Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
NodeJS module to work with buffers as structures (or records) of various fields (like c struct declaration, or pascal record).
To install with npm:
npm install struct
Define some structure:
var Struct = require('struct');
var Person = Struct()
.chars('firstName',10)
.chars('lastName',10)
.array('items',3,'chars',10)
.word16Sle('balance'),
People = Struct()
.word8('presentCount')
.array('list',2,Person);
Now allocate buffer for it
People.allocate();
var buf = People.buffer();
Clear buffer to see how it will change later:
var buf = Persons.buffer();
for (var i = 0; i < buf.length ; i++) {
buf[i] = 0;
}
console.log(buf);
Output: <Buffer 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>
Now you can access memory as defined binary structure with fields
property in a handy manner.
var proxy = People.fields;
proxy.presentCount = 2;
console.log(buf);
Output:
<Buffer 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>
And so on
proxy.list[0].firstName = 'John';
console.log(buf);
Output: <Buffer 02 4a 6f 68 6e 00 00 00 00 00 00 ...
##Struct()
creates struct object, you may define your data structure with chain calls to following methods:
###word8(name) defines one byte unsigned field, name - always defines name of field
define one byte signed field
define 16 bit signed field with little-endian and big-endian byte order
define 16 bit unsigned field with little-endian and big-endian byte order
same for 32 and 64 bit fields
define one float field
define one double field
defines array of chars with encoding
('ascii' by default) encoding, name - name of the field, length - length of array
same as chars but ensure that string is null terminated and buffer remaining space is fill with \0
defines array of fields (internally it is Struct() object with field names set to 0,1,2,... ).
name
- name of array field;length
- length of array;type
- string||Struct()
, string is interpreted as name of Struct() method to call for each array element.For example array('numbers',5,'word16Ule')
will define array of 2 byte unsigned words (x86 byte order) with 5 elements.
Any parameters that follow type will be passed to definition function.
So array('someName',3,'chars',20)
defines 3 element array of 20 chars.
You also may pass Struct() object to make array of structures.
defines field that itself is a structure.
allows access to field (reads value from it's offset in buffer)
allows access to field (write value at it's offset in buffer)
allocates buffer for defined structure with proper size. This is used when you need to format data in buffer and send or write it out.
sets buffer reference of object to other buffer. This may be used to parse or adjust some binary data received or read from somewhere.
returns currently used buffer. Before you may read or write to structure you have to call either allocate() or _setBuff(buffer). This is not true only for Struct() objects that are fields themselves, as they are allocated automatically by parent Struct object.
Struct().fields is a Proxy object allowing to access structure fields in a handy manner - as any other javascript object.
FAQs
Pack/Unpack multibyte binary values from/to buffers
We found that struct demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.