gosh 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/gosh +76 -0
- data/lib/gosh.rb +0 -0
- metadata +69 -0
data/bin/gosh
ADDED
@@ -0,0 +1,76 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "tempfile"
|
4
|
+
require "shellwords"
|
5
|
+
require "digest/sha2"
|
6
|
+
|
7
|
+
EDITOR = ENV["EDITOR"] || "vi"
|
8
|
+
SHELL = ENV["SHELL"] || "sh"
|
9
|
+
|
10
|
+
def usage
|
11
|
+
warn <<-EOS.strip
|
12
|
+
gosh is security theater for piped shell scripts
|
13
|
+
usage: curl <url> | #$0
|
14
|
+
curl <url> | #$0 -d <digest> # extra-secure SHA512 digest mode
|
15
|
+
EOS
|
16
|
+
exit -1
|
17
|
+
end
|
18
|
+
|
19
|
+
def confirm(script_source)
|
20
|
+
tempfile = Tempfile.new("FRIGHTENINGLY_DANGEROUS_SCRIPT")
|
21
|
+
tempfile.write <<-EOS
|
22
|
+
|
23
|
+
# --- PLACE YOUR ANSWER ABOVE THIS LINE ---------------------
|
24
|
+
#
|
25
|
+
# Do you want to run the following script?
|
26
|
+
#
|
27
|
+
# To run, enter YES above, then save this file and close it.
|
28
|
+
# If you do not want to run the script, close this file.
|
29
|
+
#
|
30
|
+
# -----------------------------------------------------------
|
31
|
+
|
32
|
+
EOS
|
33
|
+
|
34
|
+
tempfile.write script_source
|
35
|
+
tempfile.close
|
36
|
+
|
37
|
+
command = "#{Shellwords.escape(editor)} #{Shellwords.escape(tempfile.path)}"
|
38
|
+
system(command) or abort("error communicating with #{editor}")
|
39
|
+
|
40
|
+
source = IO.read(tempfile.path)
|
41
|
+
source[/\A(.*)^# --- PLACE YOUR ANSWER ABOVE THIS LINE/m, 1].strip
|
42
|
+
end
|
43
|
+
|
44
|
+
def perform(script)
|
45
|
+
tempfile = Tempfile.new("gosh-script")
|
46
|
+
tempfile.write script
|
47
|
+
tempfile.close
|
48
|
+
exec SHELL, tempfile.path
|
49
|
+
end
|
50
|
+
|
51
|
+
|
52
|
+
usage if $stdin.tty?
|
53
|
+
script_source = $stdin.read
|
54
|
+
|
55
|
+
|
56
|
+
if ARGV.length > 0
|
57
|
+
if ARGV[0] == "-d" && given_digest = ARGV[1]
|
58
|
+
actual_digest = Digest::SHA512.hexdigest(script_source)
|
59
|
+
if given_digest.downcase == actual_digest
|
60
|
+
perform(script_source)
|
61
|
+
else
|
62
|
+
warn "digest mismatch (actual is #{actual_digest}), aborting"
|
63
|
+
exit 1
|
64
|
+
end
|
65
|
+
else
|
66
|
+
usage
|
67
|
+
end
|
68
|
+
else
|
69
|
+
answer = confirm(script_source)
|
70
|
+
if answer =~ /^yes$/i
|
71
|
+
perform(script_source)
|
72
|
+
else
|
73
|
+
warn "not running piped script"
|
74
|
+
exit 1
|
75
|
+
end
|
76
|
+
end
|
data/lib/gosh.rb
ADDED
File without changes
|
metadata
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: gosh
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 23
|
5
|
+
prerelease:
|
6
|
+
segments:
|
7
|
+
- 1
|
8
|
+
- 0
|
9
|
+
- 0
|
10
|
+
version: 1.0.0
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Sam Stephenson
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2011-04-09 00:00:00 -05:00
|
19
|
+
default_executable:
|
20
|
+
dependencies: []
|
21
|
+
|
22
|
+
description: Security theater for piped shell scripts.
|
23
|
+
email:
|
24
|
+
- sstephenson@gmail.com
|
25
|
+
executables:
|
26
|
+
- gosh
|
27
|
+
extensions: []
|
28
|
+
|
29
|
+
extra_rdoc_files: []
|
30
|
+
|
31
|
+
files:
|
32
|
+
- bin/gosh
|
33
|
+
- lib/gosh.rb
|
34
|
+
has_rdoc: true
|
35
|
+
homepage: https://github.com/sstephenson/gosh
|
36
|
+
licenses: []
|
37
|
+
|
38
|
+
post_install_message:
|
39
|
+
rdoc_options: []
|
40
|
+
|
41
|
+
require_paths:
|
42
|
+
- lib
|
43
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
44
|
+
none: false
|
45
|
+
requirements:
|
46
|
+
- - ">="
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
hash: 3
|
49
|
+
segments:
|
50
|
+
- 0
|
51
|
+
version: "0"
|
52
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
53
|
+
none: false
|
54
|
+
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
hash: 3
|
58
|
+
segments:
|
59
|
+
- 0
|
60
|
+
version: "0"
|
61
|
+
requirements: []
|
62
|
+
|
63
|
+
rubyforge_project:
|
64
|
+
rubygems_version: 1.5.0
|
65
|
+
signing_key:
|
66
|
+
specification_version: 3
|
67
|
+
summary: Security theater for piped shell scripts
|
68
|
+
test_files: []
|
69
|
+
|