-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathmake-md.sh
executable file
·57 lines (41 loc) · 1.64 KB
/
make-md.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
set -e
PACKAGE_NAME="$1"
rm -f package.json
npm init -y
NL=$'\n'
ACCENT='`'
CODE_BLOCK_START='```javascript'
CODE_BLOCK_END='```'
VERSIONS_TITLE='**Vulnerable versions:**'
PACKAGE_RESPONSE=$(curl "https://registry.npmjs.org/$PACKAGE_NAME")
PACKAGE_VERSIONS=$(echo "$PACKAGE_RESPONSE" | jq -r '.versions | .[].version')
PACKAGE_LATEST_VERSION=$(echo "$PACKAGE_RESPONSE" | jq -r '.["dist-tags"].latest')
PACKAGE_DESCRIPTION=$(echo "$PACKAGE_RESPONSE" | jq -r '.description')
for EXPLOIT_PATH in $(find "$PACKAGE_NAME" -name \*.js); do
EXPLOIT_DATA=$(cat "$EXPLOIT_PATH")
echo -n "$CODE_BLOCK_START$NL$EXPLOIT_DATA$NL$CODE_BLOCK_END$NL$NL$VERSIONS_TITLE" > "$EXPLOIT_PATH.tmd"
done
for PACKAGE_VERSION in $PACKAGE_VERSIONS; do
rm -rf node_modules
rm -f package-lock.json
npm i "$PACKAGE_NAME@$PACKAGE_VERSION"
for EXPLOIT_PATH in $(find "$PACKAGE_NAME" -name \*.js); do
RESULT=$(node -r ./exception-handler.js "$EXPLOIT_PATH")
echo "$PACKAGE_NAME@$PACKAGE_VERSION $EXPLOIT_PATH"
echo "$RESULT"
if [[ "$RESULT" == *"exploitable"* ]]; then
echo -n " $ACCENT$PACKAGE_VERSION$ACCENT" >> "$EXPLOIT_PATH.tmd"
fi
done
done
MARKDOWN_OUTPUT="# $PACKAGE_NAME$NL$NL$PACKAGE_DESCRIPTION$NL$NL**Latest version:** $ACCENT$PACKAGE_LATEST_VERSION$ACCENT$NL$NL"
if [ -f "$PACKAGE_NAME/META.md" ]; then
META=$(cat "$PACKAGE_NAME/META.md")
MARKDOWN_OUTPUT="$MARKDOWN_OUTPUT$META$NL$NL"
fi
MARKDOWN_OUTPUT="$MARKDOWN_OUTPUT## Exploits"
for EXPLOIT_MD_PATH in $(find "$PACKAGE_NAME" -name \*.js.tmd); do
MARKDOWN_OUTPUT="$MARKDOWN_OUTPUT$NL$NL$(cat "$EXPLOIT_MD_PATH")"
done
echo "$MARKDOWN_OUTPUT" > "$PACKAGE_NAME/README.md"