a very large update

cristianstaicu · Apr 27, 2022 · 1cf751f · 1cf751f
1 parent 5a1d17a
commit 1cf751f
Show file tree

Hide file tree

Showing 218 changed files with 46,678 additions and 1,338 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/ace-breakout/node-extend_0.2.0/package.json b/ace-breakout/node-extend_0.2.0/package.json
@@ -9,5 +9,5 @@
   },
   "fixedVersion": "n/a",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "lib/extend.js:31:11"
 }
diff --git a/ace-breakout/reduce-css-calc_1.2.0/package.json b/ace-breakout/reduce-css-calc_1.2.0/package.json
@@ -9,5 +9,5 @@
   },
   "fixedVersion": "1.2.5",
   "fixCommit": "n/a",
-  "sink": ""
+  "sink": "index.js:73:16"
 }
diff --git a/ace-breakout/sink-extraction-setup.js b/ace-breakout/sink-extraction-setup.js
@@ -1,12 +1,16 @@
 function getSink(new_arguments, stack) {
-  // console.log("arguments => ", new_arguments[0], typeof new_arguments[0]);
+  console.log("arguments => ", new_arguments[0], typeof new_arguments[0]);
   let package_name = "";
   let index = new_arguments[0].search("./");
   // console.log("index ===> ", index);
   if (index != -1) {
     package_name = new_arguments[0].substring(index + 2).trim();
   }
 
+  if (new_arguments[0].includes("node-extend")) {
+    package_name = "node-extend";
+  }
+
   if (new_arguments[0].includes("thenify")) {
     package_name = "thenify";
   }
@@ -51,7 +55,7 @@ function getSink(new_arguments, stack) {
     sink = sink.substring(0, last_index).trim();
   }
   console.log("sink ==>", sink);
-  // console.log(stack);
+  console.log(stack);
 }
 
 function getSink_touch(new_arguments, stack) {
@@ -117,11 +121,12 @@ function getSink_touch(new_arguments, stack) {
   }
   console.log("sink ==>", sink);
   // // extract first location from the package => output as sink
-  // console.log(stack);
+  console.log(stack);
 }
 
 let oldExec = require("child_process").exec;
 require("child_process").exec = function () {
+  console.log("exec");
   var args = arguments;
   let stack = new Error().stack.toString().split("\n");
   getSink_touch(args, stack);
@@ -130,14 +135,25 @@ require("child_process").exec = function () {
 
 let oldExecSync = require("child_process").execSync;
 require("child_process").execSync = function () {
+  console.log("exec sync");
   var args = arguments;
   let stack = new Error().stack.toString().split("\n");
   getSink_touch(args, stack);
   return oldExecSync.apply(this, arguments);
 };
 
-let oldfs = require("fs").writeFileSync;
+let oldfsSync = require("fs").writeFileSync;
 require("fs").writeFileSync = function () {
+  console.log("write sync");
+  var args = arguments;
+  let stack = new Error().stack.toString().split("\n");
+  getSink(args, stack);
+  return oldfsSync.apply(this, arguments);
+};
+
+let oldfs = require("fs").writeFile;
+require("fs").writeFile = function () {
+  console.log("fs write");
   var args = arguments;
   let stack = new Error().stack.toString().split("\n");
   getSink(args, stack);
@@ -146,41 +162,58 @@ require("fs").writeFileSync = function () {
 
