shell bypass 403

GrazzMean Shell

: /home/homesquasz/devprod/Admin-master/node_modules/lockfile-lint-api/src/validators/ [ drwx---r-x ]
Uname: Linux webm016.cluster127.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Software: Apache
PHP version: 7.4.33 [ PHP INFO ] PHP os: Linux
Server Ip: 54.36.31.145
Your Ip: 216.73.216.182
User: homesquasz (91404) | Group: users (100)
Safe Mode: OFF
Disable Function:
_dyuweyrj4,_dyuweyrj4r,dl
upload mass deface mass delete console

name : ValidateHost.js 
'use strict'

const {URL} = require('url')
const debug = require('debug')('lockfile-lint-api')
const {REGISTRY} = require('../common/constants')

module.exports = class ValidateHost {
  constructor ({packages} = {}) {
    if (typeof packages !== 'object') {
      throw new Error('expecting an object passed to validator constructor')
    }

    this.packages = packages
  }

  validate (hosts, options) {
    if (!Array.isArray(hosts)) {
      throw new Error('validate method requires an array')
    }

    let validationResult = {
      type: 'success',
      errors: []
    }

    for (const [packageName, packageMetadata] of Object.entries(this.packages)) {
      if (!('resolved' in packageMetadata)) {
        continue
      }

      try {
        const packageResolvedURL = new URL(packageMetadata.resolved)
        const allowedHosts = hosts.map(allowedHost => {
          // eslint-disable-next-line security/detect-object-injection
          const host = REGISTRY[allowedHost] ? REGISTRY[allowedHost] : allowedHost
          let hostValue = host

          try {
            const parsedHost = new URL(host)
            if (parsedHost.host) {
              hostValue = parsedHost.host
            }
          } catch (error) {
            debug(`failed parsing a URL object from given host value so using as is: ${host}`)
          }

          return hostValue
        })

        const isPassing = allowedHosts.includes(packageResolvedURL.host)
        if (!isPassing) {
          if (!packageResolvedURL.host && options && options.emptyHostname) {
            debug(`detected empty hostname but allowing because emptyHostname is not false`)
          } else {
            validationResult.errors.push({
              message: `detected invalid host(s) for package: ${packageName}\n    expected: ${allowedHosts}\n    actual: ${
                packageResolvedURL.host
              }\n`,
              package: packageName
            })
          }
        }
      } catch (error) {
        // swallow error (assume that the version is correct)
      }
    }

    if (validationResult.errors.length !== 0) {
      validationResult.type = 'error'
    }

    return validationResult
  }

  validateSingle (packageName, hosts) {
    // eslint-disable-next-line security/detect-object-injection
    const packageMetadata = this.packages[packageName]

    if (!('resolved' in packageMetadata)) {
      return true
    }

    const packageResolvedURL = new URL(packageMetadata.resolved)
    const allowedHosts = hosts.map(hostValue => {
      // eslint-disable-next-line security/detect-object-injection
      return REGISTRY[hostValue] ? REGISTRY[hostValue] : hostValue
    })

    return allowedHosts.includes(packageResolvedURL.host)
  }
}
© 2026 GrazzMean