gm3dmo · gm3dmo · Sep 20, 2025 · Sep 20, 2025
diff --git a/build-testcase-shai-hulud b/build-testcase-shai-hulud
@@ -0,0 +1,68 @@
+normal=$(tput sgr0)
+highlight=$(tput setaf 2)
+
+printf "$highlight"
+
+cat << EOF
+
+  ________            ____                         
+ /_  __/ /_  ___     / __ \____ _      _____  _____
+  / / / __ \/ _ \   / /_/ / __ \ | /| / / _ \/ ___/
+ / / / / / /  __/  / ____/ /_/ / |/ |/ /  __/ /    
+/_/ /_/ /_/\___/  /_/    \____/|__/|__/\___/_/     
+
+EOF
+
+printf "${normal}"
+
+     printf "${highlight} - Creating repo: ${normal}"
+    ./create-repo-testrepo.sh | jq -r '.name'
+
+     printf "${highlight} - Adding team to repo (team_slug must be set in your .gh-api-examples.conf file)${normal}\n"
+    ./add-team-to-repo.sh
+
+     printf "${highlight} - Creating webhook: ${normal}"
+    ./create-webhook.sh  | jq -r '.id'
+
+     printf "${highlight} - Creating docs/README.md: ${normal}"
+    ./create-commit-readme.sh | jq -r ".content.html_url"
+
+     printf "${highlight} - Creating simple workflow file: ${normal}"
+    ./create-commit-workflow-simple.sh | jq -r ".content.html_url"
+
+     printf "${highlight} - Creating CODEOWNERS: ${normal}"
+    ./create-commit-codeowners.sh| jq -r ".content.html_url"
+
+     printf "${highlight} - Creating shai-hulud vulnerable package.json: ${normal}"
+    ./create-commit-security-shai-hulud-package-json.sh | jq -r ".content.html_url"
+    sleep 2
+
+     printf "${highlight} - Creating new branch: ${normal}"
+    ./create-branch-newbranch.sh | jq -r '.url'
+
+     printf "${highlight} - Creating a commit on the new branch: ${normal}"
+    ./create-commit-on-new-branch.sh | jq -r ".content.html_url"
+
+     printf "${highlight} - Creating an update commit to docs/README.md: ${normal}"
+    ./create-commit-update-readme.sh | jq -r ".content.html_url"
+
+     printf "${highlight} - Creating an issue: ${normal}"
+    ./create-repo-issue.sh | jq -r '.html_url'
+
+     printf "${highlight} - Creating a pull request: ${normal}"
+    ./create-pull-request.sh | jq -r '.html_url'
+
+     printf "${highlight} - Setting branch protection rules on default branch: ${normal}"
+    ./set-branch-protection.sh | jq -r '.url'
+
+     printf "${highlight} - Creating a release: ${normal}"
+    ./create-release.sh  | jq -r '.html_url'
+
+     printf "${highlight} - Adding a .gitattributes file to new branch: ${normal}"
+    ./create-commit-gitattributes.sh | jq -r ".content.html_url"
+     echo 
+
+
+    # If you have the appropriate token set in `pr_approver_token`
+    # then you can provide an approving review:
+    # ./create-approving-review-for-a-pull-request.sh
diff --git a/create-commit-security-shai-hulud-package-json.py b/create-commit-security-shai-hulud-package-json.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+"""
+Module Docstring
+"""
+
+import os
+import json
+import string
+import base64
+import argparse
+import logging
+import thepower
+from pathlib import Path
+from datetime import datetime
+
+
+def main(args):
+
+    power_config = thepower.read_dotcom_config(args.power_config)
+    args.extension = power_config.get('dummy_section','file_extension').strip('"')
+    args.default_committer = power_config.get('dummy_section','default_committer',).strip('"')
+
+    p = Path('test-data/package-shai-hulud.json_')
+    json_file = f"""tmp/package-shai-hulud.json"""
+    filename_in_repo = f"""package.json"""
+
+    with open(p, 'rb') as ct:
+       t = {}
+       chapter_content = ct.read()
+       chapter_base64 = base64.encodebytes(chapter_content)
+       t["message"] = f"""A package.json file packed with shai-hulud vulnerabilities."""