 let oldSync = require("child_process").spawnSync;
 require("child_process").spawnSync = function () {
+  console.log("spwn sync");
   var args = arguments;
   let stack = new Error().stack.toString().split("\n");
   getSink(args, stack);
   return oldSync.apply(this, arguments);
 };
-var originalCookie = Object.getOwnPropertyDescriptor(
-  Object.prototype,
-  "polluted"
-);
-// console.log("original ===>> ", originalCookie);
-Object.defineProperty(Object.prototype, "polluted", {
-  set: function (value) {
-    stack = new Error().stack.toString().split("\n");
-    // console.log(stack);
-    for (let i = 0; i < stack.length; i++) {
-      let location = stack[i]
-        .replace(/.*vulnerabilities4js/, ".")
-        .replace(/\)/g, "")
-        .replace("    at ", "");
-      let index = stack[i].search("node_modules/");
-      // console.log("index ===> ", index);
-      if (index != -1) {
-        l1 = location.split("node_modules/");
-        if (l1.length == 3) {
-          l1 = l1[2];
-        } else l1 = l1[1];
-        // console.log("l1==>",l1);
-        l2 = l1.split(/\/(.+)/)[1].trim();
-        if (l2.includes("<anonymous>")) {
-          last_index = l2.indexOf(", <anonymous>");
-          l2 = l2.substring(0, last_index).trim();
-        }
-        console.log("sink ==>", l2);
-        break;
-      }
-    }
-  },
-});
+
+let oldspwn = require("child_process").spawn;
+require("child_process").spawn = function () {
+  console.log("spwn");
+  var args = arguments;
+  let stack = new Error().stack.toString().split("\n");
+  getSink(args, stack);
+  return oldspwn.apply(this, arguments);
+};
+
+// var proxied = eval;
+// eval = function() {
+//   console.log("ha");
+//   return proxied.apply(this, arguments);
+// };
+
+// var originalCookie = Object.getOwnPropertyDescriptor(
+//   Object.prototype,
+//   "polluted"
+// );
+// // console.log("original ===>> ", originalCookie);
+// Object.defineProperty(Object.prototype, "polluted", {
+//   set: function (value) {
+//     stack = new Error().stack.toString().split("\n");
+//     // console.log(stack);
+//     for (let i = 0; i < stack.length; i++) {
+//       let location = stack[i]
+//         .replace(/.*vulnerabilities4js/, ".")
+//         .replace(/\)/g, "")
+//         .replace("    at ", "");
+//       let index = stack[i].search("node_modules/");
+//       // console.log("index ===> ", index);
+//       if (index != -1) {
+//         l1 = location.split("node_modules/");
+//         if (l1.length == 3) {
+//           l1 = l1[2];
+//         } else l1 = l1[1];
+//         // console.log("l1==>",l1);
+//         l2 = l1.split(/\/(.+)/)[1].trim();
+//         if (l2.includes("<anonymous>")) {
+//           last_index = l2.indexOf(", <anonymous>");
+//           l2 = l2.substring(0, last_index).trim();
+//         }
+//         console.log("sink ==>", l2);
+//         break;
+//       }
+//     }
+//   },
+// });
diff --git a/analyses/.DS_Store b/analyses/.DS_Store
diff --git a/analyses/graphs/cross_check_regression.csv b/analyses/graphs/cross_check_regression.csv
@@ -0,0 +1,14 @@
+y18n,0,1
+mout,0,1
+style-dictionary,0,1
+mithril,0,1
+js-data,0,1
+typeorm,0,1
+total.js,0,1
+@tsed/core,0,1
+json-ptr,1,0
+sanitize,0,1
+ms,0,1
+ua-parser-js,0,1
+vant,0,1
+react-native,0,1
diff --git a/analyses/graphs/cross_check_regression_detail.txt b/analyses/graphs/cross_check_regression_detail.txt
@@ -0,0 +1,14 @@
+y18n-6.0.0-alpha.0->PASSED
+mout-2.0.0-alpha.1->PASSED
+style-dictionary-3.0.0-rc.5->PASSED
+mithril-2.0.0-rc.7->PASSED
+js-data-4.0.0-beta.4->PASSED
+typeorm-0.3.2-dev.ce5973c->PASSED
+total.js-3.4.20->PASSED
+@tsed/core-6.0.0->PASSED
+json-ptr-2.0.1-master.bd99031->FAILED
+sanitize-2.0.1->PASSED
+ms-0.7.0->PASSED
+ua-parser-js-1.0.2->PASSED
+vant-3.0.6->PASSED
+react-native-0.59.10->PASSED
diff --git a/analyses/graphs/cross_check_snyk.csv b/analyses/graphs/cross_check_snyk.csv
@@ -0,0 +1,44 @@
+deepref,0,1
+controlled-merge,0,1
+shvl,0,1
+changeset,1,5
+y18n,0,1
+ts-dot-prop,0,3
+mout,0,1
+just-extend,0,1
+style-dictionary,0,6
+@aws-sdk/shared-ini-file-loader,0,28
+mithril,0,10
+yargs-parser,0,3
+js-data,0,3
+i18next,0,66
+typeorm,0,252
+total.js,0,1
+@tsed/core,0,35
+mobile-icon-resizer,0,2
+mixin-pro,0,1
+serialize-javascript,0,5
+underscore,0,24
+json-ptr,3,0
+install-package,0,3
+web-node-server,1,1
+glob-parent,0,5
+sanitize,0,6
+html-dom-parser,0,16
+new_iteration =========>>>>>>>>>>>>>>>>>>>>>>>>>>
+prototyped.js,2,2
+@vivaxy/here,4,0
+http-live-simulator,2,0
+angular-http-server,9,0
+hostr,0,9
+jspdf,0,4
+underscore.string,0,7
+simple-markdown,0,4
+ua-parser-js,0,8
+conventional-commits-parser,0,2
+marked,0,11
+codemirror,0,22
+ws,0,22
+browserslist,11,70
+vant,0,187
+react-native,1,386