mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-05-16 05:43:05 +08:00
fix: harden supply-chain IOC scan (#1918)
This commit is contained in:
Affaan Mustafa
@@ -218,18 +218,25 @@ const CRITICAL_TEXT_INDICATORS = [
|
||||
'tanstack_runner.js',
|
||||
'execution.js',
|
||||
'transformers.pyz',
|
||||
'pgmonitor.py',
|
||||
'pgsql-monitor.service',
|
||||
'gh-token-monitor',
|
||||
'com.user.gh-token-monitor',
|
||||
'IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner',
|
||||
'filev2.getsession.org',
|
||||
'seed1.getsession.org',
|
||||
'seed2.getsession.org',
|
||||
'seed3.getsession.org',
|
||||
'git-tanstack.com',
|
||||
'litter.catbox.moe/h8nc9u.js',
|
||||
'litter.catbox.moe/7rrc6l.mjs',
|
||||
'83.142.209.194',
|
||||
'api.masscan.cloud',
|
||||
'A Mini Shai-Hulud has Appeared',
|
||||
'Shai-Hulud: Here We Go Again',
|
||||
'PUSH UR T3MPRR',
|
||||
'codeql_analysis.yml',
|
||||
'shai-hulud-workflow.yml',
|
||||
];
|
||||
|
||||
const DEPENDENCY_FILENAMES = new Set([
|
||||
@@ -248,9 +255,13 @@ const PERSISTENCE_FILENAMES = new Set([
|
||||
'tasks.json',
|
||||
'router_runtime.js',
|
||||
'setup.mjs',
|
||||
'pgmonitor.py',
|
||||
'gh-token-monitor.sh',
|
||||
'com.user.gh-token-monitor.plist',
|
||||
'gh-token-monitor.service',
|
||||
'pgsql-monitor.service',
|
||||
'codeql_analysis.yml',
|
||||
'shai-hulud-workflow.yml',
|
||||
]);
|
||||
|
||||
const PAYLOAD_FILENAMES = new Set([
|
||||
@@ -258,7 +269,14 @@ const PAYLOAD_FILENAMES = new Set([
|
||||
'router_runtime.js',
|
||||
'tanstack_runner.js',
|
||||
'execution.js',
|
||||
'transformers.pyz',
|
||||
'pgmonitor.py',
|
||||
'gh-token-monitor.sh',
|
||||
'com.user.gh-token-monitor.plist',
|
||||
'gh-token-monitor.service',
|
||||
'pgsql-monitor.service',
|
||||
'codeql_analysis.yml',
|
||||
'shai-hulud-workflow.yml',
|
||||
]);
|
||||
|
||||
const IGNORED_DIRS = new Set([
|
||||
@@ -284,7 +302,8 @@ function isInSpecialConfigPath(filePath) {
|
||||
|| /\/\.kiro\/settings\//.test(normalized)
|
||||
|| /\/Library\/LaunchAgents\//.test(normalized)
|
||||
|| /\/\.config\/systemd\/user\//.test(normalized)
|
||||
|| /\/\.local\/bin\//.test(normalized);
|
||||
|| /\/\.local\/bin\//.test(normalized)
|
||||
|| /\/\.github\/workflows\//.test(normalized);
|
||||
}
|
||||
|
||||
function shouldInspectFile(filePath) {
|
||||
@@ -432,10 +451,21 @@ function homeTargets(homeDir) {
|
||||
'.vscode/setup.mjs',
|
||||
'Library/LaunchAgents/com.user.gh-token-monitor.plist',
|
||||
'.config/systemd/user/gh-token-monitor.service',
|
||||
'.config/systemd/user/pgsql-monitor.service',
|
||||
'.local/bin/gh-token-monitor.sh',
|
||||
'.local/bin/pgmonitor.py',
|
||||
].map(relativePath => path.join(homeDir, relativePath));
|
||||
}
|
||||
|
||||
function runtimeTargets() {
|
||||
return [
|
||||
'/tmp/transformers.pyz',
|
||||
'/tmp/pgmonitor.py',
|
||||
'/private/tmp/transformers.pyz',
|
||||
'/private/tmp/pgmonitor.py',
|
||||
];
|
||||
}
|
||||
|
||||
function scanSupplyChainIocs(options = {}) {
|
||||
const rootDir = path.resolve(options.rootDir || DEFAULT_ROOT);
|
||||
const files = walkFiles(rootDir);
|
||||
@@ -445,6 +475,9 @@ function scanSupplyChainIocs(options = {}) {
|
||||
for (const target of homeTargets(options.homeDir || os.homedir())) {
|
||||
if (fs.existsSync(target)) files.push(target);
|
||||
}
|
||||
for (const target of runtimeTargets()) {
|
||||
if (fs.existsSync(target)) files.push(target);
|
||||
}
|
||||
}
|
||||
|
||||
for (const filePath of [...new Set(files)].sort()) {
|
||||
|
||||
Reference in New Issue
Block a user