configuration_management_backdoor 1.1.0 → 2.0.0.pre.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de7e5db83a7fff3c95f20f69eb248f513b03e171
|
4
|
+
data.tar.gz: d6db5a6af63cdf4ca6c3033d36e544e1d3735d2c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 902dc9c7dd3680e98fec265b9dda78f9de3d79fc49e005a243d5cb5233781a2888afa6f9d0806bc7731492d05b90022cc6a3810381b5ce888549ee5b7be9ed47
|
7
|
+
data.tar.gz: 185bf61e0edbbaef6a8985259410667eb9d681743178c9bb5e873409881c390915c8c56f6b4c1a0a4fb84303d19c38540346e1398df640330d60eef5122839c9
|
@@ -3,23 +3,24 @@ class ConfigurationManagementBackdoorController < ApplicationController
|
|
3
3
|
|
4
4
|
def authenticate
|
5
5
|
_username, password = ActionController::HttpAuthentication::Basic \
|
6
|
-
|
7
|
-
|
8
|
-
response.headers['WWW-Authenticate'] =
|
9
|
-
|
10
|
-
|
6
|
+
.user_name_and_password(request) rescue [nil, nil]
|
7
|
+
if password == nil
|
8
|
+
response.headers['WWW-Authenticate'] = 'Basic realm="Configuration Management Backdoor via secret_key_base"'
|
9
|
+
render plain: 'unauthorized', status: 401
|
10
|
+
elsif Rails.application.secrets.secret_key_base != password
|
11
|
+
render plain: 'Forbidden', status: 403
|
11
12
|
end
|
12
13
|
end
|
13
14
|
|
14
15
|
def invoke_ruby
|
15
16
|
code = request.body.read
|
16
|
-
render
|
17
|
+
render json: {result: eval(code).inspect}
|
17
18
|
end
|
18
19
|
|
19
20
|
def invoke_sql
|
20
21
|
code = request.body.gets
|
21
22
|
res = ActiveRecord::Base.connection.execute code
|
22
|
-
render
|
23
|
+
render json: {result: res.inspect}
|
23
24
|
end
|
24
25
|
|
25
26
|
def invoke
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: configuration_management_backdoor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0.pre.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thomas Schank
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-10-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -74,14 +74,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
74
74
|
version: '0'
|
75
75
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
76
76
|
requirements:
|
77
|
-
- - "
|
77
|
+
- - ">"
|
78
78
|
- !ruby/object:Gem::Version
|
79
|
-
version:
|
79
|
+
version: 1.3.1
|
80
80
|
requirements: []
|
81
81
|
rubyforge_project:
|
82
|
-
rubygems_version: 2.4.
|
82
|
+
rubygems_version: 2.4.5.1
|
83
83
|
signing_key:
|
84
84
|
specification_version: 4
|
85
85
|
summary: Configuration Management Backdoor for Ruby on Rails
|
86
86
|
test_files: []
|
87
|
-
has_rdoc:
|