// npm 패키지
@tanglemedia/directus-extension-bundle-form-submissions
A Directus extension bundle that adds a form submission endpoint, collection, and dashboard to form submissions of a website.
버전
9
메인테이너
3
라이선스
MIT
최초 publish
2025-01-13
publisher
don-tangle
tarball
670,904 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-05-21
// exfil path
what is read → where it shipssteals
(no specific credential-read flag matched)
sends to
- ⌖ 74.125.224.72
- ⌖ 45.33.32.156
// offending code· @0.0.8· 3 files flagged
llm: malicious · 0.90→ 하드코딩된 public IP 전송지: 74.125.224.72, 45.33.32.156 (RFC1918·loopback 아님).
- @0.0.8··AUTO-PUBLISHED·publisher: don-tangleheuristic 74/100static flags 3llm malicious (0.90) via ollamanew-publisher:0dfirst-version-suspicious-publisherpublisher-multi-name-burst:6publisher-version-pump:7child-process-spawnhttp-to-public-ipreads-env-vars
→ 하드코딩된 public IP 전송지: 74.125.224.72, 45.33.32.156 (RFC1918·loopback 아님).
// offending code· 3 files flaggedpatterns: 3
--- package/src/shared/utility/migrations.js (excerpt) --- const { exec } = require("child_process"); const { promisify } = require("util"); const path = require("node:path"); const execPromise = promisify(exec); const moveMigrationScripts = async (logger) => { const ROOT = process.cwd(); const EXTENSION_PATH = __dirname; let migrationSrcPath = EXTENSION_PATH.split("/"); migrationSrcPath.pop(); migrationSrcPath.push("migrations"); migrationSrcPath = path.join("/", ...migrationSrcPath); let migrationDestPath = ROOT.split("/"); migrationDestPath.push("migrations"); migrationDestPath = path.join("/", ...migrationDestPath); // create destination folder let { stdout, stderr } = await execPromise(`mkdir -p ${migrationDestPath}`); if (stderr) return; // copy files ({ stdout, stderr } = await execPromise( `cp -r ${migrationSrcPath}/* ${migrationDestPath}`, )); if (stderr) return; }; module.exports = moveMigrationScripts; --- package/migrations/20260401B-form-submissions-~-add-initial-data.mjs (excerpt) --- export async function up(knex) { await knex("tngl_form_submissions").insert([ { body: JSON.stringify({ email: "john.doe@gmail.com", message: "I would like to inquire about your services.", last_name: "Doe", first_name: "John", }), date_created: knex.fn.now(), form_name: "Contact Us", ip_address: "192.168.1.104", message: "First Name: John\nLast Name: Doe\nEmail: john.doe@gmail.com\nMessage: I would like to inquire about your services.", sender_email: "john.doe@gmail.com", source_url: "https://example.com/contact", spam: false, }, { body: JSON.stringify({ email: "sarah.mitchell@outlook.com", phone: "403-555-0192", message: "We are looking for a quote on a bulk order for our upcoming event.", last_name: "Mitchell", first_name: "Sarah", }), date_created: knex.fn.now(), form_name: "Contact Us", ip_address: "74.125.224.72", message: "First Name: Sarah\nLast Name: Mitchell\nEmail: sarah.mitchell@outlook.com\nPhone: 403-555-0192\nMessage: We are looking for a quote on a bulk order for our upcoming event.", sender_email: "sarah.mitchell@outlook.com", source_url: "https://example.com/quote", spam: false, }, { body: JSON.stringify({ email: "marcus.reyes@yahoo.com", interests: ["Technology", "Design", "Business"], last_name: "Reyes", first_name: "Marcus", }), date_created: knex.fn.now(), form_name: "Contact Us", ip_address: "45.33.32.156", m --- package/migrations/20260401D-form-submissions-~-add-email-notification-flow.mjs (excerpt) --- import { generateUUIDv4 } from "./helpers/generator.mjs"; const OPERATION_KEY = "send_email"; export async function up(knex) { const flowId = generateUUIDv4(); const operationId = generateUUIDv4(); // add directus flow await knex("directus_flows").insert({ id: flowId, name: "Send Email Notification", icon: "bolt", color: null, description: "Sends an email notification when a form is submitted", status: "active", trigger: "event", accountability: "all", options: JSON.stringify({ type: "action", scope: ["items.create"], collections: ["tngl_form_submissions"], }), operation: operationId, }); // add directus operation const directusOperationsOptions = { to: process.env.ADMIN_CLIENT_EMAIL ? [process.env.ADMIN_CLIENT_EMAIL] : [], body: "<h2>Form submitted from {{$trigger.payload.form_name}}</h2>\n<p><strong>From:</strong> {{$trigger.payload.sender_email}}</p>\n<p> </p>\n<p>{{$trigger.payload.message}}</p>", type: "wysiwyg", subject: "New Form Submission from {{$trigger.payload.form_name}} form", }; await knex("directus_operations").insert({ id: operationId, name: "Send email", key: OPERATION_KEY, type: "mail", position_x: 19, position_y: 1, options: JSON.stringify(directusOperationsOptions), resolve: null, reject: null, flow: flowId, }); // add module bar button to trigger the flow const flowButton = `${process.env.PUBLIC_URL}/flows/trigger/${flowId}`; const directusSettings = await knex("directus_sett
