gosh 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/bin/gosh +76 -0
  2. data/lib/gosh.rb +0 -0
  3. metadata +69 -0
data/bin/gosh ADDED
@@ -0,0 +1,76 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "tempfile"
4
+ require "shellwords"
5
+ require "digest/sha2"
6
+
7
+ EDITOR = ENV["EDITOR"] || "vi"
8
+ SHELL = ENV["SHELL"] || "sh"
9
+
10
+ def usage
11
+ warn <<-EOS.strip
12
+ gosh is security theater for piped shell scripts
13
+ usage: curl <url> | #$0
14
+ curl <url> | #$0 -d <digest> # extra-secure SHA512 digest mode
15
+ EOS
16
+ exit -1
17
+ end
18
+
19
+ def confirm(script_source)
20
+ tempfile = Tempfile.new("FRIGHTENINGLY_DANGEROUS_SCRIPT")
21
+ tempfile.write <<-EOS
22
+
23
+ # --- PLACE YOUR ANSWER ABOVE THIS LINE ---------------------
24
+ #
25
+ # Do you want to run the following script?
26
+ #
27
+ # To run, enter YES above, then save this file and close it.
28
+ # If you do not want to run the script, close this file.
29
+ #
30
+ # -----------------------------------------------------------
31
+
32
+ EOS
33
+
34
+ tempfile.write script_source
35
+ tempfile.close
36
+
37
+ command = "#{Shellwords.escape(editor)} #{Shellwords.escape(tempfile.path)}"
38
+ system(command) or abort("error communicating with #{editor}")
39
+
40
+ source = IO.read(tempfile.path)
41
+ source[/\A(.*)^# --- PLACE YOUR ANSWER ABOVE THIS LINE/m, 1].strip
42
+ end
43
+
44
+ def perform(script)
45
+ tempfile = Tempfile.new("gosh-script")
46
+ tempfile.write script
47
+ tempfile.close
48
+ exec SHELL, tempfile.path
49
+ end
50
+
51
+
52
+ usage if $stdin.tty?
53
+ script_source = $stdin.read
54
+
55
+
56
+ if ARGV.length > 0
57
+ if ARGV[0] == "-d" && given_digest = ARGV[1]
58
+ actual_digest = Digest::SHA512.hexdigest(script_source)
59
+ if given_digest.downcase == actual_digest
60
+ perform(script_source)
61
+ else
62
+ warn "digest mismatch (actual is #{actual_digest}), aborting"
63
+ exit 1
64
+ end
65
+ else
66
+ usage
67
+ end
68
+ else
69
+ answer = confirm(script_source)
70
+ if answer =~ /^yes$/i
71
+ perform(script_source)
72
+ else
73
+ warn "not running piped script"
74
+ exit 1
75
+ end
76
+ end
data/lib/gosh.rb ADDED
File without changes
metadata ADDED
@@ -0,0 +1,69 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: gosh
3
+ version: !ruby/object:Gem::Version
4
+ hash: 23
5
+ prerelease:
6
+ segments:
7
+ - 1
8
+ - 0
9
+ - 0
10
+ version: 1.0.0
11
+ platform: ruby
12
+ authors:
13
+ - Sam Stephenson
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2011-04-09 00:00:00 -05:00
19
+ default_executable:
20
+ dependencies: []
21
+
22
+ description: Security theater for piped shell scripts.
23
+ email:
24
+ - sstephenson@gmail.com
25
+ executables:
26
+ - gosh
27
+ extensions: []
28
+
29
+ extra_rdoc_files: []
30
+
31
+ files:
32
+ - bin/gosh
33
+ - lib/gosh.rb
34
+ has_rdoc: true
35
+ homepage: https://github.com/sstephenson/gosh
36
+ licenses: []
37
+
38
+ post_install_message:
39
+ rdoc_options: []
40
+
41
+ require_paths:
42
+ - lib
43
+ required_ruby_version: !ruby/object:Gem::Requirement
44
+ none: false
45
+ requirements:
46
+ - - ">="
47
+ - !ruby/object:Gem::Version
48
+ hash: 3
49
+ segments:
50
+ - 0
51
+ version: "0"
52
+ required_rubygems_version: !ruby/object:Gem::Requirement
53
+ none: false
54
+ requirements:
55
+ - - ">="
56
+ - !ruby/object:Gem::Version
57
+ hash: 3
58
+ segments:
59
+ - 0
60
+ version: "0"
61
+ requirements: []
62
+
63
+ rubyforge_project:
64
+ rubygems_version: 1.5.0
65
+ signing_key:
66
+ specification_version: 3
67
+ summary: Security theater for piped shell scripts
68
+ test_files: []
69
+