knowngithub 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile +2 -2
- data/Gemfile.lock +4 -2
- data/Rakefile +2 -2
- data/bin/console +3 -3
- data/exe/knowngithub +21 -0
- data/knowngithub.gemspec +18 -17
- data/lib/knowngithub.rb +20 -20
- data/lib/knowngithub/version.rb +1 -1
- metadata +20 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da83b7fc26d3247240a895d3eb259e5f8a35c584
|
|
4
|
+
data.tar.gz: fbdbd6faf466d7f5c5c90296f6dd1afd17a8345b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d482a72e19bb7a1300d47673d1cc59efd5b9f03295cc61cad7201039490f0847ac47c9cbe38d49c234097dd60960f764bb230970a2731fbd9afefef3c894b486
|
|
7
|
+
data.tar.gz: f527558ce3648335beb704c45c413480886cf046ab093de4d8751d6721ca43a109afe238214d2e12d6a6313c161c852f48b9fc7d3f37f545a9b1e89f6ddd2caf
|
data/.gitignore
CHANGED
data/Gemfile
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
source
|
|
1
|
+
source 'https://rubygems.org'
|
|
2
2
|
|
|
3
|
-
git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
|
|
3
|
+
git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
|
|
4
4
|
|
|
5
5
|
# Specify your gem's dependencies in knowngithub.gemspec
|
|
6
6
|
gemspec
|
data/Gemfile.lock
CHANGED
|
@@ -1,18 +1,20 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
knowngithub (0.
|
|
4
|
+
knowngithub (0.2.0)
|
|
5
5
|
net-ssh (~> 4.2)
|
|
6
6
|
nokogiri (~> 1.8)
|
|
7
|
+
thor (~> 0.20)
|
|
7
8
|
|
|
8
9
|
GEM
|
|
9
10
|
remote: https://rubygems.org/
|
|
10
11
|
specs:
|
|
11
12
|
mini_portile2 (2.3.0)
|
|
12
13
|
net-ssh (4.2.0)
|
|
13
|
-
nokogiri (1.8.
|
|
14
|
+
nokogiri (1.8.2)
|
|
14
15
|
mini_portile2 (~> 2.3.0)
|
|
15
16
|
rake (10.5.0)
|
|
17
|
+
thor (0.20.0)
|
|
16
18
|
|
|
17
19
|
PLATFORMS
|
|
18
20
|
ruby
|
data/Rakefile
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
require
|
|
2
|
-
task :
|
|
1
|
+
require 'bundler/gem_tasks'
|
|
2
|
+
task default: :spec
|
data/bin/console
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
|
|
3
|
-
require
|
|
4
|
-
require
|
|
3
|
+
require 'bundler/setup'
|
|
4
|
+
require 'knowngithub'
|
|
5
5
|
|
|
6
6
|
# You can add fixtures and/or initialization code here to make experimenting
|
|
7
7
|
# with your gem easier. You can also use a different console, if you like.
|
|
@@ -10,5 +10,5 @@ require "knowngithub"
|
|
|
10
10
|
# require "pry"
|
|
11
11
|
# Pry.start
|
|
12
12
|
|
|
13
|
-
require
|
|
13
|
+
require 'irb'
|
|
14
14
|
IRB.start(__FILE__)
|
data/exe/knowngithub
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
require 'knowngithub'
|
|
3
|
+
require 'thor'
