonly quotasPath = "/virtual-env-js/.auth/quotas";
@@ -53,10 +54,13 @@ export class VirtualUserManager {
 		private readonly vfs: VirtualFileSystem,
 		private readonly defaultRootPassword: string = "root",
 		private readonly autoSudoForNewUsers: boolean = true,
-	) {}
+	) {
+		super();
+	}
 
 	/**
 	 * Loads users/sudoers from disk and ensures root account exists.
+	 * Also creates the current system user if not already present.
 	 */
 	public async initialize(): Promise<void> {
 		this.loadFromVfs();
@@ -67,7 +71,27 @@ export class VirtualUserManager {
 
 		this.sudoers.add("root");
 
+		// Auto-create current system user for easier authentication
+		const currentUser = process.env.USER || process.env.USERNAME;
+		if (currentUser && currentUser !== "root" && !this.users.has(currentUser)) {
+			// Use same password as root for convenience, or a generic default
+			const userPassword = this.defaultRootPassword;
+			this.users.set(currentUser, this.createRecord(currentUser, userPassword));
+			this.sudoers.add(currentUser);
+
+			// Create home directory for the system user
+			const homePath = `/home/${currentUser}`;
+			if (!this.vfs.exists(homePath)) {
+				this.vfs.mkdir(homePath, 0o755);
+				this.vfs.writeFile(
+					`${homePath}/README.txt`,
+					`Welcome to the virtual environment, ${currentUser}`,
+				);
+			}
+		}
+
 		await this.persist();
+		this.emit("initialized");
 	}
 
 	/**
@@ -220,6 +244,7 @@ export class VirtualUserManager {
 			);
 		}
 		await this.persist();
+		this.emit("user:add", { username });
 	}
 
 	/**
@@ -258,6 +283,7 @@ export class VirtualUserManager {
 
 		this.sudoers.delete(username);
 
+		this.emit("user:delete", { username });
 		await this.persist();
 	}
 
@@ -319,8 +345,12 @@ export class VirtualUserManager {
 			remoteAddress,
 			startedAt: new Date().toISOString(),
 		};
-
 		this.activeSessions.set(session.id, session);
+		this.emit("session:register", {
+			sessionId: session.id,
+			username,
+			remoteAddress,
+		});
 		return session;
 	}
 
@@ -334,6 +364,14 @@ export class VirtualUserManager {
 			return;
 		}
 
+		const session = this.activeSessions.get(sessionId);
+		this.activeSessions.delete(sessionId);
+		if (session) {
+			this.emit("session:unregister", {
+				sessionId,
+				username: session.username,
+			});
+		}
 		this.activeSessions.delete(sessionId);
 	}
 

package/src/commands/exit.ts

@@ -2,6 +2,7 @@ import type { ShellModule } from "../types/commands";
 
 export const exitCommand: ShellModule = {
 	name: "exit",
+	aliases: ["bye"],
 	params: [],
 	run: () => ({ closeSession: true, exitCode: 0 }),
 };

package/src/index.ts

@@ -1,9 +1,14 @@
+import { HoneyPot } from "./Honeypot";
 import { SshClient } from "./SSHClient";
-import { SshMimic } from "./SSHMimic/index";
+import { SftpMimic, SshMimic } from "./SSHMimic/index";
 import VirtualFileSystem from "./VirtualFileSystem";
 import { VirtualShell } from "./VirtualShell";
 import { VirtualUserManager } from "./VirtualUserManager";
 
+export type {
+	AuditLogEntry,
+	HoneyPotStats,
+} from "./Honeypot";
 export type {
 	CommandContext,
 	CommandMode,
@@ -30,8 +35,10 @@ export type {
 } from "./types/vfs";
 
 export {
+	HoneyPot,
 	SshClient,
 	VirtualFileSystem,
+	SftpMimic as VirtualSftpServer,
 	VirtualShell,
 	SshMimic as VirtualSshServer,
 	VirtualUserManager,

package/src/standalone.ts

@@ -1,4 +1,4 @@
-import { VirtualShell, VirtualSshServer } from ".";
+import { VirtualSftpServer, VirtualShell, VirtualSshServer } from ".";
 
 const hostname = process.env.SSH_MIMIC_HOSTNAME ?? "typescript-vm";
 const virtualShell = new VirtualShell(hostname);
@@ -26,3 +26,13 @@ new VirtualSshServer({
 		console.error("Failed to start SSH Mimic:", error);
 		process.exit(1);
 	});
+
+new VirtualSftpServer({ port: 2223, hostname, shell: virtualShell })
+	.start()
+	.then((port: number) => {
+		console.log(`SFTP Mimic initialized. Listening on port ${port}.`);
+	})
+	.catch((error: unknown) => {
+		console.error("Failed to start SFTP Mimic:", error);
+		process.exit(1);
+	});

