![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
github.com/hashicorp/go-sockaddr
Readme
sockaddr
LibrarySocket address convenience functions for Go. go-sockaddr
is a convenience
library that makes doing the right thing with IP addresses easy. go-sockaddr
is loosely modeled after the UNIX sockaddr_t
and creates a union of the family
of sockaddr_t
types (see below for an ascii diagram). Library documentation
is available
at
https://godoc.org/github.com/hashicorp/go-sockaddr.
The primary intent of the library was to make it possible to define heuristics
for selecting the correct IP addresses when a configuration is evaluated at
runtime. See
the
docs,
template
package,
tests,
and
CLI utility
for details and hints as to how to use this library.
For example, with this library it is possible to find an IP address that:
GetDefaultInterfaces()
)IfByNetwork()
)IfByRFC("1918")
)OrderedIfAddrBy(args)
where
args
includes, but is not limited
to,
AscIfType
,
AscNetworkSize
)IfByType("^(IPv4)$")
)/32
(IfByMaskSize(32)
)down
interface
(ExcludeIfs("flags", "down")
)SortIfByType()
+
ReverseIfAddrs()
); andIfByRFC("6890")
)Or any combination or variation therein.
There are also a few simple helper functions such as GetPublicIP
and
GetPrivateIP
which both return strings and select the first public or private
IP address on the default interface, respectively. Similarly, there is also a
helper function called GetInterfaceIP
which returns the first usable IP
address on the named interface.
sockaddr
CLIGiven the possible complexity of the sockaddr
library, there is a CLI utility
that accompanies the library, also
called
sockaddr
.
The
sockaddr
utility exposes nearly all of the functionality of the library and can be used
either as an administrative tool or testing tool. To install
the
sockaddr
,
run:
$ go get -u github.com/hashicorp/go-sockaddr/cmd/sockaddr
If you're familiar with UNIX's sockaddr
struct's, the following diagram
mapping the C sockaddr
(top) to go-sockaddr
structs (bottom) and
interfaces will be helpful:
+-------------------------------------------------------+
| |
| sockaddr |
| SockAddr |
| |
| +--------------+ +----------------------------------+ |
| | sockaddr_un | | | |
| | SockAddrUnix | | sockaddr_in{,6} | |
| +--------------+ | IPAddr | |
| | | |
| | +-------------+ +--------------+ | |
| | | sockaddr_in | | sockaddr_in6 | | |
| | | IPv4Addr | | IPv6Addr | | |
| | +-------------+ +--------------+ | |
| | | |
| +----------------------------------+ |
| |
+-------------------------------------------------------+
There were many subtle inspirations that led to this design, but the most direct
inspiration for the filtering syntax was
OpenBSD's
pf.conf(5)
firewall
syntax that lets you select the first IP address on a given named interface.
The original problem stemmed from:
Instead we needed some way to codify a heuristic that would correctly select the right IP address but the input parameters were not known when the image was created.
FAQs
Package sockaddr is a Go implementation of the UNIX socket family data types and related helper functions.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.