RubyGems - cloudbleed_checker - Versions diffs - 0.1.0 - Mend

cloudbleed_checker 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +7 -0
data/.gitignore +12 -0
data/.rspec +2 -0
data/.travis.yml +5 -0
data/Gemfile +4 -0
data/README.md +28 -0
data/Rakefile +6 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/cloudbleed_checker.gemspec +30 -0
data/exe/cloudbleed +6 -0
data/lib/cloudbleed_checker/browser.rb +64 -0
data/lib/cloudbleed_checker/chrome.rb +19 -0
data/lib/cloudbleed_checker/cli.rb +35 -0
data/lib/cloudbleed_checker/domains.gz +0 -0
data/lib/cloudbleed_checker/firefox.rb +17 -0
data/lib/cloudbleed_checker/safari.rb +20 -0
data/lib/cloudbleed_checker/version.rb +3 -0
data/lib/cloudbleed_checker.rb +15 -0
metadata +146 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4c1548f17695cf2dfa7eb0360146ad326afa11bd
+  data.tar.gz: fbd4403704954c7cc4a53a3a7d352df83c9a3706
+SHA512:
+  metadata.gz: 13bbfde323493a78392d3407aaab2334f9ce302baaebe68b22b6d8a847cc47572dedc8ef59ec6f7f0eba85bcbe7514878f1c8088d563d098e2b57083575d0fa7
+  data.tar.gz: a0d0da1f142d8562f1327aa87c69334a1c26774c004f760c95f5453b82fd5c223a528b8bb0608488133bea94ed2c4d32adea3f0d05039f582eae03cda808b599

data/.gitignore ADDED Viewed

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+# rspec failure tracking
+.rspec_status

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --format documentation
2	+ --color

data/.travis.yml ADDED Viewed

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.0
+before_install: gem install bundler -v 1.14.3

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in cloudbleed_checker.gemspec
+gemspec

data/README.md ADDED Viewed

@@ -0,0 +1,28 @@
+# CloudbleedChecker
+A utility to check your browser history for any sites hosted by Cloudflare,
+this will give you an easy way to determine where you need to change your
+password.
+## Installation
+    `$ gem install cloudbleed_checker`
+## Usage
+`cloudbleed check`
+The output from that command will include a bit of diagnostic info and a list
+of sites you've visited since the security vulnerabilities were introduced
+and are fronted by Cloudflare.
+## Development
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/Tyler Pickett/cloudbleed_checker.

data/Rakefile ADDED Viewed

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/bin/console ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "cloudbleed_checker"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start(__FILE__)

data/bin/setup ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+bundle install
+# Do any other automated setup that you need to do here

data/cloudbleed_checker.gemspec ADDED Viewed

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cloudbleed_checker/version'
+Gem::Specification.new do |spec|
+  spec.name          = "cloudbleed_checker"
+  spec.version       = CloudbleedChecker::VERSION
+  spec.authors       = ["Tyler Pickett"]
+  spec.email         = ["t.pickett66@gmail.com"]
+  spec.summary       = %q{A utility to check your browser history for cloudflare hosted sites}
+  spec.description   = %q{A utility to check your browser history for cloudflare hosted sites}
+  spec.homepage      = "https://github.com/tpickett66/cloudbleed_checker"
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_dependency "bundler", "~> 1.14"
+  spec.add_dependency "thor", "~> 0.19"
+  spec.add_dependency "sequel", "~> 4.43"
+  spec.add_dependency "sqlite3", "~> 1.3"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/exe/cloudbleed ADDED Viewed

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+require 'bundler/setup'
+require 'cloudbleed_checker'
+CloudbleedChecker::CLI.start

data/lib/cloudbleed_checker/browser.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'fileutils'
+require 'set'
+require 'sequel'
+require 'sqlite3'
+require 'uri'
+module CloudbleedChecker
+  class Browser
+    class << self
+      attr_accessor :history_db_path
+      attr_accessor :history_db_glob
+      def extract_domains(tmpdir)
+        new(tmpdir).extract_domains
+      end
+    end
+    def initialize(tmpdir)
+      @tmpdir = tmpdir
+      @hosts = Set.new
+    end
+    def extract_hosts(dataset, url_key)
+      dataset.paged_each do |row|
+        host = extract_host(row, url_key)
+        @hosts << host if host
+      end
+      @hosts
+    end
+    def extract_host(row, url_key)
+      url = row[url_key]
+      return if url.nil?
+      URI.parse(url).host
+    rescue URI::InvalidURIError => ex
+      puts "unable to parse url: '#{row[url_key]}', skipping"
+    end
+    def history_db_path
+      self.class.history_db_path
+    end
+    def history_db_glob
+      self.class.history_db_glob
+    end
+    def with_database(db_path = history_db_path)
+      dest_path = @tmpdir.join(self.class.name)
+      FileUtils.cp(File.expand_path(db_path), dest_path)
+      db = Sequel.sqlite(dest_path.to_s)
+      yield db
+    ensure
+      db.disconnect if db
+    end
+    def with_databases(&block)
+      full_glob = File.expand_path(self.history_db_glob)
+      Dir.glob(full_glob).each do |db_path|
+        with_database(db_path, &block)
+      end
+      @hosts
+    end
+  end
+end