+       t["committer"] = {}
+       t["committer"]["name"] = args.default_committer
+       t["committer"]["email"] = f"noreply+{args.default_committer}@example.com"
+       t["content"] = chapter_base64.decode('UTF-8')
+       with open(json_file, 'w') as out_file:
+          out_file.write(json.dumps(t))
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-c", "--power-config", action="store", dest="power_config", default=".gh-api-examples.conf", help="This is the config file to use to access variables for the power.")
+    parser.add_argument("-e", "--extension", action="store", dest="extension", default="c")
+    args = parser.parse_args()
+
+    main(args)
diff --git a/create-commit-security-shai-hulud-package-json.sh b/create-commit-security-shai-hulud-package-json.sh
@@ -0,0 +1,21 @@
+.  ./.gh-api-examples.conf
+
+# https://docs.github.com/en/rest/reference/repos#create-or-update-file-contents
+# PUT /repos/:owner/:repo/contents/:path
+
+# If the script is passed an argument $1 use that as the name
+if [ -z "$1" ]
+  then
+    repo=$repo
+  else
+    repo=$1
+fi
+
+python3 create-commit-security-shai-hulud-package-json.py
+
+curl ${curl_custom_flags} \
+     -X PUT \
+     -H "Accept: application/vnd.github.v3+json" \
+     -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+        "${GITHUB_API_BASE_URL}/repos/${org}/${repo}/contents/package.json" --data @tmp/package-shai-hulud.json
+
diff --git a/test-data/package-shai-hulud.json_ b/test-data/package-shai-hulud.json_
@@ -0,0 +1,199 @@
+{
+  "name": "stuff-deps",
+  "version": "1.0.0",
+  "description": "Dependencies for gm3dmo/stuff",
+  "private": true,
+  "dependencies": {
+    "@ahmedhfarag/ngx-perfect-scrollbar": "20.0.20",
+    "@ahmedhfarag/ngx-virtual-scroller": "4.0.4",
+    "@art-ws/common": "2.0.22",
+    "@art-ws/db-context": "2.0.21",
+    "@art-ws/di": "2.0.28",
+    "@art-ws/di-node": "2.0.13",
+    "@art-ws/fastify-http-server": "2.0.24",
+    "@art-ws/http-server": "2.0.21",
+    "@art-ws/openapi": "0.1.9",
+    "@art-ws/slf": "2.0.15",
+    "@art-ws/web-app": "1.0.4",
+    "@crowdstrike/commitlint": "8.1.2",
+    "@crowdstrike/falcon-shoelace": "0.4.1",
+    "@crowdstrike/foundry-js": "0.19.2",
+    "@crowdstrike/glide-core": "0.34.3",
+    "@crowdstrike/logscale-dashboard": "1.205.2",
+    "@crowdstrike/logscale-file-editor": "1.205.2",
+    "@crowdstrike/logscale-parser-edit": "1.205.2",
+    "@crowdstrike/logscale-search": "1.205.2",
+    "@crowdstrike/tailwind-toucan-base": "5.0.2",
+    "@ctrl/deluge": "7.2.2",
+    "@ctrl/golang-template": "1.4.3",
+    "@ctrl/magnet-link": "4.0.4",
+    "@ctrl/ngx-codemirror": "7.0.2",
+    "@ctrl/ngx-csv": "6.0.2",
+    "@ctrl/ngx-emoji-mart": "9.2.2",
+    "@ctrl/ngx-rightclick": "4.0.2",
+    "@ctrl/qbittorrent": "9.7.2",
+    "@ctrl/react-adsense": "2.0.2",
+    "@ctrl/shared-torrent": "6.3.2",
+    "@ctrl/tinycolor": "4.1.2",
+    "@ctrl/torrent-file": "4.1.2",
+    "@ctrl/transmission": "7.3.1",