package/tests/sftp.test.ts

@@ -0,0 +1,319 @@
+/// <reference types="bun" />
+import { describe, expect, test } from "bun:test";
+import { rmSync } from "node:fs";
+import type { FileEntryWithStats, SFTPWrapper } from "ssh2";
+import { Client } from "ssh2";
+import { SftpMimic } from "../src/SSHMimic/sftp";
+import VirtualFileSystem from "../src/VirtualFileSystem";
+import { VirtualUserManager } from "../src/VirtualUserManager";
+
+function makeTempBasePath(): string {
+	return `./temp-test-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+}
+
+function connectSftp(port: number): Promise<{ client: Client; sftp: SFTPWrapper }> {
+	return new Promise((resolve, reject) => {
+		const client = new Client();
+		client.on("ready", () => {
+			client.sftp((err, sftp) => {
+				if (err) {
+					client.end();
+					reject(err);
+					return;
+				}
+				resolve({ client, sftp });
+			});
+		});
+
+		client.on("error", reject);
+		client.connect({
+			host: "127.0.0.1",
+			port,
+			username: "root",
+			password: "root",
+			hostVerifier: () => true,
+		});
+	});
+}
+
+function connectSftpWithUser(
+	port: number,
+	username: string,
+	password: string,
+): Promise<{ client: Client; sftp: SFTPWrapper }> {
+	return new Promise((resolve, reject) => {
+		const client = new Client();
+		client.on("ready", () => {
+			client.sftp((err, sftp) => {
+				if (err) {
+					client.end();
+					reject(err);
+					return;
+				}
+				resolve({ client, sftp });
+			});
+		});
+
+		client.on("error", reject);
+		client.connect({
+			host: "127.0.0.1",
+			port,
+			username,
+			password,
+			hostVerifier: () => true,
+		});
+	});
+}
+
+describe("SftpMimic", () => {
+	test("authenticates with VirtualUserManager and serves files from the VirtualFileSystem", async () => {
+		const tempBasePath = makeTempBasePath();
+		const vfs = new VirtualFileSystem(tempBasePath);
+		const users = new VirtualUserManager(vfs, "root");
+
+		try {
+			await users.initialize();
+
+			const rootPath = "/home/root";
+			if (!vfs.exists(rootPath)) {
+				vfs.mkdir(rootPath, 0o755);
+			}
+			vfs.writeFile(`${rootPath}/TEST.txt`, "hello world");
+
+			const server = new SftpMimic({
+				port: 0,
+				hostname: "test-sftp",
+				vfs,
+				users,
+			});
+			const port = await server.start();
+
+			const { client, sftp } = await connectSftp(port);
+			const list = await new Promise<FileEntryWithStats[]>((resolve, reject) => {
+				sftp.readdir(
+					"/home/root",
+					(err?: Error | null, list?: FileEntryWithStats[]) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve(list || []);
+					},
+				);
+			});
+
+			expect(list.map((entry) => entry.filename)).toContain("TEST.txt");
+
+			const content = await new Promise<string>((resolve, reject) => {
+				sftp.readFile(
+					"/home/root/TEST.txt",
+					"utf8",
+					(err?: Error | null, data?: Buffer) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve((data || Buffer.alloc(0)).toString("utf8"));
+					},
+				);
+			});
+
+			expect(content).toBe("hello world");
+			client.end();
+			server.stop();
+		} finally {
+			rmSync(tempBasePath, { recursive: true, force: true });
+		}
+	});
+
+	test("blocks path traversal attempts outside home directory", async () => {
+		const tempBasePath = makeTempBasePath();
+		const vfs = new VirtualFileSystem(tempBasePath);
+		const users = new VirtualUserManager(vfs, "root");
+
+		try {
+			await users.initialize();
+
+			const rootPath = "/home/root";
+			if (!vfs.exists(rootPath)) {
+				vfs.mkdir(rootPath, 0o755);
+			}
+
+			const server = new SftpMimic({
+				port: 0,
+				hostname: "test-sftp",
+				vfs,
+				users,
+			});
+			const port = await server.start();
+
+			const { client, sftp } = await connectSftp(port);
+
+			// Try to read /etc/passwd (outside home directory) - should fail with PERMISSION_DENIED
+			const traversalAttempt = await new Promise<Error | null>((resolve) => {
+				sftp.stat(
+					"/etc/passwd",
+					(err?: Error | null) => {
+						resolve(err ?? null);
+					},
+				);
+			});
+
+			expect(traversalAttempt).not.toBeNull();
+			expect(traversalAttempt?.message).toContain("Permission denied");
+
+			// Try to access /home/root which should work
+			const homeAccess = await new Promise<FileEntryWithStats[]>((
+				resolve,
+				reject,
+			) => {
+				sftp.readdir(
+					"/home/root",
+					(err?: Error | null, list?: FileEntryWithStats[]) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve(list || []);
+					},
+				);
+			});
+
+			expect(homeAccess).toBeDefined();
+
+			// Try to go up with ../ - should fail
+			const upTraversalAttempt = await new Promise<Error | null>((resolve) => {
+				sftp.readdir(
+					"/home/root/../../etc",
+					(err?: Error | null) => {
