RubyGems - blank_blank - Versions diffs - 0.0.1 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 839a613569607f25db66c4a6c74ca49c812bfccf
+  data.tar.gz: b173b34ca65efbcb41eb43cfa7def6966770970f
+SHA512:
+  metadata.gz: 6507104505e88450396c162b418895d4459a7d01e5cfc32722856375dd6ddc773a93dfcd021c4c0f291eb7c7c41a4027fd48ce6e3d12abe7ac0bbfb26fdf3109
+  data.tar.gz: d16b93f774fd0ec790a1cee12553700813273d39a76886aa911cb0c8004a491ac2aec9d6a1e0c07a9a0550982bb8aac0bd56dc3b611a5c369c21a1c4ba697a94

data/.gitignore ADDED Viewed

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --format documentation
2	+ --color

data/.travis.yml ADDED Viewed

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.4
+before_install: gem install bundler -v 1.11.2

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in blank_blank.gemspec
+gemspec

data/README.md ADDED Viewed

@@ -0,0 +1,24 @@
+# BlankBlank
+Verify existing gems for malicious gem replacement (see http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html).
+## Installation and Usage
+```console
+$ gem install 'blank_blank'
+```
+And then execute:
+    $ blank_blank [some git repository]
+## Development
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/cbeer/blank_blank.

data/Rakefile ADDED Viewed

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/bin/console ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "blank_blank"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start

data/bin/setup ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+bundle install
+# Do any other automated setup that you need to do here

data/blank_blank.gemspec ADDED Viewed

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'blank_blank/version'
+Gem::Specification.new do |spec|
+  spec.name          = "blank_blank"
+  spec.version       = BlankBlank::VERSION
+  spec.authors       = ["Chris Beer"]
+  spec.email         = ["chris@cbeer.info"]
+  spec.summary       = %q{Verify existing gems for malicious gem replacement}
+  spec.description   = %q{}
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_dependency "git"
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/exe/blank_blank ADDED Viewed

@@ -0,0 +1,55 @@
+#!/usr/bin/env ruby
+require "tmpdir"
+require "optparse"
+require "blank_blank"
+require 'git'
+options = {}
+OptionParser.new do |opts|
+  opts.banner = "Usage: blank_blank [options] path_to_repository"
+  opts.on("-h", "--help", "Prints this help") do
+    puts opts
+    exit
+  end
+end.parse!
+ARGV.each do |repo|
+  $stderr.puts "#{repo}"
+  Dir.mktmpdir do |dir|
+    Dir.chdir(dir) do
+      puts `git clone #{repo} repo 2>&1`
+      Dir.chdir('repo') do
+        g = Git.open(Dir.pwd)
+        g.tags.sort_by(&:name).each do |tag|
+          g.checkout(tag)
+          Dir.glob('*.gemspec') do |gemspec|
+            gem_build_output = `gem build #{gemspec} -f 2>&1`
+            gem_name = gem_build_output.scan(/Name: (.*)/).flatten.first
+            gem_version = gem_build_output.scan(/Version: (.*)/).flatten.first
+            gem_file = gem_build_output.scan(/File: (.*)/).flatten.first
+            begin
+              fail "Unexpected gem output: #{gem_build_output}" if gem_name.nil? || gem_version.nil?
+              `gem unpack #{gem_name} -v #{gem_version} --target #{dir}/#{gem_name}-#{gem_version}-rubygems`
+              `gem unpack #{gem_file} --target #{dir}/#{gem_name}-#{gem_version}-newly-built`
+              diff_output = `diff -r #{dir}/#{gem_name}-#{gem_version}-rubygems #{dir}/#{gem_name}-#{gem_version}-newly-built`
+              fail diff_output unless $CHILD_STATUS == 0
+              puts "#{gem_name} #{gem_version}: [ OK ]"
+            rescue => e
+              puts "#{gem_name} #{gem_version}: [ FAIL ]"
+              puts e.message
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/blank_blank.rb ADDED Viewed

@@ -0,0 +1,5 @@
+require "blank_blank/version"
+module BlankBlank
+  # Your code goes here...
+end

data/lib/blank_blank/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module BlankBlank
+  VERSION = "0.0.1"
+end

metadata ADDED Viewed

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: blank_blank
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Chris Beer
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2016-04-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: ''
+email:
+- chris@cbeer.info
+executables:
+- blank_blank
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- blank_blank.gemspec
+- exe/blank_blank
+- lib/blank_blank.rb
+- lib/blank_blank/version.rb
+homepage:
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5.1
+signing_key:
+specification_version: 4
+summary: Verify existing gems for malicious gem replacement
+test_files: []

blank_blank 0.0.1