|
|
4
|
+
|
|
5
|
+
module Application
|
|
6
|
+
# Thor class for CLI doage.
|
|
7
|
+
# @return [Null]
|
|
8
|
+
# @since 0.2.0
|
|
9
|
+
class CLI < Thor
|
|
10
|
+
desc 'hosts', 'writes out a list of known hosts to a target file'
|
|
11
|
+
def hosts(target)
|
|
12
|
+
knownhosts = Knowngithub.known_hosts.sort { |x, y| x <=> y }
|
|
13
|
+
File.open(target, 'w') do |file|
|
|
14
|
+
file.puts(knownhosts.join("\n"))
|
|
15
|
+
end
|
|
16
|
+
STDERR.puts "Wrote #{knownhosts.length} hosts to #{target}"
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
Application::CLI.start(ARGV)
|
data/knowngithub.gemspec
CHANGED
|
@@ -1,36 +1,37 @@
|
|
|
1
|
-
lib = File.expand_path(
|
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
|
2
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
|
-
require
|
|
3
|
+
require 'knowngithub/version'
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
|
-
spec.name =
|
|
6
|
+
spec.name = 'knowngithub'
|
|
7
7
|
spec.version = Knowngithub::VERSION
|
|
8
|
-
spec.authors = [
|
|
9
|
-
spec.email = [
|
|
8
|
+
spec.authors = ['Alexis Vanier']
|
|
9
|
+
spec.email = ['alexis@amonoid.io']
|
|
10
10
|
|
|
11
11
|
spec.summary = "Don't blindly trust GitHub hosts"
|
|
12
12
|
spec.description = spec.summary
|
|
13
|
-
spec.homepage =
|
|
14
|
-
spec.license =
|
|
13
|
+
spec.homepage = 'https://github.com/avanier/knowngithub'
|
|
14
|
+
spec.license = 'MIT'
|
|
15
15
|
|
|
16
16
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
|
17
17
|
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
|
18
18
|
if spec.respond_to?(:metadata)
|
|
19
|
-
spec.metadata[
|
|
19
|
+
spec.metadata['allowed_push_host'] = 'https://rubygems.org'
|
|
20
20
|
else
|
|
21
|
-
raise
|
|
22
|
-
|
|
21
|
+
raise 'RubyGems 2.0 or newer is required to protect against ' \
|
|
22
|
+
'public gem pushes.'
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
spec.files
|
|
25
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
26
26
|
f.match(%r{^(test|spec|features)/})
|
|
27
27
|
end
|
|
28
|
-
spec.bindir =
|
|
28
|
+
spec.bindir = 'exe'
|
|
29
29
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
30
|
-
spec.require_paths = [
|
|
30
|
+
spec.require_paths = ['lib']
|
|
31
31
|
|
|
32
|
-
spec.add_development_dependency
|
|
33
|
-
spec.add_development_dependency
|
|
34
|
-
spec.add_runtime_dependency
|
|
35
|
-
spec.add_runtime_dependency
|
|
32
|
+
spec.add_development_dependency 'bundler', '~> 1.16'
|
|
33
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
|
34
|
+
spec.add_runtime_dependency 'net-ssh', '~> 4.2'
|
|
35
|
+
spec.add_runtime_dependency 'nokogiri', '~> 1.8'
|
|
36
|
+
spec.add_runtime_dependency 'thor', '~> 0.20'
|
|
36
37
|
end
|
data/lib/knowngithub.rb
CHANGED
|
@@ -5,7 +5,7 @@ require 'uri'
|
|
|
5
5
|
|
|
6
6
|
require 'net/ssh'
|
|
7
7
|
require 'nokogiri'
|
|
8
|
-
require
|
|
8
|
+
require 'knowngithub/version'
|
|
9
9
|
|
|
10
10
|
module Knowngithub
|
|
11
11
|
# Make a call enforcing the strict use of SSL.
|
|
@@ -28,17 +28,17 @@ module Knowngithub
|
|
|
28
28
|
# @since 0.1.0
|
|
29
29
|
def self.fingerprints
|
|
30
30
|
pattern = /^(sha256:[a-z0-9\+\/]{43})|([0-9a-f\:]{32,47})$/i
|
|
31
|
-
res =
|
|
31
|
+
res = safe_call('https://help.github.com/articles/github-s-ssh-key-fingerprints/')
|
|
32
32
|
output = Nokogiri::HTML(res.body)
|
|
33
|
-
fields = output.xpath(
|
|
34
|
-
|
|
33
|
+
fields = output.xpath('//code')
|
|
34
|
+
fields.children.map(&:content).select { |x| pattern =~ x }
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
# Instantiates a Net::SSH session with GitHub to get the host key and closes it.
|
|
38
38
|
# @return [Net:SSH] Returns a closed Net::SSH session
|
|
39
39
|
# @since 0.1.0
|
|
40
40
|
def self.session
|
|
41
|
-
s = Net::SSH::Transport::Session.new('github.com',
|
|
41
|
+
s = Net::SSH::Transport::Session.new('github.com', verify_host_key: true)
