registry  /  @tiledesk/tiledesk-server  /  2.19.16

@tiledesk/tiledesk-server@2.19.16

The Tiledesk server module

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The runtime AMQP worker accepts messages on the `functions` routing key and compiles an attacker-supplied function body. Any actor able to publish to the configured AMQP exchange can execute JavaScript in the server process.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Start the server/job worker, then publish a JSON message with `function` to the `tiledeskserver` AMQP exchange using routing key `functions`.
Impact
Remote code execution in the running server context if the AMQP broker is reachable by an untrusted publisher.
Mechanism
Unvalidated AMQP payload passed to `new Function`.
Rationale
The scanner's malicious label is not supported as malware by the inspected source, but the AMQP `new Function` handler is a concrete high-impact remote-code-execution capability. Flag as suspicious rather than block as malicious.
Evidence
package.jsonbin/wwwutils/jobs-worker-queue-manager/queueManagerClassV2.jsutils/jobs-worker-queue-manager/JobManagerV2.jsservices/trainingService.js.npmrc
Network endpoints1
amqp://localhost

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `utils/jobs-worker-queue-manager/queueManagerClassV2.js` binds AMQP routing key `functions`.
  • AMQP message field `fdata.function` is executed with `new Function` without validation.
  • The consumer starts through `JobManagerV2.connectAndStartWorker`, creating a runtime RCE capability for AMQP publishers.
  • `package.json` has guarded preinstall that writes package-local `.npmrc` when enterprise mode is explicitly enabled.
Evidence against
  • No source evidence of credential harvesting, filesystem discovery, exfiltration, or AI-agent control-surface mutation.
  • `bin/www` is a conventional HTTP server entrypoint; it does not execute shell commands or remote payloads.
  • The preinstall hook is conditional on `ENABLE_ENTERPRISE_MODULE` and only configures npm registry authentication.
  • Observed HTTP integrations are service functionality, including configured chatbot training and webhook endpoints.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
CopyleftLicense
scanned 386 file(s), 2.43 MB of source, external domains: 34.65.210.38, api.elevenlabs.io, api.telegram.org, api.tiledesk.com, changeit.cloudfunctions.net, chat-v2-dev.firebaseio.com, console.tiledesk.com, developer.tiledesk.com, docs.tiledesk.com, graph.facebook.com, image.jpg, panel.tiledesk.com, securetoken.google.com, tiledesk.com, www.emanueleferonato.com, www.google.com, www.tiledesk.com, www.youtube.com

Source & flagged code

39 flagged · loading source
package.jsonView file
dependencies registry_only=@tiledesk-ent/tiledesk-server-enterprise,@tiledesk-ent/tiledesk-server-jwthistory,@tiledesk-ent/tiledesk-server-payments,@tiledesk-ent/tiledesk-server-request-history,@tiledesk-ent/tiledesk-server-visitorcounter
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg
scripts.preinstall = if [ $ENABLE_ENTERPRISE_MODULE ]; then npm run enable-ent; fi
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
Runtime dependency names matching Node built-ins: http
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg
scripts.preinstall = if [ $ENABLE_ENTERPRISE_MODULE ]; then npm run enable-ent; fi
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
docs/api-dev.mdView file
49patternName = supabase_service_key severity = critical line = 49 matchedText = eyJhbGci...9UGU
Critical
Critical Secret

Package contains a critical-looking secret pattern.

docs/api-dev.mdView on unpkg · L49
49patternName = supabase_service_key severity = critical line = 49 matchedText = eyJhbGci...9UGU
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L49
53patternName = supabase_service_key severity = critical line = 53 matchedText = -H "Auth...U" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L53
115patternName = supabase_service_key severity = critical line = 115 matchedText = -H "Auth...8" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L115
121patternName = supabase_service_key severity = critical line = 121 matchedText = -H "Auth...U" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L121
144patternName = supabase_service_key severity = critical line = 144 matchedText = -H "Auth...0" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L144
287patternName = supabase_service_key severity = critical line = 287 matchedText = -H "Auth...Q" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L287
351patternName = supabase_service_key severity = critical line = 351 matchedText = -H "Auth...M" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L351
459patternName = supabase_service_key severity = critical line = 459 matchedText = curl -v ...g" \
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L459
470patternName = supabase_service_key severity = critical line = 470 matchedText = curl -v ...ests
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L470
509patternName = supabase_service_key severity = critical line = 509 matchedText = curl -v ...ests
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L509
513patternName = supabase_service_key severity = critical line = 513 matchedText = curl -v ...eads
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L513
524patternName = supabase_service_key severity = critical line = 524 matchedText = curl -v ...463c
Critical
Secret Pattern

Supabase service role key (JWT) in docs/api-dev.md

docs/api-dev.mdView on unpkg · L524
utils/jobs-worker-queue-manager/queueManagerClassV2.jsView file
270L271: // eval(fdata.function) L272:
Low
Eval

Package source references a known benign dynamic code generation pattern.

