| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 24 Jul 2025 16:11:06 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-robots-tag: none
etag: W/"d24844f0d9357b045d34a7535e198145"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=U0ZyDIs1JWu6Nfi3K%2FnQDIwo24wtCKrykaY3bZYYrKU5v6505Uy3xLKScXRXA5V1sj8QIsMzSCM8NvjUVW4kgnyrr7hnZc9dE90bBkCVCB4AQDT861s7mQlvqL%2Bm0eQGZngL4HD7ZDOmJI%2B%2FEOuGqwGwcTMZNdxAmp6v2YsCCN28NVuaseRdIfR4ePcc5ekBqg5HyYjDXisZ72bylWYSnMlQmnQWHtlvcPwEaHCv1v98Su5io%2FfKui%2FO1lXyQ8d5IU7B5VkMCNkZOKaUWLAsRA%3D%3D--%2B25H3g7%2BoHnsIDjM--Uv2HvzJVQfkbbmVWDtvUyQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.166926782.1753373465; Path=/; Domain=github.com; Expires=Fri, 24 Jul 2026 16:11:05 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 24 Jul 2026 16:11:05 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: D61A:3FA9D7:11032F:13E573:68825B19
OSS Defog · microsoft/OSSGadget Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 52
OSS Defog
Gabe Stocco edited this page Mar 31, 2022
·
2 revisions
OSS Defog examines a package's contents for obfuscated text -- specifically, text that is either Base-64- or Hex-encoded. Most packages do not contain such content, and even the ones that do are usually safe. However, obfuscation has been used to hide malicious code in open source projects.
Usage information from --help:
Usage: oss-defog [options] package-url...
positional arguments:
package-url package url to analyze (required, multiple allowed), or directory.
The package-url specifier is described at https://github.com/package-url/purl-spec:
pkg:cargo/rand The latest version of Rand (via crates.io)
pkg:cocoapods/AFNetworking The latest version of AFNetworking (via cocoapods.org)
pkg:composer/Smarty/Smarty The latest version of Smarty (via Composer/ Packagist)
pkg:cpan/Apache-ACEProxy The latest version of Apache::ACEProxy (via cpan.org)
pkg:cran/ACNE@0.8.0 Version 0.8.0 of ACNE (via cran.r-project.org)
pkg:gem/rubytree@* All versions of RubyTree (via rubygems.org)
pkg:golang/sigs.k8s.io/yaml The latest version of sigs.k8s.io/yaml (via proxy.golang.org)
pkg:github/Microsoft/DevSkim The latest release of DevSkim (via GitHub)
pkg:hackage/a50@* All versions of a50 (via hackage.haskell.org)
pkg:maven/org.apdplat/deep-qa The latest version of org.apdplat.deep-qa (via repo1.maven.org)
pkg:npm/express The latest version of Express (via npm.org)
pkg:nuget/Newtonsoft.JSON The latest version of Newtonsoft.JSON (via nuget.org)
pkg:pypi/django@1.11.1 Version 1.11.1 fo Django (via pypi.org)
pkg:ubuntu/zerofree The latest version of zerofree from Ubuntu (via packages.ubuntu.com)
pkg:vsm/MLNET/07 The latest version of MLNET.07 (from marketplace.visualstudio.com)
pkg:url/foo@1.0?url=<URL> The direct URL <URL>
optional arguments:
--download-directory the directory to download the package to
--report-blobs if set, blobs which cannot be determined to be strings, archives or binaries will be reported on (noisy)
--minimum-hex-length if set, overrides the default hex string detection length (default 8 pairs)
--minimum-base64-length if set, overrides the default base64 minimum string length (default 1 quad)
--save-found-binaries-to if set, encoded binaries which were found will be saved to this directory
--save-archives-to if set, encoded compressed files will be saved to this directory
--save-blobs-to if set, encoded blobs of indeterminate type will be saved to this directory
--use-cache do not download the package if it is already present in the destination directory
--help show this help message and exit
--version show version number
root@d6adcf35f75b:/usr/src/app# SECRET=$(echo "Hello, my name is Michael." | base64)
root@d6adcf35f75b:/usr/src/app# echo $SECRET
SGVsbG8sIG15IG5hbWUgaXMgTWljaGFlbC4K
root@d6adcf35f75b:/usr/src/app# mkdir tests
root@d6adcf35f75b:/usr/src/app# echo "SECRET=$SECRET" > tests/foo
root@d6adcf35f75b:/usr/src/app# cat tests/foo
SECRET=SGVsbG8sIG15IG5hbWUgaXMgTWljaGFlbC4K
root@d6adcf35f75b:/usr/src/app# oss-defog tests
____ _____ _____ _____ _ _
/ __ \ / ____/ ____| / ____| | | | |
| | | | (___| (___ | | __ __ _ __| | __ _ ___| |_
| | | |\___ \\___ \ | | |_ |/ _` |/ _` |/ _` |/ _ \ __|
| |__| |____) |___) | | |__| | (_| | (_| | (_| | __/ |_
\____/|_____/_____/ \_____|\__,_|\__,_|\__, |\___|\__|
__/ |
|___/
OSS Gadget - oss-defog 0.1.317+55078cf84c - github.com/Microsoft/OSSGadget
INFO - [String] tests/foo: SGVsbG8sIG15IG5hbWUgaXMgTWljaGFlbC4K -> Hello, my name is Michael.
The output shows that the string Hello, my name is Michael. was found in the tests directory.
Clone this wiki locally
You can’t perform that action at this time.