Last active
November 12, 2021 12:38
-
-
Save tannerli/b579ecf29e9dbed9cb333af7f32e54e1 to your computer and use it in GitHub Desktop.
Check for compromised versions of npm packages 'rc' and 'coa'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Searching for rc packages..." | |
| matches=$(find / -type d -path "*/node_modules/rc" 2>/dev/null) | |
| echo -e "Checking for compromised versions...\\n" | |
| for match in $matches | |
| do | |
| egrep 'version\":\s*\"((1.2.9)|(1.3.9)|(2.3.9))' "$match/package.json" && echo -e $match\\n | |
| done | |
| echo "Searching for coa packages..." | |
| matches=$(find / -type d -path "*/node_modules/coa" 2>/dev/null) | |
| echo -e "Checking for compromised versions...\\n" | |
| for match in $matches | |
| do | |
| egrep 'version\":\s*\"((2.0.3)|(2.0.4)|(2.1.1)|(2.1.3)|(3.0.1)|(3.1.3))' "$match/package.json" && echo -e $match\\n | |
| done | |
| echo "Searching for ua-parser-js packages..." | |
| matches=$(find / -type d -path "*/node_modules/ua-parser-js" 2>/dev/null) | |
| echo -e "Checking for compromised versions...\\n" | |
| for match in $matches | |
| do | |
| egrep 'version\":\s*\"((0.7.29)|(0.8.0)|(1.0.0))' "$match/package.json" && echo -e $match\\n | |
| done |
@nooitaf yes, absolutely. I included your addition, thank you!
Here is a powershell version of it:
$drives = Get-PSDrive -PSProvider 'FileSystem'
$rcMatcher = "*\node_modules\rc\package.json"
$coaMatcher = "*\node_modules\coa\package.json"
$uaParserJsMatcher = "*\node_modules\ua-parser-js\package.json"
$rcMatches = @()
$coaMatches = @()
$uaParserJsMatches = @()
foreach ($d in $drives) {
Write-Host "Searching for rc, coa and ua-parser-js packages..."
$fileMatches = Get-ChildItem ${$d}\ -Recurse -ErrorAction SilentlyContinue | where {
$_.fullname -like $rcMatcher -or
$_.fullname -like $coaMatcher -or
$_.fullname -like $uaParserJsMatcher
}
Write-Host "Checking for compromised versions in rc, coa and ua-parser-js packages..."
foreach ($f in $fileMatches) {
if ($f.fullname -like $rcMatcher) {
$rcMatches += $f | Select-String -Pattern 'version\":\s*\"((1.2.9)|(1.3.9)|(2.3.9))'
} elseif ($f.fullname -like $coaMatcher) {
$coaMatches += $f | Select-String -Pattern 'version\":\s*\"((2.0.3)|(2.0.4)|(2.1.1)|(2.1.3)|(3.0.1)|(3.1.3))'
} elseif ($f.fullname -like $uaParserJsMatcher) {
$uaParserJsMatches += $f | Select-String -Pattern 'version\":\s*\"((0.7.29)|(0.8.0)|(1.0.0))'
}
}
Write-Host "`nFound" $rcMatches.count "compromised rc packages:"
foreach ($match in $rcMatches) {
Write-Host $match -ForegroundColor red
}
Write-Host "`nFound" $coaMatches.count "compromised coa packages:"
foreach ($match in $coaMatches) {
Write-Host $match -ForegroundColor red
}
Write-Host "`nFound" $uaParserJsMatches.count "compromised ua-parser-js packages:"
foreach ($match in $uaParserJsMatches) {
Write-Host $match -ForegroundColor red
}
}
execution: powershell -ExecutionPolicy Bypass -File check_compromised.ps1
It seems that the above script check_compromised.sh is not able to search paths containing spaces. To fix it, I used the following script:
#!/bin/bash
pkg=("rc" "coa" "ua-parser-js")
vrs=("((1.2.9)|(1.3.9)|(2.3.9))" "((2.0.3)|(2.0.4)|(2.1.1)|(2.1.3)|(3.0.1)|(3.1.3))" "((0.7.29)|(0.8.0)|(1.0.0))")
for i in {0..3}
do
find / -path "*/node_modules/${pkg[$i]}/*" -name "package.json" 2>/dev/null | sed 's/ /\\ /g' | xargs egrep "version\":\s*\"${vrs[$i]}"
done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You might want to check
ua-parser-jstoo ..