adam/atomic-red-team-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
924de22f84c389cadc518cfe11e6172fd16351a4
atomic-red-team-gs/atomics/T1195.002/T1195.002.yaml
T
Bhavin Patel 924de22f84 updating yaml
2025-09-29 16:36:31 -07:00

27 lines
1.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
attack_technique: T1195.002
display_name: Compromise Software Supply Chain
atomic_tests:
- name: Simulate npm package installation on a Linux system
description: |
Launches a shortlived Kubernetes pod using the Node 18 image, initializes a minimal npm project in /tmp/test, and installs the specified npm package without audit/fund/packagelock options, simulating potentially suspicious package retrieval (e.g., typosquatting/dependency confusion) from within a container. The pod is deleted after execution.
supported_platforms:
- containers
- linux
input_arguments:
pod_name:
description: Name of the pod
type: string
default: atomic-npm-install
package_name:
description: NPM package to install
type: string
default: lodash
dependencies:
- description: kubectl must be installed and configured
get_prereq_command: echo "kubectl must be installed"
prereq_command: which kubectl
executor:
name: bash
elevation_required: false
command: |
kubectl run #{pod_name} --image=node:18 --restart=Never --attach --rm -i -- bash -lc "mkdir /tmp/test && cd /tmp/test && npm init -y >/dev/null 2>&1 && npm install #{package_name} --no-audit --no-fund --no-package-lock"
Reference in New Issue View Git Blame Copy Permalink