marker/guarddog-nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: примеры вредоносных пакетов + E2E-тест + документация

Browse Source 
- examples/evil-pypi/: exec-base64, shady-links, code-execution, dll-hijacking
- examples/evil-npm/: eval, Buffer(base64), shady-links
- examples/evil-go/: exec+base64, shady-links
- examples/trigger-scans.sh: сборка архивов + Docker cp + вебхуки + проверка
- README.md + README.en.md: секция E2E-тестирования с curl-примерами
- E2E пройден: pypi(2 findings), npm(1), go(1) — все flagged
This commit is contained in:
Marker689
2026-05-10 13:13:36 +03:00
parent c1258dde99
commit 11ce9802e9
8 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
examples/trigger-scans.sh Executable file
View File

@@ -0,0 +1,75 @@
#!/bin/bash
# trigger-scans.sh — Package example malicious files and trigger GuardDog Nexus scans
#
# Usage (Docker):
# ./examples/trigger-scans.sh
#
# This script builds 3 example packages with known GuardDog-detected patterns
# (exec-base64, shady-links, code-execution, npm-api-obfuscation, go-exec-base64),
# copies them into the Docker container, and sends webhooks to trigger scans.
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
WEBHOOK_URL="${WEBHOOK_URL:-http://localhost:8080/webhooks/nexus}"
CONTAINER="${CONTAINER:-guarddog-nexus-guarddog-nexus-1}"
WORKDIR="$(mktemp -d)"
echo "Working in: $WORKDIR"
trap "rm -rf $WORKDIR" EXIT
# --- PyPI ---
echo "=== Building evil-pypi-0.1.0.tar.gz ==="
tar -czf "$WORKDIR/evil-pypi-0.1.0.tar.gz" -C "$SCRIPT_DIR/evil-pypi" setup.py src/
docker cp "$WORKDIR/evil-pypi-0.1.0.tar.gz" "$CONTAINER:/tmp/"
# --- npm ---
echo "=== Building evil-npm-1.0.0.tgz ==="
tar -czf "$WORKDIR/evil-npm-1.0.0.tgz" -C "$SCRIPT_DIR/evil-npm" index.js
docker cp "$WORKDIR/evil-npm-1.0.0.tgz" "$CONTAINER:/tmp/"
# --- Go ---
echo "=== Building evil-go-v0.1.0.zip ==="
python3 -c "
import zipfile,os
z=zipfile.ZipFile('$WORKDIR/evil-go-v0.1.0.zip','w')
for f in os.listdir('$SCRIPT_DIR/evil-go'): z.write(os.path.join('$SCRIPT_DIR/evil-go',f),f)
z.close()
"
docker cp "$WORKDIR/evil-go-v0.1.0.zip" "$CONTAINER:/tmp/"
# --- Start HTTP server inside container ---
echo "=== Starting HTTP server ==="
docker compose exec -d guarddog-nexus python3 -m http.server 9999 -d /tmp 2>/dev/null
sleep 2
# --- Trigger webhooks ---
echo ""
echo "=== Triggering webhooks ==="
curl -s -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d \
'{"action":"UPDATED","repositoryName":"pypi-proxy","asset":{"format":"pypi","name":"/packages/evil-pypi/0.1.0/evil-pypi-0.1.0.tar.gz","downloadUrl":"http://127.0.0.1:9999/evil-pypi-0.1.0.tar.gz"}}'
echo " → pypi: evil-pypi 0.1.0"
sleep 1
curl -s -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d \
'{"action":"UPDATED","repositoryName":"npm-proxy","asset":{"format":"npm","name":"/packages/evil-npm/-/evil-npm-1.0.0.tgz","downloadUrl":"http://127.0.0.1:9999/evil-npm-1.0.0.tgz"}}'
echo " → npm: evil-npm 1.0.0"
sleep 1
curl -s -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d \
'{"action":"UPDATED","repositoryName":"go-proxy","asset":{"format":"go","name":"/packages/github.com/evil/evil-go/@v/v0.1.0.zip","downloadUrl":"http://127.0.0.1:9999/evil-go-v0.1.0.zip"}}'
echo " → go: evil-go v0.1.0"
echo ""
echo "=== Waiting for scans (15s)... ==="
sleep 15
echo ""
echo "=== Results ==="
curl -s "http://localhost:8080/api/v1/scans?limit=3&sort_by=id&sort_dir=desc" | python3 -c "
import json,sys
data = json.load(sys.stdin)
for s in data['scans']:
f = '⚠' if s['flagged'] else '✓'
print(f'{f} #{s[\"id\"]:>4} {s[\"ecosystem\"]:>4} {s[\"package_name\"]:30} {s[\"package_version\"]:>10} {s[\"status\"]:12} findings={s[\"total_findings\"]}')
" 2>&1