marker/guarddog-nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: примеры вредоносных пакетов + E2E-тест + документация

Browse Source 
- examples/evil-pypi/: exec-base64, shady-links, code-execution, dll-hijacking
- examples/evil-npm/: eval, Buffer(base64), shady-links
- examples/evil-go/: exec+base64, shady-links
- examples/trigger-scans.sh: сборка архивов + Docker cp + вебхуки + проверка
- README.md + README.en.md: секция E2E-тестирования с curl-примерами
- E2E пройден: pypi(2 findings), npm(1), go(1) — все flagged
This commit is contained in:
Marker689
2026-05-10 13:13:36 +03:00
parent c1258dde99
commit 11ce9802e9
8 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
README.en.md
View File

@@ -98,6 +98,37 @@ GuardDog Nexus accepts `UPDATED` webhook events from Nexus.
> -d '{"action":"UPDATED","repositoryName":"pypi-proxy","asset":{"format":"pypi","name":"/packages/pkg/1.0/pkg-1.0.tar.gz","downloadUrl":"http://nexus:8081/repository/pypi-proxy/packages/pkg/1.0/pkg-1.0.tar.gz"}}'
> ```
### E2E Testing
The `examples/` directory contains sample malicious packages for PyPI, npm, and Go with patterns that GuardDog reliably detects (`exec-base64`, `shady-links`, `code-execution`, `npm-api-obfuscation`, `go-exec-base64`).
Run the E2E test (requires running Docker stack):
```bash
./examples/trigger-scans.sh
```
The script builds `.tar.gz` / `.tgz` / `.zip` archives, copies them into the container, and sends webhooks. After ~15 seconds it checks results: all three packages should be flagged with findings.
For manual testing of individual ecosystems:
```bash
# PyPI: exec-base64 + shady-links + code-execution
curl -X POST http://localhost:8080/webhooks/nexus \
-H "Content-Type: application/json" \
-d '{"action":"UPDATED","repositoryName":"pypi-proxy","asset":{"format":"pypi","name":"/packages/evil-pypi/0.1.0/evil-pypi-0.1.0.tar.gz","downloadUrl":"http://nexus:8081/repository/pypi-proxy/packages/evil-pypi/0.1.0/evil-pypi-0.1.0.tar.gz"}}'
# npm: eval + Buffer(base64) + shady-links
curl -X POST http://localhost:8080/webhooks/nexus \
-H "Content-Type: application/json" \
-d '{"action":"UPDATED","repositoryName":"npm-proxy","asset":{"format":"npm","name":"/packages/evil-npm/-/evil-npm-1.0.0.tgz","downloadUrl":"http://nexus:8081/repository/npm-proxy/evil-npm/-/evil-npm-1.0.0.tgz"}}'
# Go: exec + base64 + suspicious HTTP call
curl -X POST http://localhost:8080/webhooks/nexus \
-H "Content-Type: application/json" \
-d '{"action":"UPDATED","repositoryName":"go-proxy","asset":{"format":"go","name":"/packages/github.com/evil/evil-go/@v/v0.1.0.zip","downloadUrl":"http://nexus:8081/repository/go-proxy/github.com/evil/evil-go/@v/v0.1.0.zip"}}'
```
## REST API
### Scans