gosh 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/bin/gosh +76 -0
  2. data/lib/gosh.rb +0 -0
  3. metadata +69 -0
data/bin/gosh ADDED
@@ -0,0 +1,76 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "tempfile"
4
+ require "shellwords"
5
+ require "digest/sha2"
6
+
7
+ EDITOR = ENV["EDITOR"] || "vi"
8
+ SHELL = ENV["SHELL"] || "sh"
9
+
10
+ def usage
11
+ warn <<-EOS.strip
12
+ gosh is security theater for piped shell scripts
13
+ usage: curl <url> | #$0
14
+ curl <url> | #$0 -d <digest> # extra-secure SHA512 digest mode
15
+ EOS
16
+ exit -1
17
+ end
18
+
19
+ def confirm(script_source)
20
+ tempfile = Tempfile.new("FRIGHTENINGLY_DANGEROUS_SCRIPT")
21
+ tempfile.write <<-EOS
22
+
23
+ # --- PLACE YOUR ANSWER ABOVE THIS LINE ---------------------
24
+ #
25
+ # Do you want to run the following script?
26
+ #
27
+ # To run, enter YES above, then save this file and close it.
28
+ # If you do not want to run the script, close this file.
29
+ #
30
+ # -----------------------------------------------------------
31
+
32
+ EOS
33
+
34
+ tempfile.write script_source
35
+ tempfile.close
36
+
37
+ command = "#{Shellwords.escape(editor)} #{Shellwords.escape(tempfile.path)}"
38
+ system(command) or abort("error communicating with #{editor}")
39
+
40
+ source = IO.read(tempfile.path)
41
+ source[/\A(.*)^# --- PLACE YOUR ANSWER ABOVE THIS LINE/m, 1].strip
42
+ end
43
+
44
+ def perform(script)
45
+ tempfile = Tempfile.new("gosh-script")
46
+ tempfile.write script
47
+ tempfile.close
48
+ exec SHELL, tempfile.path
49
+ end
50
+
51
+
52
+ usage if $stdin.tty?
53
+ script_source = $stdin.read
54
+
55
+
56
+ if ARGV.length > 0
57
+ if ARGV[0] == "-d" && given_digest = ARGV[1]
58
+ actual_digest = Digest::SHA512.hexdigest(script_source)
59
+ if given_digest.downcase == actual_digest
60
+ perform(script_source)
61
+ else
62
+ warn "digest mismatch (actual is #{actual_digest}), aborting"
63
+ exit 1
64
+ end
65
+ else
66
+ usage
67
+ end
68
+ else
69
+ answer = confirm(script_source)
70
+ if answer =~ /^yes$/i
71
+ perform(script_source)
72
+ else
73
+ warn "not running piped script"
74
+ exit 1
75
+ end
76
+ end
data/lib/gosh.rb ADDED
File without changes
metadata ADDED
@@ -0,0 +1,69 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: gosh
3
+ version: !ruby/object:Gem::Version
4
+ hash: 23
5
+ prerelease:
6
+ segments:
7
+ - 1
8
+ - 0
9
+ - 0
10
+ version: 1.0.0
11
+ platform: ruby
12
+ authors:
13
+ - Sam Stephenson
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2011-04-09 00:00:00 -05:00
19
+ default_executable:
20
+ dependencies: []
21
+
22
+ description: Security theater for piped shell scripts.
23
+ email:
24
+ - sstephenson@gmail.com
25
+ executables:
26
+ - gosh
27
+ extensions: []
28
+
29
+ extra_rdoc_files: []
30
+
31
+ files:
32
+ - bin/gosh
33
+ - lib/gosh.rb
34
+ has_rdoc: true
35
+ homepage: https://github.com/sstephenson/gosh
36
+ licenses: []
37
+
38
+ post_install_message:
39
+ rdoc_options: []
40
+
41
+ require_paths:
42
+ - lib
43
+ required_ruby_version: !ruby/object:Gem::Requirement
44
+ none: false
45
+ requirements:
46
+ - - ">="
47
+ - !ruby/object:Gem::Version
48
+ hash: 3
49
+ segments:
50
+ - 0
51
+ version: "0"
52
+ required_rubygems_version: !ruby/object:Gem::Requirement
53
+ none: false
54
+ requirements:
55
+ - - ">="
56
+ - !ruby/object:Gem::Version
57
+ hash: 3
58
+ segments:
59
+ - 0
60
+ version: "0"
61
+ requirements: []
62
+
63
+ rubyforge_project:
64
+ rubygems_version: 1.5.0
65
+ signing_key:
66
+ specification_version: 3
67
+ summary: Security theater for piped shell scripts
68
+ test_files: []
69
+