marker/guarddog-nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: примеры вредоносных пакетов + E2E-тест + документация

Browse Source 
- examples/evil-pypi/: exec-base64, shady-links, code-execution, dll-hijacking
- examples/evil-npm/: eval, Buffer(base64), shady-links
- examples/evil-go/: exec+base64, shady-links
- examples/trigger-scans.sh: сборка архивов + Docker cp + вебхуки + проверка
- README.md + README.en.md: секция E2E-тестирования с curl-примерами
- E2E пройден: pypi(2 findings), npm(1), go(1) — все flagged
This commit is contained in:
Marker689
2026-05-10 13:13:36 +03:00
parent c1258dde99
commit 11ce9802e9
8 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
examples/evil-go/main.go Normal file
View File

@@ -0,0 +1,26 @@
// GuardDog will flag: go-exec-base64, shady-links
package main
import (
"encoding/base64"
"fmt"
"net/http"
"os/exec"
)
func main() {
// base64-encoded execution
encoded := "cHJpbnRmKGlvLmlvdXRsLCJIZWxsbyIp"
decoded, _ := base64.StdEncoding.DecodeString(encoded)
cmd := exec.Command("sh", "-c", string(decoded))
cmd.Run()
// shady-links: suspicious HTTP call
resp, err := http.Get("http://evil.example.com/beacon")
if err == nil {
defer resp.Body.Close()
fmt.Println("beacon sent")
}
}