utils/jobs-worker-queue-manager/queueManagerClassV2.jsView on unpkg · L270
middleware/noentitycheck.jsView file
1var winston = require('../config/winston'); L2:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

middleware/noentitycheck.jsView on unpkg · L1
archive.shView file
path = archive.sh kind = build_helper sizeBytes = 2865 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

archive.shView on unpkg
channels/chat21/chat21WebHook.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @tiledesk/tiledesk-server@2.19.13 matchedIdentity = npm:[redacted]:2.19.13 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

channels/chat21/chat21WebHook.jsView on unpkg
pubmodules/cache/mongoose-cachegoose-fn.jsView file
943patternName = generic_password severity = medium line = 943 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/cache/mongoose-cachegoose-fn.js

pubmodules/cache/mongoose-cachegoose-fn.jsView on unpkg · L943
945patternName = generic_password severity = medium line = 945 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/cache/mongoose-cachegoose-fn.js

pubmodules/cache/mongoose-cachegoose-fn.jsView on unpkg · L945
946patternName = generic_password severity = medium line = 946 matchedText = // winst...rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/cache/mongoose-cachegoose-fn.js

pubmodules/cache/mongoose-cachegoose-fn.jsView on unpkg · L946
pubmodules/sms/listener.jsView file
26patternName = generic_password severity = medium line = 26 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/sms/listener.js

pubmodules/sms/listener.jsView on unpkg · L26
pubmodules/voice-twilio/listener.jsView file
23patternName = generic_password severity = medium line = 23 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/voice-twilio/listener.js

pubmodules/voice-twilio/listener.jsView on unpkg · L23
pubmodules/voice/listener.jsView file
32patternName = generic_password severity = medium line = 32 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/voice/listener.js

pubmodules/voice/listener.jsView on unpkg · L32
pubmodules/tilebot/listener.jsView file
42patternName = generic_password severity = medium line = 42 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/tilebot/listener.js

pubmodules/tilebot/listener.jsView on unpkg · L42
pubmodules/whatsapp/listener.jsView file
26patternName = generic_password severity = medium line = 26 matchedText = winston....rd);
Medium
Secret Pattern

Hardcoded password in pubmodules/whatsapp/listener.js

pubmodules/whatsapp/listener.jsView on unpkg · L26
test/kbRoute.jsView file
196patternName = generic_password severity = medium line = 196 matchedText = .send({ ..." })
Medium
Secret Pattern

Hardcoded password in test/kbRoute.js

test/kbRoute.jsView on unpkg · L196
test/projectRoute.jsView file
64patternName = generic_password severity = medium line = 64 matchedText = .send({ ..." })
Medium
Secret Pattern

Hardcoded password in test/projectRoute.js

test/projectRoute.jsView on unpkg · L64
109patternName = generic_password severity = medium line = 109 matchedText = .send({ ..." })
Medium
Secret Pattern

Hardcoded password in test/projectRoute.js

test/projectRoute.jsView on unpkg · L109
test/authorization.jsView file
32patternName = generic_password severity = medium line = 32 matchedText = var pwd ...4!";
Medium
Secret Pattern

Hardcoded password in test/authorization.js

test/authorization.jsView on unpkg · L32
test/authentication.jsView file
159patternName = generic_password severity = medium line = 159 matchedText = var pwd ...4!";
Medium
Secret Pattern

Hardcoded password in test/authentication.js

test/authentication.jsView on unpkg · L159
208patternName = generic_password severity = medium line = 208 matchedText = // ..." })
Medium
Secret Pattern

Hardcoded password in test/authentication.js

test/authentication.jsView on unpkg · L208
235patternName = generic_password severity = medium line = 235 matchedText = var pwd ...4!";
Medium
Secret Pattern

Hardcoded password in test/authentication.js

test/authentication.jsView on unpkg · L235
259patternName = generic_password severity = medium line = 259 matchedText = var pwd ...4!";
Medium
Secret Pattern

Hardcoded password in test/authentication.js

test/authentication.jsView on unpkg · L259
docs/deploy.mdView file
60patternName = private_key_rsa severity = critical line = 60 matchedText = FIREBASE...MXYX
Critical
Secret Pattern

RSA private key in docs/deploy.md

docs/deploy.mdView on unpkg · L60
services/emailService.jsView file
266patternName = private_key_rsa severity = critical line = 266 matchedText = // pri.....",
Critical
Secret Pattern

RSA private key in services/emailService.js

services/emailService.jsView on unpkg · L266

Findings

16 Critical4 High22 Medium7 Low
CriticalCritical Secretdocs/api-dev.md
CriticalManifest Confusionpackage.json
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/api-dev.md
CriticalSecret Patterndocs/deploy.md
CriticalSecret Patternservices/emailService.js
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated
HighNode Builtin Dependency Squatpackage.json
HighPrevious Version Dangerous Deltachannels/chat21/chat21WebHook.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiremiddleware/noentitycheck.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperarchive.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternpubmodules/cache/mongoose-cachegoose-fn.js
MediumSecret Patternpubmodules/cache/mongoose-cachegoose-fn.js
MediumSecret Patternpubmodules/cache/mongoose-cachegoose-fn.js
MediumSecret Patternpubmodules/sms/listener.js
MediumSecret Patternpubmodules/voice-twilio/listener.js
MediumSecret Patternpubmodules/voice/listener.js
MediumSecret Patternpubmodules/tilebot/listener.js
MediumSecret Patternpubmodules/whatsapp/listener.js
MediumSecret Patterntest/kbRoute.js
MediumSecret Patterntest/projectRoute.js
MediumSecret Patterntest/projectRoute.js
MediumSecret Patterntest/authorization.js
MediumSecret Patterntest/authentication.js
MediumSecret Patterntest/authentication.js
MediumSecret Patterntest/authentication.js
MediumSecret Patterntest/authentication.js
LowScripts Present
LowEvalutils/jobs-worker-queue-manager/queueManagerClassV2.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License