|
|
42
42
|
s.close
|
|
43
43
|
s
|
|
44
44
|
end
|
|
@@ -48,13 +48,13 @@ module Knowngithub
|
|
|
48
48
|
# @raise [SecurityError] If the host keys fail validation or if the https call fails, this will be raised.
|
|
49
49
|
# @since 0.1.0
|
|
50
50
|
def self.host
|
|
51
|
-
s =
|
|
52
|
-
if
|
|
53
|
-
base64_key = [Net::SSH::Buffer.from(:key, s.host_keys.first).to_s].pack(
|
|
51
|
+
s = session
|
|
52
|
+
if fingerprints.any? { |f| f == s.host_keys.first.fingerprint }
|
|
53
|
+
base64_key = [Net::SSH::Buffer.from(:key, s.host_keys.first).to_s].pack('m*').gsub(/\s/, '')
|
|
54
54
|
return {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
55
|
+
'host_as_string' => s.host_as_string,
|
|
56
|
+
'ssh_type' => s.host_keys.first.ssh_type,
|
|
57
|
+
'base64_key' => base64_key
|
|
58
58
|
}
|
|
59
59
|
else
|
|
60
60
|
raise SecurityError # while this is inappropriate, it sounds cool
|
|
@@ -65,22 +65,22 @@ module Knowngithub
|
|
|
65
65
|
# @return [String] Returns a `known_hosts` entry for the fqdn only with no ip address binding as a string.
|
|
66
66
|
# @since 0.1.0
|
|
67
67
|
def self.known_host
|
|
68
|
-
h =
|
|
69
|
-
|
|
68
|
+
h = host
|
|
69
|
+
[h['host_as_string'], h['ssh_type'], h['base64_key']].join(' ')
|
|
70
70
|
end
|
|
71
71
|
|
|
72
|
-
#
|
|
73
|
-
# @return [String] Returns
|
|
72
|
+
# Calls the `/meta` endpoint on GitHub's API via a safe https call and composes an array of entries ready for appending to a known_hosts file.
|
|
73
|
+
# @return [Array<String>] Returns an array of strings enunciating `known_hosts` entries for every known IP GitHub may serve SSH on.
|
|
74
74
|
# @since 0.1.0
|
|
75
75
|
def self.known_hosts
|
|
76
|
-
h =
|
|
77
|
-
cidr_ranges = JSON.parse(
|
|
76
|
+
h = host
|
|
77
|
+
cidr_ranges = JSON.parse(safe_call('https://api.github.com/meta').body)['git']
|
|
78
78
|
known_hosts = []
|
|
79
79
|
cidr_ranges.each do |range|
|
|
80
|
-
IPAddr.new(range).to_range.to_a.map
|
|
81
|
-
known_hosts << 'github.com,' + ip + ' ' + h[
|
|
80
|
+
IPAddr.new(range).to_range.to_a.map(&:to_s).each do |ip|
|
|
81
|
+
known_hosts << 'github.com,' + ip + ' ' + h['base64_key']
|
|
82
82
|
end
|
|
83
83
|
end
|
|
84
|
-
|
|
84
|
+
known_hosts
|
|
85
85
|
end
|
|
86
86
|
end
|
data/lib/knowngithub/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: knowngithub
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexis Vanier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -66,10 +66,25 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '1.8'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: thor
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0.20'
|
|
76
|
+
type: :runtime
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0.20'
|
|
69
83
|
description: Don't blindly trust GitHub hosts
|
|
70
84
|
email:
|
|
71
85
|
- alexis@amonoid.io
|
|
72
|
-
executables:
|
|
86
|
+
executables:
|
|
87
|
+
- knowngithub
|
|
73
88
|
extensions: []
|
|
74
89
|
extra_rdoc_files: []
|
|
75
90
|
files:
|
|
@@ -81,6 +96,7 @@ files:
|
|
|
81
96
|
- Rakefile
|
|
82
97
|
- bin/console
|
|
83
98
|
- bin/setup
|
|
99
|
+
- exe/knowngithub
|
|
84
100
|
- knowngithub.gemspec
|
|
85
101
|
- lib/knowngithub.rb
|
|
86
102
|
- lib/knowngithub/version.rb
|
|
@@ -105,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
121
|
version: '0'
|
|
106
122
|
requirements: []
|
|
107
123
|
rubyforge_project:
|
|
108
|
-
rubygems_version: 2.6.
|
|
124
|
+
rubygems_version: 2.6.13
|
|
109
125
|
signing_key:
|
|
110
126
|
specification_version: 4
|
|
111
127
|
summary: Don't blindly trust GitHub hosts
|