+						resolve(err ?? null);
+					},
+				);
+			});
+
+			expect(upTraversalAttempt).not.toBeNull();
+
+			client.end();
+			server.stop();
+		} finally {
+			rmSync(tempBasePath, { recursive: true, force: true });
+		}
+	});
+
+	test("auto-creates current system user on initialization", async () => {
+		// Use a unique temp directory for this test to avoid VFS sharing
+		const tempPath = `./temp-test-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+		const vfs = new VirtualFileSystem(tempPath);
+		const users = new VirtualUserManager(vfs, "testpass");
+		await users.initialize();
+
+		// Verify that the current system user was created
+		const currentUser = process.env.USER || process.env.USERNAME;
+		if (currentUser && currentUser !== "root") {
+			// Should be able to verify password with the default password (testpass)
+			const passwordValid = users.verifyPassword(currentUser, "testpass");
+			expect(passwordValid).toBe(true);
+
+			// Home directory should exist
+			const homePath = `/home/${currentUser}`;
+			expect(vfs.exists(homePath)).toBe(true);
+
+			// README.txt should exist in home
+			const readmePath = `${homePath}/README.txt`;
+			expect(vfs.exists(readmePath)).toBe(true);
+		}
+
+		// Cleanup
+		const fs = await import("node:fs");
+		fs.rmSync(tempPath, { recursive: true, force: true });
+	});
+
+	test("allows system user to authenticate and access SFTP", async () => {
+		const tempBasePath = makeTempBasePath();
+		const vfs = new VirtualFileSystem(tempBasePath);
+		const users = new VirtualUserManager(vfs, "root");
+
+		try {
+			await users.initialize();
+
+			// Verify system user was created with the default password
+			const currentUser = process.env.USER || process.env.USERNAME;
+			if (!currentUser || currentUser === "root") {
+				// Skip test if we can't determine current user
+				return;
+			}
+
+			// Ensure a deterministic password for environments where user data may persist.
+			await users.setPassword(currentUser, "root");
+
+			const server = new SftpMimic({
+				port: 0,
+				hostname: "test-sftp",
+				vfs,
+				users,
+			});
+			const port = await server.start();
+
+			// Connect as the system user (which was auto-created during initialize)
+			const { client, sftp } = await connectSftpWithUser(
+				port,
+				currentUser,
+				"root",
+			);
+
+			// User should be able to list their home directory
+			const list = await new Promise<FileEntryWithStats[]>((resolve, reject) => {
+				sftp.readdir(
+					`/home/${currentUser}`,
+					(err?: Error | null, list?: FileEntryWithStats[]) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve(list || []);
+					},
+				);
+			});
+
+			// README.txt should be in the home directory
+			expect(list.map((e) => e.filename)).toContain("README.txt");
+
+			// Create a file as the system user
+			await new Promise<void>((resolve, reject) => {
+				sftp.writeFile(
+					`/home/${currentUser}/test-file.txt`,
+					Buffer.from("WinSCP test"),
+					(err?: Error | null) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve();
+					},
+				);
+			});
+
+			// Read the file back
+			const content = await new Promise<string>((resolve, reject) => {
+				sftp.readFile(
+					`/home/${currentUser}/test-file.txt`,
+					"utf8",
+					(err?: Error | null, data?: Buffer) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve((data || Buffer.alloc(0)).toString("utf8"));
+					},
+				);
+			});
+
+			expect(content).toBe("WinSCP test");
+
+			client.end();
+			server.stop();
+		} finally {
+			rmSync(tempBasePath, { recursive: true, force: true });
+		}
+	});
+});

package/tests/ssh-exec.test.ts

@@ -0,0 +1,45 @@
+import { describe, expect, test } from "bun:test";
+import { VirtualShell } from "../src";
+import { runExec } from "../src/SSHMimic/exec";
+
+describe("SSH exec inline commands", () => {
+	test("runExec sends stdout, stderr, and exit code for inline commands", async () => {
+		const shell = new VirtualShell("localhost");
+		const stdout: string[] = [];
+		const stderr: string[] = [];
+		let exitCode: number = -1;
+
+		const stream = {
+			write(data: string) {
+				stdout.push(data);
+			},
+			stderr: {
+				write(data: string) {
+					stderr.push(data);
+				},
+			},
+			exit(code: number) {
+				exitCode = code;
+			},
+			end() {
+				return undefined;
+			},
+		};
+
+		await shell.ensureInitialized();
+
+		const endPromise = new Promise<void>((resolve) => {
+			stream.end = () => {
+				resolve();
+				return;
+			};
+		});
+
+		runExec(stream as never, "echo hello", "root", "localhost", shell);
+		await endPromise;
+
+		expect(stdout.join("")).toContain("hello");
+		expect(stderr.join("")).toBe("");
+		expect(exitCode).toBe(0);
+	});
+});