From 8cf920084a45ff7e442bde30caf73f7281411ada Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 22 Nov 2024 12:46:23 +0000 Subject: [PATCH] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-30170d2d04581f45.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/@ba-ui-toolkit/ba-graphics/MAL-0000-ossf-package-analysis-30170d2d04581f45.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 9c375741e..52a03ce36 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241122/094407-npm-sso-map-10.1.9.json + confident/: confident/20241122/094409-npm-storage-atom-7.2.5.json reversing-labs: RLMA-: RLMA-2024-09529.json RLUA-: RLUA-2024-10363.json diff --git a/osv/malicious/npm/@ba-ui-toolkit/ba-graphics/MAL-0000-ossf-package-analysis-30170d2d04581f45.json b/osv/malicious/npm/@ba-ui-toolkit/ba-graphics/MAL-0000-ossf-package-analysis-30170d2d04581f45.json new file mode 100644 index 000000000..9ee72cba1 --- /dev/null +++ b/osv/malicious/npm/@ba-ui-toolkit/ba-graphics/MAL-0000-ossf-package-analysis-30170d2d04581f45.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-11-22T12:36:03Z", + "published": "2024-11-22T12:36:03Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in @ba-ui-toolkit/ba-graphics (npm)", + "details": "The OpenSSF Package Analysis project identified '@ba-ui-toolkit/ba-graphics' @ 7.1.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@ba-ui-toolkit/ba-graphics" + }, + "versions": [ + "7.1.6" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "30170d2d04581f4552fd2ba5b2ad3f04bf63b5afe879edc21fcac7d4497d9224", + "import_time": "2024-11-22T12:46:20.542101379Z", + "modified_time": "2024-11-22T12:36:03Z", + "versions": [ + "7.1.6" + ] + } + ] + } +}