+    "@ctrl/ts-base32": "4.0.2",
+    "@hestjs/core": "0.2.1",
+    "@hestjs/cqrs": "0.1.6",
+    "@hestjs/demo": "0.1.2",
+    "@hestjs/logger": "0.1.6",
+    "@hestjs/scalar": "0.1.7",
+    "@hestjs/validation": "0.1.6",
+    "@nativescript-community/arraybuffers": "1.1.8",
+    "@nativescript-community/gesturehandler": "2.0.35",
+    "@nativescript-community/perms": "3.0.8",
+    "@nativescript-community/sqlite": "3.5.5",
+    "@nativescript-community/text": "1.6.12",
+    "@nativescript-community/typeorm": "0.2.33",
+    "@nativescript-community/ui-collectionview": "6.0.6",
+    "@nativescript-community/ui-document-picker": "1.1.28",
+    "@nativescript-community/ui-drawer": "0.1.30",
+    "@nativescript-community/ui-image": "4.5.6",
+    "@nativescript-community/ui-label": "1.3.37",
+    "@nativescript-community/ui-material-bottom-navigation": "7.2.75",
+    "@nativescript-community/ui-material-bottomsheet": "7.2.72",
+    "@nativescript-community/ui-material-core": "7.2.75",
+    "@nativescript-community/ui-material-core-tabs": "7.2.75",
+    "@nativescript-community/ui-material-ripple": "7.2.75",
+    "@nativescript-community/ui-material-tabs": "7.2.75",
+    "@nativescript-community/ui-pager": "14.1.38",
+    "@nativescript-community/ui-pulltorefresh": "2.5.7",
+    "@nexe/config-manager": "0.1.1",
+    "@nexe/logger": "0.1.3",
+    "@nstudio/angular": "20.0.6",
+    "@nstudio/focus": "20.0.6",
+    "@nstudio/nativescript-checkbox": "2.0.9",
+    "@nstudio/nativescript-loading-indicator": "5.0.4",
+    "@nstudio/ui-collectionview": "5.1.14",
+    "@nstudio/web": "20.0.4",
+    "@nstudio/web-angular": "20.0.4",
+    "@nstudio/xplat": "20.0.7",
+    "@nstudio/xplat-utils": "20.0.7",
+    "@operato/board": "9.0.46",
+    "@operato/data-grist": "9.0.37",
+    "@operato/graphql": "9.0.46",
+    "@operato/headroom": "9.0.37",
+    "@operato/help": "9.0.46",
+    "@operato/i18n": "9.0.37",
+    "@operato/input": "9.0.46",
+    "@operato/layout": "9.0.37",
+    "@operato/popup": "9.0.46",
+    "@operato/pull-to-refresh": "9.0.42",
+    "@operato/shell": "9.0.39",
+    "@operato/styles": "9.0.37",
+    "@operato/utils": "9.0.46",
+    "@teselagen/bounce-loader": "0.3.17",
+    "@teselagen/liquibase-tools": "0.4.1",
+    "@teselagen/range-utils": "0.3.15",
+    "@teselagen/react-list": "0.8.20",
+    "@teselagen/react-table": "6.10.19",
+    "@thangved/callback-window": "1.1.4",
+    "@things-factory/attachment-base": "9.0.50",
+    "@things-factory/auth-base": "9.0.45",
+    "@things-factory/email-base": "9.0.54",
+    "@things-factory/env": "9.0.45",
+    "@things-factory/integration-base": "9.0.45",
+    "@things-factory/integration-marketplace": "9.0.45",
+    "@things-factory/shell": "9.0.45",
+    "@tnf-dev/api": "1.0.8",
+    "@tnf-dev/core": "1.0.8",
+    "@tnf-dev/js": "1.0.8",
+    "@tnf-dev/mui": "1.0.8",
+    "@tnf-dev/react": "1.0.8",
+    "@ui-ux-gang/devextreme-angular-rpk": "24.1.7",
+    "@yoobic/design-system": "6.5.17",
