From 05235003277e841b5b6d2793bdceb769339c0405 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 25 Dec 2024 16:06:08 +0000 Subject: [PATCH] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-7ed9c72eb4d27674.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/symphony-familiarity/MAL-0000-ossf-package-analysis-7ed9c72eb4d27674.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 11597150f6..36218b2984 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241224/212559-npm-browseui-1.0.2.json + confident/: confident/20241224/213101-npm-browseui-1.0.1.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/symphony-familiarity/MAL-0000-ossf-package-analysis-7ed9c72eb4d27674.json b/osv/malicious/npm/symphony-familiarity/MAL-0000-ossf-package-analysis-7ed9c72eb4d27674.json new file mode 100644 index 0000000000..5b9b5af7ed --- /dev/null +++ b/osv/malicious/npm/symphony-familiarity/MAL-0000-ossf-package-analysis-7ed9c72eb4d27674.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-12-25T16:05:46Z", + "published": "2024-12-25T16:05:46Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in symphony-familiarity (npm)", + "details": "The OpenSSF Package Analysis project identified 'symphony-familiarity' @ 1.0.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "symphony-familiarity" + }, + "versions": [ + "1.0.4" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "7ed9c72eb4d276746405fc680156ec54b3143e8099bec54d815482e93c48debb", + "import_time": "2024-12-25T16:06:02.877266729Z", + "modified_time": "2024-12-25T16:05:46Z", + "versions": [ + "1.0.4" + ] + } + ] + } +}