data/lib/cloudbleed_checker/chrome.rb ADDED Viewed

@@ -0,0 +1,19 @@
+require_relative 'browser'
+module CloudbleedChecker
+  class Chrome < Browser
+    TIMESTAMP_MAGIC_NUMBER = 11644473600 # No idea where this came from, should probaby figure that out from the chrome source
+    TIMESTAMP_DIVISOR = 1_000_000 # convert usec to seconds
+    self.history_db_glob = "~/Library/Application Support/Google/Chrome/*/History"
+    def extract_domains
+      with_databases do |db|
+        ds = db[:urls].
+          select(:url, :last_visit_time).
+          where("(last_visit_time/?) - ? >= ?", TIMESTAMP_DIVISOR, TIMESTAMP_MAGIC_NUMBER, CloudbleedChecker::INITIAL_VULNERABILITY_RELEASED.to_i).
+          order(:last_visit_time)
+        extract_hosts(ds, :url)
+      end
+    end
+  end
+end

data/lib/cloudbleed_checker/cli.rb ADDED Viewed

@@ -0,0 +1,35 @@
+require 'pathname'
+require 'set'
+require 'tmpdir'
+require 'thor'
+require 'net/http'
+require 'zlib'
+module CloudbleedChecker
+  class CLI < Thor
+    desc "check", "Check all supported browsers"
+    def check
+      Dir.mktmpdir do |tmpdir|
+        puts 'Extracting history....'
+        tmpdir = Pathname.new(tmpdir)
+        domains = Chrome.extract_domains(tmpdir)
+        domains.merge(Safari.extract_domains(tmpdir))
+        domains.merge(Firefox.extract_domains(tmpdir))
+        puts "Extracted #{domains.size} unique hosts from your browser histories"
+        puts 'Checking sites'
+        num_checked = 0
+        domains_path = File.join(File.dirname(__FILE__), 'domains.gz')
+        Zlib::GzipReader.open(domains_path) do |file|
+          file.each_line do |domain|
+            domain.chomp!
+            if domains.include?(domain)
+              puts "History included '#{domain}' from list"
+            end
+          end
+        end
+      end
+      puts "Check complete"
+    end
+  end
+end

data/lib/cloudbleed_checker/domains.gz ADDED Viewed

Binary file

data/lib/cloudbleed_checker/firefox.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require_relative 'browser'
+module CloudbleedChecker
+  class Firefox < Browser
+    self.history_db_glob = '~/Library/Application Support/Firefox/Profiles/*/places.sqlite'
+    def extract_domains
+      with_databases do |db|
+        ds = db[:moz_places].
+          select('DISTINCT(url), last_visit_date').
+          where('last_visit_date  >= ?', CloudbleedChecker::INITIAL_VULNERABILITY_RELEASED.to_i).
+          order(:last_visit_date)
+        extract_hosts(ds, :url)
+      end
+    end
+  end
+end

data/lib/cloudbleed_checker/safari.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require_relative 'browser'
+module CloudbleedChecker
+  class Safari < Browser
+    TIMESTAMP_OFFSET = 978307200
+    self.history_db_path = '~/Library/Safari/History.db'
+    def extract_domains
+      with_database do |db|
+        ds = db[:history_items].
+          select('DISTINCT(url), visit_time ').
+          join(:history_visits).
+          where('visit_time + ? >= ?', TIMESTAMP_OFFSET, CloudbleedChecker::INITIAL_VULNERABILITY_RELEASED.to_i).
+          order(:visit_time)
+        extract_hosts(ds, :url)
+      end
+    end
+  end
+end

data/lib/cloudbleed_checker/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module CloudbleedChecker
+  VERSION = "0.1.0"
+end

data/lib/cloudbleed_checker.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'cloudbleed_checker/chrome'
+require 'cloudbleed_checker/cli'
+require 'cloudbleed_checker/firefox'
+require 'cloudbleed_checker/safari'
+require "cloudbleed_checker/version"
+require 'uri'
+module CloudbleedChecker
+  CLOUDFLARE_SITES_URL = URI.parse('https://raw.githubusercontent.com/pirate/sites-using-cloudflare/master/sorted_unique_cf.txt')
+  INITIAL_VULNERABILITY_RELEASED = Date.civil(2016, 9, 22).to_time
+  def data
+    DATA
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,146 @@
+--- !ruby/object:Gem::Specification
+name: cloudbleed_checker
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tyler Pickett
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2017-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.43'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.43'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: A utility to check your browser history for cloudflare hosted sites
+email:
+- t.pickett66@gmail.com
+executables:
+- cloudbleed
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- cloudbleed_checker.gemspec
+- exe/cloudbleed
+- lib/cloudbleed_checker.rb
+- lib/cloudbleed_checker/browser.rb
+- lib/cloudbleed_checker/chrome.rb
+- lib/cloudbleed_checker/cli.rb
+- lib/cloudbleed_checker/domains.gz
+- lib/cloudbleed_checker/firefox.rb
+- lib/cloudbleed_checker/safari.rb
+- lib/cloudbleed_checker/version.rb
+homepage: https://github.com/tpickett66/cloudbleed_checker
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.8
+signing_key:
+specification_version: 4
+summary: A utility to check your browser history for cloudflare hosted sites
+test_files: []