From 1496e62a63601fc2b76246241b1113f815693cd0 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 21 Dec 2024 10:05:17 +0000 Subject: [PATCH] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-20d6b8df49c8a196.json | 42 +++++++++++++++++++ ...ssf-package-analysis-24334b1015df570a.json | 42 +++++++++++++++++++ ...ssf-package-analysis-0a76c2ee75baa7c3.json | 42 +++++++++++++++++++ ...ssf-package-analysis-a34cccaa0f154234.json | 42 +++++++++++++++++++ 5 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json create mode 100644 osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json create mode 100644 osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json create mode 100644 osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 217e76de3..d92b4d188 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241220/195550-npm-kubernetes-jobs-javascript-69.0.0.json + confident/: confident/20241220/222206-npm-testbyakash2310xxxxxxxnowaympasti-69.0.0.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json b/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json new file mode 100644 index 000000000..9d8065a45 --- /dev/null +++ b/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-12-21T09:50:39Z", + "published": "2024-12-21T09:50:39Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in aauto-assign-team-action (npm)", + "details": "The OpenSSF Package Analysis project identified 'aauto-assign-team-action' @ 0.1.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "aauto-assign-team-action" + }, + "versions": [ + "0.1.1" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "20d6b8df49c8a196bdddfe3670a09617033a86639fe61a4a191ae4f3dc926715", + "import_time": "2024-12-21T10:05:14.646637162Z", + "modified_time": "2024-12-21T09:50:39Z", + "versions": [ + "0.1.1" + ] + } + ] + } +} diff --git a/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json b/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json new file mode 100644 index 000000000..05a6bd507 --- /dev/null +++ b/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-12-21T09:47:36Z", + "published": "2024-12-21T09:47:36Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in aauto-assign-team-action (npm)", + "details": "The OpenSSF Package Analysis project identified 'aauto-assign-team-action' @ 0.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "aauto-assign-team-action" + }, + "versions": [ + "0.1.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "24334b1015df570a4828e5982d0285375f64bb4a889f3c54431ba385b54f0a27", + "import_time": "2024-12-21T10:05:14.569236354Z", + "modified_time": "2024-12-21T09:47:36Z", + "versions": [ + "0.1.0" + ] + } + ] + } +} diff --git a/osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json b/osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json new file mode 100644 index 000000000..8162ce53d --- /dev/null +++ b/osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-12-21T09:42:28Z", + "published": "2024-12-21T09:42:28Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in auto-assign-team-actionn (npm)", + "details": "The OpenSSF Package Analysis project identified 'auto-assign-team-actionn' @ 0.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "auto-assign-team-actionn" + }, + "versions": [ + "0.1.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "0a76c2ee75baa7c330f6245cd32f36ea9ab50a438b5ae22970e6280a498a5236", + "import_time": "2024-12-21T10:05:14.494370046Z", + "modified_time": "2024-12-21T09:42:28Z", + "versions": [ + "0.1.0" + ] + } + ] + } +} diff --git a/osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json b/osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json new file mode 100644 index 000000000..3f27052f1 --- /dev/null +++ b/osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-12-21T10:00:58Z", + "published": "2024-12-21T10:00:58Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cosmos-hub-docs-site (npm)", + "details": "The OpenSSF Package Analysis project identified 'cosmos-hub-docs-site' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cosmos-hub-docs-site" + }, + "versions": [ + "2.0.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a34cccaa0f1542346f9bde458f8b0160dfc0e0d1d8718d8acc264d706162d8a3", + "import_time": "2024-12-21T10:05:14.728230572Z", + "modified_time": "2024-12-21T10:00:58Z", + "versions": [ + "2.0.0" + ] + } + ] + } +}