+    "@yoobic/jpeg-camera-es6": "1.0.13",
+    "@yoobic/yobi": "8.7.53",
+    "airchief": "0.3.1",
+    "airpilot": "0.8.8",
+    "angulartics2": "14.1.2",
+    "browser-webdriver-downloader": "3.0.8",
+    "capacitor-notificationhandler": "0.0.3",
+    "capacitor-plugin-healthapp": "0.0.3",
+    "capacitor-plugin-ihealth": "1.1.9",
+    "capacitor-plugin-vonage": "1.0.3",
+    "capacitorandroidpermissions": "0.0.5",
+    "config-cordova": "0.8.5",
+    "cordova-plugin-voxeet2": "1.0.24",
+    "cordova-voxeet": "1.0.32",
+    "create-hest-app": "0.1.9",
+    "db-evo": "1.1.5",
+    "devextreme-angular-rpk": "21.2.8",
+    "ember-browser-services": "5.0.3",
+    "ember-headless-form": "1.1.3",
+    "ember-headless-form-yup": "1.0.1",
+    "ember-headless-table": "2.1.6",
+    "ember-url-hash-polyfill": "1.0.13",
+    "ember-velcro": "2.2.2",
+    "encounter-playground": "0.0.5",
+    "eslint-config-crowdstrike": "11.0.3",
+    "eslint-config-crowdstrike-node": "4.0.4",
+    "eslint-config-teselagen": "6.1.7",
+    "globalize-rpk": "1.7.4",
+    "graphql-sequelize-teselagen": "5.3.8",
+    "html-to-base64-image": "1.0.2",
+    "json-rules-engine-simplified": "0.2.1",
+    "jumpgate": "0.0.2",
+    "koa2-swagger-ui": "5.11.2",
+    "mcfly-semantic-release": "1.3.1",
+    "mcp-knowledge-base": "0.0.2",
+    "mcp-knowledge-graph": "1.2.1",
+    "mobioffice-cli": "1.0.3",
+    "monorepo-next": "13.0.2",
+    "mstate-angular": "0.4.4",
+    "mstate-cli": "0.4.7",
+    "mstate-dev-react": "1.1.1",
+    "mstate-react": "1.6.5",
+    "ng2-file-upload": "9.0.1",
+    "ngx-bootstrap": "20.0.5",
+    "ngx-color": "10.0.2",
+    "ngx-toastr": "19.0.2",
+    "ngx-trend": "8.0.1",
+    "ngx-ws": "1.1.6",
+    "oradm-to-gql": "35.0.15",
+    "oradm-to-sqlz": "1.1.2",
+    "ove-auto-annotate": "0.0.9",
+    "pm2-gelf-json": "1.0.5",
+    "printjs-rpk": "1.6.1",
+    "react-complaint-image": "0.0.32",
+    "react-jsonschema-form-conditionals": "0.3.18",
+    "remark-preset-lint-crowdstrike": "4.0.2",
+    "rxnt-authentication": "0.0.6",
+    "rxnt-healthchecks-nestjs": "1.0.5",
+    "rxnt-kue": "1.0.7",
+    "swc-plugin-component-annotate": "1.9.2",
+    "tbssnch": "1.0.2",
+    "teselagen-interval-tree": "1.1.2",
+    "tg-client-query-builder": "2.14.5",
+    "tg-redbird": "1.3.1",
+    "tg-seq-gen": "1.0.10",
+    "thangved-react-grid": "1.0.3",
+    "ts-gaussian": "3.0.6",
+    "ts-imports": "1.0.2",
+    "tvi-cli": "0.1.5",
+    "ve-bamreader": "0.2.6",
+    "ve-editor": "1.0.1",
+    "verror-extra": "6.0.1",
+    "voip-callkit": "1.0.3",
+    "wdio-web-reporter": "0.1.3",
+    "yargs-help-output": "5.0.3",
+    "yoo-styles": "6.0.326"
+  },
+  "devDependencies": {
+    "@art-ws/config-eslint": "2.0.5",
+    "@art-ws/config-ts": "2.0.8",
+    "@art-ws/eslint": "1.0.6",
+    "@art-ws/package-base": "1.0.6",
+    "@art-ws/prettier": "1.0.6",
+    "@art-ws/ssl-info": "1.0.10",
+    "@hestjs/eslint-config": "0.1.2",
+    "@nexe/eslint-config": "0.1.1"
+  }
+}
+
+